B (3:36)

So I want to quote from a CBS News article here. It says early analysis shows the network was used for communication between foreign governments and individuals known to US law enforcement, including members of known organized crime gangs, drug cartels and human trafficking rings. According to multiple officials briefed on the investigation, the US Secret Service said it is combing through the more than 100,000 SIM cards in an ongoing exhaustive forensic analysis. Now my question to you is if you've built this thing for covert comms and spy stuff, why do you then use it to send threatening messages to elected U.S. representatives? That seems insane. Like that just seems like why would you do that?

A (4:17)

Yeah, some people don't have the discipline they really need in nation state espionage and nation state activities. But I think pure conjecture we may find this was like a contracted effort where somebody was paid to do it on the behalf of another entity and they used it, but they didn't know what was moonlighting on top of that network. And so that'll be the goal.

B (4:46)

Like those people who get paid 50 bucks a month to allow, you know, home proxy networks to use their computers or their connections and stuff. Same sort of thing, bigger scale.

A (4:57)

Yeah, well, I think they knew what it was. You know, you don't have these racks full of antennas without knowing that it's a pretty powerful capability. I think what they did was they partitioned off and they used some of it for the activities of the funding entity and then they used others of it to make a little cash in the evenings.

B (5:20)

Yeah, right. So this was truly a multi purpose bit of infrastructure.

A (5:24)

Yes. And I also thought it was interesting. So Matt McCool, who is my favorite name Secret Service agent, right. Heading up New York, said cool is pretty cool.

B (5:36)

Yeah, I'll give you that.

A (5:37)

Yes. He said that they got multiple locations in New York and even in New Jersey but he intoned that there were others in, you know, in other cities in the us And I will tell you, Pat, I think those SIM cards are going to be the downfall of this operation because it's really hard to get SIM cards in large quantities. And, you know, somewhere you either have to become an MVNO or you've got to pay somebody who has an issuing capability for SIM cards. And, you know, they have to be activated onto these networks. And so they'll be able to follow the money and follow the accounts, and they'll also be able to tie those SIM cards across, you know, multiple of these devices, whether they're operating around New York or in other cities. Who knows, we may even find these in, in other international countries. But I think that first, first round, I think the SIM cards are going to be the downfall and the unraveling of this.

B (6:39)

Well, I think I see what you're getting at. Right. Which is the fact that they had a hundred thousand of them just in New York indicates they were getting them from somewhere and someone's about to be in. I. Look, there's no other way to say it. Someone's going to be in deep. Yeah.

A (6:51)

And I think, I think they got them from multiple places. Right. But there will be a finite number of threads to pull and, you know, big data. This is the kind of thing that's, that's just going to be really, really lucrative for the investigation.

B (7:06)

Now, before this news broke, we already had a story in this week's run sheet down towards the end, right. Which we've pulled up towards the front because it's now very relevant to this discussion, which is MI6 in the UK. Guess that's the UK's CIA. They have launched a Tor Onion service to allow, you know, possible collaborators to connect to them and share information. And they've, you know, They've released a YouTube video about this as well, saying, look, you know, in your country, it might even be risky for you to view our videos on YouTube, to look at the how to guide of how to connect to this Tor service. First of all, there's some irony there in the fact that they're explaining that it's dangerous to access their YouTube on YouTube. So that's, that's the first little thing there. Second of all, I mean, I would have thought in, you know, heavily contested sort of network environments in some of these countries, very little is going to stand out more than attempting to connect to a Tor Onion service. I really question the wisdom here. And this is me as, just as a, as a Civilian with no deep expertise in covert comms and whatever. But I just think this just seems insane to me, Rob, and I just seeing as you're here, I wanted to get your opinion on it.

A (8:24)

Yeah, well, CIA did a similar tip site several years ago and I didn't.

B (8:29)

End well from what I remember.

A (8:31)

No, no, they, they had covert comms that didn't go well. So they had, they had websites that, you know, were really, if you, if you kind of looked at the tradecraft use, were not out well architected. I think they, they didn't consult the right expertise, but they did set up a tour site for tips several years ago. And I couldn't imagine that our, you know, one of our closest partners in the UK wouldn't have asked them about whether it was worth it or not. Because you have to think about other things. There certainly is the safety and security of your assets. Right. But you also, by announcing it publicly, you're going to get everything from whack jobs connecting to give you their imaginary leads to people sew real disinformation who want to, you know, try to slide in that double agent or misdirect you to something that they want you to see and focus your resources on. Right. So there's a lot of reasons that, that this is, you know, challenging. But at the same time I think the fact that they're doing it is an acknowledgement that, you know, you've got to have multiple ways to get connected to people who want to help your cause. And whether it's walk ins to an embassy, which is really dangerous, or trying to find the right person in your country where, you know, the home team has the huge advantage in many cases the people can't travel and that is one of the safer ways to get away and try to make a meet. So the virtual meet certainly is an option. It'll remain to be seen to history, I think of how successful and how useful it is. But I think they're going to try a wide and diverse set of ways to allow that their sources to get in connection.

