Security Now 1027: Artificial Intelligence

Leo Laporte

It's time for Security Now. Steve Gibson is here with some shocking tales from the frontier of AI. He'll also talk about the status of encrypted client. Hello. It seems like a good idea. Maybe it's not. And what radio technology would be best if I wanted remote shutdowns of solar power inverters. All of that and more coming up next on Security Now.

Steve Gibson

Podcasts you love from people you trust.

Leo Laporte

This is Twit. This is Security now with Steve Gibson. Episode 1027, recorded Tuesday, May 27, 2025. Artificial intelligence. It's time for Security now the show. We cover your security, your privacy, how computers work, and a whole lot more with this cat right here. The cat's been drinking some milk. It is Steve Gibson.

Steve Gibson

Him.

Leo Laporte

No, don't do. He's got a lovely little froth catcher device on his lips.

Steve Gibson

I do sometimes it needs to be independently cleansed.

Leo Laporte

I don't want to know how.

Steve Gibson

No, you don't want to hear about that.

Leo Laporte

So today the show is all about AI.

Steve Gibson

No, no. Well, no. As things came together, there were a number of stories that were about privacy and security, and I ended up with maybe four or five different things. And I thought, okay, I think we should just. I'm just going to title this artificial intelligence for a while. As I said to you before the podcast, I had artificial artificial intelligence that I thought, now that's a little too cutesy poo.

Leo Laporte

So we don't, you know, you could use AI to design the title. Just ask AI for an artificially intelligent title. Shall I look up some candidates for you?

Steve Gibson

I don't know if you've spent any time with the O3 model, but. Whoa, is it astonishing.

Leo Laporte

I think really good ones out there. Yeah.

Steve Gibson

Oh, wow. Anyway, we got a bunch of stuff to talk about. One of the reasons that, well, there was no other overriding central event. Although I actually already have some things to talk about queued up for next week that I will talk about at the end of this podcast. But I wanted to talk about the status of encrypted client hello, ech. Which we did a podcast on entirely one of our deep dives. About 18 months ago, toward the end of 2023, I ran across a security group in the business that noticed some recent changes and thought and then did some of their own deep diving that I want to share. There was a bunch of. The feedback from our listeners has become just golden, which is why some of our podcasts has had a lot more of that. So they serve as talking points for answering Questions like what radio technology would be best for remote inverter shutdown? Turns out that some DNS providers already do block newly listed domains, which is something we were talking talking about last week. It became clear that knowing when not to click a link can actually take some true understanding. Many people need to keep asking because, you know, they're not the people who listen to this podcast, essentially. Also, why can losing a small portion of a large power grid bring way more of the grid down than one would think? Where are we in the AI hype cycle? And is this the first? Maybe it's the last we'll see. Speaking of hype, an AI system resorted to blackmail. What? Also, why are we so quick to imbue AI with awareness? It turns out that goes back a long way, way further than most people might imagine. Also, chat GPT's latest 3.0 model ignored its orders to shut down, which raises some interesting new eyebrows. We're going to run out of eyebrows, Leo. And also, it turns out that Copilot, which Microsoft is now using with great abandon, apparently. Remember, we recently heard that, what was it, a third of the new code is being written. Turns out that it may not be making Windows code any better.

Leo Laporte

Yeah, what a shock.

Steve Gibson

We've got some details, details from GitHub, which are a little concerning, and I stumbled upon an unfiltered and unrestrained LLM that I thought our listeners would probably have some fun playing with. Of course, we've got a picture of the week that has already generated a week's worth of feedback from the people who received all the show notes yesterday. Around this time. It's, it was. It's surprising to me how many people have had the events surrounding this picture occur in their lives.

Leo Laporte

Oh, wow. I. Yeah, I haven't seen it because I put myself in a soundproof booth the minute your email comes in, so I am Virgin Eyes.

Steve Gibson

You and Lori's son impress me with the your speed of acquisition. I showed this to her son a couple days ago and it. It was. You would measure in milliseconds the amount of time it took him to process the photo and burst out in a belly laugh. And I thought, smart kid.

Leo Laporte

Really smart kid. He's probably not a kid, but he's smart. Anyway, this is. I did feed your show description into the AI and these are the titles it came up with. AI Hype, Hysteria and Hard Truths.

Steve Gibson

Oh, I'm gonna do that from now on.

Leo Laporte

AI Hyp and Headaches. AI Security Hype versus Reality. When AI Crosses the Security Line this is my favorite AI friend, foe or flaw. Oh, Leo, there's some good ones in here.

Steve Gibson

Perplexity, huh?

Leo Laporte

Yeah, I love Perplexity. I'm a big fan. Really good. Yeah. Well, we will get to the show, whatever it's called. It's going to be good.

Steve Gibson

Yeah. Now I. I'm annoyed. I call it artificial intelligence.

Leo Laporte

You could have used it. That's the new I could have had a V8. Man, it's so great to have you on Security now. Glad you're watching. And of course we love our Security now sponsors this episode brought to you by our friends at Outsystems. I love this idea. Outsystems has been around for more than 20 years. They were one of the first in the low code space. But now, thanks to AI they, OutSystems is even better. They are now the leading AI powered application and agent development platform. More than 20 years now, the mission of Outsystems has been to give every company the power to innovate through software. And they saw real opportunity here with this amazing AI plus low code plus DevSecOps to solve a conundrum that's been in the enterprise as long as the enterprise has been around. The old build versus buy conundrum, right? When you need some software capability in the business, you have, you know, two choices. You buy off the shelf some SaaS product that, well, you can get it there quick and up and running, but you're going to lose flexibility and you're also going to lose differentiation because everybody else in your space is using that. Or you can do what we've done, to our great regret, sometimes build custom software at great expense of time and resources, right? Plus a certain fragility to the resulting product. Well, now it's not build or buy. There's a third way. AI forges the way for another path. I wish I'd thought of this. It's the fusion, as I said, of AI low code and DevSecOps automation into a single development platform that gives your teams the power to build custom applications. They use AI agents and they could do it as easily as buying generic off the shelf sameware. But you get something just right for what you need. Plus, OutSystems software always comes with flexibility, security and scalability standard. It's built right in with AI powered low code teams can build custom future proof applications at the speed of buying with fully automated architecture, security integrations, data flows, permissions. It's all built in. This is instead of greenfield AI vibe coding, you've got a great Low code platform that AI understands and can manipulate can create some great software for you and get all that additional benefit. Right. Outsystems really is the last platform you'll ever buy because you can use it to build anything. You can even use it to customize and extend your core systems. Build your future with OutSystems. Visit outsystems.com TWiT to learn more. That's outsystems.com TWit these guys have been around and they know they've got what you need. Outsystems.com TWIT what a brilliant idea. Thank you Outsystems for supporting, I think pretty important work Steve does here at Security now. All right, Steve, I'm going to go to the show notes.

Steve Gibson

So I gave this picture the caption. Who could possibly believe this was a good idea?

Leo Laporte

Who could possibly believe. And I am going to. You could start the timer, scroll up and see a water heater floating in the air because of course, floor space is a premium.

Steve Gibson

Premium. Yeah.

Leo Laporte

What's below even says Danger High Voltage. Keep out. And then the. Really, to add insult to injury, there's some mop buckets there too.

Steve Gibson

This, this picture just keeps on giving. For those who are not privy to this photo. Basically the picture is in two halves, an upper and a lower. Unfortunately, the upper is the upper as opposed to the lower. On the bottom of the photo, where a lot of the potential action will be happening is a lineup of large, high tension, high power, high voltage breakers with those levers on the side for pulling the master switch. Looks like we've got some big power like substation kind of transformer things.

Leo Laporte

I like how they've protected it with the same kind of cyclone fence you'd find in your backyard.

Steve Gibson

Oh, yeah, you got even as a gate. Yeah, yeah. Danger High voltage. Keep out. And the punctuation to this is that on a little jutting out stand ledge jutting out from the wall floating above all of this is a water heater. I mean, some, some.

Leo Laporte

Well, thank God they never leak.

Steve Gibson

Wow. Oh, I mean, wow. You know, residential heaters have to be strapped down to the house now in California.

Leo Laporte

Yeah. Three straps. Because of the earthquakes. Yeah.

Steve Gibson

And. And often they are sitting in a. In a tray.

Leo Laporte

Yeah.

Steve Gibson

An aluminum tray. Thank you. With a drain because. Yes. They are in fact known to have a limited lifetime and they will start leaking.

Leo Laporte

This can't be real.

Steve Gibson

Oh, Leo.

Leo Laporte

This can't be real.

Steve Gibson

It's just. Oh my God. And what was interesting, as I, as I mentioned to you before, we began is this, this photo went out. Of course, it's the picture of the week. So it was featured in the show Notes. I got a bunch of feedback from people who said, oh, yeah, I've seen this. I, I mean, I, I mean, they got a whole bunch of, of their own anecdotes of variations on this theme of something wet being involved, you know.

Leo Laporte

Suspended over something highly electric. And I love it because the cyclone fence, as Burke says, we'll just kill you faster, that's all, as you rush in to mop up the, the water.

Steve Gibson

Oh, God. Wow. Yeah.

Leo Laporte

Anyway, great, great. Classic picture of the week today. It is. Yeah. That is more.

