Risky Business #840 -- Microsoft walks back researcher threats - Risky Business

Summary9 min read

Risky Business #840 – Microsoft Walks Back Researcher Threats
Airdate: June 3, 2026 | Host: Patrick Gray | Guests: James Wilson (Risky Business Media), Andy Boyd (ex-CIA, Red Lattice CEO)

Episode Overview

This week’s Risky Business episode dives into some of the hottest stories in cybersecurity, ranging from military OPSEC blunders and government cryptocurrency seizures to spyware controversy, evolving attack campaigns, and a major Microsoft PR stumble around researcher relations. Special guest Andy Boyd (former CIA cyber chief, now Red Lattice CEO) and regular James Wilson bring gravitas, wit, and nuanced takes to a packed rundown. In the sponsor segment, Authentic co-founder Fletcher Heisler discusses running an open source IDP in the age of AI and the “bugpocalypse.”

Key Discussion Points & Timestamps

1. Adversaries Using Commercial Location Data Against US Troops [01:16–06:15]

The Issue: Evidence from the Pentagon shows Iranian actors using commercial ad tech location data to target US troops.
- Patrick: “You don’t even need this data to be tied to identity—follow a device from a US base to Kuwait and you know it’s a service member.” [03:37]
- Boyd recalls the Strava tracking scandal and emphasizes urgent need for policy and practical limits: “It’s not going to be practical across the entire military, but [DoD] has to have very specific rules when deployed on both personal phones and operational phones.” [02:36]
- Both panelists express skepticism that blanket policies or expecting strict OPSEC on personal devices will work.
- Boyd: “Collecting data on military families... should be considered by any politician as unacceptable.” [05:45]

2. US Government Seizing Iranian Cryptocurrency [07:00–09:20]

US Treasury claims to have seized nearly $1 billion in Iranian crypto—up from the previously stated $500 million.
- James: “This has a knock-on effect. Even people working with Iran to evade sanctions now miss out on their crypto funds.” [07:42]
- Boyd: “A billion dollars worth of cryptocurrency is quite a bit of money. The interesting thing is that the US government is now the biggest holder of Bitcoin at $24B. I just don’t know what the US government will do with it.” [08:13]
- Humorous language policing from Boyd: “I seized it,” not ‘stole it’—applies to chocolate cake too. [09:20]

3. Russia Alleges Major Spyware Attack (and Blames CDNs) [09:32–12:45]

Russia claims senior officials’ devices were hit by an unnamed spyware campaign utilizing Cloudflare and Fastly.
- Patrick suggests Russia might use this as pretext to block US CDNs: “You wonder if they’re planning on using this to start blocking major American CDNs.” [10:51]
- Boyd agrees: “When [the Putin regime] announce things like that… they’re trying to get the Russian economy off American technology for a variety of sanctions issues.” [10:51]
- James: “Russia has had no qualms about banning a lot of sites... This could be about managing whitelists more granularly. It’s scant on detail.” [11:54]

4. Ongoing Attacks on Signal Accounts [13:00–17:18]

Recent campaigns target backup keys along with standard device phishing and SIM swaps—especially against Chinese dissidents.
- James walks through Signal’s layered defenses: “There are essentially three layers here... It does seem to be offense in depth.” [14:42]
- Boyd’s advice: “Signal is very clear they’ll never send you a message like that. If you get one, don’t open it, delete it, certainly don’t share your PIN.” [16:21]
- Patrick’s take: “Why would anyone want to back up their Signal messages? ... There should be a ‘Chinese dissident’ setting for Signal.” [17:18]

5. Red Lattice/Paragon, ICE & Spyware Customer Vetting [17:18–21:56]

404 Media sues ICE for transparency on Paragon spyware contracts.
- Andy Boyd clarification: “Red Lattice has a very specific policy... We only sell [spyware] to liberal democracies… authorities conducting legitimate missions under the laws of that country.” [20:00]
- Patrick: “This is a $2 million contract, which in the context of this industry is tiny.” [21:01]
- On Italy controversy, Boyd: “I think your inferences may be correct, but I’m not going to comment.” [21:42]

6. Microsoft’s Tone-Deaf Blog Post Threatening Researchers [22:00–27:21]

Company implied in a blog that their digital crimes unit would pursue legal action against "irresponsible" disclosure.
- Patrick: “Microsoft is not in fact the FBI and cannot prosecute… But it is alarming when a large company intimates that’s what it wants.” [22:00]
- James: “The language… indicating that they believed [Nightmare Eclipse] was irresponsible… and criminal. It was designed to rattle this person and it’s blown back on them.” [23:06]
- Patrick: “This is a settled argument. If you’ve got O-day, it’s up to you what you want to do with it.” [24:32]
- Boyd: “Sometimes Microsoft is both arsonist and fireman… I think whoever released that post hadn’t talked to the other side of the company.” [26:27]
  - Notable Quote: James: “It’s rare to see the infosec community so unilaterally aligned on a negative response. But this is one of those occasions.” [23:06]

7. Other Major Security Stories and Quick Hits [28:20–39:44]

IBM pledges $5B to Project Lightwell (open source security clearinghouse)
- James: “How much is enough to have a material impact? … AI is both continuing to produce zero day bugs as well as arming infinity script kiddies.” [28:58]
- Boyd: “$5B should go quite far... I could have done quite a bit with $5B for cyber offense engineering.” [29:40]
NVD/NIST audit: Confirmed that NIST was at fault for delays; debate about LLMs enriching vulnerability databases. [30:22-31:31]
Meta’s AI Chatbot abused for account hijacking
- James: “How did they do this in a way that wasn’t actually checking the scoping of the operations?” [32:37]
Windows Netlogon 9.8 Bug exploited (Belgium warning), GlobalProtect bug added to CISA KEV, Dashlane exposed
- On Dashlane: “Are you really not rate limiting or putting lockouts on six-digit 2FA codes?... This screams API endpoint somewhere with no rate limiting.” [35:38-36:28]
Glassworm botnet takedown: Targeted developers via malvertising, used resilient C2 (Solana wallet, BitTorrent DHT, Google Calendar, VPS).
- James: “The most interesting thing... is just the architecture... they had to take down all four [channels] immediately, simultaneously.” [37:34]
ASox residential proxy network (17M devices) busted
- Patrick: “These botnets are a response to services like GreyNoise… you use a single IP once and move on.” [41:09]
- Boyd: “Proxy services like this will continue to be a threat. Unified action between private sector and government is critical.” [40:33]

8. Fake Ticket Scams, Software Supply Chain, Team PCP [43:37–45:43]

Surge in sophisticated fake ticket domains for World Cup.
Red Hat NPM supply chain attack leverages their official publishing pipelines; part of “ecosystem attacks” wave.
- James on trust erosion: “It’s the trust signals that are getting eroded and that’s, that’s quite alarming.” [43:37]
Team PCP deep dive – James’ solo podcast featured.

