This Week in Tech 1056: The Big Sleep (Nov 3, 2025)

Host: Leo Laporte
Guests: Stacey Higginbotham, Jill E. Duffy, Alex Stamos
Main Theme: Turbulence at the intersection of AI, cybersecurity, layoffs, financial bubbles, and the future of tech infrastructure.

EPISODE OVERVIEW

This episode gathers a dynamite panel — tech policy, journalism, and cybersecurity experts — to sift through the latest convulsions in tech and policy. Spanning from the woes of Daylight Saving Time to the vulnerability of U.S. critical infrastructure, the group takes a critical but lively look at the purported “AI layoffs”, AI’s double-edged sword in security, big tech’s outsized market influence (and potential for a crash), U.S.-China tech tensions, and the everyday security of our networks and gadgets. A surprising detour into “Swedish death cleaning” offers a humanizing reflection on digital legacy.

PANEL INTRODUCTIONS & BANAL TIME CHAOS

[00:00–06:00]

• Leo welcomes panelists:

  • Stacey Higginbotham (Consumer Reports Policy Fellow)
  • Jill Duffy (PC Mag/Wired contributor)
  • Alex Stamos (Security expert, ex-Stanford, ex-Facebook, current CSO at corridor.dev)

• Quips about book club choices and library books.

• Discussion about time zones, the failed U.S. effort to dump biannual clock changes.

  • Notable Quote (Leo, 04:55):
    “There’s been a bill like this every year for at least the last 10 years... every year Americans get their hopes up and it never happens.”

• Downstream consequences for children waiting for school buses in the dark.

AI IN CODING & SECURITY: BOON AND BANE

[06:33–23:21]

Agentic Browsers & “Vibe Coding”

• Alex describes “vibe coding,” or using AI assistants for coding both as amateurs and professionals.
• Surge of new AI tools: Claude (Anthropic), Codex (OpenAI), Cursor, etc.
• Hobbyists/“normies” gain new power to manipulate data with little technical knowledge.

Enterprise Risks & Security

• Key separation between hobbyist AI coding and regulated enterprise engineering.
• Alex (12:10):
  “These tools are really cool, but they don’t understand [privacy/safety] rules we’ve had to live before. But there are still human beings who’ll go to jail if you break those rules.”

AI in Cybersecurity: Two-Edged Sword

• Reference to Jen Easterly’s Foreign Affairs article: AI could strengthen cyber defenses by letting orgs patch vulnerabilities, but simultaneously helps adversaries.
• Alex (13:16):
  “The crazy thing is adversaries are using vibe coding tools as well. ... Now all of the steps of the traditional intrusion kill chain are being automated on top of OpenAI and Anthropic, including tool creation, exploit creation, and such.”
• “O day” (zero-day) exploit development, once limited to top hacking teams, may soon be democratized by AI.

Key Moment

• Alex’s warning (19:06):
  “[AI] is going to let every adversary step up into the next league… On the defensive side, we all have to do the same thing.”

• Discussion of government and enterprise underinvestment in security — and the dangerous gap as AI rapidly levels up attackers.

AI LAYOFFS, BIG TECH, & BUBBLES

[23:22–53:27]

Amazon’s 30,000 Job Cuts

• Debate: Is this about AI? CEO Andy Jassy says, “It’s not financially or AI driven— it’s culture.” (25:40)
• Panel argues layoffs more about “hunkering down,” prepping for economic downturn, and possibly cost-saving to fund hardware (e.g. Nvidia chips) for AI build-out.
• Meta, Google, Microsoft all making record profits but still cutting staff.

AI Investment & Financial Bubble Risk

• Jill and Stacey bring up The Atlantic’s “How the AI Bubble Will Burst” (33:55)

  • Tech spend on AI infrastructure often “securitized” or packaged/sold, echoing pre-2008 mortgage CDOs.
  • Short depreciation lifespans on AI hardware (chips, servers) mean the infrastructure could become obsolete rapidly.