B (10:19)

It's so funny, just every time I talk to someone from the intelligence community, there are so many aspects of intelligence work that are so similar to journalism. Like when you were describing the whack jobs who, you know, flood your tip line and whatever, it's like, I've been there, dude. Like I have everybody who's having some sort of mental health crisis with cyber characteristics, like they will reach out to us and tell us about how they're being tracked by, by the you know, the intelligence world and the satellites are getting them and you know, so I, yeah, been there, been there. And even when it comes down to interviews and sort of trying to unpack people's agendas like it is interview techniques, it's, it's, it's, it's amazing. I've had some, some funny conversations about that and you just made me remember some of them.

A (11:03)

Definitely some strong parallels, Pat.

B (11:06)

Yeah, 100%. So let's move on to some bread and butter infosec news now. And of course the big research news that broke over the last week was Dirkian Malema, who we've had on the show before. This guy is an absolute expert in all things, you know. Yeah, Azure, Azure ad. And which is now entry ad, Entra id. I'm sorry. And he accidentally stumbled onto like the holy grail of entra ID attacks. I'll explain it badly because it's hard to explain well, but essentially there are these like, service tokens you can generate in your Entra ID tenant to perform various privileged tasks. And he was messing around generating some of these tokens and then just thought, well, I wonder what happens if I change like the tenant ID on one of these tokens and try to run it in another tenant or use it to authorize something in another tenant. And it just worked because for some reason Microsoft didn't think, well, you know, whoever developed this didn't think to validate that the token was, you know, for, for a specific tenant. So that basically meant that you just had needed to generate a token in your 10 change the tenant ID and you could just use it anywhere. So this meant, yeah, full compromise of every single entra ID tenant on the planet. This is like a 10 out of 10 megabug. Obviously Microsoft patched it immediately when he reported it to them. They've assigned it a cve. I don't see any mention of a bounty payment for this, but you would think if there is one, it's going to be huge. Oh, and we need to mention too, before I get your reaction on this, I think you've done a little work with Microsoft, so there's a bit of a conflict there. So we should just mention that in the interests of transparency. But what was your reaction to this? Because, like, wow.

A (12:54)

Yeah. So, Pat, it certainly is a God mode token. Right. So Microsoft really has these, they had these actor tokens that were meant for Microsoft's internal services to impersonate the accounts across tenants to do the background tasks. And, you know, you could launch a service that would Execute in years and you hit the nail on the head. The flaw in those tokens that didn't validate if it was changed or altered meant you could issue your own for anywhere. And the other part you didn't mention was it really bypassed logging because it said an admin did this and the assumption was it was your admin in your tenant, not a phantom admin from another tenant. So I think the response he got and the speed at which it was patched was indicative of how powerful it was. So I do think the upside is, you know, the bug reporting channels work. This is how it's supposed to work. He found something before it was used at scale. But it does make me think back to, you know, the study we did on the Cyber Safety Review Board where there was another token problem where a series of kind of cracks and seams in authentication let people mint mint tokens that allowed you in the O365 world to do some really impressive things with accounts that were not yours. So we continue to see kind of that authentication and identity is hard and it's harder when you have legacies architectures. Right? And I've watched Microsoft since that CSRB report and seen how much they've cleaned up in the way authentication and the tenants are secured, the way things are logged, and especially the amount of oversight and overwatch that have been added. But it's still clear that there's still those cracks and seams that will bring you to your knees. And you've got to, you've got to. In the cloud world, you've got to trust your provider because they have God mode under the hood. And the question is, can somebody else get to that God mode without knowing or properly authenticating? And that's what you've got to protect against.

