A

The thing about AI for business, it may not automatically fit the way your business works. At IBM, we've seen this firsthand. But by embedding AI across hr, IT and procurement processes, we've reduced costs by millions, slash repetitive tasks, and freed thousands of hours for strategic work. Now we're helping companies get smarter by putting AI where it actually pays off, deep in the work that moves the business. Let's create smarter business. IBM.

B

Casey, will you record my audiobook for me?

A

Yes, I would love to, actually.

B

Okay, thanks.

A

Yeah.

B

Cause I got the briefing yesterday on what this would entail for me. They want 36 hours in the studio to record this audiobook.

A

That's. Wait, hold on. 8, 16, 24. That's over four days worth. That's four and a half days of recording. That's like almost a full week. I know. Oh, my God.

B

I know. But apparently people have, you know, a connection to us because of our voices. So they didn't want me using, like, an AI clone to do it.

A

It makes it. You know, I really think that there. There would be a case that I should do this because it would force me to read your book. You know what I mean? Like, put me, like, then I really can't get out of it. Like, I'm on the hook to read this thing for real. And so that might be the best way to do it.

B

You can insert your little, like, snotty wisecracks if you want. Like Mystery Science Theater. It.

A

Yeah, a little. A little extra commentary on the side, like, oh, I see we're using that transition again. Oh, boy. He really ended this whole thing with Time will Tell. I. I would have suggested a different direction. Was this book edited? No.

B

Wait, now I kind of actually want you to do it. I'm Kevin Roos, a tech columnist at the New York Times.

A

I'm Casey Noon from Platform. And this is hard for this week. Is AI Safety back? The Trump administration seems to be changing its tune. Then Palo Alto Network CEO Nikesh Arora joins us to discuss what's real and what's hype in the freakout over Claude Mythos. And finally, the train has return to the station. It's the Hot Mess Express. Buckle up. People don't typically buckle a seat belt on a train.

B

This is a very safe train.

C

All right,

B

Well, the big news this week is that President Trump headed to China with a cohort of American business executives to have a series of meetings about Chinese trade policy and AI and other things with Xi Jinping and other leading Chinese officials.

A

Now, is it True. When they walked off the plane, a bunch of H1 hundreds fell out of the leg of Jensen Huang's pants.

B

I haven't heard that confirmed, but I'll look into it.

A

Thank you.

B

I want to talk about this, but less through the lens of like sort of President Trump and United States trade policy, then through this sort of larger shift that I think we've both observed over the past week or so, which is that after several years of kind of dismissing AI safety and doomer fear mongering about AI, the Trump administration, or at least parts of the Trump admin, seem to be getting quite scared about what's happening. Yes.

A

And while this is something that I think was honestly inevitable, it still has been jarring to see it happen because it seems like this administration has really turned on a dime when it comes to this subject. Yeah.

B

So let's talk about what's been going on and some of the data points that support the idea that the Trump administration is sort of changing its AI posture, at least has several different AI postures that it's considering. But first, let's do our AI disclosures. I work for the New York Times, which is suing OpenAI, Microsoft and Perplexity,

A

and my fiance works.

B

So first there was this executive order or rumored executive order that my colleagues at the New York Times reported on last week. This would be a new executive order to create an AI working group that would bring together tech executives and government officials to potentially come up with new ways of overseeing or regulating AI. One of the potential plans being discussed is a formal government review process for new AI models before they are released. So this is still ongoing. We still don't know know exactly what the executive order will or won't include. But we are expecting more news on that.

A

Yes. And the reason that is notable, Kevin, is that on President Trump's first day in office in his second term, he canceled President Biden's executive order on AI, which among other things included this, a very similar kind of review process for New Frontier AI models. Right. Like the Biden people were very confident that we would one day get models that could be used to commit great harm. And so they wanted to get a handle on that before those models were released. And when Biden did that, many Republicans were saying, this is anti innovation. You're going to make us lose to China. Well, well, well, now the shoe is on the other foot and they're saying, hey, slow down, don't release those things quite so fast.

B

It's so remarkable how fast the Overton window has shifted on this idea. I mean, as you just said, like during the Biden administration, during the SB 1047 fight here in California over this proposed a. People in tech and on the tech right and sort of among the more libertarian crowd were incensed about the idea that the government might ask them to do pre release testing of their models that they then submit the results of to the government. They called this, you know, communist. They were, they were sort of implying this would be kind of the end of free enterprise as we know it. And now, just a couple of years later, they are reportedly considering doing something similar. So what do you think happened here?

A

Well, I think that basically, to use a phrase you sometimes like to use, like the Trump administration's view of AI just did not survive contact with reality. Right. And that, in a word, what has changed here is Mythos, the model that Anthropic now has released in a preview to a very small group that includes now many federal agencies. This model is very good, apparently, at finding novel vulnerabilities in code that can be used to create exploits. And that appears to be true across the many, many, many programs. And so the administration, I think, took a look at this and the serious people over there said, look, you know, whatever your views may be about, you know, free trade and the threat of losing to China, like, we have a model right now that if it were just sort of unleashed on the public, could just create vast amounts of harm. And I think to their credit, the Trump administration said, okay, then what would be a policy to prevent harm from happening?

B

Yes, Mythos is the proximate cause here for a lot of this. But I think it's also worth talking about the various factions within the Trump administration that appear to be battling over control of this new AI regulatory push. There appears to be a turf war breaking out between the center for AI Standards and Innovation, or Casey. Shout out to Casey, which is formerly known as the US AI Safety Institute. This was a group within the Commerce Department that was set up under the Biden administration. The Trump administration came in and basically they didn't like that this was, you know, what they considered sort of a bunch of doomers. So they sort of made some changes, including to the name. But this is a group of AI researchers and safety experts who work in the Commerce Department who want to be involved in vetting new models.

A

And there is just something so funny about these people coming in and saying AI safety is such a stupid idea that we have to remove safety from the name of this institute and then one year later be like, well, safe. AI safety is really going to be a focus for us from now on. Yes.

B

So there are some people who believe that the vetting of frontier models should take place like in the intelligence community among like the NSA and various other organizations. So there's some turf war there. There's also just like this interesting kind of posture war over, like whether the kind of let it rip approach to AI development or as former eyes are David Sachs put it, the let them cook philosophy of laissez faire regulation and this more sort of hawkish safety oriented faction within the Republican Party that does see these models as a big threat and wants to take steps to reel them in. Right.

A

So do we know at this point who seems to be winning that battle? And do you think it matters to the average person which side gains the upper hand?

B

I do. I think there's obviously going to be some back and forth. We'll see when this executive order comes out, like what they do about the, the testing requirements and where they locate that. If it's like we're going to let the NSA do this or we're going to let Casey do this, I think that all might matter a little bit. But I think the general posture of the administration changing from AI safety is ridiculous. And these doomers are using hyped up fears to enact regulatory capture is very different from what we are seeing now, which is, oh wait, these models are very powerful and we don't want our adversaries to get access to them. But we should also say it is entirely confused and incoherent right now at the level of the federal government because on one level you have President Trump inviting Jensen Huang of Nvidia onto Air Force One to fly with him to China to try to make a deal to presumably like open up the export of Nvidia's most powerful AI chips to China. While at the same time you have other high ranking government officials saying need to institute some kind of safety regime because these models are potentially very dangerous.

A

Yes. And nowhere is that schism more apparent than in the Pentagon, Kevin, where on one hand the Pentagon has designated anthropic as a supply chain risk because it refused to amend its contract to enable any, quote, lawful use of its technology. As we talked about on the show for a few months, that designation the Pentagon is still arguing for in court. But at the same time, we learned that this week, during the period where the Pentagon is supposed to be unwinding all of Anthropic's technology from the Pentagon, the Pentagon is also Implementing Mythos and using it to try to scan for vulnerabilities.

