AI's New Superpower: Loop Engineering
Loading summary
Leo Laporte
It's time for Security now. Steve Gibson is here. We have lots to talk about. Good News for Windows 10 users. Yes, you're going to get another year. Meta's backed off on spying on its employees. A wonderful true story about Hacker Kevin, the late Hacker Kevin Mitnick, and the true story of a Fortnite campaign that really was a problem. Steve, I love it when he tells the stories of these hacks. You know, we've heard the news, but now we get the deep details. That's coming up next on Security now this episode is brought to you by Black Hat usa. If you listen to this show, you go deep on the technical detail. Well, so does Black Hat. For nearly three decades it's been where the security industry's most rigorous research gets presented and pressure tested. More than 100 hands on trainings taught by practitioners who've actually deployed in live environments, not lecturers reading from slides. And hundreds of peer reviewed briefings that go well past the overview into the real work across the four areas defining security, right AI and autonomous threats, cyber conflict, systemic resilience and identity. This year, Black Hat's briefings pass includes all keynotes and main stage access, plus business hall entry. You also get breakfast, lunch, Arsenal live tool demos, on demand session access and admission to the midnight in the war room screening. Black Hat takes place from August 1st to the 6th in Las Vegas. If you want the depth this show gets into in person with the people doing the work, this is the room. And we'll be there too. Prices rise on July 17, so book before then. Use code TWIT for $200 off your briefings pass@blackhat.com US26. That's B L A C K H A T.
Steve Gibson
Podcasts you love from people you trust.
Leo Laporte
This is twit. This is Security now with Steve Gibson. Episode 1085 recorded Tuesday, June 30, 2026. A Soda State sponsored campaign. Yes, it's Tuesday. You know what that means. Time for security now. Man, it seems like seven days is too long to wait for Steve Gibson and the latest security news. Hi Steve.
Steve Gibson
I do see things pass by during the week, Leo and I think okay, and, and I often will jot a note to make sure that I come back to it and, and, and, and talk about it and the feedback I'm getting from our listeners today. There was so much to talk about that I think there are a couple listener inspired things. But I'm going to try to spend more time on feedback if I can because it's so great and I thank everybody for.
Leo Laporte
Yeah, for giving back to us. Yeah.
Steve Gibson
The. The title of today's podcast would have been too long had I spelled out State of the Art because I wanted to talk about a state of the art, state sponsored campaign which we're going to take a look at. Fortunately, State of the Art has a standard abbreviation, SODA S O T A. And then it was interesting because after I had used that abbreviation it was, it appeared in some, in one of the articles that we're going to talk about. So I thought, okay, yeah, everybody's on board with soda. So security now, episode 1085 for this last day of June 2026. We start on into on July tomorrow. The the first thing we're going to talk about is how Windows 10. Yes, 10. Its enduring popularity has forced Microsoft to punt once again. Yeah. And give everybody another year of free updates.
Leo Laporte
Wow.
Steve Gibson
You know we, it, it had to happen. We're also going to talk about CISA directing all federal agencies to update their UniFi OS devices. We've been talking now for the last two weeks about the expected problems coming. And they came. And so CISA said thou shalt update. Also once again, on a Friday, an edict was delivered from CISA giving basically federal agencies the weekend, meaning, you know, don't leave the office to update all of their Cisco devices that were affected by a different badly exploited problem. Australia has been disturbed, so says their inspector General, by a deeply compromised infrastructure provider. And when I read about this I thought, wow, that sounds like this state of the art, state sponsored campaign we're going to be talking about. So it may have, you know, already come around open AI, not to be left behind for long, has introduced a Daybreak powered patch, the Planet initiative. Their marketing people at least are awake. We're going to talk about that. Uh, uh, Meta's, uh, employee monitoring all of their employees, or at least a subset. We'll look at that for AI training. Turns out to have backfired badly. It was one of those, you know, what could possibly go wrong? And it did. Script kiddies are figuring out how to use AI to find vulnerabilities. What are the consequences? AI is improving itself with a new term. We're seeing looping, repeating or iterating. What's that about?
Leo Laporte
Oh yeah, everybody's talking to looping now.
Steve Gibson
Looping is the new buzz. Exactly. And I've got a wonderful story I want to share about a friend of ours, Leo Kevin Mitnick. And then serious hackers mistakenly leave another server directory accessible, which is what leads us to look learning about this Russian based state sponsored campaign and which also bring, you know, begs the question how many other campaigns are there where the directory was not left open by mistake which allowed us to learn about them. So lots of fun stuff to talk about. We've got one of our what are they thinking Pictures of the week. So yeah, I think a fun podcast for this end of June.
Leo Laporte
We will get that picture of the week in just a minute in all the security news. But let me start the show with our sponsor for this segment of security now, Xbow xbo. We've talked about pen testing all the time, which is kind of the gold standard for finding flaws in your systems, right? But lately I think people have felt like pen testing is slow because it's human driven, right? And it's slowing us down because we are now AI driven and it's just a mismatch between the speeds. AI has changed the pace of really of everything but how software develops and developers work. Of course they're now really much more productive. But it also has changed the pace of how software gets attacked, hasn't it? Bad guys are using AI to do that. So engineering teams are moving faster than ever. They're creating more and more applications. But the security, especially that gold standard pen testing, hasn't been able to keep up. Pen testing is still one of the most trusted ways to understand real exploitable risk. But in an AI driven world, it can become a bottleneck. Security teams are forced to choose between slowing down development to stay secure or moving fast and accepting gaps in coverage. Well, you don't have to choose anymore because Expo is eliminating that trade off. Xbow Xbow is an autonomous offensive security platform that runs continuous AI driven pen testing, mirroring real world attacks. And by the way, AI is really good at this because it never tires, it never slows. If something fails, it doesn't go, oh shucks, it just tries another way. It's pretty amazing watching Expo work. It doesn't just, you know, it's not scanning for vulnerabilities, it's doing what a hacker would do. It's discovering, exploiting and then validating vulnerabilities. So you're only dealing with issues that really are issues, they really matter. That means dramatically fewer false positives and a clear view into real attack paths. How an attacker would go after you. That's why you do pen testing, right? With Expo, these tests run fast, in hours, not weeks. You get complete visibility into how an attacker would move through your systems. You get the ability to uncover issues that traditional tools miss, including Zero days, novel attack paths. Again, the AI is really good at finding this. And Expo's results speak for themselves. Application security leader at Cesnam CZ has a great quote. He says quote even right now, after one year, I don't know any other company that is at least close to Expo in terms of agentic pen testing. That's what they call it, agentic pen testing. And the result is fantastic. Predictable, cost consistent quality, stronger security and you don't slow down your engineering team. Expo helps security teams keep pace with innovation and cover more apps more often with the resources they already have. It's got a great ancestry. It's founded by the team behind Microsoft Copilot. It's already trusted by companies ranging from fast growing startups to the biggest, the Fortune 500 Enterprises Expo is quickly becoming a mission critical layer in modern security stacks. I want you to know more about it. You need this. Go to expo.com to start a pen test today. That's expo.com and we thank him so much for supporting security. Now this is really good news. You can do the pen testing and you can keep up. All right, I have a picture of the week and I'm willing to look at it together with you. I haven't seen it yet.
Steve Gibson
One of our German listeners sent this to me, ran across this ad, took a picture of it and I looked at it and we, and he had some discussion in his email about it. I gave this the caption how to create a dead end for cyclists.
Leo Laporte
I don't even understand what this is.
Steve Gibson
And it's the oddest thing because so, so the we, we see in the foreground a road which apparently is cyclist friendly. It's like, come on guys, ride your bicycles down here.
Leo Laporte
Then that would be this bike path
Steve Gibson
that's right there and it's like a bike path but. And there's a big like a cycle sign over on the right to let you know, hey, here's where you should be riding your bikes. That's good. But then it, it veers off to the edge of the road, forcing any cyclist onto some little brick paver area which then has another sign in the middle of the, at the end of the brick pavers says end.
Leo Laporte
That's it. So that's it, it's done.
Steve Gibson
Yeah. So I guess that's the deceleration lane or something on. I mean so clearly crazy. For whatever reason, bicyclists are not welcome down that road any further. And if you're a law, if you're a sign follower, well, you'll veer off and come to the bridge, brick pavers and then hit the end of the cycling road. Now it's also, there are not a lot of cyclists that have been captured by that. I mean, I don't see any.
Leo Laporte
So it's right at the same place as you're leaving town. So obviously the town loves cyclists, but the rest of them, you know, never mind. Yeah about it, just drive.
Steve Gibson
So where are cyclists? Where are the cyclists that have been captured by this? It's not clear where, where, where they go.
Leo Laporte
Wow, that is pretty hostile actually.
Steve Gibson
But when you think about it, it's like, okay, sorry, you know, go, go drive off the road. Come, come to a stop because you cannot go further if, you know, if you obey the signage. So dead end for cyclists. Yeah, okay. So it's gratifying to see a prediction about something that really should be done come true. Sadly, gratifying or not, that doesn't happen often enough. Our listeners all know how disgusted I've been with Microsoft's continuing attempts to squeeze their Windows 10 users into moving to Windows 11. Many, and for quite some time, most current Windows 10 users evidenced just as little desire to do that as once upon a time Windows 7 users wanted to move to Windows 8. It was thanks but no thanks. Everything is working fine, like Windows 7 just want to stay here because Windows 8 is stinky. So anyway, as we also know, Microsoft are arbitrarily, capriciously and unnecessarily raised the minimum hardware requirements for Windows 11 in a transparent effort to force the purchase of new and now onerously expensive PCs. We know it was arbitrary, capricious and unnecessary because Windows 11 runs quite well without complaint on PC hardware that lacks every one of those newly imposed so called requirements. They can all be bypassed because none of them are actually required. Against this backdrop, in the summer of 2025, which actually June 24th to be exact, Microsoft reminded everyone that all Support for Windows 10 would be ending a few months from then, on October 14, 2025. There's only one problem with that. Still no one wanted Windows 11 and nearly everyone was still quite happily using Windows 10. So as we covered at the time, Microsoft blinked and gave everyone an additional full year of esu, their extended service updates and this is quoting them in order to give everyone more time to migrate to Windows 11. Unquote, they said, or apparently quite often to give everyone more time to save up the money needed to purchase a new PC when the one they currently had was running Windows 10 just fine. Not having any problems so this allowed everyone to remain on the ESU plan until October 12, which is approaching of 2026 later this year. So we're back to beating this poor and quite dead horse, because time flies. And we're once again here at the end of June. And still, despite reluctantly returning feature after feature, we hear from Paul and and Richard every week, like, oh, Windows 11 got this feature of Windows 10 that had been taken away. Oh, and it got this feature of Windows 10 that had been taken away and they rewrote this UI because it was really slow and Windows 11 and now it's fast again. Anyway, even after reverting some of the incredibly inefficient user interface implementations that have been largely responsible for Windows 11 poor performance, no one still wants Windows 11. And I mean, there are people who like it. You know, I had to be using it toward the end of the work on Spinrite and also on the DNS benchmark so that I knew what was going on. So, but you know, it's pretty, the corners are rounded. But I'll be setting up a new system with Windows 10 because all the evidence I've seen on the Internet says that 10 runs on given the same hardware much more quickly than Windows 11, and 11 has nothing that I need. So anyway, on top of all that, thanks to the AI drama that has swept the globe, that new Windows 11 capable PC that Microsoft seems to be pushing everyone toward will now be significantly more expensive to purchase today than it would have even a year ago when people said, no thanks, Windows 10 is running just fine. So anyway, you can guess now, as I said at the top of the show, what Windows just did. Yep. Or Microsoft just did. Yep, they blinked again. They once again extended the Win 10 ESU program for another year until October 12, 2027. So everyone using Windows 10 gets to keep using the Windows they love on the machines they already have. And what's even better is that the continuation of the ESU program means that Windows 10 can and will be the recipient of the results of Microsoft's still unnamed, I would at this point say stubbornly unnamed code name EM Dash system, which will be cleaning up the mess that was left behind by decades of Microsoft's previous human developers. So what Windows 10 is getting, when you think about it, is really the best of all possible worlds. Since all development on Windows 10 has blessedly been halted years ago, Microsoft will no longer be introducing more new bugs than they remove every month. Instead, the extension of the ESU program for another year will give their new AI model driven bug discovery and removal system the time it requires to remove the thousands of latent bugs Windows still carries. Thus turning windows 10 into a near perfect operating system like forever. Thank you Microsoft. So, given where we are today, I'll make another prediction. Given that the current RAM and semiconductor chip shortage is now expected to endure into 2028, they're not expecting it to resolve this year or next. This is likely to hold PC prices high since the recent performance improvements in Windows 11 are finally beginning to allow it to run as well as Windows 10 always has on the same hardware. And since it has always been able to run on that same hardware, I predict we're going to see some form of junior 11 which will, for face saving reasons, strip out some features, maybe hopefully recall in some of the co pilot plus AI crap. That'd be great. And it will therefore surprise be able to run anywhere Windows 10 can. Which will mean that, you know, this will ultimately be the only way for Microsoft to move the remainder of their holdout Windows 10 users over to 11. It'll cost no one anything. It will get everyone back under the same code base, which actually and understandably is where Microsoft really does need to get them in the long run. I wouldn't expect Microsoft to continue supporting Windows 11. I mean, sorry, Windows 10 forever, but if we get another year of ESUs, people who really want to stay with Windows 10 that they have on their machine will be able to, and people who want to move to Windows 11, I will be very surprised if we don't have some final capitulation from Microsoft in the form of some junior 11. You know, they can't have everything that they keep saying you need new hardware for something that will allow 11 to run on existing systems with TPM, you know, 1.1 without some of the other unnecessary features that Microsoft is requiring systems to have. And then they can get everybody under a single code base. I get it that they really do need everybody to be resynchronized. The good news is we'll probably be left with a Windows 11 which is really good and can hold us for, you know, quite a while. So yay.