B (15:23)

Now look, I hear you and it's great that they've lifted their game, but I think the criticism that I have of Microsoft is that they let too much technical debt accumulate. My criticism is that they didn't do enough until now. So it's great that they're doing stuff now, but you know, they've sort of got this massive technical debt problem that they've got to tackle now and it's kind of too late. Right? Even if they are taking it seriously. I guess that's what I would say, like, awesome that you came to the party. Now it's a little bit late. And this is, you know, I don't know though. Look, I think bugs like this, ultimately they happen everywhere. They can happen everywhere, but still, like, wow, It's a, it's an absolute clanger. Now look, speaking of recent issues, we spoke, I spoke with Adam last week, week about this NPM supply chain worm, the Shailud worm, which is very cool. GitHub has taken some steps now. Well, they are taking steps. They are moving towards a world in which you will need to do some sort of Fido based multi factor authentication event in order to publish an update to a package in npm, which I think is good, but it's going to really annoy developers. And then they're working towards a trusted publishing system where package repositories trust specific workflows or services to publish code using short lived OpenID Connect identity tokens instead of API keys that last forever. These both seem like sensible changes, but I guess, yeah, once you've plumbed through an automated publishing workflow, I mean, you kind of going to wind up somewhere back here in the first place, aren't you? If everybody's using some sort of pre approved workflow like once the attack is on that machine. I don't know, I'm guessing they know more about this than me and if they think this is going to help, that's great. But it did seem a bit strange to me.

A (17:14)

It will help, Pat. So you know the trusted publishing plan they have is intended to keep me from scraping your token and then using it somewhere else to publish in your identity. So if they're shorter lived, the window of exposure is cut down. The idea that you're going to use Fido tokens makes it more likely that to issue those, those authentications, it's going to be harder and tied to you. But in the end somebody has to have the authority to do these publishing activities and I think attackers are going to go after you and your identity to try to get into your pipeline. Yes, but what they're doing is they're, they're raising the bar, they're making it harder. You know, multi factor hardware tokens aren't invulnerable either, but they raise the bar a lot for the attackers. And then shortening the window that the generated tokens are valid also closes down opportunities. So I do think this is a step in the right direction.

B (18:22)

Yeah, 100%. I do too. I just wonder though, like if, you know, you look at the way the Shailude worm worked, which is it would edit people's packages on their machine and then forcibly publish them. I mean this would mean that you would just edit the packages on the machine and wait for the user to publish them like Authenticated. Right. So it's going to slow things down. It won't stop. And that doesn't mean it's a bad thing. I think it's a good thing. But we ain't done here, I guess is my definitely, definitely now. We saw a fairly significant ransomware attack affecting flights in Europe. They were delayed because it was this company called Collins Aerospace. They provide check in and boarding technology for a whole bunch of airlines. And yeah, this caused, you know, massive disruptions at a bunch of airports in Europe, including Heathrow, I believe. Recovery, I don't even know. I had a quick look around this morning. I couldn't see whether everything's back to normal now, whether the recovery efforts are still ongoing.

A (19:21)

It's not bad. As of today, Heathrow said most of their flights were running but, but Brussels still canceled flights even today. They lost half their flights yesterday. And Dublin and Berlin were still slowed. Right. They didn't give metrics but it's, you know, and anytime a flight into or out of one airport is delayed, it cascades. Right. Cause those planes probably don't just fly London to Brussels. Right. They go elsewhere. And so if they can't get through London, they're not getting to other places. So the cascade knock on effects are massive.

B (20:00)

Yeah, we had a few months ago I was flying domestically in Australia, not to Sydney, but because there'd been bad weather in Sydney. I mean it just caused like cascading problems through the whole network. Right. So yeah, 100%. I guess what's interesting here though is we've seen some big game ransomware lately for the first time in a while, you know, when you think about Jaguar Land Rover, Marks and Spencer, now this Collins Aerospace, now there is rumor, there are rumors at the moment that this Collins Aerospace thing may have been scattered spider or scattered spider adjacent. That was the case for Marks and Spencer. It looks like it was the case for Jaguar Land Rover. So what I find really interesting here is that we saw this massive initiative from law enforcement and intelligence agencies to target Eastern European, you know, Russian, essentially ransomware as a service organizations and all of the affiliates and whatever and go for a disruption effort there. And that actually appears to have done something. And now we're seeing big game ransomware. And it's Western kids, it's, it's, it's British and American teens. They're all going to get caught. We're going to talk about that in, in just a moment. But it's bizarre, isn't it that we've seen this shift in the location, the Geography of the attackers from these places where law enforcement can't work because they're in hostile jurisdictions into areas where law enforcement can work. It's just. It's such a bizarre outcome.