9. US AI Executive Order (under President Trump) [45:43–48:27]

New voluntary 30-day window for AI model evaluation. Patrick: “To be honest, it all seems pretty sensible.”
Boyd: “They see a national security threat to these frontier LLMs, particularly from the PRC... but also trying not to stifle American innovation. There’s gotta be a middle ground.” [46:35]

10. Polymarket/Google Insider Trading Arrest [48:27–51:23]

Ex-Google employee arrested for insider trading by betting on Google Trends via Polymarket (which Trump Jr. has a stake in).
- Patrick: “I think defending gambling sites like this as if they’re regulated commodities or securities is frankly somewhat ridiculous.” [48:27]
- James: “I just feel sorry for the guy… This is Google search term ranking. It would not have made an impact to any share market or any real world impact.” [50:49]
- Anecdote: temperature bets manipulated with a hair dryer on a weather station. [51:31]

Memorable Quotes

Patrick Gray:
“If you got O-day, it’s up to you what you want to do with it. And if you as a company can’t entice people to do it through your preferred channels, that’s your problem.” [24:32]
Andy Boyd:
“Collecting data on military families... should be considered by any politician as unacceptable.” [05:45]
James Wilson:
“It’s rare to see the infosec community so unilaterally aligned on a negative response. But this is one of those rare occasions.” [23:06]

Sponsor Interview: Fletcher Heisler, Authentic (AI & Identity) [53:10–65:21]

Modern Open Source IDP in the AI Era

Emergence of “bugpocalypse” as LLMs and users flood projects with overlapping, sometimes hallucinated vulnerability reports.
- Fletcher: “The hallucinations are so intricate it actually takes time to chase them down.” [54:10]
Proliferation of Machine and Agent Identities
Many AI startups are re-inventing the wheel on basic identity controls for “agents.”
- Fletcher: “You need all the same tools... Fine-grained permissions, token-based accounts, passwordless, etc. It’s even more important now.” [56:33]
- On step-up authentication: “That’s a lot of our current work—access grants and time-based management, human-in-the-loop for sensitive actions.” [58:27]
Insider Threat from Agents
- Patrick: “It’s a built-in insider threat that’s meant to social engineer you.”
- Fletcher describes new “account lockdown” failsafes, inspired by an incident involving a real-life phishing attack: “We need these fail safes while I’m watching Claude do God knows what sometimes, so I can at least hit the E stop.” [61:03]
AI Gold Rush is an Opportunity for Open Source IDPs
- “When you’re ready for serious features, you just reach for Authentic as your default identity layer... looking forward to what comes next.” [64:17]

The Spirit and Tone of the Conversation

Incisive, fast-moving, and critical, with classic Risky Business dry wit.
The hosts and guests blend industry seriousness with irreverent, memorable remarks (“seizing” cake).
Panelists demonstrate technical depth, real-world policy experience, and a healthy skepticism toward hype, PR, and empty promises.

Summary Table of Hot Topics (Quick Reference)

| Segment | Headline | Main Insight | Notable Quote/Time | |---------|----------|--------------|--------------------| | [01:16] | Iran using commercial location data | OPSEC disaster, policies likely won’t fix | “It only takes one person to have lax OPSEC…” [04:19] | | [07:00] | US seizes Iran’s crypto | US can, and does, seize adversary assets | “I seized it!” [09:32] | | [22:00] | Microsoft blog stirs researcher outrage | “Arsonist and fireman” problem | “It’s rare to see … so unilaterally aligned” [23:06] | | [13:00] | Signal targeting campaigns | Offense-in-depth by attackers | “If you get a message like that, don’t open it…” [16:21] | | [28:20] | IBM $5B for open source security | “Infinity bugs, infinity script kiddies” | “How much is enough to have a material impact?” [28:58] | | [45:43] | Trump admin AI executive order | Voluntary, pragmatic, avoiding overregulation | “There’s gotta be a middle ground” [46:35] |

Recommended For

Security professionals seeking “what matters” and original commentary on the week’s events.
Anyone tracking the tension points between vendors and researchers.
Observers of how AI is continuously shifting the threat, vulnerability, and SaaS ecosystem landscape.
Open source advocates, policy wonks, and supply chain risk managers.

For a deeper dive into topics like cloud-based C2 infrastructure, supply chain compromises, and nuanced AI identity/agent handling, listen to the full episode.