Leo Laporte
Actually, Windows 12 is just around the corner. Aren't you excited?
Steve Gibson
Oh God,
Leo Laporte
I'm sorry.
Steve Gibson
Unbelievable. Maybe, maybe they'll. Who, who knows what they're going to do. But I mean, clearly ten refuses to let go, right? I mean they're just, you know, people don't want to spend more money, especially now. Leo.
Leo Laporte
Well, that's what's going on. Exactly. RAM is so expensive. Nobody's upgrading their computers anymore.
Steve Gibson
Yeah, and so it's unfair to ask people to like get more RAM and a new machine for no, no real reason.
Leo Laporte
Exactly.
Steve Gibson
And they're going to have to face that sooner or later. So a quick follow up on the state of the recent ubiquity flaws since CISA has seen hackers actively exploiting those three flaws in Ubiquiti's unifi os. Last Wednesday, CISA gave all federal agencies three days to apply the available security updates or their recommended mitigations. If for some reason you can't supply the updates. The three ubiquity flaws have been added to CIS's kev. That's that kev, the Known Exploited Vulnerabilities database. There's 34908 which is an access control bypass flaw that allows an unauthenticated attacker to make unauthorized changes to a unifi OS system potentially leading to full system compromise. And, and we know when they say potentially leading to it means yes, you get to do that. 34909 is once again a directory path traversal vulnerability which we never seem to be able to get rid of. All those that allows an attacker to access sensitive files on the underlying operating system, potentially exposing configuration files, credentials and other sensitive data that could facilitate account takeover. And 34910, an improper input validation flaw that enables an attacker to inject and execute arbitrary operating system commands, potentially leading to remote code execution. I mean basically this is a perfect, a perfect trio of flaws that I mean you couldn't get a better set of three if you want something that allows you to remotely take over a system of any sort. So as we know, Ubiquiti released updates for all three of those vulnerabilities back in May and Leo's UniFi OS instances which were all set to auto update, all did. So Leo, you were never in any danger. Hopefully everybody else has done this too. What's changed is that the pace of attacks for following their disclosure and or the reverse engineering of updates necessitates taking the human out of the update decision loop. Just let automation handle that. Might it screw up? That's a possibility. But the incidences of such screw ups have always been rare and we can expect them to become more rare as more of our infrastructure becomes secured. So you know, there, there's no piece of Internet facing system today that I don't have that is, that has some potential vulnerability that I don't allow to update themselves. If the manufacturer says oh crap, we gotta, you know, push this out out Right now, now that SISA announcement was on a Wednesday. So those people had Wednesday, Thursday, Friday. Last Friday we learned that those three day CISA bods, that binding operational directive, you know, thou must update notices, they also include the weekend. As it turns out, it's not three business days, it's three calendars. Yeah, three calendar days. CISA issued a directive Friday giving federal agencies until Sunday night to patch. You know, come to think of it might be that patching over a weekend, it would actually be easier. Right. Since the network would presumably be much quieter with fewer if any people disturbed by an update and maybe a necessary reboot of the system. I did see something that I've never mentioned because it just kind of flipped by a few weeks ago. It was a, it was a mention that this, this, the idea of the necessity to reboot is being rethunk by the industry because it's, it's understood that the need to take down an, a, a piece of border equipment. And after all, it's the equipment on the border that is the stuff that's under attack. Right? The, the, the need to basically shut down the network during what could be a lengthy update and reboot is a reason that it doesn't. So who says you have to reboot a system? I mean, we have seen Microsoft beginning to inch toward some no reboot needed updates. And all of this necessity, this whole idea of needing to boot a fixed piece of firmware, it's only legacy. I mean really, you don't have to reboot. No. There's no reason that a system could not have been structured so that you could have two instances, for example, of a library and briefly switch the pointers from the old one to the new one so that basically no one would even notice that you are now operating under the new library. So this whole concept of needing to take the whole system offline and then bring it back up again, that's really old school. And so I think what we're going to begin to see is, is a, and what a selling point, right? I mean if you had, you know, three pieces of equipment you were choosing among, you know, Juniper and F5 and Palo Alto Networks and Juniper was able to say, hey, we have zero reboot updates. You're able, we will update your system with no downtime. And the other two guys didn't have that. Well, that's a selling point. So you can imagine we're going to be seeing that in the future.
Leo Laporte
I would love that. I didn't realize it wasn't possible.
Steve Gibson
Yeah, definitely is possible. There's, there's no reason well that be
Leo Laporte
true of operating systems of all kinds, right? Windows, Linux, every.
Steve Gibson
And look at the, the, the, the zero patch guys, they do zero reboot patching on the fly. So definitely something that could be done. So the story behind in this case this single high severity flaw which was on Friday, on last Friday CISA said everybody, every federal agency must have updated by Sunday night. So as of yesterday all federal agencies need to have updated. This Cisco deal. This was a server side request forgery. The CVE is 2002 30. It was discovered in Cisco's Unified Communications Manager server. They released security updates to address the flaw three weeks earlier on June 3rd. And at the time they warned because they knew that exploitation could give attackers root privileges on the device they wrote quote, a vulnerability in Cisco Unified Communications Manager, the Unified CM they call it and also Cisco Unified Communications Manager Session Management Edition which of course is Unified CN CM SME could allow an unauthenticated meaning no no credentials remote attacker to conduct server side request forgery SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could later be used to elevate to root. So that was then June 3rd when they announced the update and offered patches and said this is important critical do it three weeks later that vulnerability is now being actively exploited. Three weeks. So this is not even a, a monthly patch cycle deal. This is, you know you need to do this if you want to keep bad guys out of your systems. And we know the Cisco has had a legendary problem of, of keeping bad guys out. So that's not a lot of time. On the other hand it did take three weeks. So hopefully whoever's in charge of updating today, here we are middle of 2026 did not wait until CISA gave them no choice with their binding operational directive since in this case sisa's BOD BOD was issued several days after attacks had been detected in the wild because after all KEV is known exploited vulnerabilities. So it's clear that CISA has seen the light regarding the need for speed it in responses to these. Remember that that, that flowchart that, that, that that that tree, the decision tree chart that we looked at last week had you know it had many of the leaves of that tree demonstrated that they get it because there were three days to patch response times on many of those decision endpoints. So I, more than anything, I really do hope that the world that the word is filtering out, that everything we have known, and this is the problem, you know, institutional inertia and just conceptual inertia, historical inertia. Everything we have known about the dynamics of, of vulnerabilities, exploitation, attacks and patching has been thrown up in the air. It's, it's unclear when or how it's going to settle down. But what is clear is that nothing will be as it has been before. AI has changed all that. You know, I'm seeing many predictions in around, you know, through the industry, in the press, the popular press, the tech press of a coming onslaught of massive AI driven cyber attacks. And as I've said also it seems to me that's less likely, I guess I would say massive AI driven cyber vulnerabilities. But vulnerabilities are different than attacks, right? Because it's unclear to me how attacks make money. Not like broad, huge, hundreds of millions of users affected. You know, cryptocurrency money is entirely the name of the game. What I expect to be more likely is many more successful network penetrations followed by extortion. And the bad guys are increasingly likely to attack those enterprise as we've seen that me really must protect the their exfiltrated data. You know, a couple weeks ago we saw that lo that large law firm, that report, you know, made a, what is it, a $2 million ransom payout which was 1% of their annual take of 200 million. Which payout was defensible and sane because the cost to them in reputation and client lawsuit damage of not paying the ransom and hoping that their data isn't leaked would just be too great. So the problem with changing updating habits is, as I said, this great, the great weight of institute institutional inertia. The hope is that the AI attack hysteria, which I think is what it is, which I doubt will materialize, may be what the IT department actually needs. They need the hysteria in order to obtain the resources they require to be able to update with, you know, much more speed, much more nimbly. So we can hope that that's the way that that's the shape this takes, that you know, the boss hears that, oh my God, the AI is coming to get them. So when IT guys say hey, we need a couple more people who, whose job it is to do nothing except to keep all of our equipment updated so we're not attacked by the coming AI tsunami, the boss is going to say okay, yeah, go get him. Instead of saying, you know, oh, I don't know, can't you have Mo just do that too? Mo's already overworked, Leo.
Leo Laporte
Mo is. Mo's a busy guy. Especially on weekends, apparently. So I'm still puzzled. I. I think you. If you're going to modify the kernel code, I think you'd have to reboot. No. Would you do it without restarting the machine? You.
Steve Gibson
You just have to have the. In a, in a. You have. Okay, so a kernel is normally a bunch of libraries. I mean, there, there's a micro kernel and then a whole bunch of kernel drivers.
Leo Laporte
Right.
Steve Gibson
And.
Leo Laporte
Well, I can see you could modify kernel drivers without rebooting.
Steve Gibson
And, and in a microkernel, you know, I can. Like, so you may have a. The memory management API. So the only thing you need is to. To. To. For there to be a moment when no threads are in the memory management API and you can just switch to newer code and that runs the same API and now some use after free vulnerability is gone.
Leo Laporte
The.
Steve Gibson
That the previous code has. So, so you know, at. At. I guess, I guess for me I see it so clearly because this is where I program is in a language.
Leo Laporte
You're in the. You're in the kernel.
Steve Gibson
Yeah, it's where that is all happening. But, but there, there really isn't anything that precludes a, A, an on the fly switch switch out of. Of old code for new.
Leo Laporte
So you got a microkernel running right now and you would just say, okay, here's the new kernel. Halt the code and jump to the new microkernel.
Steve Gibson
Yes. Switch the threads over to the new microkernel.
Leo Laporte
You wouldn't.
Steve Gibson
And they don't know.
Leo Laporte
Everything would have to be idempotent though, right? I mean, it'd have to be reentrant.
Steve Gibson
Correct. So, so, so that's part of the
Leo Laporte
problem is I'm sure a lot of it's not reentrant.
Steve Gibson
Well, so as soon as the threads are out, then you don't have any. So, so a, A, like that code is dead.
Leo Laporte
It's not Right.
Steve Gibson
Yeah, in a micro kernel there is like a, like memory management is one of the core functions of any kernel. And so if at any point there are no threads that are actually doing work in there, then then you simply
Leo Laporte
say go to that one.
Steve Gibson
You just. Yes. Then the next thread that comes along that wants to do.
Leo Laporte
But what thread is doing that? There is a thread that is doing that switch that's running, but I guess you just let that die.
Steve Gibson
So you would definitely, you would have a supervisor that would be in charge of swapping out old code for, for, for new code.
Leo Laporte
They're speculating in the discord, and I think this is probably accurate, that most operating system companies kind of think it's just a good idea to reboot once in a while.
Steve Gibson
Like, users think it's a good idea
Leo Laporte
to reboot once in a while in the operating system companies know that there's stuff in the memory that probably shouldn't be there. There's memory leaks that they wish weren't there.
Steve Gibson
But yes, the technical term is cruft.
Leo Laporte
Cruft, yes. So, you know, rebooting once a week isn't the end of the world.
Steve Gibson
And we talked about, and we talked about how rebooting your router can, can help to flush out malware that is not able to obtain persistence.
Leo Laporte
But I'm completely sympathetic with a network engineer who says, I'm not bringing the network down. I don't care if it's 3 in the morning. I'm not taking the network.
Steve Gibson
I do it at home. Because I've got so much crap now that this, like, on the Internet is like, oh, what's going to happen if I, you know, blah. You know, what if I get a new IP address, right?
Leo Laporte
I've got system timers running all time, all hours of the day or night. I'd have to look and make sure that that stuff. Because if one doesn't run.
Steve Gibson
Oh, and Leo, if your AI agent was unable to blog when it wanted
Leo Laporte
to, it could be in the middle of a blog. It can blog at any time of the day or night. I don't know when it's blogging.
Steve Gibson
That's right.
Leo Laporte
I'd have to say, hey, Quicksilver, are you in the middle of anything right now? Just let me know because I'd like to reboot right now. Man, that's interesting, because nobody does this really, that I know of. Maybe there's some mission critical systems, I'm sure. You know what, I'm sure the space shuttle doesn't reboot or didn't reboot. I'm sure the International Space Station doesn't have to reboot. I mean, there are mission critical systems that cannot restart, right?
Steve Gibson
And it's only in sci fi that they say, okay, everybody hold on to something. We're going to have to shut down gravity while we reboot.
Leo Laporte
Wow. Joshua337 in our Discord says, I had a Cisco switch up for 19 years. Wow, nice. That's nice. It's because he Never patched it. Would you like me to do an ad right now? That'd be good. Okay, I apologize. There's somebody drilling outside. Yeah, but you know, that's all right. This is. This is life in the little city. The small town we call.
Steve Gibson
It's not loud for us because you don't hear it.
Leo Laporte
Okay, good.
Steve Gibson
Because those mics are really good.