B

It's truly wild.

A

I, I want to be in the meeting where the person who has to remove Anthropic from the Pentagon sits down with the person who's installing Anthropic into the Pentagon and just sort of hear what those talks are like.

B

Yeah. So aside from the obvious sort of incoherence and maybe hypocrisy of these conflicting positions, like which side do think is going to come out on top here?

A

Well, obviously I'm always going to side with Casey. You know, Casey is a great agency, great people over there. And I mean, honestly, like they were just set up to do this exact thing, Right. Like when it was established under President Biden, the idea was these models are getting better. Pretty soon they're going to be dangerous. We need to have a way of evaluating them before they are released. And frankly, they've just sort of like hired a lot of people who I think ordinarily might not work in a Trump administration, but felt like this is so important that I'm going to swallow hard and go over there and try to, you know, serve my country by protecting us from the worst things that AI can do. And so to me, like, that seems like they would be very well set up to do this kind of work. Where I think we still just have an obvious gap though, Kevin, is it's not entirely clear to me what is supposed to happen in the case when a company like Anthropic comes up with a model that is too dangerous to release in the view of something like Casey, but wants to release it anyway. And I assume we are just going to get there, like sometime within the next six months one of these companies is going to say, yeah, it's risky, but you know, we, we think it's sort of fine to put out there. We have like business imperatives. We're going to talk ourselves into it and like then what happens?

B

Yeah, I mean, it's also just so clearly unfortunate that the issue of AI safety has become polarized in the way that it did over the past couple of years. That sort of caring about safety, talking about safety became sort of like vaguely woke coded and people in administration thought it was like a bunch of hysterical liberals, you know, using fears of AI to like get heavy handed regulation into place. Like, I don't think that was ever true, but I think it has become especially untrue now when you have very senior people in the Republican Party talking about how we need to restrain these systems so it just, it's frustrating because I think you and I both saw, like, this technology is real. It's going to get, you know, even more powerful than it is. And at that point, it's not going to matter whether you're a Republican or a Democrat. Like, you do not want this stuff falling into the hands of. Of our adversaries.

A

True. But I think the Trump administration was always out on a limb here in a really weird way. Like, we have talked a lot recently about what the surveys show when it comes to the public opinion of AI in America, Republicans and Democrats are, like, largely allied in being, like, deeply skeptical of it and even, you know, outright hating it. And that's why you see so many republic state legislatures trying to pass laws to rein in AI.

B

Right.

A

Like, you did not have to convince Republican state legislatures that AI was dangerous and needed to be regulated like they were racing to do it. And the Trump administration has had to put a lot of energy into trying to pass a moratorium so that it can preserve its sort of all gas, no brakes approach to AI. So what I think happened here was that there was basically like a minority of Republicans that happened to be running the country that said, let the labs do whatever they want. And then Mythos comes out and the bill comes due and they sort of have their pants down and they have to change their tune.

B

Yeah.

A

Just to sort of throw a lot of metaphors in there.

B

Pants, tunes.

A

I'll come up with more. Don't worry.

B

We're getting there.

A

Yeah.

B

One other thing here is that you are starting to see the issue of catastrophic or existential risk floating up and percolating on the right. This is something that people like Bernie Sanders have now been talking about on the left for a couple of months. But. But on Tuesday of this week, Ted Cruz was talking about catastrophic risk and, and the need to protect against it. So I just think that the improvement of these models and the fact that they are so clearly useful for dangerous things like cyber attacks is going to scramble some of the usual partisan allegiances here.

A

Yeah, I mean, look, the idea that a large language model might eventually get so good that it could, like, break into your computer and wreak havoc. Like, that was not a liberal view. Like, that was just a view grounded in an absur observation of, like, the rate of improvement in the model. In truth, I am glad that they are reversing course on this and they're doing it before we've had a massive catastrophe. Maybe an asterisk there, though, which is. I truly feel like every Single day for the past week, I've seen news of a major cyber attack, and increasingly we're getting word that these may have had AI systems involved in identifying these vulnerabilities.

B

Yeah. So there may be a catastrophe unfolding under our noses. We just don't know about it yet.

A

Yeah. Stay tuned for next week's episode.

B

I want to talk a little bit about this China trip and what, if anything, we think that has to do with AI regulation. So there was some reporting in the Wall Street Journal last week that both the US And China have been considering a series of official discussions around AI. We know that AI is on the agenda for President Trump's meetings with Xi in China this week. And we also know that China has been looking to get access to Mythos. There was a great story recently in the Times that talked about the fact that a representative from a Chinese think t approached anthropic officials at a meeting in Singapore last month to basically lobby them to open this model up to China.

A

And we want to give them the hard fork chutzpah award for shooting your shot. Yeah. If you work at a Chinese think tank and you think Dario Amadei was about to hand you Mytho, like, that is truly, like, I aspire to your level of self confidence.

B

Listen, you miss 100% of the shots you don't take. So along with Jensen Huang, who finagled a last minute invite on Air Force One after there were news reports that he was not going to be going on this trip, Elon Musk, Tim Cook, and Dina Powell McCormick for Meta are also on the trip with Trump. What's going on here and how would you characterize the blunt rotation among those tech executives?

A

You know, I mean, this is a group of executives that are aligned with the Trump administration, and they have all found in various ways that the more time you spend flattering President Trump, the more like tax breaks and other forms of relief your company gets. So, I mean, you know, this is exactly what we talked about expecting Tim Cook to do once he announced that he'd be stepping down as CEO is, you know, you're just kind of like a Trump whisperer. And you follow him around and you say, you know, go, President Trump. And also, please give Apple what we want. So, you know, Meta, Apple, and Nvidia have all had huge success with this administration. And now as their reward, they get to be, you know, photographed with the president flying around China.

B

Yeah, I think, like, I am just very unsure where all of this settles out, because I can imagine, you know, Trump wanting to go to China and make a bunch of deals. And obviously Jensen Huang and Nvidia want to be able to sell their chips in China. And so I can see them on one hand like giving some kind of expanded access to Chinese AI companies to get these American chips, but then I can also see them not wanting China to get access to models like Mythos. So I just, I don't know how that resolves. And I see it as basically inherently contradictory that you want to give China or sell China the means to make its own Mythos caliber models while at the same time trying to block them from getting access to the one that we have today.

A

This is where it would be helpful to have a coherent strategy, but we don't. Right. It's like the same administration that is like installing and uninstalling anthropic at the same time is kind of having a similar level of confusion over in China where it seems like the administration is just like highly susceptible to like blowing where wherever the wind is today.

B

Yeah, I mean, I am generally not all that optimistic about the government's ability to regulate technology in a way that is timely and relevant. And I hope I'm wrong here, but I just think that we will see this sort of incoherence and contradiction until there is like some big event that kind of forces everyone to like sit up straight.

A

I mean, my question is, will this be a case of the same AI safety minded people who were dismissed for the past couple years by the Trump administration be proven right again in the future when it turns out that China did use access to American technology to build Mythos or better level models? And will there be any regrets, you know, that we sort of paid the way for them to do that? I mean, you know, I, I, I don't think it's unlikely.