Loading summary

Transcript106 lines

[00:00]
A
Foreign. And welcome to Risky Business. My name's Patrick Gray. This week's show is brought to you by Authentic, which is the open source IDP or identity provider. And Fletcher Heisler, one of the co founders of Authentic, will be along in this week's sponsor interview to have a little bit of a chat about all things AI. They are getting slammed with bugpocalypse bugs at the moment, but they say that's okay because they're actually managing to keep up and they, they are also doing a bunch of stuff around machine and agent identities. So Fletcher will be along a little bit later on to chat about that. But first up, it is time for a check of the week's security news. And joining me today is James Wilson, my colleague here at Risky Business Media. And filling in for Adam Boileau is Mr. Andy Boyd. Andy was the, formerly was the director of the CIA's center for Cyber Intelligence, but these days is the chief executive of Red Lattice, which is I guess the impolite word to describe a company like Red Lattice is spyware. Red Lattice of course acquired Paragon as well, which is an Israeli based company. Andy Boyd, welcome.
[01:17]
B
Thank you, Patrick. It's great to be joining you once again. Big fan of the show.
[01:22]
A
Yes. And we have been asked, I believe by your lawyer to clarify the capacity in which you are appearing on this program.
[01:29]
B
I'm here in my personal capacity, not as a CEO of Red Lattice. I'm here as a friend of Patrick and a friend of James.
[01:36]
A
There we go. All right, onwards. So let's get into the week's news now. And look, the big story I think this week is we now have some evidence out of the Pentagon that America's adversaries, and by that I think we, we mean Iran, is using commercially available location data to target American troops in the region. This is something that we first spoke about actually back in episode 830. So 10 episodes ago when a, I think it was like a sort of military, independent military reporter was sort of making some noise about this when some of the troops who were struck in, in Kuwait, there was a rumor going around that there was some commercially available location data involved. Andy, let's start with you on this. Given your background in the intelligence community, I don't think we should be terribly surprised that this is happening. But it's my personal sense that perhaps this is a wake up call for the US Government in particular to take some action here. But I'm keen for your thoughts.
[02:36]
B
I mean, I think it is a wake up call. It's Very different technology, but it kind of reminds me of the Strava exercise app that I think it was a researcher in Australia or New Zealand. I forget several years ago who noticed that the Strava app was tracking US Soldiers overseas, some of whom were in combat environments. But now you add ad tech to it, and it becomes much more complicated to have US Military members, even with their official US Government phones, but also their personal phones, to shut down that ad tech. But I do think DoD Department of War needs to have a policy, especially for soldiers, sailors, and airmen who are deployed. There are special units where you're not allowed to even have cell phones when you're deployed for operational security reasons. That's probably not practical across the entire military, but they have to have very specific rules when deployed on both personal phones and operational phones.
[03:38]
A
Now, I think one of the things here that people perhaps don't necessarily understand, you know, policymakers don't necessarily understand is you don't even need this type of data to be tied to an individual's identity. You know, if you can track a device and see that this device spends a lot of time at a US Base in the continental United States, and then all of a sudden that device pops up, you know, in Kuwait, you've got a fair idea that that device belongs to a, you know, a U.S. service member. James, I mean, I get the impression that, look, having a policy is fantastic, but expecting, you know, U.S. military personnel to adhere to a privacy policy on their personal device, like it ain't happening.
[04:19]
C
No. And look, all so many aspects of this problem make it feel intractable. It's like, you know, as you just said, a policy that says don't use these apps, don't use your phone. It seems it's not going to be adhered to. And it only really takes one person to have a laxative OPSEC around this to expose their data. But at the other end of the spectrum, you know, thinking about the technology behind this, there is just so many different ways that so much location data is captured, whether it's, you know, just IP geolocation, whether, to your point, it's knowing the device has moved around sensitive areas and is going to other places. And so as much as I tried to explore this from an angle of let's think of a technology solution, let's think of a way to sort of just carve this out and not get to the point of saying you've just got a ban, the sale and retention of all location data. It really does feel like there's. That's the only option to really resolve this.
[05:08]
A
Well, I don't see. Look, I understand why certain apps might need to use location data every now and then. You might have a weather app that needs to know where you are, tell you if it's going to rain. What I don't understand is why that app then needs to or should be permitted to store and sell that data. Andy, I mean, you know, is the solution here. You alluded to the policy based approach, right? Like if you deployed no personal device. I mean that seems to me that would be one way to tackle this. But certainly I think, you know, maybe some regulations around what, you know, around whether or not apps are even allowed to store this data in the first place would seem sensible. Do you have any feelings there?
[05:45]
B
I mean, yeah, I mean whether it's practical to put on those data rules across the entire ecosystem is another issue. But I think we Congress could actually pass some rules as far as how it relates to military members collecting data on military families. Just could should be considered by, you know, any politician as unacceptable.
[06:06]
A
But how are they going to know that it's a military family? I mean that's the point. There's no identities in these, in these data sets. Right. So that's why I think it's got to be a blanket ban or nothing.
[06:16]
B
Yeah, it could be. I mean that's going to get, especially in this current political environment, getting any data or AI rules past the current Congress is going to be challenging. But I do argue that combat units can have rules on cell phones, be the official phones or personal phones. And although you couldn't do it across the entire military, especially if people are deploying and are in support roles, not in forward deployed combat roles, but for deployed combat units you could have rules that are adhered to, not just in the US military, I'm sure in the Australian military as well, it would apply, but, but you couldn't really apply that to military families who are back on the base. It just wouldn't be here adhered to.
[07:00]
A
Yeah, well that's, yeah, you don't sound too optimistic that much is going to change here. Moving on. And we've got some interesting comments out of the US Treasury Secretary Scott Besant, just while we're on the topic of Iran, because he's come out and said, oh, We've seized nearly $1 billion worth of cryptocurrency from, from the Iranians and they don't even know we've done it. Interesting, because the last time he spoke about this he said that they had stolen something like 500 million worth of cryptocurrency from the Iranians. This is an interesting approach. I mean, I don't think we need to go too deep on this one. But I guess one of the reasons I find this funny is because cryptocurrency people are always telling you that, you know, it is beyond the reach of the U.S. government. And it ain't so, James.
[07:42]
C