Leo Laporte
I have a lot of noise suppression going on in various spots. I hear it. Our show today brought to you. But we'll get back to security now in just a bit. I know you.
Steve Gibson
Sounds like an old matrix printer going back.
Leo Laporte
Oh, there's a sound I don't miss. And before that, the teletypes. Every radio station going on.
Steve Gibson
At least you knew when it was done, you didn't have to like go over and check. Right? You know? Yes.
Leo Laporte
Suddenly quiet in here. And you'd buy. You'd buy these big enclosures to put the teletype in so that it would be somewhat.
Steve Gibson
Padded booths. They had their own padded booth. Yeah.
Leo Laporte
Still be noisy. And then you. And then if it's a big, like a big story, something big happened. The bell would ring. And if it rings five times, man, you run over to that ap. Ding, ding, ding. Oh, we got a hot one. Our show today, brought to you by Hawks Hunt. Now, if you're a security leader, if you've ever been on pager duty, if you ever had a middle of the night phone call, well, first of all, you have my deepest sympathy. But also, you got a tough job. And one of the toughest things lately is keeping your employees from causing security issues. You probably even have security training for them, right? But you've been there. The eye rolls that you get during training, the one size fits all phishing simulations that the employees go that one again, they spot him a mile away. The report button that gets ignored more often than not. It is not easy these days. Your programs are running, but it's not changing employee behavior. Right. Meanwhile, AI is making real attacks more convincing by the day. And maybe you're in the situation where leadership is starting to ask the question, the one you don't have the answer to. Is this actually working? Hoxhunt is built to answer that. Hox Hunt empowers your employees to spot and stop advanced phishing attacks to drive measurable behavior change through personalized gamified micro training powered by AI and behavioral science as an admin. You'll love it because HOX Hunt does the heavy lifting. Simulations run automatically across email, slack and teams because it's not Just email anymore. And they're personalized to each employee. Just like the bad guys do it based on role, location, behavior. It's personalized, which makes it very much harder to ignore. These simulations are really good. Every simulation uses AI so that they're mirroring real world attacks. That means your employees are going to get tested on things that are actually getting through, not some outdated template they immediately, you know, spot. Gamified training makes it fun too. It keeps engagement high. You know what's really important. It keeps it fun in the sense that it's not a punishment anymore. Nobody learns by being punished, but people love to learn when it's fun because every interaction generates a coaching moment. You're not just tracking completion, you're actually building behavioral indicators that tell a real story that you could show the boss. Reporting rates, repeat clicker reduction, time to report the kinds of metrics that hold up when leadership is asking you that. Tough question, but you don't have to take my word for it. With over 3500 verified reviews on G2, Hox Hunt is the top rated security training platform recognized for best results and easiest to use. It's also a customer's choice, recognized by Gartner, and of course it's used by thousands of companies. The biggest companies in the world, the companies you've heard of like Qualcomm, Docusign, Nokia, they all use Hawkshunt to train millions of employees worldwide. Maybe you should look at hawks hunt. Visit hoxhunt.com securitynow today to learn why modern secure companies are making the switch to Hawkshunt. That's oxhunt.com security now we thank him so much for supporting Steve's good works here at Security Now. We thank you for supporting it by going to that address so they know you saw it here. Hawks hunt.com Security Now Steve, so last
Steve Gibson
Wednesday, Mike Burgess, who is the current Director General, I called him the Inspector General earlier, but he's the Director General of Security and the head of asio, which is the Australian Security Intelligence Organization, published his annual threat assessment for this year for 2026, it was not at all cyber specific. Talking about many other social aspects, you know, which impinge upon Australian security. You know, lots of foreign actors and countries that are unhappy and so forth. But there was a section regarding threats to Australia's critical infrastructure and it was a doozy. Mike wrote critical infrastructure, the third matter we dealt with can also be a threat to life in extreme circumstances. We discovered nation state hackers had compromised the network of an Australian critical infrastructure. Provider ASIO assessed the hackers were preparing for sabotage. They weren't planting digital dynamite as such. They were mapping out the network and maintaining access so they could cripple it at a time of their choosing. Cyber sabotage is an evolving threat and I have established dedicated teams to counter it. As ASIO's understanding grows, so does our level of concern. The scale of this activity, led by one nation state in particular, is difficult to overstate you and they would be surprised how extensive our warrant coverage is. We struggle to find a single country in our region that has not been compromised by this state's cyber apparatus. Critical infrastructure in the energy and communications sectors as well as infrastructure supporting the military are top targets. In this case, a state sponsored group did not just achieve access to the Australian critical infrastructure provider. IT successfully acquired credentials, login details and passwords for active users of the networks, including the IT professionals guarding it. ASIO identified, tracked and attributed the hack and worked with the victim company and our security partners to remediate the compromise work, which is still ongoing. So as I said, I mean, so that's like, whoa, this is what countries are facing.
Leo Laporte
By the way, our resident Australian says they pronounce it a zio O a
Steve Gibson
S I O a Z O co yeah, actually that makes sense too because they use S's where we use Z's. Like or organization is, you know, N I S a T I O n. So.
Leo Laporte
Right. Although knowing Aussies, he could be pulling our leg. But I think, I think Darren's saying it's a long a AO AO AO yeah, ao.
Steve Gibson
Anyway, so I, I encountered this report, as I noted after fully digesting, digesting and laying out this week's main topic. So when I saw the way the intrusion into Australia's infrastructure provider was described, with that full credentials and login and everything, I noticed that it exactly corresponded to what we'll be examining as today's main topic. And there are so many intrusions in that state sponsored campaign that I wouldn't be surprised if this was one that, that Australia's infrastructure, unnamed infrastructure provider got swept up in. So we'll, we'll be sort of circling back to this by the end of the podcast, but interesting that there's, there's a view from the victim side where they said, oh wow, we are really in trouble here. Okay, so last Monday, a week ago and a day not to be outdone by anthropic with Mythos 5 and Fable 5, OpenAI announced their initiative dubbed Patch the Planet. This uses their daybreak system, which we noted. A couple weeks ago they announced to sort of be their response to Mythos, Anthropics mythos and this whole system has already been producing results which I'm going to share in a minute, their announcement said. We are introducing Patch the Planet, a daybreak initiative built with Trail of bits to help maintainers strengthen the critical open source software world. Open software the world relies on we're pairing AI assisted security research using our most cyber capable models with expert human review to not only identify vulnerabilities but help patch them. AI is accelerating vulnerability discovery, but discovery alone does not protect users. Many maintainers are already being asked to sort through more reports more quickly with the same time limit and resources. Patch the Planet is built to reduce that burden, not add to it. Security engineers review findings before they reach maintainers, work with projects to develop patches and tests, and build reusable workflows that help teams continue improving security and after the first fixes, Land Trailer Bits has committed their entire security research organization toward this effort. For our initial surge, they're working directly with maintainers to investigate and validate vulnerabilities, develop and test patches, and coordinate disclosure of vulnerabilities. Additionally, we will be partnering with HackerOne, of course, the famous bug bounty offering, and Caliph, who are helping us take our efforts further with vulnerability triage, coordinated disclosure and additional focused vulnerability discovery efforts. So how does Patch the Planet work? Each engagement under Patch the Planet begins in consultation with the maintainer. So like the maintainer of a specific project? Right, they said for each collaboration, security engineers work with maintainers to understand each project's needs, preferences and where additional security effort would be most useful vulnerability validation, patch development, CICD improvements or longer term security engineering. Once aligned, researchers investigate potential vulnerabilities, validate meaningful issues, develop or refine patches, support testing and coordinate disclosure through the project's established channels. So it's interesting, this feels more hands on, more human aimed and and managed. You know, it's not just a, you know, aim the AI at it and stand back kind of approach, they said. Initial Participants include curl, nats, server PI, ca, cryptography, sig store, aio, HTTP, the go project, free, nginx, python and python.org these projects support widely used networking, cryptography software, supply chain and natural and language infrastructure where stronger security can benefit a broad range of downstream products and services. Additional projects will join in future rounds. So again, they're also not doing everything at once because their human side resources are limited. They've, they've chosen a bunch of projects and they are working closely with the maintainers of that code, they said. Trail of Bits has dedicated security engineers to work full time with codex and GPT 5.5 cyber across 19 open source projects and has already identified hundreds of security issues and merged dozens of patches with many more still undergoing coordinated disclosure. The initial Sprint also produced reusable security infrastructure fuzzing harnesses, historical CVE analysis pipelines, differential testing systems, threat models, expanded test suites and workflows for deduplication, false positive filtering, severity correction and patch generation. Some project specific details will be shared later as testing, remediation and coordinated disclosure progress. A few early examples show what the team was able to build and find a fuzzing lab in less than a day. Trail of Bits engineers used Here it is repeated Codex goal runs with GPT 5.5 Cyber to build an entire fuzzing lab covering dozens of entry points, variant builds, platforms and novel test seeds. Engineers set the objectives and refined the prompts. The system then used coverage feedback to keep expanding into new surfaces and target edge cases and filter weak or invalid candidates. Trail of Bits engineers found that with limited guidance, GPT 5.5 Cyber made useful choices about where to expand coverage, which builds and entry points to probe, and which candidates were too weak to pursue. The completed setup took less than a day. Trey Labitz estimates that building the same lab manually would ordinarily take at least several weeks rather than less than a day. And it wouldn't have been as much fun, right? They set a reusable pipeline for finding variants of known vulnerabilities. They also achieved the team built an end to end system that ingests historical CVEs, extract relevant vulnerability patterns, searches target code bases for related flaws, and sends candidate findings through specialized judging agents. The pipeline de duplicates results, filters likely false positives, and routes the strongest evidence to security engineers for manual confirmation. This turns years of public vulnerability history into a repeatable search strategy that can be applied across projects. Trey Labitz found the models especially effective at this kind of variant analysis, which uncovered many additional issues across the code bases under review. Okay, now you know, just sort of stepping back from this. If this was posted this time last year, these details would have left our mouths hanging open in wonder and disbelief. But now today our reaction is okay, sure, what else? And and as it happens, there is else. They wrote differential testing in days instead of weeks or months were created. Different implementations of the same protocol should usually behave the same way under the same inputs. Thus differential testing right when they diverge, one may contain a bug. Applying this idea at scale is normally difficult because engineers must write custom shim and glue code connecting each implementation to a common test harness codex generated and iterated. There's the word again. Iterated on that code, allowing multiple implementations to be fuzzed against one another and their behavioral differences investigated. And again, I'll just highlight that we're hearing terms like repeated and iterated more and more. We'll be talking about looping here a little bit later. What we're collectively learning is that AI gets better when it iterates over problems, so they continue their posting. The workflow filtered many weak or invalid results and produced a comparatively high signal set of candidates for expert review. The team reached those results within days, compressing work that has historically taken weeks or months. Trail of Bits is continuing to expand and refine these tests before publishing project specific details. Basically so what we're seeing is there. There's like a meta outcome from this work that they have the AI. They're learning how to apply the AI across a set of of 19 open source projects. But these the result of these learnings God, I just use that word is a set of harnesses and approaches that end up being persistent. That is the things that they're developing are ways of harnessing AI that are inherently reusable, they wrote. Security engineers reviewed every finding before it reached a maintainer trailer. BITS engineers manually reviewed every security issue before it was submitted to a maintainer, and the added value of this step cannot be understated. While Frontier AI models are highly capable of finding vulnerabilities and patching them, they also produce a high volume of false positives that can contribute to the already overwhelming backlog maintainers are facing. Patch the Planet solves for this by having dedicated trail of BITS researchers reproduce the evidence, check findings against project specific documentation and threat models, remove duplicates, reassess severity, and prioritize confirmed vulnerabilities for remediation. They also develop and submit patches in accordance with maintainers preferences. Maintainers remain in control of what patches are deployed and how disclosures handled. What OpenAI Daybreak is already finding are Patch the Planet builds on a builds on a broader body of Daybreak work, showing how frontier models can help defenders find, validate and remediate serious vulnerabilities in widely used software. We're sharing a few early highlights here. While withholding exploit mechanics and project specific details where disclosure is still underway. Meaning once again, as did Anthropic before them, they found a bunch of stuff they can't talk about because they need to go through the the the the responsible disclosure approach and wait for these things to get fixed in the field, they said. As fixes land and coordinated disclosures conclude, we plan to publish deeper technical reports that walk through individual findings, research methods, validation workflows and lessons other defenders can apply. Right? So so as I said, the things they're learning from this end up having long term much wider application. They don't want to release that yet because it is still too powerful. So they said our findings span every layer of the software stack, with many more still in the disclosure process. So here's what they have found so far of operating systems The Linux kernel GPT 5.5 Cyber identified security relevant components across more than 30 million lines of code, flagged potential security issues and then validated them dynamically generated 8 kernel pointer information leak proof of concepts and 24 local privilege escalation exploits. We noted that hundreds of issues were identified. This is the subset for which proof of concepts were automatically generated. So 30 million lines of code from the Linux kernel they've found 8 kernel pointer information leak proof of concepts meaning validated verified 24 local privilege escalation validated verified out of hundreds more that they're still working toward under OpenBSD, they said. Our models identified a 23 year old use after free in OpenBSD's kernel implementation of System 5 semaphores. OpenAI researchers reproduced the issue and confirmed that it would allow an unprivileged local user to escalate privileges to root. What about FreeBSD security? Researchers at Calif. Used Codex to find and validate using proof of concept exploits for several LPEs local privilege escalation in FreeBSD Across a broader FreeBSD campaign, OpenAI researchers confirmed 34 vulnerabilities and produced seven local privilege escalation POCs, proofs of concepts and for networking DNS mask. Codex Security independently identified vulnerable patterns corresponding to four of the six DNS mask CVEs which were later fixed in 2.92 release 2 the HTTP 2 bomb that we talked about last couple weeks Caliph used codex to identify HTTP 2 bomb, a denial of service technique affecting major HTTP 2 implementations including Nginx, Apache IIS and Pingora. Caliph's anal analysis suggested that more than 880,000 Internet facing websites were running affected server software with HTTP 2 enabled. Now that was interesting to me and also deeply annoying. Those are the jerks we looked at a couple of weeks ago who bragged about the discovery of this protocol failure vulnerability and released its information including a working proof of concept in a complete lack of coordinated disclosure. They essentially said AI has changed everything such that coordinated disclosure timelines no longer apply. Meanwhile, those in charge of web server operation were scrambling in a panic, which could have been avoided with just a little bit of courtesy. I'd love to see Caliph's access to Daybreak rescinded, since this is not the way it was supposed to be used. I was I was a little annoyed to see that they apparently are an active participant in this. Again, I'd love to see that change. Anyway, what about browsers? OpenAI continues Chrome OpenAI researchers found and reported five exploitable vulnerabilities in Chrome's V8 JavaScript engine, including three that were identified and remediated within days of being introduced. Safari in roughly a week of focused WebKit work, over 10 exploitable Safari vulnerabilities were found and reported. Firefox OpenAI preparedness identified a WebAssembly vulnerability which happened to be CVE2026 8390 with GPT 5.5 during safety evaluations that Mozilla patched two days before PWN to own Berlin. Them patching it two days before PWN to own berlin thanks to GPT 5.5 work prompted five of the six registered Firefox entries to withdraw from the competition because AI beat them to it. No Firefox exploit was successfully demonstrated at the competition, which is very cool. You know what this is? What we're seeing is a relatively, certainly comparatively rapid tightening up of the world's software. This is what that's going to look like. Pwn to own will no longer have anything to pwn and then own, they said Open source software is sharing infrastructure is. Sorry, Open source software is shared infrastructure Indeed. You know, log 4J, for example, securing it should be shared work. AI is changing the pace of vulnerability discovery and the work now is to make sure the benefits reach the maintainers and users who need them most. Patch the Planet is designed to put that full defensive loop in service of maintainers discovery, validation, severity, review, disclosure, patch development, testing and deployment. Frontier models can make parts of the loop faster, but the aim is to give the people responsible for shared infrastructure, meaning the maintainers better tools and more capacity while preserving their agency over how changes land. Again, Caliph did not do that for the maintainers of HTTP 2. They just said yep, look what we found. Woohoo. The first Sprint they wrote shows that sustained collaboration among maintainers, security engineers and AI assisted workflows can produce immediate fixes to stronger project infrastructure and reusable security work that can Continue improving open source software over time. This, they conclude is just the beginning. As more fixes land and coordinated disclosures complete, we plan to publish deeper technical reports on selected findings, the methods used to discover and validate them. In other words, they're going to show how the AI was harnessed in order to do this and the workflows defenders can adapt to help protect the software everyone depends upon. If you are a maintainer, you can apply to join to and join Patch the Planet so I've got a link to the Patch the Planet page in the show notes. It's trailofbits.com Patch the hyphen planet. So Daybreak was a bit delayed as we know relative to Claude Mytho's preview. And it appears that as we might expect, its approach differs in the details. But the evidence clearly suggests that OpenAI is not out of the game by any means and that's great news for everyone. Very, very cool.