A (21:26)

Yeah. And the other part is, you know, you've pushed the age of the attackers down, Right. The. The folks that are doing the Scattered Spiders, often relying on juveniles to take the action, or juveniles are in the driver's seat. And that also changes some of the tools that law enforcement has in the UK and the US yes, yes.

B (21:51)

Now, we do have some reporting here from data breaches.net where they reached out to Shiny Corp. And asked them if they were behind the Collins Aerospace thing. And they said, no comment. They did say that. That's not unusual for them to say that. But what was unusual is that they said, I said no comment. But you can say that I said, no comment. So it's all a bit strange. They're just getting. Everyone's getting like Scattered Spider vibes off this now. Meanwhile, two more alleged Scattered Spider members were arrested over the London transit system breach in the uk. The your lot, the Americans, have also dropped an indictment for one of the guys who's been picked up in the uk. Another guy turned himself in to the police in Las Vegas pertaining to the 2023 attacks into the casinos. There was. Was it MGM and Caesar? So whoever that is, they're in deep, deep trouble. So, yeah, there's all of this happening, happening at once. It feels like Scattered Spider is in the process of being rolled up. And of course, there was all of this really interesting. There are these really interesting alleged facts dropped by the DOJ in these indictments that have been unsealed. So, you know, this. This. The. One of the ones who was arrested in the UK, Talo Joubert, who's only 19. You know, apparently they took $115 million in ransoms. They breached a US court system. And VX underground noticed something very interesting, which is in these documents. It says that Scattered Spider obtained a ransom of 964 bitcoin from one organization. The charging document said the cost of bitcoin at the time of that Bitcoin at the time was $36 million. So they went back and looked at the bitcoin chart to see roughly when that moment in time corresponded to November 2023. And who was being ransomware in November 2023? It was the Chinese bank. It was the Chinese ICBC, the world's largest bank. Right. So we're just finding out all sorts of stuff, but it does feel I predicted incorrectly in 2023 that these guys were all going to go down very, very quickly. It's taken a couple of years, but. But it does feel like, oh my God, they're all about to get arrested. What do you think?

A (24:10)

Yeah, yeah. And this is the snowball rolling downhill. Right. It just rolls right over people and scoops them into this big ball and continues down and hits more people. So as you get people to turn, they will turn on the associates they know. They also will have machines and tradecraft and nobody does OPSEC perfectly. And so even if they don't know who their co conspirators are, they just know them by nicknames and handles. They have interactions that are going to give nuggets and clues that law enforcement get closer and closer. And even inside that, you know, there will be people who are online and still participating and they will either be assets of law enforcement or they will be law enforcement on those accounts. And so they're all going to look over their shoulders and wonder. And so the, you know, the news titans in this space. So I do agree with you, it's going to keep, it's going to keep yielding more and more arrests. It's going to be hard to stay ahead and outside of it. And even the bitcoin, you know, that's a permanent record. And as little bits and wallets turn up in some of these arrests, it also starts to be another, you know, piece in the jigsaw that you can use to connect other people and other and other topics.

B (25:34)

So I can't remember if it was this guy or someone else, but they'd use some bitcoin to buy some gift cards and then loaded it into like Uber Eats credits or whatever. And that's like one of the ways that they got connected. Like it's just, it ain't easy. I think if you like, if you are not a Russian with good protection, with a decent umbrella, like, you got no business doing this. And even they don't want to have a bar of it at the moment, it seems.

A (25:57)

Yep. And you know, back to your no comment. But you can say no comment. You know, that smacks very much of scattered spider, you know, having fun on Telegram and you know, on the, on the leak sites, talking about their escapades. Right. I don't think they can help themselves in some of these. So yeah, we will continue to learn more and more and put it together just like the law enforcement will and I think we'll see outcomes and results.

B (26:25)

Yeah. Just before we move on from this Discussion. What's your feeling as to the effectiveness of some of the joint intelligence and law enforcement operations targeting the ransomware ecosystem, particularly the Russian and Ukrainian ransomware ecosystem over the last year or so?

A (26:44)

Yeah, it's hit and miss, Pat. So we've got to put sand in the gears and you've got to keep adding friction all the time. Right. There's not one solution to any of this. It's going to be law enforcement. It's going to be the offensive cyber you keep hearing people talk about. It's going to be a lot of industry and the commercial entities helping and all of that just kind of works together in one direction. So, you know, the criminals are going to keep innovating. The governments and the private industry will up their game over time and, you know, we'll have to work them one shot at a time. But I'll tell you, you know, even though some of these are juvenile folks involved in this, it's serious business, right. There are, you know, death threats amongst them and even out to the people that work in law enforcement and intelligence pursuing them. Ye, so it's, it's not an easy job. In fact, I was talking to some of the, the private companies, threat intel teams and you know, they've got serious threats against themselves and their families to the point they don't even like to be acknowledged in the role they play and, you know, where they help because the threat's real.