It ain't so clearly. And yeah, the volume of it is staggering. But I think the point that I found interesting in this was that, you know, this is not just about harming Iran by taking their money away. This has sort of a knock on effect of making it much less palatable to even deal with Iran if there's a chance that your transactions are going to get seized. And it's actually the people that working with them to evade sanctions also miss out on their crypto funds.
[08:07]
A
Yeah, I mean, Andrew, I'm guessing you might have done a little bit of bitcoin. Yoinky. Yoinky. In your years of government service.
[08:14]
B
I can't comment on that. But this is certainly not the first time that the US Government has taken, and I want to say stolen. I think the appropriate word is seized. Seized cryptocurrency from our adversaries. And there is a very public record of law enforcement agencies seizing cryptocurrency from ransomware actors several years ago, which frankly had the intended effect of making it not worth it for two certain ransomware actors to commit their crimes in the U.S. i suspect it will have an impact on the Iranians. A billion dollars worth of crime cryptocurrency, regardless of how that price fluctuates, is quite a bit of money. I think the interesting thing that Secretary Bessen also said is that this will then go into the strategic reserve the oft talked about, cryptocurrency reserve in the US Government. I didn't realize this until I started reading about this story that the US Government currently is the biggest single holder of Bitcoin at $24 billion. That's quite a bit of bitcoin. I just don't know what the US government will do with it. That's an open question.
[09:21]
A
Yeah, well, and thank you, by the way, for that, you know, that language update there, because next time I take a spoon of chocolate cake from my wife's plate, I'll be sure to let her know that I didn't steal it.
[09:33]
B
Seizing it.
[09:33]
A
I seized it. So that's good. What else have we got here? Oh, yes. So we've got a late Breaking story. Now, I mean look, we don't have many details on this one, but there's a very, there's a breaking story that Russia has claimed that there's been a fairly large spyware operation targeting senior officials devices. Which is funny because we saw this once before with Operation Triangulation which got rumbled. What's interesting in this one, I guess they're very light on details. No talk about the number of devices affected or you know, detailed breakdown of the spyware or anything. But they are talking about fastly and Cloudflare being used as part of the infrastructure here to do C2 for these devices. The reason I find that interesting is I checked and I figured like Cloudflare is actually pretty good as a C2 system because you can do like encrypted client. Hello. Although I'm not even sure if you could do that in Russia, but with vastly. You can't. But I'm wondering like why are they calling out specifically the CDNs for being used as part of this campaign? And you, given everything that's happening to the Russian Internet, you kind of wonder if they're planning on using this as a pretext to start blocking major American CDNs. Andy, let's get your thoughts on that first and then I'd love to hear from you too, James.
[10:52]
B
Again, I have no idea what that operation is targeting, but I do think the Putin regime does have a plan. When they announce things like that, it isn't willy nilly. They're just having an open discussion on technology. I mean they're trying to shut down telegram use in Russia. They're trying to do vector the entire Russian population to other CMAs. I would suspect that they're trying to get the Russian economy off American technology for a variety of sanctions issues. So I think your guess is probably correct. Why single out cloud flare unless that is something they're attempting to do.
[11:36]
A
So James, I think, you know, one thing I find interesting here is the Russians love to talk like loudly and publicly about how hard they got owned, which is a weird cultural quirk I think when they're just like, they come out and they go like man, we got owned so hard. You know, like it's the second time we've seen something like that. Did you have the same reaction seeing this?
[11:55]
C
Yes, I did. It's like, oh my God, we've, we've been owned so badly. This is huge. It's the biggest thing ever. And then zero details other than as you said, that the Cloudflare and fastly call out what I Find interesting is, you know, Russia has had no qualms about banning a lot of sites from their mobile Internet carriers and there was a whitelist that was stood up. I wonder if this is more. Things like cloudflare and CDNs that are sort of hosting a lot of sites behind them are a pain because they can't single them out and manage that whitelist as well. And so if you, if this is a pretext to blocking Cloudflare and fastening those CDNs, if those sites still want to have a presence in Russia, then they'll have to be more individually exposed and hosted, which will allow them to then be more selective as to what they whitelist. That was really all I could make out of a quick read of this because it is, as you say, a bit scant on the detail.
[12:46]
A
Yeah, I mean, I just googled it as you were talking there. And Roscam Nazdor, which is the Russian Internet sensor and regulator, heavily restrict access to websites that use encrypted client. Hello. Which makes it difficult for them to granularly block certain websites. So that's why I was like, okay, Fastly doesn't use ach, Cloudflare does. But I think they Russian somehow block it. It's. Anyway, it's a weird story, but you. Yeah, I think we all have the impression that they're using this in some way to target American CDNs and that's why they're talking about them staying on the issue of mobile security, look, signal just keeps taking hits Lately there is a campaign being run at the moment targeting signal backups. Now, this is a different one to the massive Russian campaign doing device link phishing. Right. So the Russians have been targeting politicians and advisers, phones and trying to get their accounts linked with a different device which is under their control, which allows them to stealthily observe messages being sent to and from that account. So that's that device link phishing then we've seen, you know, other attempts where people will take over with a SIM swap and maybe like a PIN fish if they're, if it's registration locked and that enables them to, you know, impersonate that account for a small while until someone gets control of their SIM card back or whatever. It's hardly stealthy. This is yet another campaign. It's being targeting, you know, people who are critical of the, of the Chinese government. And it is trying to grab their backup keys so that later when they take over the account with a SIM swap and a PIN fish, they also have the key that enables them to restore backups of signal messages. Yeah. So that seems to be about where we are, James. You and I were both a little bit unclear on whether or not you could actually recover the backup without also taking over the account. And where reglock also sits in with that. It's a little bit hard to get a straight answer just with. With Googling around with it.
[14:42]
C
Right? It's very hard to get a straight answer, Not. Not least of which, because if one of the things I did last night was I asked Google, you know, can I unencrypt my backups of a signal account if I've lost my pin? And amusingly, like within the same page, the Google AI will say, yes, you absolutely can. And then it'll give you a bunch of links to signal pages that say, you absolutely cannot. So I went through the docs and the docs clearly say there's essentially three layers here. You've got a first register which requires the pin, or, sorry, requires an SMS or a phone call. Or if you've got reglock, that's the second layer. You've got to have that pin. And only then, if you've completed the registration with the same phone number, you will see the list of backups to even begin the restoration. So this does seem to be, what would we say, offense in depth here, where they're making sure that if they do manage to do the registration step, they've also got the backup key there to unencrypt those backups. And of course, the backup key doesn't change over time. It's typically static. So maybe there is value in just having a stockpile of these that you can then use should you then happen to get the device registered into that signal account.