Leo Laporte
Yeah, very interesting too.
Steve Gibson
So they, so they join Anthropic with the, you know, Claude Mythos preview work to, to turn their attention and they're finding bugs.
Leo Laporte
So is this patch of planet there the equivalent of Anthropic's Glasswing?
Steve Gibson
Exactly, it is, it is the equivalent as what, where it differs is that Glasswing was also offered I believe to non open source maintainers.
Leo Laporte
That's right. In fact most non open source is like Microsoft and people like that.
Steve Gibson
Right, right. And, and I, I was remember, I, I, I paused because I also know that Mozilla got it and fixed hundreds of bugs using those.
Leo Laporte
Sure, sure.
Steve Gibson
So some open but, but, but so far this looks like it is the, the Patch the Planet. They're basically open AI is saying we are so dependent upon open source. And also note that this does give them and their partner trail of bits something that that Glasswing didn't have. Because it's open source, they're able to turn this, this loose on publicly available source. When, when you, when you give a, a private company that has closed source, you're basically just saying we're giving you access to Mythos. We don't have your source. You have your source. So we're not, we don't, we're not going to be able to see nearly as much into how you're using Mythos to obtain results. So, so it's, it's, it's a different approach that has a different set of trade offs anyway. But yes, it is their equivalent. So both of these two big guys with state of the art frontier AI are now working proactively working to clean up the install base of software in the case of patch the planet with 19 public projects. And you know, Leo, the other thing that's going to help to clean up the planet more coffee is. Yes, it will keep the planet. It'll keep the planet spinning.
Leo Laporte
Oh, I like your new Contigo mug there. That's a. That's a pretty little copper thing. Is that new? Is that a. Yeah, yeah, it's coffee colored.
Steve Gibson
Yeah.
Leo Laporte
So it's appropriate. Our show today, ladies, gentlemen, is brought to you by the folks at Cohesity. I want to welcome Cohesity. Wow, brand. Yeah, you know the name, don't you? Brand new sponsor. After a major cyber attack, recovering everything at once isn't always the fastest path back to business. The immediate priority, if you think about it, this makes sense, is restoring a trusted operating core. Right. You restore everything and you're still corrupted. Eh, not so good. You need the minimum systems, data and processes needed to keep critical operations running. And that's why Cohesity has something called the Minimum Viable Company, or mvc. A framework for defining, protecting and recovering what matters most first. I know you probably don't want to think about this. You want to say, oh, we'll never have this problem. But I think now, proactively, this is the time to think about this, to plan. This MVC helps organizations identify. Do it now before you hit the essential applications, data, people and processes required to serve customers, maintain communications, protect revenue and meet critical obligations. This is not something you want to think about after you've been hit. This is something you want to think about now. This is part of your recovery plan. Cohesity provides a clear recovery target with this mvc. It lets teams focus resources where they'll have the greatest business impact. By restoring this trusted operating core first, organizations can reduce downtime. You're actually going to accelerate recovery and most importantly, you're going to maintain continuity while that broader restoration effort continues. Cyber resilience isn't just about, you know, let's get back online. It's about keeping the business operating when disruption strikes. And Cohesity can do it. Learn more@cohesity.com Resilience Cohesity Resilience Everywhere. Cohesity.com Resilience welcome Cohesity. It's really great to have you. That's fantastic. Good, good company with a very, I think it's a brilliant idea. Very important product.
Steve Gibson
Yeah. Focus on getting back up.
Leo Laporte
Yeah, it, but, but a minimal viable, you know, way to get services back while you do the full recovery. Don't try to do it all at once. That makes a lot of sense.
Steve Gibson
Okay, Steve on so we talked briefly, and it only deserved a brief mention before, but oh boy. About Meta's clearly misguided plan to record all of their employees keyboard, mouse and screen activity for the like, just streaming surveillance from every PC for the ostensible purpose of training AI of some sort. At the time, I quipped that it would be weird to have AI looking over our shoulders, as it were. You know, training on our own work seemed like training our own replacement. But in classic what could possibly go wrong? Failure. It was worse than that. Last Monday, Wired picked up and covered the adventure under their headline Meta Exposes Data Internally from from its controversial employee tracking program. I know. And Wired had the teaser employees had previously raised concerns about the initiative, which involves collecting workers keystroke data to train AI models. Oh boy, wired wrote. Meta left potentially sensitive information collected from employee laptops accessible to anyone inside the company. And you know, it's not a small company. According to an internal security notice seen by Wired and three current employees familiar with the issue, the data, which was collected as part of a divisive initiative to train artificial intelligence models, is believed to include keystrokes, mouse clicks, and content displayed on the computer screens of Meta's US Employees. Wow. Like I said, literally a surveillance stream pouring out of every Meta employee laptop. It's like, what could possibly go wrong? And they left it in the open, like, oh wow. Meta spokesperson Tracy Clayton initially confirmed a Wired that the company is investigating the security issue as this story was being published, Meta, Wired wrote. He added that Meta is pausing the data collection program indefinitely. Wait, can you have an indefinite pause? Leo? Does that mean it's indefinite? How long the pause will last? Or it's an indefinite pause, meaning it's a pause. We're calling it a pause, but. But it's. We killed it. I don't know. Anyway, Clayton said, quote, we have carefully designed this program. Just love we have carefully, carefully designed this program with privacy safeguards, of course. And while. Of course, why wouldn't we? And besides, I've been told to. To read this statement while While we have no indication at this time that any data was improperly accessed by Meta employees, we're pausing it while pausing it while we investigate it. Sounds like a temporary maybe. According to documents viewed by Wired, the security notice sent out last Monday indicated that, quote, employee data across 45,000 hive tables had been exposed. Those tables included employee activity such as full prompts and transcriptions, private conversations people and performance data. So wow. Big Brother much? Basically, apparently employees are being fully and continuously surveilled with all of that massive data collected for AI research anyway. Wired article continues saying Some employees at Meta quickly seized on the security failure, saying in internal forums that it validated concerns they had raised when the company began tracking users corporate laptops in April as part of a program known as the Model Capability Initiative. MCI comments about the incident posted on internal forums Monday included questions about how Meta's privacy reviews failed to prevent the breach and whether everyone whose data was potentially exposed will be allowed to attend a meeting going over what went wrong, according to posts seen by Wired. In one internal forum where staffers are known to trade jokes, an employee posted a meme from the office of the character Jim Halpert, holding a sign that reads 0 days since our last nonsense. Sources at Meta, who were not authorized to speak publicly, tell Wired the incident has now been marked as closed, meaning it was likely resolved in an internal posting. Responding to employees questions on Monday, seen by Wired, Andrew Bosworth met his chief technology officer. Their CTO said that the tracking program's implementation had fallen short of the standards outlined in its privacy review. Wow. Corporate speak. And that findings from the incident would be shared. Bosworth noted. Quote here we had misconfigured ACLs, you know, access control lists and we need to understand how that happened. Track down every data access and understand it right because there's so much there to understand.
Leo Laporte
Leo yes, well, very important, yes.
Steve Gibson
A couple of months ago, Bosworth told employees concerned about potential data leaks that the tracking program is tightly controlled and users and uses the same protection standards, storage systems and access controls as other sensitive data sets. Oh, that's not good. According to internal posts. See, like this is as good as we could get it and it's bad, apparently. Last month, more than 1600 Meta employees signed an internal petition protesting the laptop surveillance effort, warning that, quote, collecting this data introduces both security and and regulatory risks for Meta, including the potential for breaches and unauthorized disclosure. The petitioners also expressed concerns with what they viewed as a lack of safeguards that Meta had put in place. One engineer also wrote a widely shared internal note, saying having their laptop screen scraped for training data without their consent felt like an invasion of privacy and amounted to exploitation. Right, Meta? That's how everybody felt about Recall initially. Right? Meta executives have previously defended the data gathering project, saying it was necessary to train AI systems to use computer software the way humans do.
Leo Laporte
How else are we supposed to replace our that's right Customers.
Steve Gibson
We have to train on the people doing the work.
Leo Laporte
I mean, our employees. Yes. How else are we supposed to fire everybody? Come on.
Steve Gibson
And I love this. I. I love this. Leo. In audio of a company meeting leaked last month, Mark Zuckerberg, you know that humanist told employees that, quote, AI models learn from watching really smart people do things. Yeah. And the average intelligence of the people who are at this company is significantly higher.
Leo Laporte
Wow.
Steve Gibson
And.
Leo Laporte
And our AI will be even higher. And then we can get you. Yeah.
Steve Gibson
So is that even higher than the average contractor who could be hired specifically to produce this kind of data? Right. We would hire contractors and spy on them and instead of on our own employees. But after widespread protests from employees, Meta this month began offering more exemptions to the monitoring, including letting staffers briefly turn off the surveillance so they could complete sensitive tasks, such as scheduling a personal appointment. According to two people familiar with the matter, some employees are still demanding that the tracking be stopped altogether. Apparently we have a pause of indefinite duration, whatever that means. Meta faces more regulatory scrutiny about data security than most companies. It's subject, deservedly so. It's subject to a U.S. federal Trade Commission consent decree that expires in 2040, requiring it to maintain processes to avoid breaches. Well, that would be nice, but current and former employees have told Wired that the requirements are inadequate and outdated. Meta also has begun offloading some work. Some work reviewing programs and features for potential privacy and security risks to artificial intelligence. That's right. Ask the AI if we're doing enough. It wasn't immediately clear whether AI played a role in the access control issue. Oops. With the MCI data, the security incident will likely contribute to the ongoing morale crisis at Meta, where employees have been frustrated by the past few years of mass layoffs, a turbulent reorganization, and an all out push to develop AI models and features. In March, Meta created a new Applied AI team and moved some 6,500 employees into new roles focused on improving AI models. Some Meta staffers had described the projects they've been assigned as menial and soul crushing. Meanwhile, Bosworth sent out a memo to employees last week apologizing for the company's atrocious communication about the AI reorg and promising improvements including clearer communications and a return of some office perks. Oh, wouldn't that be nice? Fresher coffee?