• Stacey (38:27):
  “The infrastructure is not as long-lived... We’re using wrong accounting for this, valuing it differently. We aren’t.”

• Leo (37:47, quoting Fed Chair Powell):
  “This isn’t exactly a bubble because there’s value being created.”
  Jill counters at 37:52: “Where is the value? Where is it right now?”

• AI is likened to previous transformative bubbles (railroads, early internet): infrastructure survives, but many companies may not.

• Alex (43:06):
  “AI is incredibly valuable... But there’s a bunch of ways this could still be a bubble.”

• S&P 500’s “Magnificent Seven” (the big tech giants) dominate the market, raising “too big to fail” fears.

• The conversation ties the AI arms race, financialization, and macroeconomic stress to a “K-shaped” economy with worsening inequality and demographic challenges.

U.S.-CHINA TECH TENSIONS, ROUTERS, & INFRASTRUCTURE VULNERABILITY

[53:28–76:01]

Router Security & Politics

• Discussion of U.S. moves to ban or restrict TP-Link routers (and likely DJI drones).
• Alex (59:11):
  “TP-Links have a really bad security history... But so do many routers.”
• Stacey: “Consumer routers are terrible. A 2021 NIST framework exists, but compliance/uptake is weak.”

Infrastructure Risks

• FCC moves to tighten restrictions against Chinese tech in critical infrastructure, yet prevaricates on cybersecurity requirements for U.S. telecoms.

• Alex’s warning (84:02):
  “It’s getting hard not to be conspiracy minded... Salt Typhoon [China] completely owned up America’s telecom networks... Our alliances, free trade, all of those things have been destroyed... It’s the best possible outcome for [China].”

• Critical infrastructure vulnerabilities discussed, including hacking of water supplies and power grids.

SWEDISH DEATH CLEANING & DIGITAL LEGACY

[97:00–107:33]

• Jill presents the concept of “Swedish Death Cleaning” (98:00):

  • The proactive decluttering of a lifetime’s possessions, both physical and digital, to reduce the burden on family after one’s death.
  • Not just physical items — passwords, photos, digital diaries are all in play.
  • Advice on password manager legacy features and digital “dead man’s switch”.
  • Jill (105:09):
    “I wrote the email... I gave it to a trusted person: ‘I should let you know Jill Duffy has died on such-and-such date...’”

• Fostering discussion about proactive digital estate planning (for you and your family).

SECURITY: VULNERABILITIES, AI-POWERED BUG HUNTING

[114:50–127:19]

F5 Hack

• F5 (maker of ubiquitous networking gear) had source code exfiltrated by an APT (likely China).

  • Potential for a SolarWinds-level attack.

• Alex explains the risk:

  • Adversaries can pull down code and look for 0-days, using or even with AI.
  • “They don’t have to introduce new bugs — just find the ones already there” (118:48).

AI Bug Hunters: Power and Peril

• Google’s “Big Sleep” and OpenAI’s “Aardvark” are using AI agents to scan open source for vulnerabilities, reporting massive numbers of bug reports.

  • FFmpeg case: Small volunteer projects get inundated with AI-generated bug reports from Google, but lack resources to patch them.

• Alex (125:15):
  “Project Zero is now crushing [open source volunteers] under the brilliance of their AI... It is very arrogant, and it is punching down.”

• Debate about the ethics of unleashing AI at global scale with little support for crucial but humble open-source foundations.

RAPID HEADLINES & QUICK TAKES

• Receipts and AI Fraud ([127:37]):**

  • FT article on AI-generated fake receipts irritates Jill: “It’s NEVER been hard to fake a receipt. The REAL problem is expense approval bureaucracy.”

• Proton launches “Data Breach Observatory” ([132:27]):

  • New competitor to haveibeenpwned, claims to catch breaches earlier thanks to darkweb monitoring.
  • Alex: Approach has pros & cons; Troy Hunt’s caution is still gold standard.