[15:48]
A
Yeah. So, Andy, I want to ask you about this because I imagine, you know, I mean, you are the CEO of a company that I'm guessing sometimes, maybe always, I don't know, has an exquisite capability around mobile device. Around mobile devices. Right. And then you see people doing dumb stuff like this, you see the Russians like, phishing signal accounts and you must think, ah, man, like, why are we bothering with all of this research and developing this exquisite capability when these guys are just doing device link phishing? I mean, is there a bit of that feeling for you when you. When you see news like this?
[16:21]
B
Well, I'm not going to comment on the first thing since I'm here just as a friend of Patrick, but phishing spear phishing is still the leading cause of cyber attacks, of ransomware attacks. I, in fact, got a weird. This is signal support you need to. I think it was reset my pin. So this probably was not the same series of attacks. But Signal is very clear that they will never send you a message like that. So I of course deleted it. I asked a bunch of friends if they'd gotten a similar message and a few had. So again, this is, you know, I would say to Signal users, you know, Signals never going to send you a message like that. So if you get a message like that, don't open it, don't delete it, and certainly do not share share your pin. If you happen to be an activist against the Chinese Communist Party, good on you. But try to steer clear of clicking on any of those sorts of things.
[17:19]
A
Yeah, I just. Look, personally, I don't know why anyone would want to back up their Signal messages. Like, I can't. You know, it's like, hey, we're offering for sale a uranium generator. Just put it in the corner of your room and it will generate uranium that'll just sit there, you know, being dangerous. Like, why would you want that? You know, I get that Signal just has a really wide user base these days. But again, you know, something that we've, we've floated on the show a couple times, I think it was Adam who first floated it is maybe it might be an idea for Signal to have like a higher security mode that disables some of those features and just like has, you know, maybe you just need a little slider in the settings like on a. I'm a total normie who no one's interested in up to. I am a Chinese dissident. You know, that, that should be. There should be a. I am a Chinese dissident setting for, for Signal basically is. Is my opinion. Now we're actually onto something that is somewhat relevant to your, to your day because we've got a story here from 404 media where they are suing the US government or they're suing ICE to get its spyware contract with Paragon. I guess this is interesting for a couple reasons, right? Like I understand that ICE is extremely unpopular in the United States and in my opinion, quite reasonably so, given some of the stuff that they've been doing on the streets of the, of the United States. You know, they've, they've earned some scrutiny in my opinion. But I think also we've got to remember that Homeland Security Investigations is a division of ice. So the idea that Homeland Security Investigations might want this sort of software is entirely reasonable. So just reading from HSI's website, it is the principal investigative component of DHS and is responsible for investigating, disrupting, and dismantling transnational criminal organizations and terrorist networks that threaten or seek to exploit the customs and immigration laws of the United States. So if I had to bet, it would be dollars to doughnuts that that is the sort of use that, you know, HSI is using it for, that sort of thing, not just deploying spyware onto the devices of people who are suspected of entering the United States without prior approval. Now, we have you here, so I figure I wanted to ask you about this report to see if you've got anything to say, because we have had, you know, your company come out and make statements along the lines of, well, we don't actually have a relationship with ICE because that means, well, maybe a contract expired. And then we've had now suspicions from other quarters of the media saying, oh, well, perhaps they're accessing this technology through a third party. We've got you here. Do you have anything you can share with us on this? Yeah.
[20:00]
B
So I guess I'm going to violate my rule of I'm just a friend of Patrick. Just so for this one question. Yes. As the CEO of Red Lattice, I'm not going to comment on specific customers, whether or not we have said specific customers. But what I will say is that Red Lattice has a very specific policy on evaluating our customers before we sign any contract with them. We have. And this is something that's. That's in the public domain. You Googled the HSI write up. You know our policies and how we go about evaluating potential customers. We only sell to liberal democracies. We only sell to countries that adhere to their rule of law. We sell to legitimate intelligence, military and law enforcement authorities who are conducting legitimate missions that fall under the laws of whatever country that may be in. And that applies to the United States government as well.
[21:01]
A
Yeah. And I mean, we should say, too, that this is a $2 million contract, which in the context of this industry is tiny. I mean, can you say, would you acknowledge that?
[21:12]
B
I would acknowledge that any one of us, you, me, or James, would be happy to have $2 million at any, any time, time of day. But for a large company that may or may not be working with a government as big as the US Government, that would be a fairly small contract. Yes.
[21:29]
A
Yeah. Yeah. And I mean, I think we would point out, too, that there was some controversy around Paragon, the use of Paragon technology in Italy. I think where that ended up is. You gave him the old heave ho, didn't you?
[21:43]
B
Yeah, I'm not going to. Again, that speaks to a very specific customer that is in the public domain. I think, Patrick, your inferences may be correct, but I'm not going to comment anymore on that one.
[21:56]
A
Sure. All right, you can take the paragon hat off now.
[22:00]
D
Okay.
[22:00]
A
And we'll move on to the next stuff. Okay, so here we've got, I think the Infosec community, quote unquote, its favorite story over the last week has been Microsoft publishing a extremely tone deaf blog post last week in which it said it would pursue security research. Basically, it implied that it would, it would, its digital crimes team would pursue people who were irresponsibly disclosing security vulnerabilities for, for prosecution somehow. Now, I mean, look, I saw this, I knew what sort of reaction it would get, but I kind of rolled my eyes a little because Microsoft is not in fact the FBI and cannot in fact prosecute people criminally in US courts. But that said, it is alarming, I think, when a large company sort of intimates that that's what it wants. James, Microsoft totally earned this reaction. It has since backtracked and said, well, no, that's not what we meant. Which also I think Blind Freddie could have seen that coming. But how did we get here? I mean this, this is all to do with the like Nightmare Eclipse stuff, right?
[23:07]
C