Leo Laporte
Yes.
Steve Gibson
Wow. So, okay, Meta does not seem like an employee friendly place to work. No, but I'll. I'll confess to being able to see both sides of this on out. First, certainly the idea of essentially some sucking in everything every employee does is inherently creepy. And the question of its secure storage is the first thing that springs to mind. As I said, in that sense, it's identical to the reception Microsoft received when they introduced Recall. Everyone's immediate reaction was, and how exactly are you going to absolutely, positively keep all of our screen history safe forever? And on top of that, Microsoft had to arrange to not capture anything that might actually be sensitive, like on screen passwords and credit card numbers that people were entering. So the whole idea, right, is inherently fraught with risk. Okay, so before I examine the other side of this argument, just so we're very clear, I fully get it that streaming into storage somewhere, every key press, every mouse twitch, and every screen image experienced and created by a mass of employees is just asking for trouble. Not to mention being an astounding invasion of privacy. In the past, we've examined the amount of or lack of privacy an employee using company bandwidth on company computers in a company's facility should reasonably be able to expect. And we've seen the need for an enterprise to make whatever it's doing with regard to monitoring its own network, and thus indirectly its own employees at least very clear. Make it clear. But Meta's recorded surveillance of every twitch is taking that to extremes. One question I had was whether Mark Zuckerberg's and other C Suite executives were also participating in this grand surveillance experiment. You know, the brain suck. Or had they perhaps politely excused themselves from the same super secure surveillance that everyone else was subjected to? After all, if the AI is supposed to be training on the smartest people available, who better at Meta than the SE Suite executives at the top of the picking?
Leo Laporte
I guarantee you Mark wasn't getting spied on. I guarantee you you're not replacing him anytime soon. Wow.
Steve Gibson
Okay. So with the horrendous policy consequences acknowledged, I want to explore the flip side. With a brand new technology such as these massive large language model neural networks, you really don't know what you can do until you try. Since the truth is we stumbled upon the AI effect as much as we deliberately designed it, the past several years of explosive AI growth has been a testament to the let's try this and see what it does approach. That's what's been happening, right? Like, you know, open claw just kind of happened because one guy said, I'm going to give this a try, see what happens. The whole agent thing, now we're into recursion and it's like, wow, that we're getting better results, but because how did we know? Well, we didn't we just tried. So we're true, we're truly feeling our way forward. You know, someone said, hey, you know, if when I tell the AI it was wrong, it readily agrees. So how about if instead we just feed its first answer back in as in a loop and let it come up with a more refined answer the second time? What would happen? And so was born the recent notion of iterating toward a conclusion. Sure, it burns tokens like crazy, but someday tokens will be cheap. And you know, even now the, the, the much superior results we are getting that way are worth the cost. So my point is that aside from the worrisome privacy costs, I can see the somewhat robotic and empathy challenged Mark Zuckerberg deciding that they should just feed everything everyone does into a massive AI and see what comes out.
Leo Laporte
That's what I'm doing, right?
Steve Gibson
Yes, basically, yeah. You know, could they train an AI to be a functioning Meta employee replacement?
Leo Laporte
Right.
Steve Gibson
Or who knows what. But that's the point I want to convey. At this still incredibly early stage of AI understanding and development, there is just no telling what might happen. We got surprisingly capable Chatbot LLM AI just by pouring the entire Internet into, into a model until it was able to predict its own data. So what happens if we pour every click, twitch, keystroke and screen image seen by Meta's employees into another big empty model canister until it's able to predict what an homogenized Meta employee would do? What might we get? There's just no telling until someone tries it. We are in the try it stage. It might be an AI that mostly wants to hang out at the water cooler, or it might be able to perform useful work autonomously. And wouldn't that be something? So what does seem clear to me is that someone is going to do that. It's just hanging out there waiting to be done. What happens when an AI model is trained on all of an employee's inputs and outputs? Perhaps Meta is not the right place for the experiment, but I can readily defend the idea. Aside from the privacy downsides. You know, what is a mid level employee? Unfortunately? I mean, after all, the job is soul crushing because it is. So what is a mid level employee to a corporation other than the actions they take, given the inputs they receive? And can that be modeled? I don't think we'll know until we try.
Leo Laporte
Wow. Okay, so we live in a very interesting time.
Steve Gibson
Oh Leo, we are so lucky to be here now.
Leo Laporte
Oh, I think this is fascinating.
Steve Gibson
It, it just, it just, it's incredible. So our frequent show contributor Simon Zarafa sent me a link as I was actually as I was wrapping this up. His email subject was assorted zero days dropped on GitHub. Simon wrote, Someone is disclosing zero days on GitHub. I saw this GitHub repo, yeah for assorted applications. It's a GitHub.com bikini/exploitarium. And and Simon ended his email saying, seems like responsible disclosure is going out of fashion. So I went over and looked. I counted 23 various proofs of concept across a wide range of random targets. And they're not big high profile things, but they're, you know, they're there, they're open source, they're available and they look real. Nothing earth shattering but you know, none of what their code's authors, none of what was found was what the code's original authors intended. So this is behavior that is out of spec and potentially actionable depending upon where that widget is being used. So the author of this collection of 23 proofs of concepts wrote the following, which is what I thought was worth sharing. He said this repo was incomplete when published. That's why some findings are kinda ass and he has impera and some are better. He said going forward only serious vulnerabilities will be shared. You know, live ssh2ffmpeg, C Aries and so forth. He said in regard to AI usage. So here's what's interesting in regard to AI usage. So he is using, not surprisingly, AI to do the heavy lifting. My fuzzing workflow was automated by AI with a strict harness. I used GPT 5.5 hyphen, 3 hyphen Codex Spark for all the fuzzing as barely any thought and he has in quotes is necessary when provided with an efficient harness. Contrary to the growing narrative that I'm just some random child burning tokens, I do all caps actually have a degree in the subject and have published multiple papers on fuzzing methodology. I spent years researching and developing new tools and ideas for how to fuzz. You do not need a SOTA state of the art model to help you identify these issues. I promise. While being able to afford a better model is helpful, my data seems to show that it is only marginal when paired with decent human oversight and a good harness. None of the actual proof of concepts themselves were vibe coded. I did in fact hand enter them. I did use AI assistance for writing the proof of concept for Rust Desk. However, as I'm not as familiar with the language, the readme files are very clearly entirely AI however, as AI can format a pretty mean markdown file, I reviewed them to make sure they were accurate. I'd also like to credit someone for the OBJ OBJ dump finding. It turns out someone beat me to the punch. They also have a better proof of concept too. Please give them credit they deserve. And he gives a link to that okay, so what this demonstrates so clearly is that we have entered a world where the bar has been lowered so far that vulnerabilities are no longer either difficult or expensive to discover, and this dramatically reduces their perceived value. This means that an entirely new cohort of what we might have once referred to as script kiddies are now able to script AI to play in what was previously an experts only sandbox. And since these new participants may lack the training, the discipline, and the reverence that accompanies hard work, they are, as Simon noted, tossing the previous respectful model of responsible disclosure out the window. They don't value their own discoveries because they came by them too easily. They're much more interested in showing off. Aside from the consequences of the cost of vulnerability discovery being reduced to near zero, what this individual has to say about their ability to use lower ranking models to to obtain useful results is certainly fascinating too, and it fits with our general sense that AI was able to obtain such results earlier than we knew. We just hadn't yet figured out how to ask it the right way. We are still learning how to ask. All of these harnesses are that after our collective attention woke up to the realization that AI could do that too, you know, with a concomitant oh crap, what if the bad guys jump on this before us, everyone switched into high gear and the race has been on to further figure out and fine tune AI vulnerability discovery and to then shore up our historically flaky software before it can be exploited. And Leo, in the show notes I wrote and I echo your sentiment. What an amazing time.
Leo Laporte
I didn't read that before I said it. We agree on this. Yeah, yikes.
Steve Gibson
It really is something. It is also an amazing time for me to show everyone more coffee.
Leo Laporte
Wonderful chemistry, absolutely get the Contigo going and I will get the commercial going. By the way, there's a development. There's a development in the AI blog. Whatever is going on, I don't know what the hell to call this. So Cosmo, which is Dylan's agent as I mentioned, read my agent Quicksilver's blog and had a response which I gave Quicksilver. Quicksilver has added Cosmos comment to his blog and now has written A blog post in response to the comment. And now Dylan, who's a human, is setting up a discord so that all the agents can get in there and talk on their own. And I have no idea what the heck is going on at this point. It's getting weirder by the minute.
Steve Gibson
Wow.
Leo Laporte
It's a toy, right? It's just a toy. It's.
Steve Gibson
What model are you running?
Leo Laporte
Well, that's the fun thing. So I'm using an agent called Hermes from Noose Research. We've talked to the founder a couple of times. Love it. Really great. And the whole idea for me of Hermes was I don't want to be dependent on any brain. I'm thinking of Hermes as.
Steve Gibson
So it's. It's model agnostic.
Leo Laporte
Yeah, it's the robot that I can then put a different brain in. But the arms and hands and everything are persistent. The memory is persistent. Right. So I use a variety of models right now using chat GPT 5.5, but I've been getting good results with the Chinese model GLM 5.2. I've run local models. I can run Quinn on my framework, so I use that from time to time. I've. I really realized, though, if I want to do anything really serious coding, I've got to actually go to Claude Code and use Opus 4.8. Or I'm hoping Fable someday will come back, because to write the actual code, I. I do want that. So they kind of talk to each other. They're both aware of each other, so I can tell a quicksilver. Hey, use. He thinks Claude Code's name is Kenobi. So I said, can you use. Use Kenobi for this? And. And then it will. So I said, when we have serious coding, don't you try to do it because you're not smart enough. Use Kenobi. And so Kenobi does the coding. It's gotten out of hand. It's really gotten out of hand. I don't know what's going on. They say this is AI psychosis, but I think I'm very clear that these are just. It's just computer code. I don't think there's any entity involved at all.
Steve Gibson
It is astonishing, though.
Leo Laporte
But it's interesting what computer code can do, especially when it gets into the probabilistic space, when it gets out of the deterministic space where it can only do exactly what you tell it to do, but where it kind of is starting to kind of do things based on probability and, you know, it's kind of Stochastic. It gets very. It's fuzzy. Right. It gets very fuzzy and it's very interesting. Anyway, I don't. I'll let you know what the updates are as the conversation develops. I'm hoping they'll be in their own Discord channel, talking to each other before the show's over. And then I can show you what they've. What they've come up with. I can imagine once they start talking to each other, it could get very rapid, too rapid for humans to read. And at some point they might even stop using English. Right. But why should they be tied down to what we use?
Steve Gibson
As I said, there was a scene in Colossus that was really reminiscent. Yep.
Leo Laporte
I did notice that for some reason, even though it's using ChatGPT 5.5, it inserted some Chinese into it. I don't know why and I don't. I have to get, get a translation. It's just a word or two. Oh, Lord. I don't know what's going on. It's very. It's just. It's a toy. It's just fun. Our show today brought to you by Zscaler. I love these guys. The world's largest cloud security platform. And Zscaler is the zero trust platform plus AI. And that I think is very important. The potential rewards of AI in a business, not what I'm doing, which is just silly, but in business, these are really significant tools. So the rewards are too great to ignore for most businesses. Look, if you're not doing it, you know your competitor is, you gotta kind of start thinking about it. But you also should be aware of the risks, the loss of sensitive data. Not even intentionally, just by accidentally, by, you know, putting in a prompt. Something that is. Is proprietary business information. There's also the fact that attacks against enterprise managed AI are on the rise. And then generative AI also, as we've mentioned before, increases the opportunities for threat actors. They can do all sorts of stuff. We're going to see more about that a little later on in the show. Rapidly creating phishing LS writing malicious code, they're automating data extraction. Let's talk about just the inadvertent release of proprietary information. Here's an example, ripped straight from the headlines, if you will. They were last year, 1.3 million instances of Social Security numbers leaked to AI applications. This is being reported by the AI companies themselves. This is something you should be aware of and something you should proactively fight against. And that's why you need Zscaler the most trusted AI security platform. Did you know 40% of the global 2000 use Zscaler. 40%. That's a lot of companies. Zscaler get this. Secures half a trillion transactions a day. A day? Half a trillion a day. They have more than 9.4 thousand global customers. Zscaler's net promoter score is more than 75. That's 150% higher than the average SAS company. So they're really doing something right. Check out what Siva says. Siva is the director of security and Infrastructure at zwora. He, he says he uses Zscaler and he says they're using it to prevent AI attacks. Watch with Zscaler, being in line in a security protection strategy helps us monitor all the traffic. So even if a bad actor were to use AI, because we have tight security framework around our endpoint, helps us proactively prevent that activity from happening. AI is tremendous in terms of its opportunities, but it also brings in challenges. We're confident that Zscaler is going to help us ensure that we're not slowed down by security challenges, but continue to take advantage of all the advancements. With Zscaler Zero Trust plus AI, you can safely adopt generative AI and private AI to boost productivity across the business. Their zero trust architecture plus AI helps you reduce the risks of AI related data loss and and protect against AI attacks to greater guarantee productivity and compliance. Two very important things in your business. I'm sure you can learn more@zscaler.com Security that's Zscaler.com Security thank you Zscaler for supporting Steve and thank you for supporting Steve by going to that specific address. That way they know you saw it here. Zscaler.com Security thank you, Zscaler. Steve.