B (28:15)

Yeah, I mean, I've seen, I've spoken to American law enforcement people who've had, had, you know, old addresses doxed and things like that and death threats and it's like it's bad. It is, it is. You know, there's a level of nasty out there that's, that's just insane. And look, speaking of the impact, we've got more reporting here just on the cascading effects of this Jaguar Land Rover ransomware incident. There is a company that supplies Jaguar Land Rover and its share prices plunged 55%. You know, what's the name? Ortons, a company providing specialist insulation components for Jaguar vehicle. You know, they're just in all sorts of trouble. That's an Alexander Martin report over at the Record. So, you know, this stuff has genuine consequences. And meanwhile, Jaguar Land Rover itself has extended production, its production pause well into like into October at the earliest. And that's according to cyber security dive. So, yeah, bad, bad, bad, bad, bad.

A (29:11)

Yeah, when you, you talk on the knock on I, I read something that said, you know, Jaguar has 33,000 employees, but there's two supply chain. Right. Ottens and, and others. So yeah, the knock on effects are huge.

B (29:27)

Yeah. I mean, look, thankfully, thankfully, Jaguar Land Rover is a very profitable company. Right. So it will be able to eat the losses here because, you know, there's a lot of people want Range rovers and you know, thankfully for the mechanics all over the world, people will continue to buy Range rovers. But yeah, it's just, it's a crazy old time. Right.

A (29:44)

But I, I see that stock plunge and wonder if there's opportunity. I have a friend that built a box to go out and invest in companies right after the news broke about a cyber intrusion because the stocks always dip, but often they come back and level out or jump higher. He did really well with that strategy. Now in the physical supply chain of the smaller companies, I'm not so sure, but certainly the big companies, it's a good strategy.

B (30:15)

Yeah, indeed. Just quickly, because you're here, we wouldn't normally cover it. It's just amazing the degree to which like, like the Section 702 reauthorization story just like pops up every year. And it's, it's starting to hit the headlines again because I think it's like, is it due to expire again?

A (30:34)

Yeah, April 2026. Pat. So they, you know, there was a huge fight last time. It barely got through. That was in late 2024. They kicked it 18 months. There's a proposal now, you know, to, to get this authorized through the midterm elections here in the US so that, you know, it won't be a political football before the elections. So we'll see if that's a strategy that works.

B (31:03)

I mean, just to be clear, like 702, failing to reauthorize would be extremely bad.

A (31:10)

Yeah, it would be a huge hit to a lot of the, the things we're talking about. Right. It is an amazing tool that helps us in, you know, cyber intrusions, ransomware gangs and other things. So, you know, but not to mention.

B (31:25)

Foreign intelligence services, you know, conspiring against you over Facebook, you know.

A (31:31)

Yeah, or, or, or maybe, or maybe building, you know, cell phone farms in New York City.

B (31:37)

Exactly.

A (31:38)

So all of those things, you know, it helps. I'm surprised this made your run sheet though, because the CISA authority, not cisa, the organization.

B (31:53)

Oh, this is the sharing stuff. Yeah, yeah, tell us about that.

A (31:56)

Is just about to fall off a cliff as well. And there's been a number of attempts to kind of wire it into other bills and get it passed, but there's so much discussion of whether the authority needs to be amended with more privacy components or not that it's never quite made it across the line and it's about to fail. And that would leave a bunch of companies without legal protections for sharing information with the government and across to others that can help in investigations. You know, the, the privacy components. You know, it's good to be worried about it, but there is 0 in 0 examples of this being misused. So, you know, I think, I think we're throwing the baby out with the bathwater, talking about hypotheticals when it has proven value in pursuing intrusions. So yeah, I'm hoping we get the, the CISA renewal long before we're fighting over, you know, any of the section 702 renewals.

B (33:04)

Yeah, so that's a 2015 law. Right. Like it's coming up for it's like 10 year sunset and it's the one that enables people to share logs and bits and pieces and threat information with the government and have like safe harbor. Right. And that's. Yeah, correct. I did have that one originally in the run sheet. I did cut it because I was just like, well, let's talk about it when it, when it falls over. It hasn't fallen over yet, but yeah, we'll see. It probably will though, won't it?