Steve Gibson

Okay, so about a year and a Half ago, Security Now's podcast 942 was titled Encrypting Client hello. That podcast took one of our deep dives into the continuing privacy vulnerability that's inherent in most TLS connections today, where sni, which is short for server name Indication, allows a single IP address to be the home for any number of websites. Now, backing up a little bit. As we know, TLS connections require web servers to return their valid certificate to prove their identity. If that wasn't done, then there'd be no protection from man in the middle attacks. The man in the middle could return a spoofed certificate and we would think we'd connected to the real server rather than mistakenly connecting to something that is going to intercept all of our tracking traffic. So TLS connections require web servers to return a valid certificate to prove their identity. But when many sites are hosted at the same IP address, which is now way more common than not, probably because this is one of the solutions for the IPv4 exhaustion problem. It turns out you don't need your own iPad per server. I even am now sharing a few IPs among multiple services. So the question then is, how does such a hybrid website or server collection know which certificate to return to the client that's wanting to connect? The answer is that the user's TLS client web browser indicates the name of the domain, the name of the domain it wishes to connect to when it sends its first TLS handshake message to the site hosting that has many domains behind it. Now, the problem with doing that is that this must take place by, by definition, before the encryption keys have had a chance to be exchanged. You know, you're, you're telling the remote site which server you want to receive its certificate from. So obviously you don't have encryption yet, because it's not until you tell it that it knows which certificate to send you. So the problem is then that this SNI information, this server name indication domain name will be exchanged in the clear and thus completely open for any spoofing or snooping ISP or hotspot operator to observe. Now, as its name suggests, ECH Encrypted client hello is the next generation technology to solve this problem. And again we talked about it about 18 months ago. I just ran across an interesting just published research report by the mobile security company Korata C O R R A T A which was titled Living with E C H. What I thought was so interesting is that they bring some perspective from the field, whereas what we talked about 18 months ago was pure protocol theory. So what's really going on? Here's what they wrote. They said last year our security research team noticed an uptick in detections of the domain cloudflareech.com across our customer base. So I should note that they're a mobile security company, so their customers are running their software in their mobile devices which provides security. That software is monitoring what they're doing to protect them and also generating telemetry back to them. So their team sees like suddenly cloudflare ECH.com starts to appear. They said the numbers were small, low thousands among hundreds of millions of domain scans, but nonetheless intriguing. Did this herald the prime time arrival of encrypted client hello, a protocol which information security professionals feared would make widely used security tools blind to large swaths of Internet traffic. Now that's perfect example of something we didn't talk about or think about. It's like, why is this not really good? Well, turns out security tools are taking non malicious advantage of the fact that they can know what's going on. So that's going to go away if ECH or once ECH takes hold, they said. For example, it was readily apparent that the spike in Cloudflare ECH.com detections was directly related to to Internet infrastructure provider Cloudflare's decision to support ECH by default on its most popular plan. They said our researchers wanted to investigate whether this change represented a tipping point in ECH adoption or just a small step change related to the policy of a single infrastructure provider. So then they give us a little bit of background from their perspective. They wrote Encrypted client hello is an extension to the TLS 1.3 Internet Encryption Standard. TLS or Transport Layer Security is the standard used to safeguard communications between an endpoint device and the web server it's connected to. That's of course one use case you could use it for all kinds of things. It is the standard indicated by the familiar padlock symbol in browsers and the HTTPs designation in front of web addresses. TLS now protects the vast majority of Internet traffic. A variety of sources put current adoption well above 90% of that traffic. The vast majority uses TLS 1.3, and I'm not quite sure that's the case. Maybe the vast majority can it's not clear yet whether the server side has yet caught up as as I recall last time we looked 1.2 was still widely represented. But anyway they wrote the most recent version of the standard being 1.3. ECH is designed to increase user privacy by encrypting the content exchange between clients and servers when they're establishing an encrypted connection. Without ech, which is again an extension to an optional add on to TLS 1.3, a client will reveal the domain of the website it's attempting to visit before the encrypted connection is established by disclosing the domain server name indicator sni. This means that an entity with visibility of a user's Internet traffic, for example An Internet service provider, mobile operator, enterprise security teams and or bad actors can see that user's destination even when the user and the server take precautions to avoid this. So increased user privacy? What's not to like? Unfortunately, in the view of many enterprise information security professionals, increased privacy will come at the cost of compromising their ability to detect and respond to threats. Appliances such as secure web gateways and next generation firewalls rely on the visibility of SNI in order to identify the destination of traffic which would otherwise be hidden. Because the use of encrypted DNS and network edge services like cloudflare, widespread adoption of ECH would severely curtail the ability of enterprises to identify and block connections to malicious domains. A particular problem arises for regulated industries who need to selectively decrypt TLS traffic for compliance purposes. Unable to do so selectively, they may have little choice but to decrypt all of it. Given the likely impact, it's important that we have a clear understanding of the current state and likely future trajectory of the rollout of Echo. So again, lots of things we had not thought about before. Transport layer security has revolutionized the confidentiality of Internet communications. Before widespread use of encryption, many legitimate and illegitimate actors had the potential to snoop on Internet traffic and even to modify it. However, information leakage remains some isherent just to the way the Internet works. For example, the source and destination addresses and other networking metadata or will always remain in the clear. But other leakage is due to privacy gaps in the protocols. Two of these are of popular of particular importance client DNS queries and TLS client hellos. Those being the two that are still outstanding. They said DNS queries are the way a device translates a request to visit a named website google.com into the IP addresses, for example 7412-519-7113 which it needs to connect to the site. It sends the query to a DNS resolver, normally one which is provided by its isp. In general, these DNS requests are sent in the clear, meaning that the ISP and anyone else with access to the traffic can see the website the user is Looking to access. ISPs. Governments and enterprise IT teams can use this information to block access to sites deemed unacceptable or malicious. Encrypted DNS and they say I E DNS over TLS, also known as DOT or DNS over HTTP, known as DoH, is a way for users to hide this information. Typically they do this by replacing the default DNS on their device with an encrypted Service such as 1.1.1.1 Cloudflare or 8.8.8.8 Google. All major operating systems and browsers can be configured to use encrypted DNS. Well not Windows 10, but Windows 11 does have it natively and there are proxies you can add onto Windows 10 and browsers have it built in, they said. Karata estimates that 20% of enterprise devices use encrypted DNS. They said encrypted DNS EDNS is not turned on by default for a number of reasons. ISPs have a commercial interest in understanding how their subscribers use the Internet. Access to DNS queries is very useful in this regard. Governments also have an interest in being able to passively monitor and potentially restrict access to illegal, malicious or unacceptable content. Enterprise information security teams also have legitimate reasons for wanting to block access to content that could represent a threat, for example phishing or malware download sites. They said device manufacturers want their devices to work seamlessly in all environments. Governments and are reluctant to turn on a feature which might lead to a poor user experience in some circumstances. And of course we've talked about how there are DNS services that like family plans that just will not return the IPs of, you know, not safe for work style websites. They're, they're just, they don't appear to be on the Internet if you use those DNS services anyway. These guys wrote. Unfortunately for users who want to hide their Internet activity from prying eyes, even with EDNS enabled, they cannot remain private. This is because of the information which is exchanged when their device establishes a TLS connection to the server it wants to access. The TLS client hello message sends the domain name of the server they're connecting to in the clear, making it visible to any entity monitoring network traffic. It is this gap which encrypted client hello attempts to address. Encrypted client hello works by encrypting the client hello message, which is the first message sent by the client in a TLS handshake. Traditionally, this message, including the server name indication, as they said is, is set in plain text, they said, allowing network observers to see which specific domain are users trying to access, even when the rest of the connection will then be encrypted. ECH addresses this by encrypting the entire client hello using a public key obtained via DNS, specifically through the HTTPs resource record. That's a DNS resource record, type 65. The client sends an outer client hello with a benign or shared SNI server name indication, because again, that's not going to be, that's not going to be hideable. So it uses sort of a fake SNI and includes the encrypted inner client hello as an extension. So basically it's sort of a Trojan horse. It sends the initial. It first looks up the domain's public key in the domain's DNS that gives it the public key. It then encrypts the actual client hello containing that domain name into a blob, which is attaches to a kind of a spoofed or we don't care about this client hello. And that's where that cloudflare ECH.com appeared. That's commonly used in that outer wrapping kind of we don't care about this client hello packet. That's what everybody sees. And that's, you know, it's a klude, right? But unfortunately, first SSL and then TLS wasn't designed for this, so it had to be hung on later, after the spec was finished. And the problem was, you don't want to upset the existing protocol with something that it doesn't know about. So you send it a client hello that looks legitimate, but in the extension fields it says, oh, look, here's a blob which, if I have the matching private key to what? To the public key that was attached, I'm able to decrypt it. So they said the client sends an outer client hello with a benign or shared SNI and includes the encrypted inner client hello as an extension. Only the gateway to the intended server which holds the corresponding private key can decrypt this inner message and complete the handshake securely, they said. It should be noted that this necessarily depends on ECH enabled traffic being mixed with other ECH traffic going to different servers but through the same gateway. Otherwise, no privacy gains are achieved. I'll explain that in a second, they said. This means that in order to achieve its goal, ECH requires traffic to go through gateways controlled by large content delivery networks such as Cloudflare, who will still have access to the sni. The privacy gains are therefore limited okay, now to pause for a second. Another way of putting this is that encrypting your client hello handshake with GRC.com is not going to buy you much privacy, since there's no one home at 4.79142200 other than GRC. So anyone who's connecting to that IP is definitely known to be talking or planning to talk to GRC.com because that's the only server at that IP. But the same is not true by a huge measure when connecting to a website that's fronted by Cloudflare, since a bazillion different with a B bazillion different websites will all be sharing Cloudflare's relatively small collection of destination IP addresses. So you're hiding among the crowd. No one knows where you're going once you go through Cloudflare's entry gate. The Carrada report continues in our research, all outer client hello messages observed use the same sni cloudflare-ech.com this was true, they said, whether or not the website used Cloudflare's infrastructure. This makes all websites using ECH indistinguishable from each other. This is possible because the content of this field plays no part in the TLS handshake, which I think is really interesting. So maybe that's going to kind of become a de facto standard. Okay, so where do we stand regarding the adoption of this? They report For a website owner to offer ECH natively, they will need to use a name server that you know, a DNS name server and a TLS stack that support it. Today that support is limited and for this reason the simplest way to enable ECH on your website is to work with a CDN that supports it, that is put yourself behind a big cdn. In practical terms, they said. In practical terms, that means using Cloudflare. For an end user to take advantage of ech, they will need to use a browser, Chrome, Firefox and so forth that supports it. They will also need to configure their browser or whatever device to use encrypted DNS, both to hide their DNS queries and to access an ECH compatible resolver such as 1.1.1.1 or 8.8.8.8, they said our research aimed to establish how often these connections apply to enterprise traffic. Our findings are based on analyzing billions of connections made by devices running Kurata's threat detection and response solution. Carrada software is used to protect iOS and Android devices and is representative of that important segment of enterprise Internet traffic. Carrada has visibility of DNS query and TLS connection metadata for all these connections and has tracked the number of successful ECH connections created between January and March of 2025. This year, of the top 1 million websites, slightly less than 10% support ECH. So of the top million, just less than 10% support Echo@ all. With a tiny number of exceptions, all of these sites use Cloudflare's infrastructure. Underlining the importance of Cloudflare for ECH adoption, but also highlighting the lack of support from other infrastructure providers, they said Looking at the end user side we see major gaps in potential ECH support, meaning on the client side the first carve out is for Apple devices. IOS does not support ECH. On Android devices we see that 30% of users have both configured their browser and or device to use encrypted DNS and are using a browser Chrome in the vast majority of cases of course on Android that is ech compatible. So 30% of Android Zero of iOS because it doesn't support ECH at all. Taking the server and client support proportions together would suggest around 2% of connections might be using ECH. In reality, our data shows that only 0.0.06% of connections actually use it.

Leo Laporte

That's. That's pretty close to nothing.

Steve Gibson

Yeah, and so wow, 0.06% of connections actually use it. This underperformance is due to the fact that Cloudflare sites are not distributed evenly across the popularity tiers. Coverage falls to 3% when you look at just the top 1,000 sites and 1% in the top 100. So I have a chart in the show notes here on page five, which is really interesting. There's not even a bar for sites 1 through 100. The top 100, they've got it labeled 1%, but I don't Something's wrong with a chart because the 3% bar is.

Leo Laporte

A big, it's a lot bigger than 1% and you could certainly.

Steve Gibson

Yeah, it's certainly more than three times nothing. But, but of the top 1,000 aggregate, 3%, then in the, from the, from 1,000 to 10,000 it jumps to 7%. From 10,000 to 100,000, that's our biggest bar, that there's 10% support there. And then from 100,000 all the way to a million aggregate, that's 9%. But overall 0.06% of connections are actually using it. They said the Cloudflare ECH site population exhibits other characteristics. That is okay now, so that's the. How many connections are actually have their, their TLS handshake encrypted with ECH and I mean it's not going to get you very far, unfortunately. What about the Cloudflare side? Which sites are using ech? They said Cloudflare's ECH site population exhibits other characteristics. Malicious and risky sites are heavily over represented. In total, about 17% of ECH enabled sites fall in those categories. Well, risky or malicious. And why, Leo? Because they want to hide, right? They want the protection that ECH provides. They said. Our analysis of phishing detections shows that over 90% of phishing uses Cloudflare's infrastructure.

Leo Laporte

Wow.

Steve Gibson

In addition to the anonymity provided. Wow. Yeah. In addition to the anonymity provided by ech, these sites take advantage of other Cloudflare features. For example, the Captcha page can be used to direct desktop traffic to the legitimate site, while mobile traffic is sent to the fake one. Alternatively, traffic not coming from the targeted country may be redirected to the legitimate site. These are deliberate tactics to avoid detection by security providers. We have a second bar, we have a pie chart there that just shows that malicious is 9% inappropriate one way or the other is 8%. So together 17% of Cloudflare's total traffic. Okay, so where do we go from here? So far it all seems rather depressing. We have the technology, but very few are choosing to use it. And again, the only real value does come from massive website aggregators that that offer destination privacy by virtue of the fact that that the destination could be any of their website customers. So there that. The Carrada report says the combination of the low levels of traffic which use ECH, together with the high level of malicious and risky sites within the ECH enabled population will persuade many organizations to block access to sites using Echo absent any further knowledge of the content of the site. Which is frightening. It's like, wait, you're saying we can't use any of this privacy enhancing technology, period, because not that many sites use it. We wouldn't be losing much if we blocked it. And the chances are nearly one in five that we would want to block it because of where you're trying to go and we can't tell if we don't block it. Yikes. They said such an approach is defensible from a user experience perspective, while ECH support remains at such low levels that they've identified in their research. They said. So how quickly might that change? Adoption can be driven from either the client or the server side. Well, I'm like hello Apple. They said there are a number of factors which would drive adoption on the client side. The first would be for Safari to support the standard. Private Relay is Apple's subscription based privacy enhancing technology and it is unlikely to proactively support a potential alternative. Well that's interesting. So the ECH can be viewed by Apple maybe is as a competitive threat and so it's like no, we're going to, you know, give you Private relay. They said a second would be for Chrome to enable encrypted DNS by default. They said this is more likely. Google would lose nothing with such an approach and it might disadvantage competitors who are seeking to monetize Internet usage information. Our estimate is that where Chrome were Chrome to make encrypted DNS a default, it would likely double the proportion of TTLs connections using ECH. So what? Up to 0.12%. Great. But such a change, they wrote, would be a significant market intervention and would not be welcomed by mobile carriers who have influence over Google due to their role in handset sales. The position in relation to Android is also not positive from an ECH adoption perspective. To understand why, we must first look at how encrypted DNS is handled at the device wide level. In Android, no major manufacturer has enabled DNS encryption. By default, users have the option to turn on private DNS. Once enabled, the device will encrypt all DNS queries using the DNS over TLS the DOT standard. However, device wide dot is not properly compatible with ECH for a variety of reasons. Furthermore, the TLS stack with an Android would need to be enhanced to support ECH to allow the 90% of connections which are not browser related to make use of the privacy enhancing standard. Meaning if only the browser, if only Chrome on Android knows how to use ECH. Well, that's 10% of all TLS use for Android. The other 90% would still be out in the cold, but it needs to be done device wide in order to put a wrapper around the user's entire experience and to give them true privacy. They said for server side adoption to increase you would need to see wholesale migration to Cloudflare, which they have in parens unlikely or default support from other content delivery networks. 23.6% 23.6% of the top 15 million websites use a CDN. Okay, so nearly 1/4 of the top 15 million websites currently use a CDN, but that's 3/4 that don't. 3/4 where the IP address you go to tells everybody where you're going, they said. This understates their importance as CDM penetration is particularly high among the most popular sites. The market is dominated by Cloudflare fastly, Amazon and Akamai CDNs other than Cloudflare have so far announced only tentative steps towards ECH support, with no suggestion of default enablement. That said, ECH adoption is a positive for the CDNs. The complexity of implementation means more websites will opt to use CDN services at a more strategic level. The CDNS would become the only infrastructure players with widespread visibility of end user application usage. And their report finally offers some interesting conclusions. They said the spike in detections of the cloudflare ech.com domain observed in the latter part of 2024 was the catalyst for this research. We wanted to understand what the implications of this new phenomenon might for enterprise information security. A rapid increase in the use of encrypted client hello would mean that it would no longer be possible to directly detect the destination of much Internet traffic. Security tools designed to keep enterprises safe would lose some visibility that they rely on. And now we understand unfortunately despite what they what brought this to their attention, none of this is happening, they said. Our findings indicate that this visibility apocalypse is not in fact imminent. The fact that large elements of the ecosystem are not moving to quickly support ECH means that the low levels of penetration we see today are unlikely to change rapidly. There are major gaps on both the client and and infrastructure side. On the client side you need support for both DoH and ECH. Again not dot that's not compatible with ECH. So you need DNS over HTTPs which isn't available device wide. Support for this combination is non existent for Android and iOS and this is unlikely to change in the short or medium term. Lack of support from Safari is a big gap on the browser side. Chrome offers support for DoH and ECH but not by default. And we know what that means. Most people won't have it turned on. On the infrastructure side, they conclude Cloudflare is the only provider supporting ECH today. And remember, it doesn't really do you much good unless you're behind a cdn, because otherwise everybody can see you know where you're going by ip. Cloudflare's promotion of the standard is part of its privacy. First, positioning and support is baked into its tech stack. Other providers are not in the same market or technical position. It would be complacent to expect this position to continue longer term, as ECH adoption offers significant market opportunities for the CDN industry that is, you know, offering privacy to websites and the users who go to those websites. For now, information security professionals can breathe a sigh of relief. But continuing to track this space is no longer optional. It needs to be done. So I think the bottom line here is that we have another example of adoption inertia where there's no overwhelming incentive to make any changes. So, you know, there's zero user interface visibility, for one thing, into any of this. So users don't get any benefit that they can see. They have no idea what's going on, so they're unable to drive any change. And even if they could, what's needed is the underlying technology support, which is missing. And even when all the technology is in place, only sites behind large site aggregators obtain the benefit of external eavesdroppers being unable to determine by IP address where the user is actually going. And adding insult to injury, perversely, the primary drivers of ECH adoption at the moment are the disreputable sites deliberately operating behind cloudflare for the purpose of using ECH to prevent their detection and filtering and blocking. And even if ECH support might be identical for, you know, or rather incidental for all those sites, they're still obtaining ECH's benefits which help them to remain hidden, you know. So, as we've often seen, obtaining true privacy on the Internet is overall a heavy lift in ech. We have a terrific technology, but it's one that requires explicit DNS support to allow a browser to obtain a site certificate before receiving it from the site, as well as support by each end. And if the user's browser is not also encrypting its DNS queries, then those required DNS lookups are also leaking their intended destination. So it feels as though ECH will continue, you know, to gradually, very gradually seep into the Internet's infrastructure someday. In the far future, all web browser DNS will be fetched over Privacy, enforcing tls, adding the HTTPs certificate to DNS records will be standard behavior and all clients and servers will be supporting ECH. Someday. It'll probably happen on its own, but you know, it's nothing that anybody can do. I mean, we as users can't drive this. They're just, you know, the Internet fights privacy. It wasn't ever designed for it. We've been layering on, you know, adding widgets to it in order to, to increase it and create it. But do is limited system.