B

Yeah, it's interesting though, like I had a conversation with a federal official recently, like in the last couple of weeks where this person was basically telling me that AI is just a normal technology. Sort of taking the line that we've heard again and again from the people who, who don't want to regulate this stuff, saying like, this is just the Internet, this is just the PC. It's not some special technology that requires special rules. And that position has just become so untenable to when you have models that are out there finding zero day exploits. Like clearly our military, our intelligence agencies, they don't think this is a normal technology. They think it's more like a step change that requires them to act in different ways. So I am Very curious what happens to the sort of AI's normal technology camp inside the Trump administration as the technology continues to grow. They may change their arguments or they may not. That's the thing. You just don't know how committed these people are to their viewers.

A

You don't.

B

We should also talk about some of the international reaction to Mythos, because it's not just China who wants into this thing. Germany's Digital affairs and Cyber Security Agency are out this week with a proposal for establishing their own version of something like the U.S. casey. They are also demanding access to state of the art models like Mythos. So it just seems like this model has sort of of forced conversations around the world about who should have access to which models, when should the public have access, should governments have access, which governments should have access. It just seems like we are kind of like in a new era of AI Brinksmanship for sure.

A

And you know, what I hope that we will see in the coming months is more and more cooperation. Like, the whole reason that we had that series of AI Action summits over the past few years was to try to get more cooperation among the Western powers with this stuff. And then last year, the US Sort of came in and said that that's over. The U.S. is winning the AI race. And. And you can like it or learn to live with it, basically.

B

Right.

A

And, you know, so it's no wonder to me that these other, you know, Western powers are seeking access to these models. And I think there's probably, honestly a good case that they should get access to these models, because when it comes to, you know, fixing every vulnerability on the Internet, I think we could probably use all the help we can get.

B

Yeah. And I remember that AI Action summit. I didn't go to this, the most recent one in India, but the one in Paris before that. I remember it was just like, oh, we're just not going to talk about any this. Like, we're just not going to talk about the dangers that this technology might create because we're so invested in this sort of accelerationist posture. So how far we've come, and yet we are still in the very early innings of this.

A

Does it make you wonder what would have happened if the Trump administration had just been listening to Hard Fork a year ago? Could they have saved themselves some trouble here?

B

It's possible. Yeah. So, Casey, the politics of AI and AI regulation are obviously shifting very quickly. We may learn more this week after these meetings in China. But, like, what is your take on what this latest burst of news signals about AI or AI regulation.

A

My take is this is a rare bit of good news when it comes to AI regulation. Right. Like, I am somebody who's been worried about AI safety for a long time and one of the main reasons I've been worried about it is that our government has seemed to have this feeling of, of like, let's just see what happens. Whereas to me it was, seemed pretty obvious what was going to happen. Now we have arrived at that point, we have a super powerful model. And to their credit, the Trump administration is saying, okay, it seems like we were wrong about how capable these models were going to be. Let's make some changes.

B

And do you think there's any way that this turns out to backfire? I mean, I'm just remembering like people wanting social media to be regulated. And then when the Trump administration started doing things, things in the realm of social media, it amounted to what you and I would consider sort of censorship or at least wanting to strong arm the social media companies into doing their bidding. So do you think there's, it's, it's possible that something similar happens with AI where it's like, we get the regulation, but it's just the wrong kind or this pre release testing is testing for the wrong kind of thing?

A

Yes. I am very sympathetic to those who believe that this is, could amount to a kind of prior restraint on free speech and that there is the risk that there are, you know, members of the Trump administration will effectively say, you can't release that model not because it's actually dangerous, but just because it seems woke and gay. And I think that we need to keep an eye out for that. And you know, potentially someone is going to need to sue over it. But when I look at how I want to balance those things, for the moment, I would rather have an administration saying, the crazy cyber model, don't give that to everyone.

B

Yeah, I think I'm landing at a pretty similar place where I'm like, I'm a little worried that this regulatory push from the right is going to be confused and maybe too sudden and there's going to be some sort of overreaction that ends up with something more like the sort of censorship that you mentioned. But I, I am glad that after many years of kind of denying that this technology was important, that it would become as good as the people at the lab said, that our government at least appears open to the idea that maybe they need to just step in and do something here. I'll take the little wins where I can get them.

A

That's what I'm saying, when's the last time we talk about to win on this show? Yeah.

B

When we come back, what is Claude Mythos doing to the world of cyber security? We'll talk to Palo Alto Network CEO Nikesh Arora.

D

Know the feeling when AI turns from tool to team? If you're Rovo, you know with Rovo you can streamline your workflow and power up your team's productivity. Find what you need in a snap with Rovo Search. Connect Rovo to your favorite SaaS apps to get the personalized context you need and Rovo is already built into Jira and Confluence. Discover Rovo by Atlassian and streamline your workflow with AI powered search, chat and agents. Get started with Rovo, your new AI teammate at rov. Marketers have always had to build your brand or drive sales. With YouTube you can do both. It's where the most trusted creators and powerful AI converge to create and convert demand for your brand. That's why YouTube drives higher long term return on ad spend versus TV, paid, social or streaming. There's no more choosing between brand or results. With one platform, you get both. Learn more at g co business YouTube if you're still paying one of your biggest expenses, either rent or mortgage without bilt, it's time for a change. BILT is the membership for where you live that rewards you on rent, mortgage and around your neighborhood. Every monthly housing payment earns you points that can be used toward flights, hotels, Lyft rides, Amazon.com purchases and more. Earn rewards and get something back wherever you live, live. Become a built member today at joinbuilt.com hardfork that's J-O-I-N-B-I L T.com hardfork well,

A

Kevin, is it just me or every time you look at the tech news, do you see some new cyber attack that seems to have befallen some company or another?

B

Yes, this is my experience of social media over the past two weeks. I log in, I see three posts from companies about how they've discovered more bugs in a 24 hour window than in the previous, you know, 80 years of their company's history. And then everyone's reposting that with just like it begins or it is over or hide your kids.

A

Yes, just to name a few of those. Mozilla was one of those companies saying that it had pushed 423 security bug fixes in April alone, compared to an average of about 22 per month throughout 2025. Google announced on Monday that for the first time ever Its threat intelligence group had identified an attacker using a zero day exploit that the group believes was developed with AI. So that's kind of a grim milestone. And then if you' a student, perhaps you noticed the cyber attack on the learning platform Canvas last week, which forced the site down for several hours. And the company behind Canvas, which is called Instructure, had to negotiate a deal with hackers for the return and destruction of the stolen data. So, you know, on one hand there are cyber attacks going on all the time, but it does seem like some new inflection point has been reached. And of course, a reason that people think we might be seeing more of these is AI. Yes.

B

So we have talked about Claude Mythos Preview, the model that Anthropic did not release widely, but released to a select group of companies and open source maintainers. And today we're actually going to talk to someone who has used Mythos and who has been on the front lines of this frantic sprint to secure the infrastructure of modern life.

A

Yes. Our guest today is Nikesh Arora. Nikesh is the CEO and chairman of Palo Alto Networks, the largest cybersecurity firm in the world, which supports more than 70,000 companies, customers, including the vast majority of the Fortune 100. And as you mentioned, Kevin, Palo Alto was among the organizations given early access to Claude Mythos as well as GPT 5.5 cyber.

B

Yes, and Nikesh is one of the people, I think, who is best positioned to see the effects that these models are having on cybersecurity because they do work so broadly across industries. They're also a big government contractor. So I'm just really interested in what he thinks is different about this new class of models.

A

Yes. And something I appreciate about Nikesh is that in an industry where there is a lot of hype because of course, the more scared that a cyber security executive can make you, the more likely you might be to buy their software. Nikesh is somebody who I think tries to maintain an, an even keeled approach here and not to ring alarm bells where none are needed. But that said, I do think that he is quite concerned about some of the things that he's saying.