A (33:27)

I am not optimistic right now. It's not looking good because typically what you do is you get agreement to attach it to something that's definitely going through, you know, the, the annual defense budget or something and those aren't moving. And you know, there's even debate where we're heading to a one October government shutdown if we don't get a general authorization for the U.S. government. And you know, even that is, is under question at this point.

B (33:57)

Yep. Things in America going real well. Everything's functioning exactly as it should. Now let's, let's move on to our last. And it's about you. Eric Geller over at Cybersecurity Dive has written up a bunch of comments you made on a panel. It was a panel discussion with, between you and John Hultquist and you were talking about how, don't be too sunny about the fact that AI models are finding vulnerabilities now because attackers are probably going to outpace defenders when it comes to using those vulnerabilities, as in exploiting them before they can be patched. And I wanted to talk to you about this because every time I game this out. Right. Because this is a discussion I've had a bunch of times with various people, you know, where I Land is that you're right. In the short term, this is going to be a period of massive disruption. But in the long term, I think we're probably going to wind up in a better place. And I just, you know, they've obviously drawn out your Rob is concerned comments for this piece, but do you think that ultimately, in the long run, we wind up better off. Off?

A (35:04)

I do, but I worry about the chasm we have to cross to get there. Pat, I am an eternal optimist. People that have known me for years know that I see the glass half full in almost everything. And boy, I have convinced myself in the last couple years that, you know, this vulnerability, discovery and automation activity is going to be painful for us. Us, because I do think our operating systems and our browsers and our cell phones are going to get much, much more protections through this and they will be updated at a speed and efficiency that will benefit all of us. But there's so much legacy tech in the environment that I think it's going to be like the forest fire that comes through and cleans. It gets rid of all cleansing fire. It's a cleansing fire. But, but, you know, if your house gets burned down, it's not great that the new one's going to be, you know, going to be shiny and new and, and better built. You've got the pain and maybe the dangers of that fire coming through. So I, I do think that there's a lot of pain between here and the utopia you see, and, and the faster we get there, the better. But the quote in the article is one I live by. We suck at patching. Right. So if you identify all these vulnerabilities, we're going to have a hard time of just locking the doors and windows.

B (36:41)

Yeah. I mean, I think, though, that if you turn identity, sorry, vulnerability, identification and discovery into something that's really easy to do in the development life cycle, you're just shipping less bad stuff. You're shipping less stuff.

A (36:55)

Thank you. Until you vibe code and it pulls in crappy packages. Right?

B (37:01)

Yeah, yeah, yeah.

A (37:02)

So there's. There's a little of that on our future too, right?

B (37:06)

Yeah, yeah. Vibe coded dog crap, basically. There's going to be plenty of that. All right, Rob, that is actually it for this week's news section. Thank you so much for joining us and for filling in for Adam and yeah, we'll catch you again soon.

A (37:20)

It's always great to be here. Thanks, Pat.

B (37:30)

That was Rob Joyce there with a check of the week's security news. Big thanks to him. For that, it is time for this week's sponsor interview now with Josh Camdrew who is the chief executive and co founder of Sublime Security. Sublime Security is just a, I guess it's a reinvention of email security, of the email security platform. So it filters for things like business email compromise, malware, phishing, that sort of thing. That's what we mean, mean when we talk about email security. And yeah, they've released some really interesting stuff lately. They've got a security analyst like an agentic security analyst and also an agentic like detection engineer. These two agents working on the platform in conjunction to really tighten up detections do things on like lazy auto mode works pretty well. I'm also publishing today a demo of the platform including an overview of those agents on our YouTube, on our YouTube channel. So you can find that by looking for Risk Business Media, that is our YouTube channel. But yeah, in this conversation with Josh I wanted to talk to him about finding the line between when you throw something at an agent and when you don't because obviously you cannot throw every single email that comes into your organization against an LLM for analysis. Right. So you need to actually, yeah, find a bit of a line to work out what sort of detections you're going to do and what sort of analysis you're going to do. So here's John Josh talking about that. Enjoy.