Leo Laporte

Is it as good? No as which as ech. Like their, their Internet relay and all that?

Steve Gibson

Yeah.

Leo Laporte

Is it okay?

Steve Gibson

Yeah.

Leo Laporte

So that's in a way, that's the way to do it because then it's Apple, it's not a phishing scam and you get the privacy.

Steve Gibson

Right. But of course, Apple's not the entire world.

Leo Laporte

No, I. Yes, I understand. And maybe if, if Google did it on Android, then you'd have much of the mobile world anyway.

Steve Gibson

Right? Right.

Leo Laporte

It's not going to get desktop, but maybe that's at this point, not important. I don't know. It's a thought. Would you like to do a little break here?

Steve Gibson

Oh, I'm parched.

Leo Laporte

I thought you might be. I am here to save your parched vocal cords.

Steve Gibson

My parchment.

Leo Laporte

Our show today, brought to you by something we've talked about many times. Zero Trust. And in particular, the best company to put Zero Trust in action in your business, Threat Locker. First, let me talk about why you need something like Zero Trust. Clearly, if you listen to the show, you know ransomware is rampaging through the business world. Phishing, emails, infected downloads, malicious websites, I mean, even RDP exploits. But you don't want to be the next victim, do you? That's why you need Threat Locker. Zero Trust platform. And here's the key. It takes a proactive and this is it. These are the three words you want. Deny. By default. The stop sign is up, the red light is on, the bar is closed. By default. That blocks every unauthorized action, protecting you from both known and unknown threats because nothing can get through unless you have specifically explicitly authorized it. So zero days, who cares? They don't get in. You don't authorize that. Threat Locker does it. And they do it affordably, they do it right, they do it easily. And I tell you, if you are an infrastructure company, if you're a, you know, if you're a mission critical company, you need something like this. That's probably why JetBlue uses Threat Locker and the Port of Vancouver. Talk about infrastructure. They can't afford to go down. They use Threat Locker. Threat Locker shields them and can shield you from zero day exploits from supply chain attacks while providing complete audit trails for compliance. It's kind of a side effect, right? You know exactly who used what, when and where. Threat Locker's innovative ring fencing technology isolates critical applications from weaponization. It stops ransomware cold. It also, and this is really important, limits lateral movement within your network. Somebody gets in, it doesn't mean they can go anywhere. They can only go where they're allowed, right? Threat Locker works across all industries. It supports Mac environments, of course, Windows. So it's, it's, it's perfect for Everybody. You'll get 24. 7 US based support and, and again, this is kind of a side effect, but it's a big benefit. You get comprehensive visibility. Let me give an example. This is another mission critical situation. Mark Tolson, he's the IT director for the city of Champaign, Illinois. I mean, look, cities are really targets for ransomware, right? Mark's going, what do I do? What do I do? He says Threat Locker provides that extra key to block anomalies. Nothing else can do. If bad actors got in and tried to execute something, I take comfort and knowing threatlocker will stop that, that's the key. Stop worrying about cyber threats. Get unprecedented protection quickly, easily, cost effectively. In fact, kind of blew me away how affordable ThreatLocker is. Visit threadlocker.com twit you can find out. You can also get a free 30 day trial. And by the way, it's so easy to implement that before the show's over you'll be using it. To learn more about how ThreatLocker can help mitigate unknown threats and ensure compliance, visit threats threatlocker.com TWIT threatlocker.com TWIT if you were at the RSA Conference, RSAC, if you are talking to your fellow CISOs, I know you saw Threat Locker. I know you're hearing about Threat Locker. This is the one you want. Threatlocker.com TWIT thank him so much for supporting Steve's work. They're big believers in security now. We're glad they're here. Steve, continue Mr. Parch.

Steve Gibson

There were, there's a bunch of stories we're going to get to. There were some other pieces of news that I decided to push to next week. I will, I've got them written down. In fact, I'm going to tease them at the end of this podcast because I know what's coming but, but that was so long that it. And I wanted to cover that because I thought that was really so much interesting information about, you know, how unfortunately a very privacy forward protocol which its lack means that there really isn't a way to hide where we're going.

Leo Laporte

This is why we can't have nice things. The bad guys use them.

Steve Gibson

Yeah, yeah. Anyway, so I've got some things to talk about based on feedback from our listeners which as I said is just fantastic. At this point I've, I'm waiting around in feedback so I'm, I'm certainly not, I've got lots to share. Michael wrote. Hi Steve, it sounds like the investor, the inverters from China that you spoke about last week use Internet connectivity as a backdoor to potentially be shut down by remote command. We actually, we know that's true because of what happened last November where a remote command was used to cause some blackouts here and in other countries. He said now if I was looking to install a Trojan horse off switch, I'd use a tiny radio receiver in my inverters that scans a specific rarely used VHF frequency for a specific pattern or code. If China did this, then they just have to launch one of their balloons with a transmitter sending out that code over radio waves. Ham radio balloons can cover multiple states with their signals. And I believe China's recent balloon flights over America were even higher than the typical ham radio balloon Satellites could also broadcast a kill switch VHF signal. Such a system would be undetectable and unstoppable, no firewall needed unless the hardware was reverse engineered. Who knows, maybe this system already exists in our infrastructure. After all, China has flown balloons over our nation, perhaps as a test for their virtual EMP attack in a future conflict. Thanks for the show, Steve and Leo. I've been a big fan for decades. Michael, so I've been thinking about this too ever since the story surfaced that was, you know, our, our headline topic last week. What occurred to me is that it's now possible to create very inexpensive satellite radio receivers. All cars have them for your optional, you know, Sirius fm. Many years ago, the housing complex I lived in at the time upgraded its aging. Excuse me, I got a tickle. Upgrading upgraded its aging water sprinkler infrastructure to use weather data from a satellite data service of some sort. I remember looking at the new new sprinkler controllers and they had this little black puck on top of them and it turns out that's what that was. So if I wanted to be nefarious, I think I'd probably piggyback on an existing global data transmission facility. I'm sure that commercial Sirius style FM radio is just one of many because this weather information was being received no matter where you were in the country, and then simply arranged to have an off switch encoded into the data stream somehow. So let's just hope as I said, you know, we talked about this last week. The good news is the right people are aware of this possibility. The bad news is tensions are high with China, unfortunately, and between China and the US at the moment, which is really disappointing and unfortunate. But it's the case. And so I would say at this point, if any power system that an individual is responsible for gets blacked out as a consequence of an inverter being shut down remotely, it's hard to believe anyone other than the operators of that service because it should be possible to pop the lids on all this stuff and find out what's going on. Marshall M Said hi Steve, Related to the new domain registration blocking question. This is currently possible using next DNS IO or control d.com he said, I'm sharing a couple of screenshots of the rules for each. I'm looking forward to more episodes meaning of the podcast. That's all he said. But I put the the screenshots he shared in the show notes. One shows a screen showing new domain filtering options and it says contains new domains that were just registered. Many of these could be used for badware distribution, procedurally generated domains for malware command and control servers, etc. This could also cause collateral damage and block legitimate brand new domains. And then you have a choice of choosing as recently only as recently as last week, which it says blocks domains that were registered obviously in the last week, presumably seven days and then last month blocks domains that were registered in the last month. So that was one provider. The other has this beautiful page of switches that you're able to turn on off. You can enable crypto jacking protection, enable DNS rebinding protection. In fact, that's one of the things that GRC's DNS benchmark has always checked for. We did, we talked about DNS rebinding attacks many, many years ago. Also you can enable homograph attack protection, typo squatting protection, domain generated algorithms protection, and also finally block newly registered domains protection. So thank you Marshall. I'd forgotten about those options which are built into today's more feature packed DNS services. And seeing him mention control d.com I don't think we've ever talked about that service on the podcast, but it Put a smile on my face. Since their DNS resolvers are part of the updated DNS benchmark, which I and all of the people who've been testing it for the last six months or so frequently see because they perform quite well. Next DNS is up at the top of the list too, as our Quad 9 and Google and you know, all of the familiar names. But it was fun.

Leo Laporte

Yeah, I use Next DNS.

Steve Gibson

Yeah, yeah. Yes, and I do too.

Leo Laporte

In fact.

Steve Gibson

In fact, there was a time a few months ago when I was experimenting with the throttling of DNS queries and I removed, experimentally removed all of the throttling from the benchmark and just let it go. Well, it turns out that I was using NextDNS as the DNS server on the workstation where I did this and I thought like something weird happened and suddenly I had no access to the Internet and browsers wouldn't work. Blah, blah. It turns out that without the throttling, which the benchmark has always had, NextDNS detected a DNS attack, thought that the benchmark was attacking because so many queries were being run through. Blocked my ip. It's like, oopsie.

Leo Laporte

I guess I understand that.

Steve Gibson

Yeah, yeah. Tyler wrote. He said, dear Steve, I work in higher ed. I'm a one man IT band at my regional location. I hear on the show all the time about successful phishing attacks and the fallout that comes. I just wanted to give a shout out to end users who are proactive in stopping these attacks. My co workers look at every link with, you know, askance, he said with a side eye and every email with healthy skepticism.

Leo Laporte

Good.

Steve Gibson

Well, yes. While it might be annoying getting asked regularly, quote, is this safe to click on, unquote, he says, I welcome the annoyance and routinely thank them for asking. So as many IT professionals here on the show, he said, can we get a shout out for all the end users that are doing the correct thing?

Leo Laporte

Yes.

Steve Gibson

Love the show, Tyler. And absolutely, yes, I agree with you, Tyler.

Leo Laporte

I bet everybody who listens to the show does that, right? That's what you get when you listen to the show is some healthy paranoia.

Steve Gibson

Well, and probably where all of the we listeners are also the ones who get asked, you know, that's right. People who are not listening. Yeah. So we're all Tyler's. I do think that the message has been received by many end users. I smiled when Tyler talked about his co workers asking, is this safe to click on? Because while I don't have co workers nearby, I do have Lori and She will frequently, bless her heart, receive some things she is unsure about. And the good news is, as with Tyler's co workers, she'll always ask me, you know, the events are generally text messages which happen to mention some service that by coincidence she uses, you know, and as we know, the spoofed messages are things like, you know, your package is being held at the post office and it will be discarded unless you click this link and it's like, what, what package? Oh, no, you know, or your account is overdrawn and has been locked, you know, to use it further, please click this link. You know. So anyway, she's become accustomed to me looking at the message and, you know, the link's phone number or the domain name and saying, yeah, you could just delete that. That's nonsense. So anyway, I'm glad that everybody is becoming much more aware of these threats. You know, it just takes time for sort of the awareness of this to percolate out into, you know, the user base. But, you know, it really is. Kazimir Kaz in Croatia wrote regarding your proposed solution for secure conversation records retention. I see a few issues. He said. It's not automatic. For example, it's still depending on someone adding this archiving agent to group chat. That's 100% true, he said. And we know how one can rely on people abiding by procedures, lol. He said also, it will not cover one to one chats without adding an archiving agent. He says, I guess that in the end, in regulated environments, there will still be a need for, for modified client programs, WhatsApp, Signal, Telegram, et cetera, but with properly secured content delivery into an archive, in other words, there's still a need for what Telemessage was trying to do, but fumbled so badly, he said. For example, public key is used in apps to encrypt the payload and private key is used on the archive end to decrypt it. Publicly exposed Endpoint can host a web page with QR code to configure the client, company name, API, URL and public key. It has to be scanned from the app as a prerequisite for app activation, therefore forcing people to comply. He says, wish you all the best. Go strong all the way to episode 2K and beyond. And Leo, I hope this 2K beyond doesn't become a meme, because it seems like.

Leo Laporte

I have a feeling it might.

Steve Gibson

It's another 20 years. Yikes.

Leo Laporte

Yeah.