• Yubikey & Twitter/X transition ([137:36]):

  • Reminder: If you use a hardware key for Twitter (now x.com), re-enroll it — FIDO keys are domain-bound.

• AI-generated lockpicking controversy ([148:51]):

  • Florida lockmaker Proven Industries’ failed lawsuit trying to DMCA- and sue away a lockpicking YouTuber’s video. Court affirms fair use, Streisand effect backfires.

• Samsung’s $2,000 smart fridge with ads ([153:28]):

  • Panel groans at the latest “you are the product” hardware hustle.

ECONOMY, MEDIA, AND TECH’S FRAGMENTATION

• YouTube TV & Disney/ESPN standoff ([160:27]):
  • Sports fans and panelists frustrated at ongoing carriage battles; streaming reshapes the old broadcast models, removing efficacy of FCC oversight.

NOTABLE QUOTES

• Alex (19:06): "With all these tools, attackers will be able to play in a higher league. On the defensive side, we all have to do the same thing."
• Stacey (38:27): “We’ve changed how long our infrastructure can last because this is built on a chip that has an 18-month life...”
• Jill (105:09): “It’s wacky, it’s a little low-tech... but yes, I wrote the death notification email to be filled out when the time comes.”
• Alex (84:02): “Cybersecurity in the US is a complete surrender, at least on the cyber side, to the Chinese.”
• Leo (92:21): “Who doesn’t like these broadband nutrition labels? Oh, the broadband companies. Because they don’t want you to know you’re not getting what you pay for.”

TIMELINE OF IMPORTANT SEGMENTS

• [00:00] — Panel introductions, Daylight Saving Time bill, time zone gripes
• [06:33] — Alex’s new startup, agentic browsers & AI-Powered “vibe coding”
• [12:10] — Enterprise security risks of AI code assistants
• [16:31] — How AI super-powers adversaries; democratization of 0-days
• [19:39] — AI helping defenders (Easterly’s thesis) vs. real-world investment
• [23:22] — Amazon’s layoffs & the myth of the “AI layoff”
• [33:55] — The AI spending bubble; how is value actually being created?
• [39:24] — AI infrastructure: short depreciation, possible “railroad bubble” echoes
• [53:38] — Tech sanctions, router insecurity, FCC & China policy
• [76:01] — Personal digital legacy: Swedish death cleaning
• [114:50] — F5 hack; AI supercharging bug hunting (and open-source burden)
• [127:37] — AI fake receipts: real threat or bureaucratic red herring?
• [137:36] — Twitter/X domain move: re-enroll your security keys
• [148:51] — Fair use win: lockpick Youtuber defeats lawsuit
• [160:27] — Sports rights, streaming, and FCC regulatory impotence
• [164:18] — Next Book Club pick: The Heist of Hollow London by Ed Robson

FINAL REFLECTIONS

Despite jokes and detours (ice cream machines, Marie Kondo, and yogurt making!), the episode draws a through-line of tension between rapid innovation and systemic fragility. The panel envisions a future where AI remakes everything, mostly for the good—if we don’t let financial chicanery, security gaps, or regulatory inaction eat away our foundations. In between, we’re urged to plan for dystopia’s approach, clean our digital closets, and above all, stay vigilant — because, as ever, there are bugs in the system.

FURTHER READING & LINKS

• Jen Easterly’s Foreign Affairs article: The End of Cybersecurity
• The Atlantic: “Here’s How the AI Crash Happens”
• Wired: “How to Do Your Own Swedish Death Cleaning (Including Digital)” by Jill E. Duffy
• Have I Been Pwned (Troy Hunt)
• Consumer Reports on Router Security

SHOW MOOD:

Blunt, witty, wary, and determinedly practical. The panel combines serious insight and analytical depth with enough levity to keep the relentless tech anxiety at bay.

(Next TWiT Book Club: The Heist of Hollow London by Ed Robson — date TBA.)