Yeah, it's a direct response to Nightmare Eclipse. And for folks not familiar with that, that is a security researcher that at this stage is still, still anonymous. And they have over the last month or two just released a series of, you know, really quite incredibly bad bugs and more to the point, working proof of concept exploits for various Microsoft things. And you know, the, the one we discussed, I think in the last week's show was actually just a complete bypass of, you know, the, the full disk encryption system, which is just, it's kind of amazing the scale of these bugs that, that they're releasing. But this researcher has continually claimed that they've had some beef with msrc. We don't know what that is and I'm by no means defending them and their actions. But yes, it led to this tone deaf piece is, you know, an understatement, like the language of responsible disclosure, therefore sort of, I guess indicating that they believed this was an irresponsible disclosure. But then to combine that with a direct call out of their digital crime unit will be investigating, therefore saying that they believe this is a irresponsible and a criminal act. I mean they've, they've come out with their backup statement and sort of saying that's not what we meant, but it's exactly what they meant. I mean, it was designed to really sort of rattle this person and instead it's really blown back on them in a big way. I think someone commented that it's rare to see the infosec community so unilaterally aligned on a negative response. But this is one of those rare occasions where everybody seems behind it.
[24:32]
A
It's because this is a settled argument. I mean, I've been in this business a long time, I've seen it come and go many, many times. But it's a settled argument. It always lands in the same place, which is if you got O day, it's up to you what you want to do with it. And if you as a company cannot entice people to do it through your preferred channels, that's your problem basically is you know where we've landed on this every time it's come up. Now look, I will caveat that by saying there are circumstances in which I can imagine a researcher is breaking the law through discovering and publishing vulnerabilities or selling them in certain ways. So for example, if someone comes up with an ode, they sell it to a criminal group that they know. They know that that criminal group is going to use it in say a ransomware attack, for example, and they're profiting from that. That is highly likely a criminal offence of some description, some sort of conspiracy. Conspiracy offence. I'd imagine also that there is a line somewhere where you're reporting a bug to an organization and they offer you a bounty and you say, well no, I want more. And we possibly winding up in some sort of blackmail situation. Now I've got nothing. I'm not at all suggesting that that's what's happened with the nightmare Eclipse thing. I guess I'm saying it because I think we need to still be able to hold a couple of things in our heads at the same time, which is that Microsoft's blog post was extremely tone deaf and dumb and bad and stupid and just wrong. And also we don't really know the whole contours of this, of this situation at this point, so let's just keep an open mind there. Now, you'd also said that this person's not known. We did see a doxing attempt, actually that was deleted pretty quick. That indicated that this was someone who actually worked for Microsoft for a while. But you know, I'm not obviously going to name them because even the people who did the doxing didn't stand behind the doxxing. But yeah, there's plenty left to go in this story. Andrew, did you track all of this and did you have any feelings about the way Microsoft handled this? Because I thought it was, yeah, just bad. Tone deaf.
[26:27]
B
My instinct, you know, Microsoft's an enormous company. My instinct is that the left hand didn't know what the right hand was doing because I'm on several cybersecurity researcher threads, including one in Signal where that community of course went ballistic. But there are certain people who are part of that same community of cybersecurity researchers that, that work in various parts of Microsoft, defending their own networks, defending or, you know, fixing the software, who were kind of on the side of the security researchers. So I don't think whoever was responsible for releasing that original post probably hadn't talked to the other side of the company is the instinct I have. You know, and going back to comments that we've, you know, you've made on the show in years past and I've made, I mean, sometimes Microsoft is both arsonist and fireman in this case, I think, I think that's what we may have here.
[27:22]
A
So I think it's also the case that the staff member who wrote that, you know, they might not have been around the last time this came up as a topic right in the infosec community. So I think there is a little bit of like, you know, people discovering, in fact that there are some, some rules or some norms around this stuff. Anyway, let's see where that one goes. Just real quick, IBM is pumping 5 billion billion dollary dues into open source security to find and patch bugs. Of course, IBM owns Red Hat, was all over Linux as an enterprise thing for a long time. IBM has been, you know, well into open source. So they've got this thing called Project Light. Well, why are they always giving them these Glass Wing Lightwell, you know, does it need to have a code name? Anyway, they got this thing, Project Lightwell and they're creating a trusted enterprise clearinghouse combined with a global force of engineers to identify and fix vulnerabilities at scale. Seems like a lot of money, James. I'm sure, you know, we'll be interested to see what they do here.
[28:20]
C
Yeah, it's a lot of money. It's a very grand sort of way they frame this. But I think this is great specifically when they say, you know, this is going to be a trusted enterprise clearinghouse for sharing of data about vulnerabilities and challenges that people might be having with adopting and using open source software. Especially if the patching cycle for that is slowing up because the maintainers are inundated. I just wonder, how far does $5 billion go? They say that they're going to first focus on Java and Maven, which completely makes sense given the enterprise context.
[28:52]
A
Did you just say I Wonder how far $5 billion goes? Is that essentially what you said?
[28:58]
C
Yeah, I mean, think about the sheer scale of open source. I guess what I'm asking is how much is enough to have a material impact and then how much more is needed to actually, actually fully reconcile and deal with the fact that we've now got, as you often say, AI that is both simultaneously just continuing to produce zero day bugs as well as arming this fleet of, what do we call it? Infinity E Script kiddies.
[29:21]
A
Yeah, I mean it finds infinity bugs and creates infinity bugs, which is just like an amazing combo. But I don't know man, $5 billion to spin up a global force of engineers to identify and fix vulnerabilities at scale. I'm thinking if you've got 5 billion bucks, there's probably better ways to secure the open source ecosystem. Andy, do you have any thoughts here?
[29:40]
B
Yeah, I would just say on the 5 billion. I mean as, as a former senior government leader, I could have done quite a bit with $5 billion for cyber offense engineering, cyber analysis, and probably had plenty left over to buy a couple G5 jets just for my own entertainment. So yeah, 5 billion should go quite far. I'm always enthusiastic when the private sector gets involved in this sort of thing. Patrick, you've talked a lot about on the show. We also have to have government agencies that are fully funded, fully staffed, who can be coordinators of this. Not, not no single private sector company can manage this on their own with $5 billion or otherwise.
[30:23]
A