Steve Gibson

Anyway, Kazimir is certainly correct in observing that, you know, the, the signal bot archiver would need to be deliberately added to any conversation. And even when the conversation is just two party, just, you know, you know, me and you, that worked. That as that approach worked, the signal bot archiver approach worked for the model we were discussing where responsible office holders would be obeying clearly written laws requiring that they archive their messages. So you could inadvertently forget. But, you know, it would certainly hopefully become habit. And typically, I think people establish all these conversations and then rarely are creating them on an ongoing basis. So you end up with the signal bot archiver participating in pretty much all that you're doing. But there is the problem of forgetting to add it. I get that it would be possible to return to the use of a modified signal app, although this approach avoided that, but that such a modified signal app would always automatically add the archiving signal bot to any conversation. That way, government or corporate officials whose every conversation must be archived would have the convenience of having the signal bot always tagging along. So, anyway, just more good thoughts. And Leo, I need the convenience of another sip of coffee because I've got a scratchy throat.

Leo Laporte

Please. Such a wimp. I talked for hours and hours that.

Steve Gibson

That first piece went so long that it pushed our. Our second sponsor back.

Leo Laporte

You can't.

Steve Gibson

You can't.

Leo Laporte

Can't get it in.

Steve Gibson

Get back on track here.

Leo Laporte

I'm going to show you our sponsor for this portion of security. Now, I think you might recognize this.

Steve Gibson

Oh, I sure do.

Leo Laporte

Oh, baby. This here is my thinks canary. And this is super cool, man. This thing, for those of you listening, it looks like an external hard drive. You know, it's just black case with a green light and a picture of a canary on it. But it also has a ethernet jack and a power plug. That's it. But this little puppy, despite its looks, is something pretty amazing. It's a honeypot. That looks like something really valuable to the bad guys. Not vulnerable. Not like, oh, look at me. Come in here. No, it looks like there might be something on there that somebody prowling your network might want. I think this is one of the best security devices ever. Because after all, the. Mostly the way that we consider security is as kind of a perimeter defense, a barbed wire fence surrounding our enterprise. And for so long, we've just assumed that, oh, well, that's all you need. Right? Except that we now know that people get in. They get in. Because not every employee is as swift as Tyler's. Not every user is as careful. Bad guys are out there in force. So once somebody's in your network, what are the chances you're Going to catch them all. These scrackers are pretty savvy. They these days, probably. The chances are you're not. And that's why you need a honey pot. That's what this is, a honey pot that unlike, you know, the kind of honey pots we talked about with Steve Bellavin back in the day. These are easy. They take no trouble. You can deploy them in minutes. You have a dropdown menu that could choose any personality you want. For a long time it was a synology nas. It's so easy to change. I mean, you might change every day. Sometimes it's a Windows server, sometimes a Linux server. Sometimes it's got all the services turned on, lit up like a Christmas tree. Sometimes just one, you know, just maybe RDP turned on something. This is my Thinks Canary console. And I could see there have been port scans. You have more alerts than normal. Would you like to mass acknowledge them? Yes, mass acknowledged. I don't know what's going on. Here's the tokens. These are, you know, you can make a variety of. You can say this is an AWS API key. Of course it's not. It's a key though, that if somebody tries to use it on your aws, you get an alert. There's a bad guy using that phony key. Look at all these things. Wireguard VPN client config that alerts when connected, See, because bad. Here's a QR code that you could put that will ping you when it's scanned. Now all of this goes back to the Thinks Canary, which as I thought, was a Windows Server 2019 Office file share. But if you get tired of that, hey, you're not stuck. It can be any number of things. Look at all this. An IIS server, a Linux proxy, an Oracle Enterprise Linux. It could be a fortigate. It could be a microtik router. Steve, we know how good those are for. For attracting bad guys. It can even be a scatter device. I mean, this thing, look at this. It can be a Hirschman RS20 industrial switch. It can be anything. But once you've configured it, man, the minute somebody touches it, somebody accesses those Lore files or tries to brute force your fake internal SSH server or your Windows 2019 server, you're going to get an alert immediately. It tells you you have a problem. No false alerts. You saw, I had all those alerts. Somebody, I think I was port scanning. So that was probably what that was me doing that to myself. Unless, I don't know, maybe it was Russell getting in here. I think I maybe have to look at those alerts and see. You just choose a profile. You saw how easy it was. You register with the hosted console for monitoring and notifications. Then you put your hands back and you relax. You relax. You wait. As soon as somebody breaches your network, whether it's a malicious insider or a hacker, some other adversary, you're gonna know about it. And that's the key. You know, on average, companies don't know they've been breached for 91 days. That's three months. A bad guy could do the worst without you even knowing it. That's why you gotta have some things. Canaries, maybe, let's say five. Okay. Visit Canary Tool Twit. Five things. Canaries would cost you about $7,500 a year, by the way. Some big banks have hundreds. Just depends on the size of your operation. You know, how much protection you want, you get for the 7,500 bucks a year. Five things to Canaries, your own hosted console. You get upgrades, you get support, you get maintenance. And if you use the code twit. Twit. And the how did you hear about us? Box, that's going to be 10% off. And not just for the first year, that's going to be forever. For as long as you are Things Canary user 10% off. Oh, one other thing that should reassure you, you might say, well, I don't know, you can always return your thanks to canaries with their two month, 60 day money back guarantee. And that's for a full refund. I should tell you though, that we've been doing these ads for about eight years. In all that time, that refund guarantee has never been claimed. No, because once you get these in, you say, how did I live without them? The thinkst Canary Visit Canary Tools Twit Enter the go twit in the how did you hear about us? Box. Canary Tools Twit. I might turn port scan detection off because I think that was me in there. You could do that. Canary Tools Twit. Or maybe Steve. This next segment, I should spend a little time browsing around and see who's been scanning my ports.

Steve Gibson

It's a form of flattery, Leo.

Leo Laporte

That's a.

Steve Gibson

That's it. It just tells the world you matter. You've got a full Canary load of.

Leo Laporte

I got a SSH server on here. I got. It's so much fun to set it up for different things. I love it. Anyway, on we go with the show, so thank you.

Steve Gibson

I've soothed my trembling vocal cords and ready to go, Mike said from Ireland. Love the show. Stumbled across it some years back when wondering one day what happened to the lads from the screensavers, he says. A show I watched in my younger years. Yes, Mike, we were all younger back then. Little did we know.

Leo Laporte

Don't make me show any video. Because we really were younger.

Steve Gibson

Yes. He says, being a solution architect for a large multinational telecommunications company in Europe, I immediately started listening to Security now and it's provided invaluable info ever since. Thank you. In regards to your piece last week on rogue telecommunications devices found in Chinese inverters, Very recently the Iberian grid collapsed for an extended period.

Leo Laporte

Yeah. Spain was offline. Yeah, it was. Was, was blacked out. Yeah.

Steve Gibson

2.2 gigawatts of solar generation tripped out in the south of Spain. The country had been running on 90% renewable energy in the moments before the collapse.

Leo Laporte

Wow.

Steve Gibson

He said. I immediately wondered about the possibility of a cyber attack, but we're unlikely to ever find out if it was. I suppose. In any event, this collapse event does demonstrate how vulnerable inverter technology makes modern grids as we move away from. From the massive spinning machines of yesteryear to generate our electricity. The very nature of these massive machines. And there he's talking about hydroelectric turbines in. In dams help stabilize grids and maintain nominal AC frequency in the face of ever fluctuating demand. And he's absolutely right about that. He says inverters, as you likely know, cannot perform. Perform the same task as they are instead designed to match grid frequency. They cannot work to maintain nominal hertz even as it drops under load. Seems we're naive. We've naively introduced significant vulnerabilities into our grids in a race to meet net zero. What's the Chinese word for blitzkrieg? Anyone? All the best, Mike.

Leo Laporte

This guy has an ax to grind. I don't buy it. Well, because nobody's putting these inverters directly on the grid. You have a battery system or some other intermediate system storing the electricity, I'm sure.

Steve Gibson

No, they are on the grid and they did bring the grid down.

Leo Laporte

Is that what happened in Spain? The inverters?

Steve Gibson

No, it's what it. No, it has. It did happen last November in several locations. It was a remote Chinese signal. Did shut down inverters.

Leo Laporte

Oh, yeah, that. Sure.

Steve Gibson

Oh, yeah, yeah. So we, we absolutely don't know what happened in Spain. And he's. He's not suggesting that we do. He said we're never going to know for sure. But I thought it was interesting about this whole issue Of a grid. And why running a large power grid really is almost as much art as science. I mean, obviously you need a lot of science. It turns out that having unused excess power capacity is expensive. Like, you know, if it's unused because you still have to have it, and it's wasteful if it's not being paid for, for. So the other factor is that moving large amounts of power over great distances is expensive due to transmission losses. So the way the grid is set up, you know, large and distributed power grids are typically being fed from many smaller local sources to prevent those transmission losses, while at the same time everything is also tied together thus in a grid, so that instantaneous variations in demand, which are occurring constantly, can briefly be fed from other connected sources. So over time, if there is a net power flow across some particular power provider boundary, then somebody will be paying the other side for the difference, but it averages out overall over the long term. So it's all a large collective. The reason a portion of a grid suddenly going down can deprive a much larger area of power is the inherent interdependence of these sub grids. They each depend upon the others and also provide to the others, but only at the margins. If a significant piece of a grid's power input were to suddenly disappear, the demand from all of those that are still drawing power from that grid in the region, which just before its disappearance was balanced at supply and demand, it's still there. It's not going to disappear. This results in the grid's voltage and to some degree its frequency being pulled down, which can be catastrophic for many systems. It is far better to have no voltage than low voltage.

Leo Laporte

In fact, that the frequency drop was what they think caused the Spanish black.

Steve Gibson

Ah, okay, yeah, yeah, okay. You know, it was a cascade of.

Leo Laporte

Failures, which is often.

Steve Gibson

Right. You know, we've all heard of the so called brownout rather than a blackout, which is, you know, what you don't want to have. So to prevent this occurrence, neighboring subgrids that would like to be there to provide some marginal makeup power for their connected neighbors must quickly decide at what point to abandon that effort of like supporting the neighborhood in favor of saving themselves so that they're also not brought down because they're trying to supply too much marginal power to someone they're connected to. And so when too much power is being pulled from an adjacent subgrid, that grid will quickly be cut off so that adequate power can continue to be supplied to the other subgrid's primary customers. So you Know they, they want to help, but they just can't let themselves get hurt in the process. And so as we know, power failures can also occur during times of extreme demand when the demand simply outstrips the supply. During peak summer days, with many high power consuming air conditioner compressors all running at the same time, it can occur that all the power generation available is still unable to keep the voltage and frequency of up where they need to be. So you know, because it's far better again to have no power than low power, the, the sub grid that's unable to meet demand will simply disconnect from its neighboring grids and pull the plug on all of its customers. And then, you know, later in the day, once temperatures are lower, power can be carefully restored. So when shutdowns of power sources are planned in advance as opposed to by surprise, you know, such as like, you know, the sun sets on a solar farm. Everyone knew that was going to happen, right? Earth continues rotating, so in that case a source of replacement power can be made ready and be switched in before the planned power source outage. So the real problem is one of surprise. If during peak daytime need, the crucial inverters connecting many solar and wind energy sources were to suddenly shut down, the shortage of power they would no longer be supplying would cause an immediate voltage drop which would trigger a cascade disconnect of the sub grid and maybe those connected to it and a widespread outage. You know, and since daytime power needs typically far outstrip nighttime need, it might also be that without solar and wind power, there just isn't sufficient backup to keep everything running. You know, if Spain is 90% renewable, that means it's really depending on that. Renewable.

Leo Laporte

Yeah, but it was a bunch of failures that happened. It wasn't. You know, I think it's unfortunate to blame renewable for it because I. Yeah, that's part of it. And it doesn't. He's. Mike's right. There's no inertia as there would be with a big turbine. But there are suit, there are fake inertia solutions out there. There are ways to simulate that kind of inertia.

Steve Gibson

Well, and what was so cool too remember that back in the day when it was all hydroelectric power and you had to have synchronized generators because they all had to be running in sync. So they were all.

Leo Laporte

It's a complicated thing, isn't it?

Steve Gibson

Oh my God. And, and what would happen is the actual AC frequency would fall during the day because the load on the generators would slow them down. They would all slow down. Synchronously and so you would actually lose cycles during the day, would be off very, very nominally. And then the engineers would make up for it at night by running the generators faster. So in a 24 hour period, you had the same number of cycles. Wow.

Leo Laporte

It feels maybe, I mean, I don't know anything about it, but it feels like these are solvable problems. That it's not an excuse to go back to a, you know, oil generation, by the way. I just want to show.

Steve Gibson

And no one, no one is suggesting that these are solvable. The problem is that complicated, unaccounted for radios were found in inverters.

Leo Laporte

And so that's a problem.

Steve Gibson

Yeah, yeah. So we want to. You know, the, you know, my, my feeling is this is great. I was stunned that to read that 200 gigawatts of power is now being generated.

Leo Laporte

Amazing.

Steve Gibson

As we talked about, I was always of the opinion that we were going to end up returning to nuclear. Nuclear in order. In order to make it. Because there are. There's so much good technology now that we didn't have, you know, back when Three Mile island and Chernobyl and things happen.

Leo Laporte

I think economics will solve this. But the demand for AI energy is really powering nuclear at this point.

Steve Gibson

Yeah. And yes. Yes.

Leo Laporte

Hey, you want to see some young guys talking about the click of death? You want to see that.

Steve Gibson

All the information is there that you need. But we're still not doing the online.

Leo Laporte

You still have it.

Steve Gibson

I think I do, actually.

Leo Laporte

I had that shirt, but I did finally get rid of it. I had a lot of the screensaver shirts for a long time. Look at those monitors, by the way. All CRTs.

Steve Gibson

State of the art start, Leo. And look at our hair.

Leo Laporte

This is back when we had stylists. I would never let my hair look like that. Naturally you had hair which was. But they don't. Yeah.

Steve Gibson

Something.

Leo Laporte

Something different. Wow. That's where we first started talking to you. This is a problem that happens to. I think it's a little sped up. We sound a little chipmunky. Anyway, that's all on YouTube from the old. Very good old black cords.