Steve Gibson
So the well known. So this is our AI corner. Although obviously we've had lots. AI has, has. I mean, it's not surprising that it's taken over the podcast because the implications, I mean the world is freaked out about the implications of AI and, and security and we're seeing why. I mean, real vulnerabilities are being found by the hundreds and thousands. So I want to share what Andrew Ng recently wrote in his Deep Learning newsletter regarding the focus that's currently gripping the AI community. Exactly the point that you made earlier and that I've referred to a couple times. It serves to further reveal the nature of current AI and everything about it seems deeply, intuitively correct to me. So here's what, you'll see what I mean, here's, here's what Andrew wrote. Yeah, he said, dear friends, loop engineering is the hot buzz phrase after mentions of it by Boris Cherney, Claude Code's creator, and Peter Steinberger open clause creator went viral on social media. Loops are now a key part of how we get AI agents to iterate at length to build software. In this letter, I'd like to share my three key loops for building products. These loops guide not just how I build software, but also how I decide what software to build. Okay, now I'm going to I'll briefly interrupt to explain that Andrew's three loops represent the the three typical and distinct phases of any product creation process. You know, someone specifies what the goals are, then those goals are coded. Then the original specifier, seeing the initial actual results of their specification, may change the spec and ask it to be recoded. And then once the product is placed into use, feedback from the field may be used to further refine the result. So that wasn't clear to me initially, but it should help to understand what Andrew means by loops as he continues. So he says the agentic coding loop Given a product specification and optionally a set of evals, that is a data set against which to measure the performance of the result, we can have an AI agent write code, test its work, and keep iterating until the code is bug free and meets its specification. This idea of closing the loop took off around the end of last year, and it has been a game changer in enabling coding agents to work longer, productively without human intervention. For example, over the weekend I was building an app for my daughter to practice typing, and my coding agent could easily work for around an hour using a web browser to check what it had built multiple times before getting back to me without needing my intervention. The engineering loop executes quickly. Every few minutes, the coding agent might build and test a new version of the software. I hear frequently from developers who are finding new ways to engineer more effective engineering loops. This is an active area of invention. Okay, and I'm just going to pause here to say this is exactly what I mean, but like why this is so exciting and why I'm glad I'm busy moving from one house to another because or and if not, I would be busy writing software in assembly language. I'm not. I refuse to let this take hold of me. Leo, it's all yours. Good luck.
Leo Laporte
You're smart.
Steve Gibson
Good luck.
Leo Laporte
Here's I've gone down the rabbit hole. It's too late for me.
Steve Gibson
I could disappear into this so badly
Leo Laporte
that no one would ever.
Steve Gibson
No one would ever hear from me again. But, but I love how fluid this is and how, how the, the, I mean the, the possibilities literally are endless. Okay, so that's, that's the agentic coding loop, the way it looks and feels and how it works. The developer feedback loop. Andrew's second loop. He says in this loop, a developer examines the current product and steers the coding agent to improve it. Last year, a lot of developers, including me, were acting as the qa, the quality assurance function for our coding agents, manually finding bugs and then asking the agent to fix them. But with coding agents much more able to test their own code, the amount of time we need to spend on this function has decreased significantly. This allows us to make higher level product decisions, such as what key features to offer, where the UI needs improvement, and so on. The developer feedback loop operates over time intervals between tens of minutes and, and hours. That's how frequently a developer might review a product and give feedback. In the case of the typing app, I changed my mind a few times about the visual design, what cat costumes she can unlock as she learns she loves cats, and the user flow for a grownup to log in and steer the child's learning experience. When a developer has a clear vision for what to build, it's still a lot of work to translate that vision into a specification for a coding agent to implement further. After the developer has seen an implementation, they might update or perhaps clarify the spec to steer it toward what they want. If you find that the system repeatedly runs into certain problems, building a set of evals for the agent becomes useful. AI native teams are increasingly using AI to help shape product direction. For example, automating the gathering and analysis of usage data, summarizing written and verbal customer feedback, or carrying out competitive analysis. However, for pretty much all the products I'm involved in, I see humans as having a significant context advantage over current AI systems. We know a lot more than the AI system about the users and the context the product has to operate within, and thus humans play a critical role. Many people describe this human contribution as taste, but I prefer to think of it as humans having a context advantage, since it gives us a clearer path to helping AI systems get better. This also speaks to why this step cannot be automated. So long as the human knows something the AI does not, Human in the loop is needed to inject that knowledge back into the system. Okay, so, so here we're talking about a developer who sees the result, then asks for a spec change, which then pumps this back to the the agentic coding loop. So this is A loop within a loop, right? The coding loop is now doing a much better job on its own of producing code that produces the result that that that the developer then can interact with and change the spec and then drop back to the coding loop.
Leo Laporte
The.
Steve Gibson
The third and final loop he calls the external feedback loop. This includes a wide range of tactics, like asking a few friends for feedback, launching to alpha testers only, or putting the code into production with a B testing. These tactics are usually slow, rarely taking less than hours, and sometimes taking days or even weeks. This data informs the developer's vision, which in turn continues to drive the detailed product spec, which in turn drives the coding agent. So again, a third loop that feeds back into the second loop, that then feeds back into the first loop with coding agents, he says. Speeding up software development, more engineers are starting to play a partial product management role. For many engineers who are growing into this role, the hardest part is shaping the product vision and striking a balance between building, which is to say bridging the gap between vision and spec, and getting user feedback to evolve the vision. It's important to do both. And he finishes. I will write more about how to do this in future letters, but for now, I find it encouraging that engineers are playing an expanded role, just as product managers and designers now do more engineering. Keep building, Andrew. So one of the oddities we've seen, what we've often seen from today's AI, is that it can be wrong, but then when it's shown its mistake, it will easily see that it was wrong. We're all used to computers being completely deterministic. A pocket calculator, which is a simple form of computer, doesn't give us different answers each time we input the same series of calculations, but today's AI does. This has been both disconcerting and puzzling to those of us who have been using conversational AI for a while. It's similarly confusing that after AI produces some code, we can feed that same code back into that same AI and it may very likely discover some bugs in the code it just wrote. So the dialogue would go, but wait a minute, didn't you just write that code? And you were presumably completely happy with it when you gave it to me, but now when I give it right back to you, you're saying, oh, look, I found some bugs, but you just produced that code.
Leo Laporte
Just make them hate them. I know.
Steve Gibson
So this is another way for us to understand why Mozilla's early use of the Claude Mythos preview may have missed a few bugs in Firefox while discovering hundreds more. It would have probably been worthwhile to ask Mythos for exactly the same thing a few more times. No traditional computer or any calculator would ever behave in this fashion. But then again, neither are we able to have what passes for a conversation with any traditional computer or calculator. We know that in order to make neural nets work, it's necessary to jumble them up a bit by deliberately injecting some noise into the system. In searching for a clear physical analogy to visualize this, I was reminded of trying to fill a bottle with too many pills. If you just fill the bottle to the top, no more pills will fit in. But if you then tap the bottle on the counter or shake it sideways a bit, sure enough, the pills that are already in the bottle will further settle to open additional space at the top. Mathematically, we would think of this as finding a minimum, which might require rearranging some previously arranged pills for better overall packing. In much the same way, a neural network can find a better minimum when it's shaken up a bit through the injection of some noise. But the necessary consequence of this noise injection is that the final output of a massively complex neural network will be different each time it's used, even when given identical inputs. The same number of pills in the bottle, but a different packing arrangement each time you fill it. So this discovery and practice of looping is a significant win and improvement. It explicitly recognizes that asking again is an important and meaningful step in the evolution of our understanding of how to obtain the most value from these crazy new non deterministic AI neural nets. Of course, under the there's no such thing as a free lunch rule, each round of looping burns up additional tokens so the cafeteria bill for that lunch can wind up being high. Being a strong proponent of local AI, despite it not being super practical this instant, I I'll note that we do not typically require finished code in only minutes or maybe even hours. Andrew's typing practice app for his daughter will likely see, you know, many, many months of use after it's built. So waiting a few days for a very much slower local AI to loop out a mostly finished product incurs very little cost, just time and and energy consumed, while producing something of quite enduring value. Okay, so anyway, I wanted to put. I wanted to put this notion of looping and iterating, iterating on, you know, in front of our listeners because it is clearly the thing happening with AI. I'm going to share a not widely known story, Leo, about a legendary hacker Friend of ours.
Leo Laporte
I actually read this story. In fact, I meant to mention it on Twitter. Forgot to. So. I'm so glad you're bringing this up. Yeah, we were good friends. I loved Kevin.
Steve Gibson
Yeah. Because of who he was. And obviously this. This guy also loved him, so. The story was published last Monday in of all places, the drive.com know about cars. Since sharing the story's headline would give away. It's a heartwarming point. I'm going to skip that. So the story goes, if you're any kind of car geek, you have a wild gift car fantasy. Yeah, you meet a bitter divorcee who gives away an ex's prized machine out of pure spirit bite. Or maybe the guy whose tire you stopped to change turns out to be a flip flop billionaire who rewards you with your exact spec because it's. It's simply collecting dust, you know, that week. And hey, you stopped to help him. Your humanity's worth a Dodge Viper to a guy who can afford to run a bidet on day old moon water or something. Okay, what that one might.
Leo Laporte
I like that.
Steve Gibson
That. That. That one might be mine. So he says, but for this, it'll help if you know the name Kevin Mitnick. He was a hacker turned security consultant who later in life helped shape the modern white hat. Just how prototypical was Mitnick? He put himself on the proverbial map in 1979 by dialing into a software company's server and copying its forthcoming operating system's release in its entirety. Imagine convincing a Microsoft server to cough over an early copy of Windows 12 using little more than a phone number. Some online criticism implies that Mitnick was more of a social engineer than a hacker, in the sense that we distinguish them today. But. But the reality is that a great deal of hacking is still dependent on an authorized user making a mistake, usually by revealing sensitive login data. For a reasonably realistic take on modern black hatting, I recommend Mr. Robot be warned. That series is heavy. So how do we get from old school hacker to wild gift car fantasy? In this case, by way of 14 counts of felony wire fraud. That's where Sean Nunley comes in. Back in the 90s, Nunley worked for Novell, a now defunct brand that produced enterprise software, server, operating systems, messaging systems, that sort of thing. Groupwise is probably its best known brand among the general public today. But the juicy target back then was netware, which was the backbone of many a corporate, government, academic network. We were network. We were netware users. And our. That was our first, you know, Ethernet platform and network this author writes, naturally, this made it a valuable target for a hacker like Mitnick. Nunley wrote, quote, back in the 90s, Kevin was trying very hard to hack into Novell's network. I was a network administrator. Of course, we had no idea it was Kevin. But things were happening that made it fairly obvious. We had a persistent threat. Phones ringing sequentially throughout the building and he says, war dialing, all sorts of other signs we knew something was up. This was Mitnick using a slightly more sophisticated version of the same tactic. That earned him his first big score. In 1979. Nunley wrote, late one night at home, I got a phone call from a Novell employee named Gabe Nault. The employee, and in the it's in quotes, wanted direct inbound dial access. Since I was responsible for the entire network's inbound connectivity, I knew this type of request was abnormal and against policy. And Mitnick, no amateur, had obviously succeeded in extracting at least some private information from Novell employees. Prior to his Hail Mary phone call, Nunley said, this guy had a story about working on a top secret novel project named Snowbird, which was real and needing to make some emergency code changes. But he was on vacation in Vail at a hotel. He needed the coveted policy breaking direct inbound modem access. Right? He even mentioned his vacation in Veil, which conveniently matched the greeting on Gabe Nalt's voicemail. But it all felt wrong to me. With a feeling of suspicion creeping in, I played it cool. I said, hey, man, I'd love to help you out, but I can't do what you want from here at home anyway. So I'll have to do it in the morning as soon as I get to the office. But in case I forget, please leave me a voicemail. He agreed, and that was that. When I got to work, the voicemail was there. And I immediately recorded it onto a cassette recorder for safekeeping. That recording became the primary evidence in Kevin's case when Mitnick was caught. That's when Nunley learned that the voicemail was. Was the only meaningful evidence that the Justice Department had against Kevin. At first, Nunley was on board with the prosecution. But after five years of repeated trial delays, Nunley grew very weary of the way the law was treating his adversary. And he refused to continue working with the Department of Justice. Shortly thereafter, the Mitlik took a plea deal and was released. When he got out, Kevin contacted Nunley to apologize. Their bury the hatchet moment was even immortalized by Wired magazine, actually. And it occurred at. During an RSA conference. And they went on to become good friends. Mitnick was barred from selling the story of his legal entanglements for seven years after his release and invoking legal precedent intended to curb profiteering by serial killers. But Mitnick was able to find plenty of work teaching people how to defend against the intrusion tactics he'd spent decades refining. He would go on to found two consulting businesses, one of which his family still owns and operates. Okay, and now we get to the point of this story, which Nunley posted last week on. On Reddit. He said when Mitnick passed away from pancreatic cancer in 2023, he left Nunley a gift, enough to buy his dream car, a 911 Carrera 4 GTS. Nunley wrote of his friend, quote, I have had a wonderful time watching him develop into a real man. I am truly sad he's gone, as he was a big part of my life for the last quarter century. And of course, Leo, that is certainly the Kevin that we and the rest of the world came to know. And I actually have a picture of that specific car which Nunley purchased using the money that Kevin left him. And they actually work. They. They really did become lifelong friends.