Now, there's been a federal government audit in the US looking into the NVD falling over under NIST's management. And this audit has in fact found that it was NIST's fault, which I guess shouldn' surprising given it was NIST's responsibility. I think though, James, you and I have sort of discussed this over the last couple of days and it's your opinion that if we're going to have something like the NVD in the future, it's going to have to be AI enriched. Like you're not going to have people doing NVD the way it was done before. So it's going to have to be AI enriched or not at all enriched. And they're basically the two options, right?
[31:02]
C
They are the two Options. And the trade off then is, you know, is, is an NVD or some equivalent of it that is enriched by LLMs and therefore has a higher potential for a greater error margin. And hallucinations and all those wonderful things that come with large language models being involved, is that still better in a higher degree of utility than just not having the list at all? And I would err on the side of, yes, that is going to be more valuable and those language models will only get better, presumably at doing that task. So I hope that's what we see come out of this.
[31:32]
A
Yeah, yeah. Now look, another story that's been making waves this week is hackers using Meta's AI chatbot. Like, it's AI support chatbot. They're socially engineering it basically to get it to reset, to swap out the emails on accounts for their own emails and then they can go through password reset flows. I get that this is making a lot of news because it's like, my God, they switched to AI support and now people's accounts are getting hijacked. I mean, the only thing I would say here is that like, it wasn't too much better when it was humans doing the support. And I have had a front row seat to a bunch of Instagram account takeovers. I have spoken at length many times about what a mess the Instagram account management thing is. Like at Meta, it's an absolute dog's breakfast. But this one's doing numbers, obviously, because AI. But yeah, James, like how do you, how do you fix this? Right, because there's a bit of a contradiction here where you want AI to be empowered to be able to actually solve problems for people, but then you run the risk of stuff like this happening.
[32:37]
C
Yeah, exactly. I mean, I think we've all probably had that interaction with an AI chat service that is not connected to the back end services and can't actually take any actions on your behalf. And it's just, it's so low utility and it's so frustrating because it's, it's time, it's time consuming. You got to sit there and go back and forth until finally you might get upgraded to the conversation getting to human. So I get it that, you know, Matt has taken the next step here and said, well, let's actually give our AI LLM some tools that can connect to the backend system so it can, it can operate on behalf of users. But the real sort of face palm here is like, how did they do this in a way that was just not actually checking the scoping of the Operations. If I'm signed in as me and I'm asking a chatbot to change the account linking of a completely separate account id, you gotta think that's a pretty simple policy to implement that does not require guardrails baked into a model, that does not require all these LLMs as governors. That just, that's the thing, I just don't get that. Just seems like something that should have been so simple to implement. But yeah, this is happening and of course, you know, AI is available 24 by 7, it scales up. So if this is exploitable, it's going to happen lots and lots and lots. Far more so than even just as to your point, getting into the human call center will allow you to do.
[33:51]
A
I saw someone take over a high profile account by sending a trademark application that wasn't granted for someone else's trademark to their like integrity team or whatever and saying this person's impersonating us and it was an application that was going to get bounced and they swapped over the account to that attacker. Like just dumb stuff like that. So yeah, meta doing dumb stuff with Instagram accounts like, wow, stop the presses. Can't believe it. Anyway, what else have we got here? We've got a. The Belgians. The center for Cybersecurity in Belgium is warning that this horrible bug in Windows domain controllers, the Net login bug, it's a CVSS of 9.8. It is being exploited 17 days after the patch came out. I mean, you know, you're unlikely to have your domain controller hanging out there on the Internet, but if you've got a presence on a network and then you've got this exploit, I mean it's, it's party time, right?
[34:45]
C
Yep, yeah, it's party time. And you know, I think we, we were talking earlier this morning about how often we see Palo Alto networks and Fortinet boxes get popped. But you know that this is the next lateral movement or one of the lateral movement steps you'd want to do. And with a, you know, CVSS 9.8 lurking in netloging, well, wow, that's an easy move into the domain controller. The thing that's interesting here, just in the context of what we've been talking about with Nightmare, Eclipse and the bugpocalypse, et cetera, like if you sort of zoom out here, the timeline is interesting here, where it's like, this is a CVS 9.8, it was patched on May 12th. 17 days later you've got the Belgians coming out with a warning about this. How does this stack up and actually validate the whole patch faster thing. If this is still being exploited in the wild 17 days later, people aren't patching that faster fast. And it's clearly not reasonable to expect them to, despite this being such a bad bug.
[35:38]
A
Meanwhile, we've got, you know, it's Wednesday in Australia, so CISA has added a Palo Alto Networks global protect bug to the Kev list. No surprises there. So if you're running Pan, you might want to check that one out. Something a little more interesting. This week, the password manager, Dashlane. 20 of its customers had their. Their password vaults stolen from the service, but a whole bunch of other accounts wound up getting locked because the attackers were like brute forcing the MFA codes to get into these things, which you and I are like, well, how does that work? Are you really not rate limiting or putting lockouts on six digit, two FA codes that people are trying to brute force? I mean, this to me screams like there's an API endpoint somewhere that they forgot to put rate limiting on. That's what you think too, right?
[36:29]
C
Yeah, absolutely. But even that, that leaves a couple of unanswered questions, right? Because the first bit of noise we heard about this was a small number of people saying, hey, I've been locked out of my account. And it seemed like a small number of people. So there must have been some rate limit. Maybe that was the initial part of the campaign. Then they found an API that didn't have the rate limit. They were able to do more brute forcing. But if I had found an API that had no rate limiting, that allowed me to brute force two FA codes on Dashlane, of all things, I would think the attacker would walk away with more than just 20 accounts being brute force. So I just. Something doesn't add up here. And to say that Dashlane are being cagey about the details would be an epic understatement at the moment.
[37:14]
A
Well, time will tell. Meanwhile, we've got a couple of takedowns. The Glass Worm botnet has been taken down. And then we're going to talk and I'll bring you in on the next one, Andy, which is about this huge residential proxy network that got taken down. But, James, tell us about this glassworm botnet that CrowdStrike and others took down.
[37:34]
C