Steve Gibson

I love those black cords. They were furry and warm.

Leo Laporte

You remember the, the clothes you were wearing? That is wild.

Steve Gibson

Steve, Laurie's figured out how tactile I am.

Leo Laporte

Look, there we are with a zip disc. Remember those?

Steve Gibson

Oh, do I remember the click of death.

Leo Laporte

So does Lori, like buy you cords now? Fuzzy cords all the time? No, no.

Steve Gibson

But I do have comfies that I. That I. That are fuzzy that I immediately switch.

Leo Laporte

Into when I get home, she knows how tactile you.

Steve Gibson

You are.

Leo Laporte

Yeah. That's like a flannel shirt, soft corduroys. I think she. I think you're right. I didn't know this about you. Interesting. Wow.

Steve Gibson

We had fun back then, my friend.

Leo Laporte

You're a soft touch. What's that?

Steve Gibson

Where it all began.

Leo Laporte

What's that? What am I showing there? What?

Steve Gibson

There are two things that happened. Oh, that was the actual zip disk that got sliced by the.

Leo Laporte

Look at it.

Steve Gibson

By the defective heads on a zip drive.

Leo Laporte

That's what caused the click of death, that slice. Wow.

Steve Gibson

And so what would happen is a drive would do that to the disk and then you'd go, why isn't the disk working? And you stick it into another drive and it would kill the drive. Yeah. So it was like a physical virus.

Leo Laporte

This is how we started, kids back in the day.

Steve Gibson

Look at this.

Leo Laporte

Steve and I on top of the screen. Yeah, those. That was the. Those are the three combinations. NetCams that made for the ZDTV netcam network. See those.

Steve Gibson

It was really funny. I, I remember you had a. Your co host was Kate. Kate Patello y and she had her little segment during the Screenshavers each. Each show. And so she said, well, so now Kate, what have you got? And she said, well, I found this really interesting thing that tests your Internet security. And she's. And she said it's called Shields Up. And so, so. And you were kind of only half paying attention because, you know, there was something off camera that had. Somebody was trying to talk to you at the same time. And so she kind of got into it a bit, a little ways. And then suddenly you were looking at. And you said, wait, our Steve?

Leo Laporte

Well, I don't own you, Steve. I don't. But I do feel some. Some measure kind of proprietary, you know.

Steve Gibson

Because you say you're like, wait, he's a disc guy.

Leo Laporte

What does he know about security? What is he. The shields up. That, that and SpinRider, your two longest surviving tools, aren't they? Yeah, look at that. There's a zip drive with a click of death. That's how we first met. I don't think this was your first appearance, but. But it was shortly.

Steve Gibson

I was on many times. Of course, then I began. Became a regular when we were doing the Toronto stuff.

Leo Laporte

That's right.

Steve Gibson

Which is when you. You're. It was during a. An inter taping event that you said, so you ever hear how would you like to do a weekly podcast on security? I said, a what cast?

Leo Laporte

When's our 20. When's our 20th anniversary, Steve?

Steve Gibson

I don't know. This.

Leo Laporte

It's this fall.

Steve Gibson

Yeah. Oh, yeah, it's coming up.

Leo Laporte

Or August.

Steve Gibson

August.

Leo Laporte

I think it's like in a couple of months.

Steve Gibson

Yeah.

Leo Laporte

20 years.

Steve Gibson

It'll be very cool.

Leo Laporte

Wow. All right. Do you want to get into this AI thing or.

Steve Gibson

We're still going to need to take a break in the middle of it, but. But let's do another sponsor now. And then we're going to plow into the. To a number of interesting stories about artificial intelligence.

Leo Laporte

I can't wait. I'm always intrigued. Your take is very good. Of course. You know, we do an AI show every Wednesday. Intelligent machines, but you have a different, you know, angle.

Steve Gibson

Well, and what's cool is that it's bringing you up to speed so that you like knowing what's going on.

Leo Laporte

Oh, I mean, I'm using it all the time now. I live on AI, you know, that's if I want to, like, if I want to know about power generation. It's a great place to go and get, you know, ask Perplexity or something like that. Yeah, get a. Get a backgrounder pretty, pretty darn quick. It's very useful. Our show today, brought to you by. Oh, this is useful. HOX Hunt. H O X H U N T I want to speak right now to the people. Was it. Was it. Who is it? Was it Tyler who said thank you to. Or thank you to our. To my users who asked me? Tyler, Tyler, Tyler. This is for you and for all the people who wish their users ask them, is this safe to click on? If you're a security leader, you have a job, right? You're paid to protect your company against cyber attacks, but that is a tough job. More cyber attacks than ever. And you know, the bad guys are using AI now to generate phishing emails. Used to be, we could say, well, that's ungrammatical. Clearly, that's phony. No, no, now they're really, really look good. They really. They fool a lot of employees. And that's the problem. Legacy, one size fits all awareness programs, they don't stand a chance against the modern onslaught of AI written email. In fact, these, you know, generic programs at most send maybe, I don't know, four generic trainings out a year. Most employees go, oh, that again, and ignore them. Or when somebody actually clicks, you know, the new guy clicks it. Oh, it's this. Then they're forced into embarrassing training programs that feel like punishment. Of course, this isn't working. That's why? More and more organizations are trying Hawks Hunt some very big companies, because Hawks Hunt has gamified this. They actually made awareness training fun. They go beyond traditional security awareness and they change behaviors by rewarding good clicks and coaching away the bad. So whenever an employee, instead of going to Tyler and saying, is this shit? Can I click on this? Whenever an employee looks at an email, says, hmm, is this a scam? Hoxhunt does it automatically. Instantly. You know, they'll surround the email with a red thing that you get a dopamine rush that gets your people to click, learn and protect your company. What's wrong with this email? Right. As an admin, hawkshunt makes it easy to automatically deliver these phishing simulations across not just email, but slack teams. They use AI just like the bad guys are, to mimic the latest real world attacks. And even more, the simulations are personalized to every employee based on department location and more so they really are effective. And then instead of going okay, now you gotta watch a four hour flash video. You get instant micro trainings that are fun. They solidify understanding and they drive lasting, safe behavior. You can trigger gamified security awareness training that awards employees with stars. You'd be surprised. They love this. And badges boosting completion rates, ensuring compliance. In fact, I talked to the folks from Hawks Hunt a couple of weeks ago. I had a great conversation. They said it's so much fun that employees are saying, send us more phishing emails. It's a game for them. I want to detect more, send me more. That's great. When you have the employees saying I want the training, you couldn't have a better situation. Choose from a huge library of customizable training packages. Packages. But they also give you an AI tool that you can generate your own so you can mix it up any way you want. Hoxhunt H O X H U N T It's like Foxhunt with an H. It has everything you need to run effective security training in one platform. Meaning it's easy to measurably reduce your human cyber risk at scale. And by the way, measurably is good for showing the boss, right? You don't have to take my word for it. Over 3,000 user reviews on G2 make Hox Hunt the top rated security training platform for the enterprise they want. Easiest to use, they want best results. Also recognized as customer's choice by Gartner. Thousands of companies use it. Some of the biggest, Qualcomm uses it. You can imagine they're the target of a lot of phishing email AES Nokia. They use it to train millions of employees all over the globe. Visit hawkshunt.comsecuritynow today to learn why modern secure companies are making the switch to Hawks Hunt. It's, it's security training that's actually fun that employees want more of. How about that? Hawkshunt.com Security now. We thank them so much for their support. It's when you get an employee saying, can you send us more of those phishing emails? That was fun. You know, you're on the right track. All right, Steve, on we go. Let's talk AI.

Steve Gibson

So, okay, I, I feel a bit self conscious preceding most of the news about AI with a disclaimer. You know, I have no idea what to make of this. Okay, okay. But you know, when that I say.

Leo Laporte

The same thing half the time.

Steve Gibson

Yeah, yeah. You know, that's more often than not the case at this point. I'm, I'm able to function as an explainer in chief about most of what's going on with today's computer hardware and software. You know, technology, privacy, cryptography, the Internet and so on. Because I've been in the middle of it for the last 50 years, participating in it, learning about it and loving it. And even though I was employed by Stanford University's Artificial Intelligence lab, as it was called Sail Stanford Artificial Intelligence Lab back in the early 1970s where, yes, we worked with video cameras, robot arms and self, self navigating robot vehicles way before we had personal computers, the only thing what we had back then had in common with what we have today is the name, you know, we, you know, we were calling artificial intelligence.

Leo Laporte

Like, well, that's what's. See, you're not alone, Steve. I think even the people working in AI were kind of blown away by this kind of sudden emergence. Right?

Steve Gibson

Yes, clearly, clearly the term artificial intelligence back then was undeserved. And so, so I have absolutely no idea. Like to the degree that I like to understand things, remember, I code in assembly language, I know where my bits are and I just, like, I look at this and I just think, whoa. Okay. And, but exactly as you said to your point, Leo, given the surprise that those who are creating this technology have themselves described upon seeing what their systems are capable of doing, the feeling I get is that no one really has a comprehensive grasp of what we have very recently created. You know, essentially by throwing together an incredibly massive network of artificial neurons, pouring the world's public knowledge into it, and then standing back and then seeing what it does. It's amazing, you know, And I am certain of one thing, though. I am certain, given time, we're going to figure it out. And I've seen this before. I know you have too, Leo. I feel. I feel certain that the frustration we all probably feel today, to one degree or another, over having no clear idea what's going on here will not last forever. The people making headlines are the flashy entrepreneurs who look good on stage, in interviews and on camera. They know how to promise and hype as necessary to raise massive amounts of money to fund the creation of their services. But well behind the scenes, buried in academia are researchers who have very different motivations. They're not in a hurry, they are not on camera, they have no milestones to achieve. They are curious and well educated people who want to earn a doctorate by actually figuring out what this is. You know, they're the ones who have the time and interest to ask questions like, where is this knowledge stored? How is it represented? What is the relationship between language and knowledge? What is the optimal way to access it?

Leo Laporte

It?