C (38:55)

Yeah, this is the hard problem in doing real time detection and prevention at scale and particularly when it comes to agents. You cannot, it's not practical to send every message to an agent or to our automation layer where we have some of our more traditional models that live either. And so the way that we've architected Sublime is essentially a two layer system. Layer one is our DSL that we, it's like this programmable layer that we've created our message query language that can describe complex attacker behavior. Like that whole output that we just went through from ADE is written in MQL and so layer one essentially acts as a filtering layer to say hey, is this message suspicious or not? Does it match some, you know, various behavioral indicators? Like does it match a known sending pattern or an unknown sending pattern? It's essentially like does this look sus compared to what's normal or to what we know is suspicious behavior? And if it passes that layer, so you get something that flags layer one, then that gets escalated to layer two. And layer two is where we have our, our models, we have our agents, is where ASA lives as well to actually do the, the deeper investigation and then make, make remediation decisions. Are we going to block this message? Are we going to insert a warning banner? Are we going to move it to the spam folder? Things like that.

B (40:32)

I mean, I'd imagine though that if you flag something, I'd imagine your first line there, you're flagging either as suspicious or oh hell no, this is absolutely malicious. Right into the bin with you. Is that the result of that first stage, like triage?

C (40:45)

Yeah, the first stage. There's a lot of times where we're just like, this is obviously bad, like just, we can just bin this immediately. There's others where we're just looking for things that don't look, that don't look completely normal. So as an example I'll just use like a, a, a kind of simpler example is like a, an HTML attachment from a first time sender or a newly registered sender domain like in the last seven days or 14 days. Neither of those things are by themselves malicious, but they are very commonly associated with like attacker activity or they're highly abused. Like the first example is an HTML smuggling delivery mechanism, but it's also sometimes used for secure message sending services. And then the new sender domains, like depending on your environment, that might be, that might be something you see or it might not be. So we're looking at this type of activity, we're looking at what you typically see in the environment and then we'll escalate that to layer two. Basically, yeah.

B (42:06)

I mean, it's funny, right? Because having spoken with one of your competitors about this challenge, it is the challenge, right? Particularly when you're operating at scale, which is you can't throw every binary into a sandbox, you can't analyze every single message with AI. So it's all about finding that line where you're catching everything that's suspicious, but you're not burning just crazy amounts of computational power analyzing stuff that's benign.

C (42:34)

Yeah, yeah. And the other, it's just like the reality of what we do in security is that no matter how good our detections or models are today, there will always be something that gets through. Right? Like no security solution is perfect. And we fully acknowledge that. We know that. We're practitioners here too. And, and so the question is when something gets through, especially as we're seeing adversaries adopt more autonomous tooling, generative AI. We've talked about this a bunch on how we're seeing this happen in the wild and there's going to be continued innovations and things that evade detection systems. That's just the reality we live in. And so the question is, the thing that we thought about is what then? Right? Like, we don't want to be a bottleneck for our customers. Hey, we gotta go update this model. You gotta put in a ticket or you have to go build your own detection or anything like that. So that was part of the big inspiration for Ade was that we know it's gonna fail. So how do we enable our customers to be in control of their own destiny without creating work for them them? And that's why we created ade, was to automate that whole process and bring the time to closing gaps. From what's traditionally like weeks or months to go and retrain a model to hours. Now ADE can turn things around.

B (44:21)

Yeah, I mean, I think the key thing with Sublime, I mean, really, if we really boil it down, the key value proposition is that it's different for every installation. Right? Like every rule set, every tolerance threshold is going to be different per customer.

C (44:36)

That's right, yeah. No two environments are the same. There's a different lock on every house. You learn to pick one lock and you still, you don't know what's happening at the other house. That's kind of like one of the analogies that we use. For better or worse.

B (44:55)

Hey, everybody's got to do marketing, right?

C (44:57)

Maybe worse. I don't know.

B (45:00)

The other question I got right is, so who's handling the compute for all of this AI, right? Is that something where the customer plugs it into their own, you know, LLMs that they're hosting, or are you doing it? And if you're the one, I'm guessing it's a combination of both. But if you're doing it, like, since this thing went live properly, like what does the compute bill look like every month? Right. Because I reckon that would be, you know, you got to see some sticker shock there, guy.

C (45:25)

Yeah. And to be clear for ADE and asa, like these are all included in Sublime Enterprise. So like, we're not charging our customers more for this. And in terms of how we, like who owns this, who owns the bill for these agents is that we have a, we have our deployment model, we have a SaaS based deployment where it's our, our cloud infrastructure, it's hosted, you know, just like normal SaaS. And then we have self hosted deployments. And so just in terms of, just like how we price Sublime, the licensing fee is the same whether it's self hosted or whether it's SaaS. But in terms of who's responsible for the infrastructure bill. If you're SaaS, it's sublime. If you're self hosted, you own your own infrastructure bill. So that's the difference in terms of the bill for the agents.