B

Well, let's bring him in. Nikesh Arora, welcome to Hard Fork.

C

Well, thank you for having me.

B

I want to just start with your account of what it feels like to run a major cybersecurity company right now. Casey and I have talked with people at these companies for many years, usually because something terrible has happened. And I feel like the vibe we get is like this is the worst Most dangerous time ever in cybersecurity. What is your subjective experience as someone who's been in this field for a long time? Long time.

C

I'm a little more perhaps relaxed than what you're trying to describe. That people come here, tell us is the worst moment historically. What's happened is in the last seven years, you've seen the time from somebody breaching an organization and being able to extract, we'll say crown jewels has been measured in days. Unfortunately, with the emergence of AI, the arrival of advanced technologies, that time frame has shrunk down to measure minutes. And when that happens in minutes, your defense systems have to be able to be activated and defend yourself. Some minutes. And fundamentally, the cyber security infrastructure was designed for days. Some parts of it are making it to seconds, the good parts where you know how to stop them. But we have to go basically overhaul the backend infrastructure to make sure it's AI ready so we can fight AI with AI. So, so you're seeing that, you're seeing AIs out there. You're seeing people like anthropic launch models like Mythos. You see an OpenAI do that at 5.5 SA Cyber, they're showing you the art of the possible from a bad actor perspective. So we have to make sure we move as fast as them or faster perhaps, to try and plug those holes, bake the infrastructure better.

B

So your company recently put out a report on some patches that you all had made to your own Systems. You disclosed 26 critical exploits covering 75 issues. And you said that's against a typical baseline of under five.

C

Yeah.

A

Meaning that they discovered like five times as many a comp.

C

Five to seven times. Yeah, Depending.

A

Yeah.

B

So he's like, is that pretty standard for what kind of spike you all are seeing in exploits or discovered exploits as a result of Mythos and similar models?

C

So look, what we've discovered, some of the newer models that have come out in the last few weeks, perhaps a month or so, is AI models are getting really good at coding. Well, guess what? As the models start to understand what good code looks like, they also start developing, understanding what bad code looks like. So if you point this model and say, okay, now look through all this code repository I have and find me bad code. It will. And unfortunately, humans have been writing bad code for a very long time. So on average, we'll find about 1/5 or 1/7 of what was found in the last six weeks using these models. Now, of course, remember we ran a concerted effort to see what the models are going to find. We had hundreds of engineers working on it to make sure. We look under every rock, run every product through it. It's almost like there's a great cleansing, right? So it's a great cleansing moment. We found seven times the volume that we would have normally found in a normal period. It's not going to happen again, hopefully, because we have hopefully cleared out a whole bunch of the, let's call it the tech debt or the vulnerability debt. But I think a lot of organizations will have to go through this moment to understand how much of their code written in the past suffers from these vulnerabilities. They will have to do their own work. They'll have to make sure that it's fixed. I think the challenge we're going to run into is most companies use a large corpus of open source, and open source doesn't get bashed or remediated as quickly as your own proprietary code can. The other thing we found very interestingly with Mythos and other models is it's really good at daisy chaining vulnerabilities and that's what needs to be sort of contended for.

A

I'm trying to get a sense of the scale of this issue because I feel like within the past few weeks I've heard a lot of stories like the one you just described about your own company. Mozilla has been publishing blog posts about discovering hundreds of bugs. Bugs, you know, over a period where maybe previously they only would have discovered a couple of dozen. My sense is that as more companies sort of like undertake this audit, they're going to find that they have similar problems. So, like, what is the timescale that we might expect these kinds of issues to be fixed? And is there enough time to fix, particularly like critical infrastructure, before our adversaries gain access to similarly capable models?

C

That's a great question, Casey. I think that that's what should keep us up at night. Right? Because not every organization has resources to fix code that could have been written 20 years ago. Now, the good news is that pretty much most of the cyber defenders have had access to the models. They understand the scale and enormity of the problem to some degree. I think what we have been able to do is we've been able to enlist the support of many of the system integrators in the world, like the IBMs, the Pricewaterhouses, Deloitte's, the Accentures, the et cetera, who are all rallying to make sure they make resources available to many of these customers to be able to patch these things. But I think we are in the midst of sort of testing an interesting solve where we can. Once we know the vulnerabilities in an organization, we can write signatures into our perimeter defense firewalls to say, if you see somebody trying to go in this direction, we know there's an unpatched piece of code behind, block them. So we can create a temporary scaffolding to let organizations have a little bit more time to go fix their vulnerabilities, but it has to be done. And the risk, like you rightly articulated, is that open source or nation states or third parties can start building models that are similar to what anthropic or OpenAI have built. And the risk is that they get there faster than the patches have been enabled in many enterprises.

A

Yeah, I want to understand a little bit more about the defense side of this. Now that you have access to this Mythos model. There's been a lot written about it. It's the subject of much debate at the highest levels of power. And I kind of just want to ask, like, what is it like to use it? Does it feel different than using, like, Claude Co? You know, like, if you've used another anthropic product, does it feel kind of the same or just like, what is it like to use Mythos?

C

In the beginning, it was not that impactful, because when you're looking for a bad code, it's going to find everything. Remember? I mean, it's 30% or false positives. Right. So it's not, like, always going to get the right thing. But unfortunately, we got to go test every one of them out to see which is real. But what became more and more fascinating is the more context we gave it, the better it became.

B

What do you mean?

C

Well, you showed a piece of code. It doesn't know what the code is trying to achieve. Right? Right. So you have to give it context, saying, well, this code.

B

So you're not just pointing it and say, go test this firewall and tell me what you find. You're actually, like, giving it some instructions. Beyond that, you have to give it

C

context in terms of what is the purpose of the code, what does it do, what is normal behavior supposed to at.

A

Look.

C

Look like? Then you have to give it more context in terms of other threat research. Like, the models don't have all the threat research in the world. We sit on hordes of threat data saying, this is how 10,000 attacks have been conducted in the past five years, which is data we store, we hold because we write machine learning algorithms to protect against those instances. So we say, well, we are arming you with all the past known techniques that have been used. Can you see if some of those known techniques can be applied in this scenario? Effectively, you're giving all the human training of the past to make sure that in the future you can build defense against those techniques.

A

You mentioned using both mythos and GPT 5.5 cyber. I'm curious, like, in your mind, how comparable those models are. Like, are they in the same class or is one different than the other?

C

You know, the most fascinating part is that they both found different things, which tells you that based on their grounding, their training, whatever they use been used to train at one of some of them were. One of them was better at certain things, the other one is better some other things. But just tells you that there is still a lot that's going to get found.

B

I mean, one thing that's stuck out to me as I was reading some of your blog posts and your sort of post mortems about your experiments with Mythos is like, if a cybersecurity company is finding five to seven times more vulnerabilities using this model, like the average bank, the average insurance company, to say

A

nothing of Kevin's personal website, my personal website.

B

I mean, we're going to be looking at many multiple, right? Or, or is it the case that everything is so centralized and runs through just a few platforms that like the average institution is not as screwed as I think they are?

C

I wouldn't say the average. I think, look, there's a lot of work that needs to be done. It's not just good at finding vulnerabilities. The other thing we also found as part of our testing, it can even take a look at products you might be using perhaps to power your website, which you may have misconfigured. That's not a vulnerability, that's human error in the way you're using the product. We've left the door open. For example, many people will take products and say, ah, it's easier if this control pane of this product was accessible from home or from the Internet. So I could just go access it from wherever I am and manage this thing. Well, you should not leave control panes of most products in your company exposed to the Internet, because if I can find it, other people can find it too, Right?