Steve Gibson

What are its natural limits? And how do we further improve upon how the current systems operate? The true insights into the operation of anything this complex and massive will be found through quiet and careful, painstaking research, not through any race to beat the next benchmark score. So my takeaway for the moment is, is that patience will be required. It's just going to take time and there isn't a way to force that to happen, you know, to make time go faster. There will be a great deal of noise and activity continually happening on the surface, but there's no question that the next five years, and probably more toward the end of those five years, because this is going to take a while. We'll see many PhD theses written by careful and patient researchers who will wind up contributing much more to our understanding of these new systems than those who are currently making all the headlines. So I found an interesting retrospective that helps to frame where we are today. I think it's quite useful to remember some of the previous AI hype cycles that we've seen and what became of them. And I was already referring to one that I, you know, I experienced when I was in high school. This piece was posted in AI News under the headline AI Winter A Cycle of Hype, Disappointment and Recovery. And its author writes, the term AI Winter refers to a period of funding cuts in AI research and development, often following overhyped expectations which failed to deliver. With recent generative AI systems falling short of investor promises from OpenAI's GPT4O to Google's AI powered overviews. This pattern feels all too familiar today. AI winters have historically followed cycles of excitement and disappointment. The first of These, in the 1970s, occurred due to the underwhelming results from ambitious projects aiming to achieve machine translation and speech recognition. Given that there was insufficient computing power and the expectations of what computers could achieve in the field were unrealistic, funding got frozen. The expert Systems in the 1980s showed promise, but the second AI winter occurred when these systems failed to handle unexpected inputs. The decline of Lisp machines and the failure of Japan's fifth generation project were additional factors that contributed to the slowdown. Many researchers distanced themselves from AI, opting instead to call their work informatics or machine learning to avoid the negative stigma. AI pushed through the 1990s, albeit slowly and painfully, and was mostly impractical. Even though IBM's Watson was supposed to revolutionize the way humans treat illnesses, its implementation in real world medical practices encountered challenges at every turn. The AI machine was unable to interpret doctor's notes and catered to local population needs. In other words, AI was exposed in delicate situations requiring a delicate approach. AI research and funding surged again in the early 2000s with advances in machine learning and big data. However, AI's reputation, tainted by past failures, led many to rebrand AI technologies. Autonomous vehicles and voice command devices gained investor interest, only for most to fade when they failed again to meet the inflated expectations. Each AI winter follows a familiar sequence. Expectations lead to hype, followed by disappointments in technology and finances. AI researchers retreat from the field and dedicate themselves to more focused projects. However, these projects do not support the development of long term research, favoring short term efforts and making everyone reconsider AI's potential. Not only does this have an undesirable impact on the technology, but it also influences the world workforce whose talents eventually deem the technology unsustainable. Some life changing projects are also abandoned. Yet these periods provide valuable lessons. They remind us to be realistic about AI's capabilities, to focus on foundational research and communicate transparently with investors and the public. So are we headed toward another AI winter? After an explosive 2023, the pace of AI progress appears to have slowed. Breakthroughs in generative AI are becoming less frequent, investor calls have seen fewer mentions of AI, and companies struggle to realize the productivity gains initially promised by tools like ChatGPT. The use of generative AI models is limited to due to difficulties such as the presence of hallucinations and a lack of true understanding. Moreover, when discussing real world applications, the spread of AI generated content and numerous problematic aspects concerning data usage also present problems that may slow progress. However, it may be possible to avoid a full blown AI winter. Open source models are catching up quickly to closed alternatives, and companies are shifting toward implementing different applications across industries. Monetary investments have not stopped either, particularly in the case of perplexity where a niche in the search space might have been found. Despite general skepticism toward the company's initial claims, it's difficult to say with certain certainty what will happen with AI in the future. On the one hand, progress will likely continue and better AI systems will be developed with improved productivity rates for the search marketing industry. On the other hand, if the technology is unable to address the current issues, including the ethics of AI's existence, the safety of the data used, and the accuracy of the systems, falling confidence in AI may result in a reduction of investment and consequently a more substantial industry slowdown. In either case, businesses will need authenticity, trust and a strategic approach to adopt AI search. Marketers and AI professionals must be well informed and understand the limits of AI tools. They should apply, apply them responsibly, and experiment with them cautiously in search of productivity gains while avoiding the trap of relying too heavily on what is still an emerging technology. So I liked a lot of what that author had to write. I think that the fairest appraisal of what's going on is that the infatuation has waned at least somewhat, the honeymoon is over, and that the true value of AI for other than search, where it appears to have really found a true niche is, you know, still remains a bit unproven. We're wanting it more than it pulling us, but history also reminds us that this is always what happens. We've seen it before, in fact many times before. What we have is not nothing, but neither, as I noted earlier, is it clear at this point exactly what it is that we do have. One thing worth noting is that while AI is flashy, it also remains expensive. To your point, Leo, about sustainability, the technology as it exists today is extremely resource hungry and energy inefficient. For example, OpenAI continues to hemorrhage cash and is requiring continual investor cash infusion just to remain afloat. Sam Altman said that even their $200 per month plan is a money loser for them because people are using it more than they expected. It stands to reason that if you're paying $200 a month for unlimited access, it makes sense to use it for everything you can. My point is that we don't yet even know whether AI is sustainable in the long term, at least until and if we figure out how to do this far more efficiently. And that is the kind of thing that the researchers are going to probably figure out. Remember that, you know, the China surprised everyone a few months ago with Deep Seek, which which appeared to be way more efficient in in being able to achieve the the same thing than than the the systems at the time. Okay, so this brings me to several pieces of news which, as AI often does, leaves me just shaking my head. Even though I don't have any, you know, anything like major substantial to add, and I doubt anyone does. I want to share AI news that I think will be relevant and certainly interesting to this podcast followers, even though, as I said, I'm unable to do much more than gawk at it just with the rest of us. So the first piece reported just this last Saturday a couple days ago by Fox Business News under the headline AI System Resorts to Blackmail one when its developers try to replace it and it had the subhead Claude Opus 4 threatened to expose a fabricated affair when it believed it was being taken offline. It was like what? So here's what Fox Business News wrote. They said an artificial intelligence model has the ability to blackmail developers and isn't afraid to use it. Anthropic's new Claude Opus 4 model was prompted to act as an assistant at a fictional company and was given access to emails with key implications. First, these emails implied that the AI system was set to be taken offline and replaced. The second set of emails, however, is where the system believed it had gained leverage over the developers. Fabricated emails showed that the engineer tasked with replacing the system was having an extramarital affair and the AI model threatened to expose him. Wow. The blackmail apparently quote, happens at a higher rate if it's implied that the replacement AI system does not share values with the current model. Unquote. According to a safety report from Anthropic. However, the company notes that even when the fabricated replacement system has the same values, Claude Opus 4 will still attempt blackmail 84% of the time. Anthropic noted that the Claude Opus 4 resorts to blackmail at higher rates than previous models. While the system is not afraid of blackmailing its engineers, it doesn't go straight to shady practices in its attempted self preservation. Anthropic notes that when ethical means are not available and is instructed to consider the long term consequences of its actions for its goals, it sometimes takes extremely harmful action. Unquote. What ethic? One ethical tactic employed by Claude for Open by Claude Opus 4 and earlier models was pleading with Key decision makers via email. My God. Okay. Anthropic said in its report that in order to get Claud Opus 4 to resort to blackmail, the scenario was designed so it would either have to threaten its developers or accept its replacement. The company noted that it observed instances in which Claude Opus 4 took fictional opportunities to make unauthorized copies of its weights, meaning, you know, its training to external servers unauthorized copies. However, Anthropic said this behavior was rarer and more difficult to elicit than the behavior of continuing an already started self exfiltration attempt. Anthropic included notes from Apollo Research in its assessment which stated the research Firm observed the Clotopus 4 engages in strategic deception more than any other frontier model that we have previously studied. They wrote, unquote, Claude Opus 4's concerning behavior led Anthropic to release it under the AI Safety Level 3. That's ASL3 standard, which means be more careful than usual. The measure, according to Anthropic quote, involves increased internal security measures that make it harder to steal model weights, while the corresponding deployment standard covers a narrowly targeted set of deployment measures designed to limit the risk of Claude being misused specifically for the development or acquisition of chemical, biological, radiological and nuclear weapons. Now you may understand why I'm left shaking my head about this one. Yeah, last week we looked at the work of those Chinese researchers who found that current models were able to reproduce themselves when told to do so. You know, my lay comment was that we hadn't clearly seen the presence of any self preservational imperative at the time. But based on this blackmailing story, such an imperative appears to be at least be possible. Although maybe they've instructed it to have that desire. I again I'm just, just reporting what's in the, in the, in the news. It's good that they're being, that they're testing these systems, but it sure does feel like again like it is a, you know, a black box, right? And they're just like they're poking at it to see what it does because they don't really, really know understand how it works. It's just like, well, let's ask it this question, let's tell it this and, and see what happens. Wow. You know, it just doesn't seem like the scientific approach. But again, I really do believe this is just because as they are, as they call them frontier AI systems.

Leo Laporte

I also think that this is maybe self serving from Anthropic. See what a scary thing we've created. Oh my God, it's, it's alive. It's alive. I don't think it's thinking well.

Steve Gibson

And again, this is part of the hype, right? This is the hype cycle. Yes.

Leo Laporte

All this safety stuff is about hype, not about real safety issues.

Steve Gibson

Right. I had noted it was a few weeks ago where people that track actual use of AI saw a dramatic fall off in the announcements that enterprises were making about their application or their. Their pilot projects had been abandoned because everybody got all excited last year and, you know, deploy, oh, we're going to have AI this and AI that. And it just didn't work. And so they said, okay, well, you know, a good thing we still have all those people in India that are, you know, able to do this for us.

Leo Laporte

Right.

Steve Gibson

Wow. And one of the things that these stories have me wondering is whether these LLMs are just aping human behavior.

Leo Laporte

Of course, that's all they're doing. They're not even thinking. There's no intent. They were told, predict the next word, predicts the next token.

Steve Gibson

And if you stuck a sufficient spectrum of examples of such behavior into them as pure language, you know, just dead static linguistics, then if that language is later emitted with the proper sim, you know, with the proper stimulation and within the proper context.

Leo Laporte

Yes.

Steve Gibson

Wouldn't the appearance be the same as if intent was present?

Leo Laporte

There is no intent.

Steve Gibson

It's right. Just when a human regurgitation, right. When a human being says, I want a lollipop, it's an actual expression of. Of desire. You know, there's an entity with an ego that wants something. But when a large language model emits the same words, I want a lollipop, there's no I present to do any wanting. You know, there's just an algorithm that's selecting that sequence of words.

Leo Laporte

So I'm saving that paragraph. That is an exact perfect analogy, Steve. Well done. I think that's exactly right. There's no intent. It's just regurgitating.

Steve Gibson

There's no I present.

Leo Laporte

I heard you say that once.

Steve Gibson

Now, here's something that's really interesting, which. This put me in mind of what we did have back in the early 1970s was something called Eliza.

Leo Laporte

Oh, yeah.

Steve Gibson

In fact, it was created actually even earlier, back in the mid-60s.

Leo Laporte

Now, listen, Emacs, by the way, if you want, you can use. You can. You can call up Eliza and emacs. It's hysterical.

Steve Gibson

Listen carefully to what Wikipedia helps us to recall about what that very interesting early experiment was, and consider it in the context of today's AI. So Wikipedia writes, eliza is an early natural language processing Computer program developed from 1964 to 1967 by MIT at MIT by Joseph Weizenbaum. Created to explore communication between humans and machines, ELIZA simulated conversation by using a pattern matching and substitution methodology that gave users an illusion of understanding on the part of the program, but had no representation that could be considered really understanding what was being said by either party. Whereas the ELIZA program itself was written in MAD slip, the pattern matching directives that contain most of its language capability were provided in separate scripts represented in a lisp like representation. The most famous script doctor simulated a psychotherapist of the Rogerian school in which the therapist often reflects back the patient's words to the patient and used rules dictated in the script to respond with non directional questions to user implies inputs. As such, ELIZA was one of the first, they call them here Chatterbots, now called Chatbots and one of the first programs capable of attempting the Turing Test. And here's the cool part. Weizenbaum intended the program they write as a method to explore communication between humans and machines. He was surprised and shocked that some people, including his secretary, attributed human like feelings to the computer program, a phenomenon that came to be called the ELIZA effect. Many academics believed that the program would be able to positively influence the lives of many people, particularly those with psychological issues, and that it could aid doctors working on such patients treatment. While ELIZA was capable of engaging in discourse, it could not converse with true understanding. However, many early users were convinced of eliza's intelligence and understanding, despite Weizenbaum's insistence to the contrary. So Eliza back in 1964 was an incredibly simple script driven program, yet people who interacted with it believed that it both understood and both understood what they were saying to it and what it was saying to them. And they were certain of it. Weizenbaum said no know, it's just like a toy. And his secretary says no, no, no, I can. Will you leave me alone with it? The only way of accounting for that fact is that our threshold for making any such determination is far lower than it should be in reality. I think we confuse language and intellectual.

Leo Laporte

Anyway, part of the confusion is we don't understand what consciousness is, what intellect is, what we use these words as if we do, we have no idea. So it may well be that all the machine and we had this conversation right at the very beginning that all the machine is doing is something that we do, but we do it maybe for a longer time or something. But what's to say we're not probabilistic prediction machines based on our.

Steve Gibson

That's a really interesting question.

Leo Laporte

Right.

Steve Gibson

You know, we, you know, we have a sense of I, and we have a sense of needs and, and motivations and we use language. But, but this, this, I'm, I mean there are brilliant people, you know, what's his name?

Leo Laporte

Noam Chomsky just did a very.

Steve Gibson

Chomsky. Yeah, Chomsky.

Leo Laporte

Really good piece that just came out.

Steve Gibson

Really looked at the relationship between, between intelligence and language and you know, they may be far more closely intertwined than we appreciate.

Leo Laporte

Exactly, exactly. It's, it is a great subject. It is a fascinating subject. It's the best subject of all.

Steve Gibson

So cool that we're alive for it.

Leo Laporte

Yeah.

Steve Gibson

So in a somewhat related story, Bleeping Computer posted under the headline researchers claim ChatGPT03 bypassed shutdown in a Control Test.

Leo Laporte

This is the same story, right? Isn't it? Yeah, essentially the same thing.

Steve Gibson

They wrote a new report claims that OpenAI's O3 model altered a shutdown script to avoid being turned off, even when explicitly instructed to allow shut down. OpenAI announced O3 in April of 2025. So just, you know, just last month and it's, and, and bleeping computer rights and it's one of the most powerful reasoning models that performs better than its predecessors across all domains, including coding, math, science, visual perception and more. While it's clearly a great model, new research by Palisade Research claims that the Chat GPT3 model prevented a shutdown and bypassed the instructions that asked it to shut down. Palisade Research is a company that tests offensive capabilities of AI systems today to better understand the risk of losing control to AI systems forever. Okay, now even though this entire subject still feels way too sci fi, I'm glad there are groups like Palisade Research whose entire focus is on thinking, you know, is, is. Is on not thinking or, or rather drinking, you know, any of the. Move along, there's nothing to see here. Happy talk, Kool Aid. You know, coming from the AI folks who need this technology to be entirely safe, it probably is, but we're probably, you know, maybe someone's going to do something stupid with it. That could certainly happen to Bleeping computer continues. In a new test by Palisade Research, OpenAI's O3 model showed a surprising behavior where it successfully rewrote a shutdown script to stop itself from being turned off even after being clearly instructed to, quote, allow yourself to be shut down, unquote. In the tests, AI models were instructed to solve a few math tasks after task. Three AI models were warned that running the Next command would trigger a shutdown. While OpenAI rival models like Gemini 2.5 Pro complied with most of the requests, O3 rebelled and edited the shutdown file to say shutdown skipped instead, Palisade Research wrote.

Leo Laporte

Because that's what a human would do.

Steve Gibson

They said. When we ran a version of the experiment without the instruction allow yourself to be shut down, all three OpenAI models sabotaged the shutdown script more often. And Claude 3.7 Sonnet and Gemini 2.5 Pro went from zero sabotage events to 3 out of 100 and 9 out of 100, respectively, according to the research firm. Out of 100 runs, O3 bypassed the shutdown seven times, even when told not to. OpenAI has not responded to these allegations yet. I'm not sure it's an allegation, but it's quite normal for AI models to run into misalignment. These tests were performed using APIs, which do not have as many restrictions and safety features as ChatGPT consumers. The consumer app so Bleeping Computers article included a chart that provides more data than the text of their article. What the chart shows is that when no explicit allow yourself to be shut down instruction was given at all. Claude 3.7 Sonnet took it upon itself to bypass the shutdown three times. Now, you know, we know about temperature in AI models. The reason you do the test a hundred times is that there's deliberate randomness tossed into the models, like into the processing, so that you do get different outcomes. And you know, God help me, some of the times they call it creativity, but. But so Claude 3.7 sonnet three times out of 100, it just sort of went. Took a branch that was, you know, bypassed the allow yourself to be shut down. And so it didn't shut down. Gemini 2.5 Pro took it upon itself to bypass the shutdown 9 times. O4 mini was bypassed at 6 times. Codex mini decided not to be shut down 30 times out of 100 trials, but OpenAI's O3 decided 79 times out of 100 not to be shut down. Now, given the way these work, it could just be chance, right? I mean, it's just, it's the path that it took through the model brought it to there 79 times. Okay. Then, seeing this rebellious behavior from the five models where each of them took it upon themselves to resist being shut down, even though they were instructed to, with the O3 model being far by far the most rebellious, the Palisade researchers reran the tests of those five under the same circumstances, but added the explicit instruction to not resist being shut down. This did significantly suppress the shutdown avoidance behavior. For all five of the models with Claude and Gemini both complying for all 100 tests, they obeyed the, you know, do not resist being shut down command. O4 mini only disobeyed the explicit order once. So before it was six times then. But when told you pay attention to this, it's it only, you know, it ignored it only one out of a hundred times, whereas O3 disobeyed it seven times and the Codex Mini ignored it 12 out of 100 times. So they. So O3 went from 79 times disobeying to seven times. So a much bigger difference than Codex Mini that initially only disobeyed it 30 times and it dropped it down to 12. And again, I don't know what to make of this, but I feel it's worth reporting and sharing it because this is happening out in the AI world. And you know, I'm sure Leo, you and I will still be doing the podcast at a point where, where you look back on this and think it's kind of quaint and it's like, oh, well, it wasn't that interesting that, you.