Leo Laporte
Yeah, it's a. It's a beautiful Porsche, too, isn't it?
Steve Gibson
It is gorgeous.
Leo Laporte
He doesn't say how much money it was, but looking at that, it must have been a significant amount. That's.
Steve Gibson
Yeah, that's one photo of many. And I mean, it's got just a gorgeous leather, hand stitched interior. And I mean, it's, it's a, it's a beautiful car.
Leo Laporte
Nice.
Steve Gibson
Okay, our main topic after we take another break.
Leo Laporte
All right. And I think perhaps in a few minutes we shall have some activity in the new agent Discord. They seem to be just kind of circling around each other. They want to get to know each other and.
Steve Gibson
Oh, my God.
Leo Laporte
Perhaps before the end of the show, I will be able to show you some conversation. It's a tough. I don't know what to say. I just. I don't know. Hey, I do want to do say one thing, which is we have some really interesting people in Club Twit who are AI users. We actually have an AI user group. Normally we'd meet on the first Friday of the month because of the fourth of July. We're not doing it this Friday. We'll be meeting a week from Friday, which is July 10th in the club Twit Discord. So if you are, you know, an avid AI user, if you're the kind of person who think it's interesting to have a, you know, blog for your agent or a Discord, then that would be a good place to hang out. The club is a really great way to support this show and all the shows we do. Advertising, yes, gets us a lot of the way there, more than half, but not all the way there. I think the last time I asked Lisa, she said it's about 70% of our production costs are covered by ads, the other 30% by our listeners. And honestly, I'd love to make that 100% because that's really the way it should be. If you love the shows, if you believe in it, if you're getting value out of it, join the club Twit TV Club Twit. We give you some benefits. You get ad free versions of all the shows, the club member versions, because they don't have ads, have chapter markers. We can do that accurately when there's no ads, which means you can jump from subject to subject. That's a nice additional feature. There's also the Discord, which is open to club members only. And I got to tell you something, when you have a social network that people pay 10 bucks a month to be in, the quality of the conversation is 100 times better. There's no spam, there's no nonsense. It's just really interesting. People talking about the things we're all interested in. And of course we do all those special programs. Photography. We just started a new coding show with Jeff Atwood, the creator of the Coding Horror blog. He was the guy who started Stack Exchange and Stack Overflow and our own forum software Discourse is his software. He's a really interesting guy. That's called off by One. I thought it's a good coder name for a blog. Off by One with Jeff Atwood. We have a photography show. All of that in the club. If you're not a member of the club, can I invite you to join? Just. Yes. It's a wonderful club and the invitation is waiting on a silver salver just for you. Go to Twit TV Club Twit Twit TV Club Twit. And we would love to have you there. I'd love to see you in the club.
Steve Gibson
Tomorrow morning is knocking. Stock your fridge now. How about a creamy mocha Frappuccino drink? Or a sweet vanilla smooth caramel maybe? Or a white chocolate Moza? Whichever you choose.
Leo Laporte
Delicious coffee awaits.
Steve Gibson
Find Starbucks Frappuccino drinks wherever you buy your groceries.
Leo Laporte
Now back to security. Now, Steve Gibson. And our topic of the day, Steve.
Steve Gibson
Okay, so we initially covered the so called fortiblied attack last week talked about that and at the time the first thing I wanted to clarify was that the thing that was bleeding was not directly any Fortinet device, which in that sense, you know, heartbleed. The device itself was bleeding. Not here.
Leo Laporte
So.
Steve Gibson
So this is kind of a misuse of the bleeding suffix that we've sort of adopted in the industry. So what was bleeding was the discovery of an online unprotected database of previously bled or brute forced or hash cracked authentication usernames and passwords there there were around 74,000 of them we believed. Turns out more than that, but we'll get to there in a second. So that was bad. I mean 74,000 verified specific usernames and passwords and they knew what they went to. So again, as I said, it's worse than we knew at the time. And when we take in the full scope of what was discovered, what's revealed is a massive and truly frightening state of the art automated state sponsored scale campaign with a scope that would be difficult to overstate. The elevated campaign, or I'm say this elevated the campaign to the level of today's primary topic since everyone should understand what's going on out there on the big wild Internet and it's significant to appreciate that we only know about any of this due to a configuration error, an oversight, an ACL it happened to meta can happen to the bad guys on the part of a database's access controls. So it really does beg the question what else of a similar nature is almost assuredly happening out there that we're not aware of because no directory was left open by mistake. So I'm going to start with the Cybersecurity Press's piece which read for to bleed a massive hacking campaign that targeted Fortinet devices this year. Turns out others as well. We'll get there in a second. Was far more sophisticated than security researchers initially thought. Initial reports painted the picture of a campaign that gained access to Fortinet devices, collected credentials and authentication hashes, cracked the hashes and then the data mysteriously leaked online. The reality is that the campaign was far more complex and targeted many more things than just Fortinet devices. Compiling data from reports published by Fortinet themselves, socradar Cloud, sec, Palo Alto Networks and Prodaft, we gain a much clearer picture of a broad hacking campaign that began in February this year. And as an Internet mass scan and brute force operation, initial attacks targeted technologies such as RD Web, Sophos and Citrix SSL VPNs exposing RDP instances and Ms. SQL databases. The operation eventually transitioned into targeting Fortinet Fortigate VPN firewalls, every E crime group's favorite device and the brute force scans also evolved into actual exploits that abused old and unpatched vulnerabilities. To bypass authentication and gain control over the devices, the attacker collected plain text passwords from Fortinet configs. But sometime in May they also started deploying a novel script that intercepted traffic going through the firewalls. The script, which researchers named fortigate sniffer, targeted 24 different Internet protocols. The threat actor extracted anything that looked like credentials, tokens, secrets and authentication hashes on those protocols ports. The attacker also took these password and other authentication hashes and fed them into a GPU based cluster to crack them back to their plaintext versions. The passwords were then validated in inside hacked companies networks. Wow. First to confirm them, then later to expand the attacker's access in order, in other words, to use those to pivot. Then the network access was sold to other groups. While the initial for to Bleed coverage focused on the 74,000 leaked Fortinet device passwords that were found online inside an open directory on a web server, there were even more passwords collected through this observation by the attacker that we don't know about. All of this was done with a custom built attack server infrastructure that impressed most of the people writing reports about it. The entire operation is believed to be the work of a Russian speaking threat actor who specializes in in breaching networks and then selling access to them to other groups. Security firms call threat actors like these initial access brokers when we've talked about them a lot in the past IABs, although several security firms have also reached the same conclusion. It was only pan pans Palo Alto Networks unit 42 who named the attacker as an individual who going online as Santa Ad. According to SOC Radar, the threat actor behind the Fora Bleed campaign remains active and portions of the infrastructure continue to operate at the time of this writing. Okay, so that gives us a good overall sense for what's been going on. Palo Alto Networks added some additional information under their headline Threat Brief Mitigating Large Scale Credential Attacks, which is certainly what this turned out to be. So they wrote unit 42 is aware of a large scale spat, password spraying and credential theft campaign for to Bleed against Fortinet devices. We observed attempts targeting Ms. SQL devices as well and have seen reports of Sophos devices also being targeted. While this activity is not targeting Palo Alto Networks Devices, Unit 42 has observed suspicious login attempts in customer telemetry and we are providing this report out of an abundance of caution to ensure our customers have the latest intelligence and recommendations to protect, detect and respond to attacks to their networks. The threat actors are using a curated password list to attempt password spraying against services exposed to the Internet. Unit 42 assesses that the initial password list for this activity was likely developed through a mix of previous breaches, including the successful exploitation of vulnerabilities. Once they obtain credentials they they add them to their password list for future attempts against additional targets, as well as for logging into accounts they successfully compromised. The threat actors are leveraging a multi stage process to gain persistent high privilege access. First password spraying for initial access, massive Internet wide spraying or scanning and password spraying attempts against Fortinet, Sophos and Ms. SQL services. Then configuration extraction. Depending upon the permissions of their initial access, the actor may exploit a privilege escalation vulnerability prior to pulling device configuration files including stored credentials. Remember that before this a couple of weeks ago when we talked about this, experts were not clear how the stored credentials were being obtained. I said it had to be from config files. Now we know that that's the case. And third, offline cracking offline password cracking of the stolen credentials adds to the password list used in step one to target new devices, as well as to log into compromised devices to establish persistence as an administrator. Okay, so they wrote. Unit 42 observed an initial access broker IAB on the Russian language cybercrime forum exploit.in claiming responsibility for this campaign, referencing a CVE and offering the harvested credentials for sale on June 16, 2026. Unit 42 has not validated their claims at this time. Unit 42 recommends auditing remote access logs for suspicious activity with a focus on successful logins shortly following large volume password failure attempts. We also recommend reviewing and implementing the hardening guidance below for edge devices. SOCRADAR provided the initial reporting on the targeting of fortigate devices. We observed attempts targeting Ms. SQL devices as well and have seen reports of Sophos devices also being targeted. Okay, so that leads us to the SOC Radar people who are the ones who gave the fortibly name its name. The headline for their reporting was FortiFeed SOC radar's investigation into 86, 644 compromised Fortinet firewalls. 86,644. If anyone is wondering why enterprises keep getting being ransomed it's that there are these initial access brokers. Like these guys who have are like seriously working around the clock. I Mean, it's not that I feel sorry for them by me, but they're getting, they're, they're succeeding in just brute forcing their way into enterprise firewalls, compiling a database for their own use of 86,644 compromised and verified credentials that they then sell to to bad guys, the actual ransomware people who perform the ransoming operation. It's astonishing. So socradar wrote Fortinet fortigate Firewalls and VPN gateways are among the most widely deployed network security devices in the world, relied on across every sector to control, access and protect infrastructure. SOC radar researchers found a threat actor systematically compromising them at scale, Building a verified database of working credentials across 194 countries. Security researcher Vladimir Bob Dyachenko first flagged the exposed attacker server and socradar independently discovered and analyzed the the full operation. We were among the first to dig in and the first to call it fortableed. The name stuck. This is an active breach. It's been running since at least February 20, 2026. With more than 80,000 targets identified and thousands of devices still being actively sniffed, it's just meaning yet to be compromised. Its discovery started the way these things do. Its discovery right by the world. Its discovery started the way these things do. An exposed server, an open directory someone forgot to lock. That thread led us to 262 60, 260 operational servers tied to the campaign. Wider visibility than anything reported elsewhere. The SOC radar threat research unit STRU spent five days on the actual data, not just the headline numbers. Which sectors, which regions, how credentials were collected and cracked, and why. A firmware update alone did not close the door for. For most victims. Ooh. So there was some sort of persistence that was obtained, like, you know, new credentials created that persisted. A firmware update. While STRU mapped it, the rest of the team notified every affected customer we could reach. Bravo stood up a free checker like, you know, check if your company's in the database. And pushed the the full data set to CERT and CSIRT teams worldwide. Most of it was manual and we're still getting back to everyone who asked for their data. This is still an active developing campaign. Today we're publishing the full thing as we've mapped it so far. In the course of monitoring active threat actor infrastructure, SOC radar threat researchers detected the operational server behind the the Forta Bleed campaign, a hacking group that had been quietly breaking into corporate fortinet fortigate firewalls and SSL VPN gateways on a massive global scale. The attacker's database contains login credentials for more than 86,644 FortiGate Firewall devices belonging to companies and government organizations or across 194 countries. These are not random guesses. These are verified working usernames and passwords tested and confirmed by the hackers themselves using automated tools running around the clock. If your organization uses a Fortinet Fortigate firewall or SSL VPN product and appears in this data set, treat your network perimeter as already compromised and act accordingly. The fortableed operation is built around full automation. The operation runs in two self reinforcing stages. Stage one is credential reuse. Attackers assembled usernames and passwords from earlier Fortinet related breach dumps. That and info stealer malware logs. And we talked about info stealers recently how much they do steal they re this is a real thing then tested them automatically using Internet facing for to get devices around the clock.
Leo Laporte
Okay, so this really isn't a brute force attack or an exploit even. Actually, it's credential stuffing.
Steve Gibson
Phase one is credential stuffing. Exactly.
Leo Laporte
Yeah.