B

When Mythos was first announced, there were a lot of people who were very skeptical. They said, oh, this is just marketing hype or anthropic doesn't have the compute to serve this model, which is why they're only releasing, releasing it to a select group of companies a month or so later. Do you still hear that kind of thing from people in your industry that maybe this isn't the sort of apocalyptic moment that Anthropic and others have said?

C

Yeah, I look at it slightly from a longer term perspective. I think what the midsource model showed is what the art of the possible is going to be in the future once we are compute, unconstrained, trained, or we have better models in the future which are trained better. So it sort of gave us a window into what's coming, I think, which is very useful. I think that's a bit of a, you know, it's a bit of a tough rap towards Mythos that did this on purpose. I think. Remember these companies, whether it's OpenAI or Anthropic, they're sort of working their way trying to understand how to do this. Both them and OpenAI want to do it right. They want to do it so that AI is not used in a bad way, at least in this instance. I think they were trying to do the right thing. I think there is no easy solve to this. I give them marks for trying to do the right thing and I think they sort of partly got most of it right. Some of it they fumbled on the way there, but in credit to both of them for trying to get it done right.

A

Speaking of how we fix this. So for decades cybersecurity has operated using this sort of 90 day disresponsible disclosure window. I find something, I find a bug, I sort of privately notify you, but in 90 days, you know, I'm going to go public with this. So you've been better get your act together and fix it. And companies often do take 90 days or longer to sort of implement those bug fixes. So I read a blog post this week by a researcher named Himanshu Anand, who wrote that in his opinion, the 90 day responsible disclosure window is dead. I also saw that in your own company's blog post last week. You guys said that within 25 minutes in an AI assisted scenario, somebody could get initial access to a system and exfiltrate the data. So do you agree that this 90 day window is dead? And if so, like, what the heck do we do about it?

C

Look, I think the, the principle of the 90 day window is to allow the owners of the product or the piece of software or piece of code to have enough time to investigate, to fix it and make sure their customers are secured. I think the 90 day window is going to shrink, as you rightly articulated. How much does it shrink? Still up for debate. How long do we have? Like, think about it for what we just did, right? We announced this morning that We've patched almost 30 critical vulnerabilities. We've known about these for two or three weeks. We've had the time to go test it, we had time, build patches, pretty much deployed everything that's available from a SaaS software perspective. So challenge is not the SaaS software, right? SAS software you can find, you can fix, you can deploy. It's not a problem. The challenge is when there's a laptop sitting in front of you and I've got to go, make sure you update your laptop because you're required to do something with it.

A

And I can tell you he will go like six months without installing the mandatory updates. I'm not even kidding.

B

Delay, delay, delay. I mean, I am starting to see more of those just in my products and I'm getting more requests to update system software. Is that Mythos related? Like, no, seriously, like, I'm, I'm wondering to myself, every time I see, I'm like, oh, what did Mythos find now? So it's like, are we starting to see as consumers, evidence that some of these systems are needing to be patched more frequently?

C

I think there is going to be, as I said, there is going to be the cleansing of the vulnerability backlog that has been built over the years. So you will most likely experience in the next three to six months, if you're an enterprise, you'll experience it in a lot more boxes that you buy. You buy servers, you buy switches, you buy routers. All those things where you have code lying on them will have to be looked at and will have to be patched or upgraded over time. So you're going to see some of that cleansing happen, but hopefully you can power through it and get to the other side.

A

But it sounds like it is just a good time to install those software updates when you get them.

C

Yes, I highly recommend you do that.

B

One persistent question about, about these kind of models is whether they favor attackers or defenders. So I guess I'm just going to put that question to you. Like, is this technology better for people who want to break into systems or people who want to safeguard systems? And if you had attackers and defenders with an equal model, who would win?

C

It's a great question.

A

The classic Batman versus Superman.

C

Remember, it's an unbalanced fight to start with. We have to be right 100% of the time, the bad guys right once. So it's an uneven playing field from that perspective. So the model, if you can find you five vulnerabilities and you can exploit one of them, it's a win for them and a loss for us. It doesn't matter if you protect you on the other four. We don't get 80% grade for protecting the other four. We get zero because it was able to find something to breach it. So for now the bad actor is most likely able to use it much, much better than the good people. That's not a model constraint or model fault. It's because the model doesn't protect. Remember the sensors protect. The sensors. We apply around your perimeter protect. The sensor has to be smart enough to understand what the model is going to find. And that's why the fact that we got this window of four to six weeks to test them, to understand them. We're busy building defense techniques to make sure that as this tsunami of AI based attacks starts to arrive, we have have enough defense capability which is still powered by AI to give us a real time response that we need.

B

Is there a sector of the economy that you're most worried about when it comes to cybersecurity and the new capabilities of AI systems?

C

You know, the challenge always is the companies which use technology where their core business is 95% something else. And the 5% part is technologies. And you can take that to mean small businesses, you can take that to mean mean sort of core industrial manufacturing output type businesses where they're not spending as much time thinking about the technology, they're busy digging for gold or building infrastructure or something.

B

Or hospitals. Exactly. They use technology. So you're worried about the, the non tech businesses.

C

Yes.

B

That may not have as many resources or as many engineers working.

C

I'm not worried about financial institutions. They have more engineers than I do. So they will go rally against it. They'll put the resources to work and they've been, they've been protecting themselves for a very long time. They understand the implication of these things. So it's like, you know, poor doctor's office. Remember that there was a breach that happened I think almost a year ago now, slightly more of change healthcare, which caused a whole bunch of the entire physician ecosystem to come to a halt and the physicians didn't know what to do about it.

A

Yeah, I mean like for the moment, like do you sort of breathe a sigh of relief that these models are not generally available or do you think they could be released and it wouldn't be that big of a deal.

C

Well, as they have been released. Right. Both Opus 4.7 Cyber and OpenAI is 5.5 have both been released with cyber capabilities and guardrails.

B

But not Mythos.

C

But Mythos has another unique property which perhaps goes towards your conversation about constraints, is that Mitos runs in ultra mode. Ultra mode is a compute consumptive mode which allows the model to persist for much longer than the flash mode that most models are released in.

B

So if you're interesting, it can just work for a lot longer, spend a lot more compute.

C

That's right. That's right.

B

Than other models.

C

The compute cost is from the persistence, perhaps, not from, from the capability. And the persistent allows the daisy chaining to happen much more effectively.

B

Right.

C

Because it's trying different techniques, trying to see which one's most likely to work. So that's what causes the daisy chaining to happen in a more effective fashion. So that's why.

A

So is it a good thing that the average person doesn't have access to that right now?

C

I think so. I think every company should have a chance to be able to fix these things in the meantime. But again, I don't know who the average person is in this case. Right. Is every company out there an average person that they should have access to because they have to fix this stuff? You mean the average bad person?

A

Basically. I mean, I'm just like thinking about, you know, all of these cyber attacks that we've seen just over the past couple of weeks, and I'm assuming that they do not have access to a Mythos level model. And so I'm just asking myself like, well, what if they did.

C

Yeah, what if they did that? They'll, they'll, they'll find a way to attack companies much faster. Yeah, right. I don't think the nature of the attacks change. I don't see the nature of the outcomes change. Most likely they will be used to leverage ransomware, perhaps cause economic harm, if you're looking at it from a nation state perspective. So I think the entire sort of fundamentals of how the bad actor industry works is not going to change. What it does change is the pace and the volume perhaps of attacks are going to be made possible because the availability of these models.