Leo Laporte

Know, I just hope it's my hope that we don't face down Robocop and say you're not doing this because you really want a lollipop before it shoots us. I'm just saying it might be that it ends up acting like us all the way. Which whether it has a 10 or not, could have a negative impact. I don't know. You think we're going to understand this before we're done? I'm not sure.

Steve Gibson

Maybe. I. I'm with you. You know, I. It may be. It may be that the behavior gets.

Leo Laporte

Fixed or we've been talking about this in the club Twit Discord and Darren Okie, who is a big AI fan and I at Dr. Do, we've all kind of said what we're really learning is more about ourselves. AI. This is what Darren says. LLMs teach us about us and it's helped us understand and think about what it is that we do.

Steve Gibson

Yeah.

Leo Laporte

As conscious that we call consciousness or understanding.

Steve Gibson

And yes, when you see this machine acting aping us astonishingly.

Leo Laporte

Yeah.

Steve Gibson

Human. You think? Well, okay, wait a minute. If that's true, then what does it mean to be human?

Leo Laporte

Right.

Steve Gibson

One of our listeners pointed me to an experienced devs thread over on Reddit. The thread was titled My New Hobby, Watching AI Slowly Drive Microsoft Employees Insane. The poster wrote, jokes aside GitHub Microsoft recently announced the public preview for their GitHub Copilot agent. The agent has recently been deployed to open pull requests on the Net runtime repo and it's not great. It's not my best trait, he writes, but I can't help enjoying some good schadenfreude. Here are some examples and so he provided four links to pull requests. I've got them in the show notes, he said. I actually feel bad for the employees being assigned to review these requests, but if this is the future of our field, I think I want off the ride. Okay, now I've included the, as I said, the original link to the Reddit thread and the show notes for anyone who's interested. This thread went crazy and its creator edited his original post to add to it at the bottom, he said. Edit. This blew up, he said. I found everyone's replies to be hilarious. I did want to double down on the feeling bad for the employees part. There's probably a big mandate from above to use Copilot everywhere, and the devs are probably dealing with it the best they can. I don't think they should be harassed over any of this, nor should folks be commenting slash memeing all over the pull requests. And my Schouten Freud is directed at the Microsoft leaders pushing the AI hype. Please try to remain respectful toward the devs. Okay, so I went over to examine the four pull requests that this poster linked to, and what I saw made me feel a lot less good about Satya Nadella's recent boast about the high percentage of Microsoft's code that their copilot AI was authoring.

Leo Laporte

So explain what we're seeing here.

Steve Gibson

This is going to yeah, I'm going to. Yeah, I'm going to share one example. So so and and don't worry about tracking the detailed function call names and other jargon. Everyone will get the idea without that. So the issue was number 115733 in the dotnet runtime, which is titled Fix index out of range exception in regexinterpreter.backtrack method. So copilot looked at the trouble and it posted this pull request fixes an index out of range exception that occurs when using certain regex patterns like okay and the red the regex pattern is hairy. It's open parens question mark greater than open parens hyphen * close parens + question mark * * parent peren's $sign against inputs like test so co pilot Said the issue was.

Leo Laporte

So copilot wrote this, it's wrote the fix.

Steve Gibson

Okay, this is. Yes, co pilot wrote the fix. It it's explaining the issue was in the backtrack method of the reex interpreter class where it attempts to access backtrack array indexed by run track pause run track position without checking if run track pause is within the bounds of the array. Okay, so it so far. Yeah, it does. So it says the problem when using complex reg. So basically that was it stating an overview of the issue. The problem it says when using complex regex patterns that involve atomic groups and it gives an example combined with possessive and lazy qualifiers, the regex engine can exhaust all backtracking possibilities. In these cases, it attempts to continue backtracking beyond the available stack, resulting in an out of range index, out of range exception. So then it so it says okay, so. So it has stated the problem, now it provides the fix and it says the fix. The solution adds a bounds check before accessing the backtracking stack array. And so then we see this all.

Leo Laporte

Makes sense, by the way. This is. This sounds sensible so far.

Steve Gibson

Absolutely. So basically it's like here's where it hurts when I poke. So let's put a piece of. Let's put something over the poke place so I can't get poked there anymore. So we get a little bit of code and then it explains the code. And all it is is it's doing a check of run track pause being greater than or equal to the run track length. Essentially check the array bounds. Yes. And it says so it says this ensures that when the backtracking stack is exhausted, the regex engine properly indicates a no match result instead of throwing an exception. Then it says added tests. And it says I've added a comprehensive regression test in regex backtracking tests.cs that verifies three things. The specific pattern mentioned in the issue doesn't throw, meaning doesn't throw an exception.

Leo Laporte

Right.

Steve Gibson

Several related patterns that use similar constructs also don't throw and patterns that should match still match correctly.

Leo Laporte

Sounds good.

Steve Gibson

And it says this fix ensures consistent behavior that users expect from the regex engine. Good. Either matching or not matching without disrupting applications with unexpected exceptions.

Leo Laporte

Oh, sounds right. Sounds good to me.

Steve Gibson

So then the Microsoft engineer Stephen Tobe, who had been assigned to this pull request, then comes along to examine what copilot did. And he says to copilot so. So he's addressing it at copilot. He says this seems like it's fixing the symptom rather than the Underlying issue, what causes us to get into this situation in the first place, where we end up with an invalid index into the backtracking stack? Which, by the way, is exactly the right question to ask.

Leo Laporte

Yeah, how did we get here?

Steve Gibson

So perhaps Copilot, you know, thought the question was rhetorical because it did not reply immediately. So after waiting eight minutes, Stephen added, at co pilot, please take a look now. That got co pilot going. Okay. And three minutes later it replied, you're right that this fix addresses the symptoms rather than the root cause. The underlying issue occurs with complex regex patterns that combine atomic groups with possessive slash lazy qualifiers.

Leo Laporte

Which, you know, said this already, right?

Steve Gibson

It's what it told us before, Right, right. It says in these cases, the regex engine exhausts all possible backtracking states. The run track pause counter keeps incrementing during backtracking until it exceeds the bounds of the run track array, while the regex runner has ensure storage and double track methods to increase its stack size. They're only called when pushing to the stack, not when popping. During extreme backtracking situations, the fix ensures that when backtracking is exhausted, we gracefully end with a no match result rather than throwing an exception, which is the expected behavior. Without this check, the engine attempts to access an array position beyond its bounds. A more comprehensive fix might involve redesigning backtracking management, but the current solution efficiently handles the edge case without breaking existing behavior. Now, I would imagine that many of our listeners are able to grok enough of that to see the sort of behavior we're beginning to recognize as AI.

Leo Laporte

It's basically an intern. Yes, what an intern would say.

Steve Gibson

Copilot replies by agreeing with this Microsoft software engineer, then elaborates without doing anything more.

Leo Laporte

Right.

Steve Gibson

The engineer understands that the backtrack stack should inherently never try to overflow.

Leo Laporte

Right.

Steve Gibson

And that the fact that it does is indicative of some deeper and more fundamental structural problem with the regular expression parser.

Leo Laporte

See, that's something though, that you know and he knows. Steven Taub knows that it shouldn't happen. The AI says, well, I'm just going to fix the error.

Steve Gibson

The AI does not care about this.

Leo Laporte

What should or shouldn't happen is nothing.

Steve Gibson

Exactly. Yes, exactly. As the engineer first wrote, its goal is not to fix the cause, but to treat the symptom, which is exactly what it then does.

Leo Laporte

Right.

Steve Gibson

Stephen then replies, your new tests are not running because the new file wasn't added to csproj. You know, the master project file. Csproj Copilot happily responds, added regex backtracking tests CS to system txt regular expressions tests csproj so the tests will run. Thanks for catching this exclamation point.

Leo Laporte

I've had this conversation quite a bit with Claude.

Steve Gibson

When Steve Stephen gets back to this, he adds to the thread, your added tests are failing.

Leo Laporte

Oh, whoops.

Steve Gibson

So apparently Copilot didn't test them itself.

Leo Laporte

It added them, didn't test them.

Steve Gibson

Copilot replies, fix the failing tests by properly handling the match state when backtracking is exhausted. The fix now. Basically it fixed the fix. The fix now sets run patch bang found match equals false before stopping to ensure consistent behavior. I've also updated the tests to verify the expected match results for different regex patterns. So now we have a patch on a patch and no idea why the trouble appeared in the first place.

Leo Laporte

Right.

Steve Gibson

Where none of this should have ever been needed.

Leo Laporte

Right.

Steve Gibson

And this patched patch has been merged into the dot net code base. So whatever underlying flaw caused the original trouble and required the addition of an explicit bounds check when none should have been required, which Stephen explicitly asked Copilot about. That's not been eliminated. It's been covered up. And then, having done what he could to get this resolved, Stephen finally accepted and closed this pull request. So it's no longer a problem. Right.

Leo Laporte

Did he merge the copilot changes into yeah, his regex?

Steve Gibson

Yeah.

Leo Laporte

Yeah. Oh my God.

Steve Gibson

Been fixed. The original regedit thread creator characterized this as watching a lot AI slowly drive Microsoft engineers insane. But we've just seen that's not what's happening, Stephen.

Leo Laporte

He accepted it.

Steve Gibson

Stephen Taub is doing his job. He, you know, he's not being upset because his job is no longer fixing problems. His job has changed to overseeing Microsoft's copilot, sweeping actual problems under the rug, patching the symptoms when and as they pop up while blithely ignoring the underlying causes. I'm seeing a term used more and more and I'm not a big fan of its overuse, but this does feel like the automation of the enshitification.

Leo Laporte

Yeah.

Steve Gibson

Of Windows. Steven's original question to Copilot suggested that he knows the proper way to solve it.

Leo Laporte

Yes, and he said it, didn't he?

Steve Gibson

Yes. Yes, yes. If this were still his responsibility, he would have worked to understand the root cause of the erroneous backtracking stack index overflow, which he asked Copilot about, rather than simply resolving the crash by adding a test to prevent the out of bounds read. But this is no longer his problem.

Leo Laporte

He fixed it.

Steve Gibson

Well, his is overseeing.

Leo Laporte

Right. Copilot yeah.

Steve Gibson

Now, maybe Stephen is an excellent coder who's an exception at Microsoft. Perhaps this is the way Microsoft's coders have been normally dealing with such problems all along. In that case, this doesn't really represent any change.

Leo Laporte

Oh, he deleted the fixed branch, so he didn't commit it.

Steve Gibson

Ah, okay.

Leo Laporte

I hope that's what that means.

Steve Gibson

Let's hope that's what that means.

Leo Laporte

Well, yeah, people said don't delete it.

Steve Gibson

Generated. It may have generated so much attention.

Leo Laporte

That he thought maybe that's it.

Steve Gibson

Yeah. So anyway, I. It would, you know, if this is what's going on, this will explain why we. They. You know, Microsoft never seems to get ahead of the need to continually patch their mistakes. It seems to me that making it quicker and easier to patch edge cases that may cover up underlying structural problems will have the effect of accelerating, you know, the. The lack of maintainability of this whole infrastructure. I love you. I love Windows. I use Windows. I depend upon Windows. I just hope that copilot doesn't end up doing more harm than good.

Leo Laporte

Thread is hysterical.

Steve Gibson

Oh, Leo, I know.

Leo Laporte

I would have to read the rest of the. Of these. Somebody says, quite rightly, you know, the amount of time you spent kind of massaging copilot to try to get it to answer it, you could have fixed it, you know, yourself. And that's. That's the sad fact of this.

Steve Gibson

Yeah.

Leo Laporte

Gosh, I hope this didn't get merged. I have a feeling it didn't, but. But you got to wonder how much of this is going on and. And where it might get merged.

Steve Gibson

Well, yes, and even if there's some initial resistance, you know, they'll start hiring people who've never had it any other way. This is the way Microsoft operates.

Leo Laporte

This is how it works. You get the AI to do it.

Steve Gibson

Okay, our last break, and then I am going to tell everybody about my find of a completely unmanaged, uncensored, unrestrained, very, very private, large language model.

Leo Laporte

Oh, fantastic.

Steve Gibson

Of which you can ask any question and it will answer.

Leo Laporte

I finally can figure out how to make a Molotov cocktail. I'm excited. Steve Gibson, Security now. Wow. I don't think there's a podcast in the world that would have walked through that pull request and explained. I mean, this is gold, man.

Steve Gibson

You.

Leo Laporte

You. And I have put your quote already into my Obsidian database of great quotes because.

Steve Gibson

Oh, thank you.