B (46:21)

So what, it's a small enough amount of compute that you're actually just able to eat that on the SaaS side?

C (46:28)

Yeah, yeah, that's right.

B (46:30)

Right, yeah. Okay. That's cheaper than I thought it would be. Right. For doing this sort of analysis at scale.

C (46:35)

Yeah. I think one of the things that makes this really possible is the dsl. So like the hunt, for example. Like the hunt when AAD A generates a detection and it wants to validate the efficacy of that detection, it's using the generated detection to run the hunt. So it's not like an agent is going and doing that work. These are leveraging primitives that already exist within the architecture of Sublime. So when we're going back and analyzing the last 14 days of history, that's just a hunt that is already built in the system. It's already highly optimized and how Sublime works. So it's only at the layer of, hey, we need to invest the these, the matches.

B (47:26)

No, I'm with you. I mean, you want your agents to use the tools, not be the tools. Right? Which is why I find it funny when everyone's like, oh, but LLMs are going to take over this. And it's like, well, that doesn't seem like a good way of doing business if I'm honest. Right.

C (47:39)

I mean, this is the reason why our two agents have been so effective, is that it's because of the tools that we have in Sublime that we make available to them and because of all the content, context and knowledge that we have and that we've given these agents. This wouldn't be possible without the expressiveness of MQL and the retrohunt capability and things like that. So one of the really key things when doing this at scale for this type of problem is that generally speaking, LLMs are non deterministic, but we are turning it into a deterministic problem with the DSL in terms of what we actually generate output and deploy to make the decision at the end of the day.

B (48:31)

Just going back to something you said earlier, which is if stuff does occasionally slip through, I'd imagine the backtesting component of R DAY is going to become quite useful then because you might run a backtest and go, oh, okay, this didn't cause like 6 million messages to get flagged as malicious, but it did cause three of them to get flagged as malicious and that might be something we're going to look at.

C (48:52)

Yeah. You mean in terms of reviewing the back testing results and making that transparent? Yeah, yeah, yeah, definitely. So there are cases where, and we've seen this happen since we've released ade, like done our public launch, is that ADE is basically the detection is picking up other variants of the campaign as well.

B (49:17)

Yeah, and historically as well, right?

C (49:18)

Historically it is. Historically, yeah, exactly. So it's like because ADE strives to be behavioral, there's a spectrum. When anyone who's done detection, any sort of like detection engineering, there's a spectrum in how you build detections where. Where on one side of the spectrum you're super specific and you're almost IOC based or you are IOC based. On the other side of the spectrum you're purely behavioral driven.

B (49:47)

Your ttps.

C (49:48)

Your ttps. Yeah, exactly. You're using AI and things like that. And so there is a trade off in terms of how quickly you can do something. Generally speaking, if you want to do an IOC based detection, you don't need IDA for that. It's just a block list. It's like you literally just hard code the IOCs and the detection, you're done. But that's useless because they're going to rotate IOCs. So you want to be on this side of the spectrum where you can be much more behavioral. And so there's just a trade off because. Because the farther you go, the more time it might take to actually iterate and build something that's highly effective. And in the meantime, if it's an active campaign that you want to respond to, you actually want to get something out relatively fast. So there's kind of a spectrum. One of the things that we're thinking about for future iterations of AADE is to essentially output multiple rounds of detection where the first one is going to be a little bit more specific, but it mitigates the impact of the current ongoing campaign, like immediately or the one that you might see tomorrow. Right. So that you just don't feel the pain, but then it keeps going and it's like, all right, how can I get more behavioral? How can I get more expansive? How can I use these ML functions in a better way as well? And, and then just keep going so that you just get more pervasive, more broader coverage.

B (51:24)

All right, well, Josh Kamju, it's amazing talking to you about this stuff, right? Like about how AI is legit changing detection. Thanks a lot for joining me to talk about it. Always fun.

C (51:35)

Thanks for having me, Pat.

B (51:37)

That was Josh Kamju from Sublime Security there with this week's sponsor interview. Big thanks to him for that. And also big thanks to Bry Kai Campbell from Sublime. I did the original sponsor interview for this week's show with Bri, but unfortunately we had a technical issue which meant we needed to scramble last minute to replace it, which is why Josh was joining us from the lobby of a hotel. Sorry about that. For everyone who was impacted, it's just one of those things. But that is it for this week's show. I do hope you enjoyed it. I'll be back in a few weeks because I'm just about to go and leave with more security news and analysis. But until then, I've been Patrick Bray. Thanks for listening.