A

I want to talk a little bit about what, if anything, an average person can do here. I myself am the subject of an ongoing phishing attack where someone almost like you. I mean, I hope so, but basically almost every day somebody tries to get me to like, reset my password from an email address that has nothing to do with X.com and because I looking at my emails on the desktop, that's very easy for me to see. And I'm not fooled, you know, congratulations, but that's me.

B

I've been trying to steal Kevin, how could you?

A

But I also believe that like within six months or a year, one of those emails is going to come in and it's just going to look way more convincing.

B

Right.

A

It's just going to figure out a way to trick me. And one of my frustrations with talking about cybersecurity in general is it tends to leave people with the sense of like, well, everything's really bad. Sorry, good luck to you. Usually we give people advice like create a strong password and use multifactor authentication.

C

That's right.

A

Is that good enough or do people need to update the playbook?

C

Look, I think one of the things, my frustration has always been that if you think about it, we have much better cybersecurity solutions in the enterprise world than we do for the consumers. For example, if you had a corporate email and all the phishing attacks will come to your corporate email, spam is coming to corporate email. Be pretty good at sussing these out because the X email address that you talk about that you're getting is not actually X. We see it in one customer, we'll block it everywhere else. Now the problem is the consumer world doesn't have any such gatekeepers. Right? Because we're effectively the gatekeepers of enterprise. But consumer world doesn't have gatekeepers. The consumer gatekeepers are the email providers, the consumer gatekeepers are the telecom networks. So it give us, you know, if you were getting an attack on your corporate mobile device and we were sitting in front of it, it won't happen. But on our personal devices we can all get spam, we can all get phished, we can all, we can all get all this stuff happen to us. I think part of the frustration I have is that there are some consumer companies that need to implement better cyber controls for all of us consumers, which they're not.

A

Well, like, any particular controls come to mind that you'd like to see out there?

C

Think about the email, right? I mean, you're telling me, is it hard for the email provider to figure out that this is not an X email address? These same guys are building AI, right? These guys are building AI. Just going to anticipate what we want and do it for us. So somebody just need to pay attention to it.

A

That's, that's sort of, I mean, like for what it's Worth. So, you know, this is like my paid Google workspace for my, my, my work account. And like, you're, you're absolutely right. Like, it seems like a very simple classifier that Google makes. It just be like, this probably isn't coming from x dot com.

B

How are your engineers feeling about all this? I mean, I imagine they're working a lot these days. Are they excited because there's this new tool, new set of tools available to them? Are they stressed out because all of a sudden their workload load just got five times bigger? Like, what is the mood?

C

Yes, all of it. Look, think about it. If you're a technologist, this is a phenomenal time to be doing this, right? The amount of opportunity to learn, the amount of opportunity to understand. Some of the people are fearful, like, how is this thing going to work? And you can find. I think every emotion you can think of is probably in every engineering team out there. We have 9,000 plus technical people. I think it's not. Not just the tool in front of us. I think it's the uncertainty of what this holds in the next two, three years. I mean, people are seeing OpenClaw being deployed now. OpenClaw is a scary thing from a security perspective. It's going to take all your permissions, all your credentials, do all kinds of stuff for you, but it's cool. So the early adopters are doing cool shit. I had dinner with somebody, came to my house. I got openclaw on my phone. It's doing everything I've given her names called Zara and it's doing all the things I'm asking you to do. And my. The guy sitting next to say, holy shit, that's a security nightmare. You worried about your ex AI X, you know, post to change a password. You don't need to Change your password. OpenClaw is going to tweet on your behalf because it's had a moment last night.

A

Totally.

C

Right?

B

Yeah. Yeah. And for all of my objectionable tweets over the years, I would like to just formally say that was my Open Claw acting autonomously.

C

There we go.

B

So are you personally, like running any of these insecure. Like, are you running Open Claw? Are you experimenting with this stuff just from like a. I need to understand a of lot landscape perspective on a.

C

On a segregated device which has no connection to many of my things, which makes it totally useless, by the way. You can't even book a meeting on my schedule because it does not have access to my schedule. It can't respond to an email on my Behalf because it doesn't have access to my email. So I'm still sort of using it the old fashioned way, which is I'm using Gemini in the end. I did do that. I took my earning script, sent it to Gemini and said, what do you think? Two quarters ago it says, are you trying to hide something? You're too enthusiastic. Use the word momentum. And excited too much more than you normally use. I'm like, holy shit, that's not bad.

B

Try to tone it down. Yeah, that's very funny. Is it changing your hiring plans at all? I mean, you employ thousands of cybersecurity engineers and researchers. You may need fewer of those people in the future or.

C

No, I need more. I think this is the fallacy out there, right? The fallacy is that organizations are going to get 30, 40, 50, 60% more productive from a development perspective and a testing perspective. So we to need less people. The problem is every technologist that you talk to has a feature request list which is longer than their arm. And typically people have product roadmaps that are 6 to 12 months out. Why is that? Because they don't have enough people or they cannot serialize something because it takes a lot of effort to get it done. So I think the first thing that's going to happen is as we create more capacity, we're going to try and fill the technological backlog and try and make that work. I do understand there are people that out there, I'll call it reshaping their technical organizations by creating capacities. Everybody who's out there saying, I'm reducing my headcount by 7% or 15% or 20%, which you're beginning to see recently. I think they're just creating capacity. They're saying that capacity allows me to hire more people and make room for people that I need who have the newer skill set.

B

They're not just spending that salary money on tokens instead.

C

Look, I think that the interesting part is I was saying this earlier, I was speaking somewhere else else. And the part we don't realize that we're dealing with a tsunami of a desire to transform. I think we're in a decade long transformation of business ahead of us. Imagine like you have a new technology. My CFO would never come and say I want to use AI to transform my team. He wants to transform his team and see if he can do it much more efficiently. But he wants AI. My head of HR wants AI because she wants to create an AI interviewer, an AI assessor instead of having human do it. So every function Wants more AI to deploy. Now the question is, where's the money going to come from? It's probably going to come from efficiency in those teams, those functions. So that's what's going to pay for the tokens.

A

I have to say, I don't think anyone wants to be interviewed by the AI assessor. That's not a good vibe.

B

You know, I don't know.

A

Would you want to be interviewed like for a job by an AI?

C

I think AI is most likely going to be. Be better at assessing my domain skills than a human being.

B

Really?

C

Yes. If you're trying to find, hire a good coder. If you're trying to hire somebody who knows agent AI really well, I mean, sitting and talk to them is not going to get me a better answer. If they can sit in code and deploy openclaw in front of. It's like I literally done that interview. Like the guy says, well, I'm really conversant to the AI. I'm like, really? That's cool. What have you done for like? Well, I, I built myself an agent. I'm like, show me. It's like, what do you mean? I'm like, you're on Zoom.

A

Show me.

C

They say this, like bizarre, like, you know, simplistic, like, oh, I, I got to make a sh. List from the recipe I saw.

B

Like, dude, it's an AI girlfriend. It's like, actually I shouldn't show you this. Yeah, now we have an HR problem. Well, Nikash, thanks so much for coming in. Really great to talk to you and good luck out there. Fascinating.

C

Thank you, Kevin.

B

Please tell Mythos to spare our families in the coming uprising. When we come back, it's time for the Hot Mess Express.

E

Every smart enterprise is embracing AI. Budgets are big, tools are alive. Every board is asking what's working the problem. No one has a defensible answer, let alone a data driven strategy to guide investment. Laradin is the AI impact intelligence platform. Laradin deploys through a browser extension and or desktop agent, giving you complete visibility into AI adoption and value, while identifying hotspots where AI can make more impact impact. If AI is important to your enterprise, head to laradin.com today and book a demo to start measuring and maximizing impact from AI.