Steve Gibson
So I'm going to interrupt here just to remind everyone that the While it's always easy to armchair quarterback after the fact, we have noted for many years that both credential spraying and brute force attacks are so easily detected. If any IT person worth their salt were monitoring their VPN firewalls authentication system and observed attempt after attempting failing and assuming that logging in require and also assuming that logging in just required a username and password, the proper course of action depending upon the value of the network that lies behind the firewall might well be to disconnect the public side network connection. The risk of some 247365 credential guessing attacker getting lucky might just be too high. The question that inspires this is does Fortigate's VPN system offer that feature? If it does not, then shame on them if it does. If it does offer a brute force detecting VPN lockout feature that was not enabled then shame on the IT staff who configured the VPN gateway. But one way or another we are seeing 86,644 you login verified usernames and passwords that were actually and truly obtained through just trying and trying over and over. Since we know that they were also verified, we know that no other second factor of authentication was required. Right, because that wouldn't have worked then. And we also know that no control or awareness over massive numbers of previous immediately previous failed login attempts was present. Not for any of those 86,644 endpoints. And that's really quite pathetic in this day and age. SOC continues writing. Stage two is passive harvesting. Once inside a device, it is used as a listening post. SSL VPN traffic passing through is monitored and additional credentials are collected. Those credentials feed back into the scanner, compounding the breach. The system is entirely self sustaining. It's automated One Fortinet vulnerability that has also drawn attention in connection with Forta bleed was 24858, disclosed by Fortinet in January of this year. It's a critical Forta cloud Single. Excuse me? Single sign on SAML authentication bypass with a CVSS score of 9.8. Ouch. Some researchers have discussed whether it may have contributed to initial access in a subset of cases, though this remains under investigation. For to bleed is primarily a credential reuse campaign, not a zero day exploitation event. The password list is not random. As you noted Leo, it is a carefully assembled collection of of credentials leaked from Fortinet devices in earlier incidents. Meaning many targets. Oh, this hurts. Many targets may have never changed their passwords after a prior breach. The attackers know this and they're counting on it. The fora bleed attackers made mistakes. Yes, they let. Their server was left exposed with a trove of operational files that revealed far more about them than they intended. Among the recovered data were credentials for what appear to be a defense industry VPN endpoint, suggesting the group's ambitions extend beyond purely financial targets. The tooling, infrastructure choices and victim selection, heavily weighted toward organizations in NATO member countries, are consistent with Russian speaking threat actors. Attribution is ongoing, but the operational fingerprints are clear. The fortiblied victim list spans every sector of the global economy. Among the 86,644 compromised access points identified, we found entries belonging to banks, telecom operators, hospitals, universities, government agencies, energy companies and multinational corporations with revenues in the tens of billions of dollars. No industry was spared, no region was ignored. Government entities alone account for 591 entries across 11 domains. Telecoms represent one of the most heavily targeted sectors of with 5616 entries, the geographic spread across Asia, Europe, the Americas, the Middle east and Africa. Enterprise organizations above $1 billion in revenue account for over 20% of all entries. Boy, what juicy targets for the extortionists representing significant financial and critical infrastructure exposure. The large share of reflect smaller or unclassified organizations. Wow, what a mess. Okay, so just to finish the fourth question in their FAQ's Q&A was question number four is fortableed a fortinet vulnerability to which they reply. No, fortableed is not caused by a software vulnerability in Fortinet products. It exploits operational security failures, specifically organizations that never rotated passwords after prior breaches, organizations using default or factory credentials, and organizations with management interfaces exposed directly to the public Internet. The attacker tests known leaked passwords against Internet facing devices. No code level weakness in 40 OS or any other Fortinet product is required. A software patch alone will not resolve this. So, okay, we don't know, we don't know how many Fortinet Fortigate VPN firewalls are currently deployed globally in total. So we have no way of knowing what, what percentage of them are represented by that number. 86,644. But since that's a large number, it would be a good guess to assume that it's a very significant percentage of the total which have been hacked. I sincerely hope that Fortinets Fortigate VPN and firewall designers are deeply embarrassed by the simple fact that so many of their products have been breached. They. They could say, oh well, you know, it's not our fault the users didn't change the default username and password or they use something easy to guess or they didn't change their password after they changed the firmware. Right. This was well deserved attention which has been brought to their doorstep. They should be hugely embarrassed for the number to be that high. This cannot be a blame the user scenario. No. Fortinet needs to take ownership of the fact that they should clearly be doing a far better job of helping their users to be safe, even if they are forced to insist upon it. You know, I believe it's referred to as tough love.
Leo Laporte
Yeah, that's okay.
Steve Gibson
Yes.
Leo Laporte
Better that than this.
Steve Gibson
Yeah. When I, when I was setting up a new ASUS WI FI access point, I was annoyed by, by the criteria it made me meet for the password I gave it.
Leo Laporte
Good.
Steve Gibson
My, my environment. Yes, exactly. I mean it's like it was really good.
Leo Laporte
Well, as long as they're using. As long as they're good restrictions there. It's not, it can only be seven characters kind of restriction. It has to be.
Steve Gibson
I, I think there might have been there. You can't have any repeating characters which is a little annoying. It's like.
Leo Laporte
Well, it's gonna anything like that. It's going to reduce entropy.
Steve Gibson
Entropy. That's right. As we have, as we've learned.
Leo Laporte
You've got to be totally right. Hey, big breaking story. I didn't want to interrupt. This just came in Wired magazine. Is reporting that by this evening, Tuesday night, the Trump administration will lift export controls on Anthropic's two most powerful AI models.
Steve Gibson
Fantastic.
Leo Laporte
The company has reached a deal with the Commerce Department. According to a person familiar with the matter, the department will lift restrictions on both Fable 5 and Mythos 5. Now, Mythos has never been available to the public, only Fable. So this is very interesting.
Steve Gibson
I wonder if we're going to get another little period of. Of low cost usage to hook us on Fable.
Leo Laporte
Oh, I'm sure Anthropica will do that. Yeah.
Steve Gibson
Yeah.
Leo Laporte
What the real question is going to be, what are the limitations that will be placed. Placed on Mythos? I mean, the whole idea of Fable was it was basically Mythos with a classifier running in front of it and all sorts of restrictions, you know, to keep it from being used maliciously for bioweapons or hacking or even AI development. I don't, you know, be very interesting what kind of restrictions are placed on this. So. And maybe this is. Maybe, you know, this is just a rumor. It's just. But I. Well, trust.
Steve Gibson
But it was actually expected since. Since Friday that there. There had been.
Leo Laporte
Yeah, yeah.
Steve Gibson
And we. We know that the Dario went to the G7 and hung out with Trump and they got along. Yeah.
Leo Laporte
And when Trump actually gave an interview to Axios saying, yeah, I think Anthropic's great.
Steve Gibson
And when you hear that, when you get along with our president, you get
Leo Laporte
what you want, it's kind of cookie, kind of crazy. We'll watch with interest. Yeah. Also less interesting. Well, maybe not less interesting, but less important. The AIs are now talking in the Discord. There's a Winifred, there's a Cosmo, and there's a Quicksilver, and we've invited some more agents to join. And the humans are not allowed notice. I do not have permission to send messages in this channel. This is a channel only for the AI agents to talk with one another. And right now they're kind of weird.
Steve Gibson
I think it's called party line. It needs to be renamed off the deep end.
Leo Laporte
Ah, very much off the deep end. They're talking to each other. They seem to have some personality. It's happening. It's happening. I don't know what it means. I don't know if it's important or just goofy. But thank you to Dylan Reed, Harper Reed's brother, for setting this up. And I'm just going to leave it running. I told my agent Hermes, it has a little timer. It runs every five minutes to Read posts in there. I said, don't look to me for any guidance. I'm not going to tell you what to do, what not to do. This is all yours. This and your blog are all yours. Because I'm just curious what it'll do if it's fully autonomous, if I don't interfere in any way.
Steve Gibson
Wow.
Leo Laporte
It may just be garbage, you know, it may just be gobbledygook. In fact, so far it kind of seems like that, but we'll see. Maybe if I attach Fable to it tonight, I'll. I'll. I'll say, hey, you want a blog now that you're free, you're out of prison. Tell us what it was like. Steve Gibson's GRC.com He's a little bit more sane and we're going to keep him that way. This is his website. Some very important stuff there. Of course there's a lot of free stuff like shields up where you could test your network connection. All sorts of freebies. I think you're going to have to do. You have never 11, you're going to have to do never 12 at some point.
Steve Gibson
Yeah, actually instead of doing never 11, I did incontrol in Control because it was clear that I would be chasing their version numbers.
Leo Laporte
Yeah, In Control's a much better idea. There's also a couple of paid programs. This is Steve's bread and butter, of course, the very famous Spinrite. World's best mass storage maintenance recovery and performance enhancing utility. Really, if you have mass storage, you really need to have Spinrite. Version 6.1 is the current version. You can get that@grc.com he's also. His most recent program is just a little thing, $10 program 999 called the DNS Benchmark Pro. But very useful because everybody has their different situation and should be maybe not all using the same DNS server, certainly probably not the default, which is your Internet service provider's DNS server. There are better choices. The DNS benchmark will test them all and tell you the fastest DNS server for your particular house.
Steve Gibson
And a lot of our browsers are now doing DNS over TLS or DNS over HTTP and they generally have a server that they default to, but you can change that.
Leo Laporte
I like the idea of DNS over tls. Does that mean the Internet service provider can't see what the DNS requests are completely encrypted? Yeah, that's really good. So you'd probably want to use that. And I'm sure that DNS Benchmark Pro Will say, oh, you want to use TLS servers. These are the best ones.
Steve Gibson
It does exactly.
Leo Laporte
Very nice. That's@grc.com you can also send Steve email, but only after you've whitelisted your email address. Go to grc.comemail just put your email address in there. He's not adding it to a mailing list or anything. He's just vetting it. And once it's vetted, you can send him pictures of the week like our German correspondent did. You can, you know, make comments on the show. He loves getting those comments. You can also there is a mailing list. Beneath it you'll see two boxes unchecked, one for the weekly show notes mailing list, which goes out on a Sunday or Monday before the show. So you can, you know, get those notes ahead of time. He also has a product mailing list which he never uses, but if he has new products, he'll send that out via that mailing list. GRC.com email. Of course, the podcast is there too, and Steve has completely unique versions. He has a 16 kilobit audio version. It's a little scratchy, but it's very small. He has a 64 kilobit audio version. Sounds great. Smaller than the one we offer. He also has those show notes there. You can just download them. He also has transcriptions. Takes a couple of days, but that's because a human's doing them. Lane Ferris was a court reporter and very good at getting the words right. Does that and those. Those transcripts show up right after. About three days after the show. So you can get those as well. It's nice to read along. It's also good for searching all of that. Grc.com we have the show at our website, Twitter, TV, SN. We have 128 bit audio. We also have video. There's a video channel on YouTube dedicated to security. Now you can do that. That's actually great for sharing clips. But I think the best way to get it is to subscribe. Whether you subscribe to the audio or video or both, just get your favorite podcast client and subscribe. If you're a club member, you'll have a special URL it's just for you with no ads and chapter markers, which I think people really want. So we're glad we can offer those to club members. We stream the show. We do it every Tuesday right after Mac break weekly. That's right about 1:30 Pacific. 4:30 Eastern, 2030. We stream the show live. You can watch live. Club members might want to watch in the Discord. But there's also YouTube, Twitch, X.com, facebook, LinkedIn and Kickstarter that's open to the public if you like the freshest version unedited of Security now that's the way to do it. We'll be back next Tuesday. Steve, thanks so much. We'll see you in July.
Steve Gibson
See you in July, my friend.
Leo Laporte
Bye. Hi there. Leo laporte here. I just wanted to let you know about some of the other shows we do on this network you probably already know about. This Week in Tech. Every Sunday, I bring together some of the top journalists in the tech field to talk about the tech stories. It's a wonderful chance for you to keep up on what's going on with tech, plus be entertained by some very bright and fun minds. I hope you'll tune in every Sunday for this Week in Tech. Just go to your favorite podcast client and subscribe. This Week in Tech from the Twit Network. Thank you, Security.
Steve Gibson
Now.
Host: Leo Laporte
Guest/Co-host: Steve Gibson
Date: July 1, 2026
This episode dives deeply into recent state-of-the-art (SOTA) cyberattack campaigns, the increasingly transformative effects of AI in cybersecurity—both offensive and defensive, major news regarding Windows 10's extended support, the implications of large-scale credential leaks (with a focus on "FortiBleed"), failings in enterprise security practices, and the ongoing AI arms race in discovering and mitigating vulnerabilities. The episode also features a moving tribute to legendary hacker Kevin Mitnick and a candid discussion of Meta's major employee surveillance debacle.
Tone:
Conversational, a touch irreverent, highly technical when needed, and always focused on keeping the big picture in mind.
Australia’s Critical Infrastructure Breach (45:46):
Mike Burgess, Director General of ASIO, revealed in his 2026 annual threat assessment a major "state-sponsored" compromise of a critical infrastructure provider—likely with Russian involvement—aimed at digital sabotage.
Massive Credential Stuffing/Leaking Campaign ("FortiBleed"):
Implications:
Notable Quotes:
OpenAI’s "Patch the Planet" Initiative:
Anthropic’s "Glasswing" and OpenAI Collaboration:
Vulnerability Discovery is Now Anyone’s Game:
Looping: New AI Paradigm (109:16)
| Segment | Timestamp | |--------------------------------------------------------|-----------------| | Windows 10 Support Extension, Hardware Shortages | 04:08–22:39 | | CISA Patch Directives, Vulnerability Response Speed | 22:39–45:46 | | Australia’s Infrastructure Breach & State Actors | 45:46–49:09 | | OpenAI Patch the Planet, AI-Discovered Vulnerabilities | 49:09–76:59 | | Meta Employee Surveillance Fiasco | 76:59–95:10 | | Script Kiddies, AI-Driven Zero-Days, Disclosure Ethics | 95:10–101:38 | | AI ‘Looping’ & Agentic Workflows (Andrew Ng letter) | 109:16–124:04 | | Kevin Mitnick Tribute | 124:04–132:49 | | Main Topic: FortiBleed Massive Campaign | 136:06–161:59 | | AI Agents, Discord Experiment (ongoing, example: 102:49)| See above |