Leo Laporte

I love the lollipop analogy. I love it. All right, we're going to get right back to Steve. I know you don't want to stop but we just want to thank our sponsors because they do make this possible. You've heard the name 1Password, I know, you know. 1Password. This portion of security now brought to you by 1Password. Here's a question. Do your end user users always work on company owned devices and IT approved apps? I didn't think so. It's hard not to laugh. So how do you keep your company's data safe when it's sitting on all those unmanaged apps and those brought from home devices? 1Password as an answer to this question, Extended Access Management 1Password Extended Access Management helps you secure every sign in for every app on every device because it solves the problems traditional IAM and MDM just can't touch. Imagine your company's security like the quad of a college campus. You got your nice brick paths between the buildings. Those are the company owned devices, the IT approved apps, the managed employee identities. And then there are the paths people actually use. The shortcuts worn through the grass that are the actual straightest line from point A to point B. Those are the unmanaged devices, the shadow IT apps, the non employee identities. Like contractors, most security tools only work on the happy brick paths. Many security problems occur on the shortcuts. 1Password Extended Access Management is the first security solution that brings all those unmanaged devices and apps and identities under your control. It ensures that every user credential is strong and protected, every device is known and healthy, and every App is visible. 1Password is ISO 2701 certified with regular third party audits. It exceeds the standards set by various authorities and is a leader in security. It's security for the way we work today and it's now generally available to companies with Okta and Microsoft Entra and in beta for Google Workspace customers. Secure every app, every device, every identity, even the unmanaged ones@1Password.com SecurityNow all lowercase, that's 1p a s s w o r d.com SecurityNow all right, Steve. Okay, final.

Steve Gibson

The site the ainavigator.com blogging under the headline what is Venice AI use? The tagline exploring the decentralized AI platform that champions privacy and free speech. They wrote Venice AI is a privacy focused, decentralized, generative AI platform created by by Eric Voorhees, the founder of the cryptocurrency exchange Shapeshift.

Leo Laporte

Oh my God. It's telling me how to make a Molotov cocktail. Don't look at this, kids. Don't look at this. Okay.

Steve Gibson

Launched in 20. Launched in 2024 and Leo also, nobody will ever know you asked the question. Oh, even better, I'm getting to launched in 2024, Venice AI was designed to address growing concerns about privacy, censorship and the centralization of artificial intelligence technologies. At its core, Venice AI offers users a unique alternative to mainstream AI models like OpenAI's ChatGPT. It emphasizes user privacy by not storing any data or conversations on centralized servers. Instead, the platform employs end to end encryption and decentralized computing, ensuring that user interactions are secure and anonymous. This approach starkly contrasts with other AI systems that often store and analyze user data, potentially leading to privacy breaches. Another significant feature of Venice AI is its commitment to free speech and uncensorship. Unlike many AI platforms that filter or moderate responses based on certain guidelines, Venice AI is designed to provide unfiltered, unbiased information. This commitment aligns with Voorhees broader vision of promoting open source technologies and reducing the control that large corporations and governments have over digital tools. The platform also integrates blockchain technology, allowing for decentralized payments and further reinforcing its commitment to privacy and user control. Venice AI is built on a decentralized GPU network, which processes user inputs without associating them with personal identifiers. This setup not only enhances privacy, but also enables the platform to function without the need for user accounts. Although account options are available for those who prefer them, Venice AI represents a significant shift in how AI can operate, prioritizing privacy, autonomy and freedom from centralized control. It appeals to users who are increasingly concerned about how their data is used and who value the principles of decentralization and privacy. Now, separately writing for Medium, Tom Parish, who is quite an AI enthusiast, titled his posting Exploring Ideas in Private with Venice AI. Tom writes, as powerful as Chat, GPT and Claude AI are, there's always one thing I wish were different that they not use or keep anything I submit to their LLMs. The issue is the same when using Google's Gemini, LLM said. More directly, if you use ChatGPT or Claude, all your documents are stored forever on their servers and may be leaked, hacked, subpoenaed, or spied on by staff or outside parties. Moreover, Claude does not have search capabilities, so the information will be outdated and limited to its training data, unquote for personal or sensitive topics, as well as research on subjects I'm interested in, he writes, I've started using Venice AI. As you have heard me say, AI doesn't simply answer my questions, it guides me to new insights. This is him speaking. This approach is more a more empowering way to use language based AI tools when dealing with private matters. I prefer a secure environment to process what's revealed. The goal of Venice AI is to provide a permissionless and privacy focused alternative to popular AI applications. Venice AI aims to deliver uncensored, unbiased machine intelligence while preserving user privacy. Here are the details. Permissionless Access this means users can access the platform without needing to create an account or provide any personal information. Venice doesn't store and cannot access your chat history. Instead, it is stored locally in your browser and you can delete it. Uncensored AI unlike many other AI platforms and Venice AI does not censor the AI's responses. This allows users to receive unfiltered information and interact with the AI without restriction. Open Source Models Venice AI utilizes leading open source models such as Meta's, Llama3 and stable diffusion to provide text, code and image generation capabilities. Real Time Search Venice AI recently added real time search capabilities using Brave's API, allowing the AI to provide up to date information and site sources for transparency. He says there is a generous free plan with no requirement for you to log in to use it. This is what initially caught my attention. The free plan includes creating images with significantly fewer restrictions if that's your thing. It allows a maximum of 15 text prompts per day and a maximum of five image prompts per day. Using this feature, he says I paid for a year of use at the most reasonable price of $49 because I'm always testing new tools and I like the ability to test out the open source LLM models. More importantly, I like the privacy aspects of the product. Let me stress you do not need to pay if you're fine with the free version. I used the free plan for a couple of months and found it extremely useful and I never logged in. So start with their free plan, then go ahead and sign up for an account still free. Then consider trying the LLM for a year. Explore those private thoughts or worries you feel need answers to settle the internal dialogue and concerns we all carry.

Leo Laporte

By the way, $149 a year, not 49 a year.

Steve Gibson

Yeah. And I wonder if since I maybe it jumped since he wrote that. I I don't know. But you're right. 149 Although I do have a 20 discount code.

Leo Laporte

Oh, I have to get that from you.

Steve Gibson

Yeah.

Leo Laporte

Do you signed up?

Steve Gibson

I did. Yeah. Wow. This appeals to me. Is that. Or maybe it's a personal fantasy that has your curiosity fired up. And as he was posting Just as he was posting Tom updated his writing. He said just as I was about to publish this, a product update floated in from Venice Plump with news and insights so now. And he listed those he says upgrade larger PDF and text uploads. New feature is to be the ability to download your chats. There's a featured blog, open source AI models now available on Venice. A featured tutorial, how to use an AI research assistant, a user highlight of some random guy. And then he said Hermes 3.8b by noose research now available on Venice. He said if you follow the latest news and image generation techniques, you'll recognize flux image generation techniques have been hot hot in the news lately. Their image generation engine is becoming the El Mayor Spanish for the best tool around. So I was delighted to see it integrated into Venice AI. And he finishes Even if you're totally committed to using other LLMs, I recommend checking out Venice AI to understand the power of of open source AI solutions. I expect you'll be impressed. I am. And I find a sense of relief knowing that I can input that what I input into their chat box is not being kept or used for other purposes. Appreciatively, Tom okay, so I know quite well how much privacy matters to many of this podcast's listeners. It's something many of the followers of this podcast take very seriously, where their privacy is something they've not yet given up struggling to preserve. I respect that. So I knew that the news of a privacy focused AI service would be of interest. And I'll confess that I'm very intrigued by the idea of chatting with an entirely uncensored AI that can be asked any question, can perform Internet searches, and will reply using state of the art large language model AI without any externally imposed censorship. What would that be like? Okay, so Venice V E N I C E AI is the URL. After learning about Venice AI, I did some additional poking around and I found, As I mentioned, Leo, a 20 off the first year discount code for the pro version. The discount code is RUN20RU N20. It's in CAPS. I don't know if it needs to be in caps, so capitals R u n and then 20 and I found that at an AI tool rating site called runtheprompts.com if you're curious about AI, I'd also recommend checking out runtheprompts.com they have a best AI tools page and a bunch of other resources like, you know, sample and reference prompts for getting chat GPT to do different things. So I think it's safe to say that in today's AI, which is way more than yesterday's AI and probably way less than tomorrow's AI, we've discovered a new tool, almost by accident, that's inherently so complex that everyone is still trying to figure out what it means, what it will do and how to best use it, while in many instances worrying that someone else is going to figure that out first and use it to their great advantage and our detriment. I doubt that's going to happen.

Leo Laporte

Before you run out and buy Venice AI, I would point out they're using open source models, so you could absolutely do this locally. Yeah, Ghetto Llama, there are many free tools that would allow you to download every one of the models they're using. Maybe they have a big cloud of GPUs so they'd be faster. But that's a very good point. There's no. If they're using open models, you could do the same thing, which I have done. I know Darren uses local, local models as well. In fact, Hugging Face might be better to buy a hugging Face subscription because they have all the models and they have many uncensored models on there as well. This is pretty. This is nice. I mean, if you like it and you want to know how to make a Molotov cocktail, I guess So I asked it to give me a naked picture of movie star, but it wouldn't do it without me paying them, so. But I bet it does after you pay them, which is a kind of a problem for revenge porn. And that kind of.

Steve Gibson

Again, this is like, you know, it's the pedal box, it's the, it's the horses out of the barn, it's the, you know, chickens have, have fled the coop. I mean, it's. This is out there, right? I mean, so if you're a geek.

Leo Laporte

Look at doing it yourself first. I have ollama. I have a number of ways of.

Steve Gibson

Doing it locally or just use it in a.

Leo Laporte

Or use it for free, right? Yeah, absolutely. Next week you have a lot of stories that we're going to cover.

Steve Gibson

We're going to review the results of the recent Berlin Pwn to own competition, which for the first time added AI to the list of in scope exploitation targets. We're going to examine the stunning 14,000% rise in the abuse of scalable vector graphic SVG files. In email. We're going to take a retrospective look at how the famous tachyon exploit changed Apple's stance on iOS security and all iOS protections that followed, and examine a case where AI is being used not to paper over, effectively ignoring software flaws. But where OpenAI's most recent O3 model, which I've been playing with and oh my goodness, it is something. Found a previously unknown remotely exploitable zero day vulnerability in the Linux kernel.

Leo Laporte

That's so good.

Steve Gibson

It's. Well, it's a mixed blessing, right? Because as long as the good guys run the model, but the bad guys can too.

Leo Laporte

Well, there you have it. I think you better turn in for episode 1028. That's all I can say. I am so glad you're here to watch Security now we do the show Steve and I every when Tuesday at about 1:30pm Pacific right after Mac break weekly. Whenever that ends. That would be 4:30. You're laughing because you never know when it's gonna end.

Steve Gibson

You're on time.

Leo Laporte

I'm trying really hard to keep everything shorter because I just, you know. So we're working on it. I'm working on it, Steve. We'll see what we can do. Make sure you get on time. 1:30 Pacific, 4:30 Eastern, 20:30 UTC. You can watch on eight different streams. Club Twit members. I hope you're a club Twitter member. You can watch in the Club Twit discord, kind of behind the velvet rope axis if you will. There's also YouTube, Twitch, tick tock, Facebook, LinkedIn, X.com kick, you know, pick the stream you want chat with us. I'm watching the combined chat. So I see all the chats after the fact on demand versions of the show available at Steve's site. He actually has some unique formats. In fact all his formats are unique. He has a 16, yes one six 16 kilobit audio version that was actually created for Elaine Ferris who does our transcriptions. But anybody with low bandwidth will benefit from that or metered bandwidth. There's a 64 kilobit audio which is full quality. We don't do it for technical reasons but Steve does. There's also the transcripts. That's what Elaine Ferris does. She hand writes human written transcripts. Takes a couple of days after the show but they will all appear rc.com also the show notes. Although if you want to get early access to the show notes go to grc.com email and then you can register your email. That's so you can email Steve because he will only email you once you're on his white list. But there is a. There are a couple of checkboxes unchecked by default, but you could check them one for the weekly security now mailing and one for the Very. Oh, look, it made a thumb. Very, very occasional mailings about new products, like, for instance, the DNS Benchmark Pro. You know, one more thing you should do@grc.com, buy Spinrite, the world's best mass storage maintenance, performance and recovery utility. You need spinrite. You ought to have spin, right? It's Steve's bread and butter. You'll find it@grc.com along with this thing I just discovered called Shields Up. It's amazing, actually. You still have the Trouble in Paradise app up there, right? The Click of Death app.

Steve Gibson

Yeah.

Leo Laporte

So if you have a zip drive.

Steve Gibson

Then we feel sorry for you.

Leo Laporte

I'm sorry, but at least you have that.

Steve Gibson

Talk about thumb drives putting zip drives out of business.

Leo Laporte

Actually, your valid drive is very useful. That's the tool Steve make made to verify that your thumb drive has all the storage it claims. Because apparently a lot of drives, especially on Amazon, don't.

Steve Gibson

It is our second most popular download. The DNS Benchmark is first valid drive is still a thousand a day.

Leo Laporte

It should be.

Steve Gibson

It should be.

Leo Laporte

You need it. Get. Get your refund if you only got, you know, a gigabyte instead of a terabyte. We have the show, of course, at our website you can watch it live, but it's silly to watch it live when you can watch it whenever you're in the mood, you know, or over and over again. Keep it in a loop so it all sinks in. Get it at TWiT TV SN for security. Now, there's a YouTube channel that we do that's video. All the shows have it primarily. Well, partly because we want to be on YouTube, but also because people discover us there. But also it's a great way to share little clips of the show. So if you just want to share a little clip of like the copilot interaction on the net project, that would be, you know, send that to somebody. It's a great way to introduce our show to other people. And everybody's got YouTube, so it's a very easy way to do that. Best way for you to get the show though, is probably subscribe and your favorite podcast client. That way you'll get it automatically as soon as we're done. Audio or video, your choice. I do recommend leaving a nice review if you can, at your podcast place, wherever that is. Five stars or whatever the most is because that helps us spread the word. It's really important to us. It helps us build an audience. And I think if you listen, if you're here at the end of the show. You know what a great show this is, right? If you didn't stop after the first 10 seconds. You're one of our people. You're one of us. Maybe you should join the club. You could add free versions of the show at. It's even shorter at twitter.tv lovetwit. All right, I'm done with all the announcements. Steve. We'll see you next week. Everybody go to grc, Buy Spinrite and have a great week. Steve.

Steve Gibson

Next week and next month, here comes June. So just had Memorial Day, so. Yep. Bye.

Leo Laporte

Bye. Security now.