F

Hardfork is supported by Addio, the AI CRM that knows what's going on. Set up in minutes, get powerfully enriched insights and surface context on every deal. Need to prep for a meeting? Done. Got a follow up to write, drafted, ready to close this deal? Just ask Addio with universal context Addio's intelligence you can search, update and create with AI across your entire business. Ask more from your CRM Ask Addio Try Addio for free by going to addio.comhardfork that's a T T I O dot com hardfork this podcast is supported

D

by Everpure Storage and Data Management so simple it feels like second nature data. It's everywhere and vital for all your apps and AI initiatives. Managing it all has become a major challenge. Traditional storage just can't handle it. There's a better way. Everpure is bringing their trademark data storage simplicity into full data lifecycle management. From on Prem to the cloud. Manage it all on one simple platform. Tame your data chaos with EverPure. Visit everpuredata.com well Casey, we've got a

B

train to catch today. The Hot Mess Express is here.

A

Foreign. The Hot Mess Express is of course our segment where we take a look at the various calamities befalling people in and around the tech industry and at the end of discussing them, decide what kind of mess was this?

B

What's what's pulling up to the station today?

A

Well, let's see what's first here on the tracks.

B

You just love the sound effect.

A

Our first story today comes from the Verge. Oh, and this is truly the end of an era. Venmo is starting to test a big redesign design of its app and as part of the changes, Kevin, it will be implementing a major new privacy feature. The onboarding process for new users will set their posts to only be viewable by their friends by default instead of being public. And this is very sad for me because for years now, every time I've opened up Venmo to, you know, pay a friend, I've seen a recent transaction from someone I hooked up with with once in 2016 and the thought that other people aren't going to have that experience makes me really sad.

B

So, you know, as a nosy person who loves to gossip, I am sad about this story because, you know, it was always fun to see which of your random phone contacts had been paying their fractional share of the rent or back for dinner. People put various jokey things on their transactions, you know, illicit drug deal, foreign arms trade, et cetera. And it's just sad that we won't get to experience that.

A

Yeah. Also, you know, the public by default Venmo transactions gave us many great stories over the years, including Joe Biden's Secret Venmo, which was a Buzzfeed story. J.D. vance had a public Venmo that Wired reported on Matt Gaetz's Venmo payments were part of a federal inquiry into his payments to women, according to the New York Times. So I guess all of us investigative reporters are going to have to find a new, easy way of writing a story.

F

Kevin.

A

Yeah.

B

Now, the only baffling security breach from these apps is that Telegram still does notify you when one of your phone contacts joins. And I always love to screenshot that and send it to people and be like, crypto or what is it this week?

A

The only two possible answers. So what kind of mess is this Venmo mess?

B

This is unfortunately a cleanup, not a mess. This used to be a very hot mess and now, you know, belatedly it is getting cleaned up.

A

Fair enough, rip. Let's see what else coming down the tracks. Oh, well, this was interesting, Kevin, and ties in closely to something that you've written about recently. Amazon has started to widely deploy its in house Mesh Claw product in recent weeks, which allows employees create AI agents that can connect to workplace software and carry out tasks on a user's behalf. But some employees are saying that colleagues are using the software to automate additional unnecessary AI activity to increase their consumption of tokens, which will then, of course, you know, make them look better to their bosses. So did we see that one coming or what?

B

Yes. I believe you invoked Goodhart's law about what happens when a target becomes a measure. It's a measure becomes a target.

A

When a measure becomes a target, it ceases to become a good measure is of course Goodhart's law.

B

Thank you so much for that. Yes. And I imagine that at the famously frugal Amazon, they are loving this era of people just spending a bunch of random tokens to move up the leaderboard.

A

Here's the thing. I talked to a lot of, you know, Amazon employees over the years. Tokens are the only thing at that company that is free. You want to, you want a Diet Coke from the vending machine, get out your, your wallet. Okay, so these guys finally find something free and now they're getting in trouble.

C

Yeah.

B

The good news is they have unlimited tokens. The bad news is they can only use them on Mesh Claw.

A

Yeah, I'm going to say that this is actually a hot mesh. That's what kind of mess this is. Very good. All right, next up, Kevin. This comes to us from 404 Media and boy, did I see this clip. In about 14 different places over the past week. Students boo. Commencement speaker after she calls AI quote the next Industrial Revolution. You see this one yes. Yes. So May 8th commencement speaker Gloria Caulfield, who's the vice president of Strategic Alliances at Tavistock Group, told graduates of the University of Central Florida's College of Arts and Humanities and Nicholson School of Communication that AI is the next industrial revolution. She was met with thousands of booing graduates and someone in the crowd. Kevin yelled, AI stuff sucks. So what did you make of this, this commencement moment?

B

Here's my thing.

A

Yeah.

B

Students are allowed to feel however they want about AI.

A

Yeah.

B

But if you boo the commencement speaker for suggesting that AI is a big deal, I want to see your ChatGPT history. If you have used AI to write your exams to help you with your problem sets in any way for your academic work, you are not allowed to boo it at commencement. That is my rule.

A

I don't know. I think these students were fine, taboo. I mean, you know, Ms. Caulfield was, after all, addressing the colle, the arts and humanities, who I'm guessing is probably not the group of students at the university that are most excited to see AI come into their lives.

B

So here's. Here's the thing that I'll say that is sincere. I think this. I think people are radically underestimating how mobilized young people are against AI right now. I see this every time I go to a college to talk to students. They. There's like a small group of them who are like running open claws and very excited. And like 80% of them are like, I hate this.

A

Yeah. So look, if you have to give a commencement speech within the next few months, a highly relatable situation that many of our listeners will be in now. You know, careful, careful how you talk about AI.

B

Yeah.

A

Okay, Kevin. Our next story comes to us from the good folks at Variety. Dua Lipa has filed a $15 million lawsuit against Samsung for using her face to sell TVs. And this one is honestly pretty incredible. Samsung has apparently used Dua Lipa's image on the cardboard packaging of its TVs starting last year. When Ms. Lipa became aware of it, she demanded that the company stop using her image and apparently, like, could not get through to anyone at Samsung. So Samsung finally responds on Monday and said this was all the fault of some third party content partner. And Samsung said, we have great respect for Ms. Lipa and the intellectual property of all artists, and they are actively seeking and remain open to a constructive resolution with Ms. Lipa's team. Well, it sounds like a constructive resolution could be taking her face off the packaging and paying her $15 million. And I understand her concern because the thing that people always forget about Samsung products is that they do explode when you least expect them. There was, of course, the famous series of explosions related to their phones. So if I see my face on a Samsung tv, I'm thinking I do not want to be the literal face of an exploding piece of hardware. Yeah.

B

What kind of mess is this?

A

This is a true hot mess because the TV could have exploded. Yeah. Now you want to read one?

B

Okay.

A

Okay.

B

All right, this next one comes to us from our colleagues at the New York times. EBay rejects GameStop's $55 billion takeover bid. Last week, GameStop offered 55 billion to eBay in an unsolicited takeover attempt. According to some interviews, they appeared not to have $55 billion, which would put a damper on their plans. This week, eBay officially said no to the GameStop offer, calling it, quote, neither credible nor attracted. Attractive. Which is also what our last itunes review of this podcast said.

A

There you have it. You know, this one is an interesting story from the world of what I like to call companies that I can't believe still exist. I don't know what's happening on ebay. I don't know what's happening in GameStop, but what I do know is these companies probably don't belong together. Kevin?

B

Yeah, I find this fascinating because it is just like the Internet brained CEO of GameStop. He's this guy Ryan Cohen, who's like, you know, sort of rose to prominence during the meme stock mania of like 2020 and 2021. And now you can just do whatever you want. If you're the CEO of a company, you can just say, we're going to buy a company that's like five times bigger than us. How shame on you for asking.

A

I mean, is it unreasonable, given their history, to expect that he. They could have announced this and GameStop stock could have gone through the roof and all of a sudden they would have had $55 billion by eBay. Yeah, but that didn't happen.

B

Well, if they had done this deal in typical GameStop fashion, they would have offered about half of what the market value for ebay was because it's used and probably doesn't even work on your console anymore.

A

I like jokes that you'll only get if you have returned a video game to GameStop.

B

It's kind of a listen for our younger listeners. There used to be a time when you could walk into GameStop with a box of old video games that you wanted to get rid of and they would offer you between 50 cents and $1 for each video game.

A

All right, this is the sort of mess where we're explaining the joke. Okay, okay, okay. So we've got a few more items, Kevin. So Sheen and TEU are fighting it out in UK courts, Kevin. As Shein has accused Timo of, quote, astonishing levels of copyright infringement. And Timu accused Sheehan of waging, quote, an aggressive and relentless battle using copyright allegations to undermine competition. This comes to us from Bloomberg, and the whole trial revolves around thousands of photographs that Sheehan says are from from its website. According to Sheehan's lawyers, TEMU sold identical clothing items using the same images and is seeking to piggyback off Sheehan's own investment in building up its supply chain and training and upskilling suppliers. What do you make of this fight?

B

The fast fashion brands are fighting, fighting. I have. There's no one I'm rooting for in this fight. I've never bought an item of clothing from either of them. But it is very funny that two of the brands who have made their sort of entire existence ripped, ripping off the clothing from more established purveyors are now fighting each other about which one's ripping off the other one.

A

Yeah. Truly a situation where is there a way they both could lose and learn a hard lesson about intellectual property? Yes, we're rooting for them. Next up, favorite story of the week, Kevin. And I imagine you heard about this one. People are seriously pissed that Grindr outed them with its latest Madonna advert. Did this happen to you?

B

No.

A

Okay, so this issue stems from. From the fact that Madonna has been doing this big campaign inside of Grindr to promote her upcoming album, Confessions on a Dance Floor 2, which is a concept album about a 68 year old woman who still wants to be at a nightclub, like, after midnight, and she's advertising on Grindr. And apparently over the past week, when you opened up Grindr, even if you had your phone volume turned off, you would hear a sound of Madonna saying loudly, hi, Grindr, it's mother. No, which. Which, first of all, it's grandmother. Sorry. Second of all, apparently, like, you know, people who are not out to their families were opening Grindr at the dinner table, which, you know, you're already sort of putting yourself in harm's way there maybe. But the last thing they expected was to have Madonna being like, hey, look at, look at this guy. He's on Grindr right now. So truly one of the most misconceived ad campaigns in recent history.

B

Wow. Yeah, that's so wild. It's like if they put U2 songs of innoc on your phone, but it just outed you to your family.

A

Yeah. The song was you're gay. That was the. That was the song.

B

This.

A

Here's the thing. This is a dangerous mess. It is not always safe for people to be outed to people in their immediate surroundings. So shame on Grindr. They really should have known better.

B

Yes, Push notifications should be illegal.

A

All right, and one more. One more car coming down the train tracks here, Kevin. This is from the Elon Open AI trial this week. Sam Altman was on the witness stand Tuesday and testified that at one point, Elon thought he should run Open AI. Sam asked him, hey, what do you think would happen to the company if you died? And according to Sam, Elon replied, I haven't thought about it a ton, but maybe control should pass to my children.

B

Question mark, question, question mark, question mark.

A

So what do you think? Do you. Well, let me just ask it this way. Do you think we would be better off if OpenAI was a hereditary monarchy controlled by the Mother Musk Clan?

B

I do. I think that really is the idea. You know, we always talk about what is the ideal governance structure for AGI.

A

Yeah.

B

I think we can all agree that it would be best if, you know, Elon's 27 children were involved somehow.

A

Yeah. Or just, you know, I don't know, they pick one at random. You know, one is probably, I don't know, 11 years old and rides a skateboard around town. They're like, all right, kid, you run AGI now. Best of luck. So, yeah, that continues to. To be a legal mess.

B

Yeah. The whole trial has just been fascinating to me. Less because I care about the actual, like, legal issue on. On trial and more because it has just produced all these amazing and incriminating files from, like, the early days of OpenAI, including all of their texts and emails and messy dramas. I live for it.

A

Yeah. I mean, look, it's very hard to run a successful company without a lot of executives saying a bunch of really stupid things and writing them down like that. We just it over and over again. Yeah. Yeah. So let that be a lesson to us.

B

Yep. Hot mess. And that is it for the Hot Mess Express. Thank you to all of this week's passengers and best of luck with your messes.

A

Try to stay on the right side of the tracks.

E

Every smart enterprise is embraced. Embracing AI Budgets are big. Tools are alive. Every board is asking what's working. The problem. No one has a defensible answer, let alone a data driven strategy to guide investment. Laradin is the AI Impact Intelligence platform Laradin deploys through a browser extension and or desktop agent, giving you complete visibility into AI adoption and value while identifying hotspots where AI can make more impact. If AI is important to you, your enterprise, head to laradin.com today and book a demo to start measuring and maximizing impact from AI.

F

Hard Fork is supported by adeo, the AICRM that knows what's going on. Set up in minutes, get powerfully enriched insights and surface context on every deal. Need to prep for a meeting? Done? Got a follow up to write? Drafted? Ready to close this deal? Just ask Addio With Universal Context Addio's intelligence layer, you can search, update and create with AI across your entire business. Ask more from your CRM Ask Addio Try Addio for free by going to add IO.comhardfork that's a T T I O dot com hardfork this podcast is

D

supported by Everpure Storage and Data Management so simple it feels like second nature data. It's everywhere and vital for all your apps and apart AI initiatives. Managing it all has become a major challenge. Traditional storage just can't handle it. There's a better way. Everpure is bringing their trademark data storage simplicity into full data lifecycle management. From on Prem to the cloud. Manage it all on one simple platform. Tame your data chaos with EverPure.

A

Visit everpuredata.com hey, before we go, one request. We want to hear what it's like for people who are undergoing major career changes in response to AI. So for example, if you have recently left a computer or desk job to do something more manual like H Vac installation or tree trimming, we would love to hear how it's going. So anything in that realm, please send us an email. We would love for you to share your story with our audience. Our email again of course is hardforkytimes.com Tell us about your career shift and why you're making the change. Hard Fork is produced by Whitney Jones and Rachel Cohn, were edited by Veren Pavic, were fact checked by Caitlin Love. Today's show was engineered by Chris Wood, original music by Alicia Rowan Nimisto and Dan Powell, video production by Jake Nichol and Chris Schott. You can watch this whole episode on YouTube@YouTube.com hardfork Special thanks to Paula Schumann, Qui Wing Tam and Dalia Haddad. You can email us@hardforkytimes.com with what you would do with Mythos if you could.

B

When I found out I was going to be a parent, I immediately felt

A

a lot of anxiety and worry.

B

So I went on to BetterHelp to

A

try to look for a therapist to help me with that.

E

My relationship with my family and with my boyfriend and with myself were suffering.

A

I really needed help.

E

I was ruminating a lot. Really getting those thoughts out to a therapist and getting feedback was just Life.

C

Discover what BetterHelp Online Therapy can do for you.

B

Visit BetterHelp.com today.