Yeah, it's basically a botnet and a worm that is targeting developers. And I was joking with you this morning, Pat. This is what Team PCP would look like if they actually had a clue as to what they were doing and more organized. But this was a very well resourced, well constructed combination of botnet and malware that essentially began with malvertising campaigns to get get the worm onto that initial access with the developer's account. The worm goes and finds all your NPM GitHub publishing credentials, it goes and infects your repos with force commits. And it's essentially aim in life is to exfiltrate your credentials as well as publishing more malicious versions of packages that contain the same worm. That bit's not super novel. We've seen lots of iterations of that with like shyhalud, minishaihalud, et cetera. What was interesting in particular about glassworm is just the architecture that went into making sure that this was really resilient to takedowns. They had essentially four or so different channels for C2. There was a Solana blockchain way to resolve the C2 endpoints. There was use of the BitTorrent distributed hash table to again store configuration for how the worm and the botnet should operate. They were using commercial VPS servers and they were also using Google Public calendars to transmit C2. And the point that CrowdStrike makes with this, that makes this quite a neat bit of work is they had to take down all four of those immediately, simultaneously. Otherwise the worm just adapts and goes and uses the other control channel. The thing that I wish they'd given a bit more clarity about is, you know, they talk about the partnership of how they took down the VPS hosts, how they took down the Google Calendar. That all makes sense, that's commercial. But how they managed to register and take over these Solana wallets and also take out the BitTorrent. No detail. And I want to know.
[39:28]
A
Yeah, yeah, I mean it's. Yeah, I don't know. It's sort of like the Iranian bitcoin seizures though, where every time you find out how someone did something like this, it always turns out to be really dumb. Yeah, like it just turns out to be stupid and, and very disappointing. But yeah, who knows?
[39:42]
C
Yeah, the seed phrase was password 1, 2, 3, 4.
[39:44]
A
Exactly, something like that. Or the, you know, the wallets were held with a commercial, you know, exchange in America or something. It's like, you know, just stuff like that.
[39:52]
B
Or the perpetrator put his seed phrase on Instagram photograph. That's actually happened.
[39:59]
A
Yeah, wonderful. Just, you know, chef kiss. But look, speaking of takedowns, we got this other one. What is it? It's Asox, which is a Russia based company that provides residential proxy services. So this is used for everything that you would use a large, you know, botnet for. But it was, yes, 17 million devices, which is a bloody big one. That one's been taken down. Andrew, I'm guessing like probably these residential proxy networks were starting to become a pretty big problem about the time you were leaving government service. Do you have any feelings about this one?
[40:34]
B
Yeah, I mean again, who was involved on the government side? I'm not sure, but I mean, I think proxy services like this are going to continue to be a threat and having unified action between private sector companies, be they CrowdStrike as James was talking about, but a robust, well staffed, well funded cisa, FBI, Cyber, my former colleagues, and of course Rob Joyce's former colleagues up at NSA all working together is critical because these threats are going to continue to increase exponentially, I believe.
[41:09]
A
Yeah, I mean one thing that's been interesting about these, I've been doing a bit of work on this and I'm sorry to be talking about my own stuff right now, but one area where this has turned into a problem is you rely on stuff like Gray Noise to tell you about, about bad IPs. And I think, you know, largely these types of botnets are a bit of a response to services like Gray Noise because you want to be using a single IP out of these networks, use it once and then move on from it. Right. So it's very unlikely to be in the Gray Noise data set. Funnily enough, where that's turned into a sweet spot for some work that I've been doing with, with, with Knock Knock is it's very unlikely that one of your users is going to be logging in with a valid identity from one of the endpoints in one of these botnets. Right. So you sort of don't have to worry about them because you're working on a network allow listing model instead of a block listing model. So that's nice. So, you know, and you can also use Gray Noise to filter out or disallow logins from Gateway IPs that might have a bunch of vulnerable devices behind them. You know, and it's great that we've been able to work out something that, that really helps people here. But you know, we're a baby, baby, baby startup based in Australia and not many people are using it and this is turning into a huge problem. So I don't know where this goes. I mean, yeah, I mean I'm kind of rambling now. But like one thing I would say is like to a, To a degree IPv6 just expands your options for dealing with this sort of stuff, like immensely. But you know, IPv6 is coming the same as like Linux on the desktop, right? So that's, yeah, that's about where we are. Anyway, moving on. And we've got a Chinese speaking fraud gang spinning up hundreds of domains that are selling tickets for the, well, fake tickets for the 2026 World Cup. The reason I find this funny is because this scam around major events has been running similar scams have been running for a long, long time. I've linked through to an ABC report from 2008 about people doing the same thing for tickets to the Beijing Olympics. So this is not a new thing, but it's growing in scale and sophistication, which is why, you know, you've got these companies out there that do brand protection stuff these days. And this is why, because if you're not on top of it, yeah, people are going to get fleeced. Now this one's right up your alley, James. We've had a whole bunch of Red Hat packages backdoored through its official NPM channel. I mean, look, you know, NPM package gets backdoored, not a big deal when it happens through Red Hat. I mean, it feels like that is kind of a big deal deal.
[43:38]
C
It's a big deal because of its Red Hat. But also I think we're just seeing an increase in sophistication as to how these NPM packages are being compromised. I did a bunch of work this week on researching Team pcp, which has obviously been leading the pack in terms of making noise about supply chain attacks. But the most interesting thing with Team PCP was that compromise of the tan stack packages where because they actually got Tanstack's legitimate build pipeline to create the malicious packages. That's like the next level of spreading of these ecosystem attacks. Because it's one thing to steal a publishing credential, create a bad version of a package, publish it. If they're using Salsa and whatever else, the signatures are not going to check out. And it's easy to spot. But it seems like just like in the Tanstack attack, what happened here in Red Hat is there's some degree of legitimate use of Red Hat's own public publishing pipeline because it talks about they were able to use their OIDC credentials to mint those packages that, despite being malicious, look more trustworthy than just your garden variety bad package being posted by a bad actor. So I think it's just interesting for that aspect of the trade craft around how these supply chain ecosystem attacks are happening seems to be getting more and more better and better and it, it's the trust signals that are getting eroded and that's, that's quite alarming.
[45:05]
A
Yeah. And meanwhile, speaking of Team pcp, yesterday or last night actually, you published a like an hour plus long deep dive on Team pcp. It's one of your solo podcasts. So for those who are not yet subscribed to James's podcast feed, it is called Risky Business Features and that's how you can find it in your podcatcher. And yeah, go check that one out. That was a labor of love that by the end of it, you are well and truly happy to see the back, the back of. Because you worked very hard on it. So people should go and appreciate the product of James's suffering.
[45:37]
C
Yes, please appreciate it, but do not contact me about it. I don't want to hear about it. I'm so done with that episode.
[45:44]
A
Moving on. And the Trump admin has released its AI executive order. It was due to sign one a couple of weeks back and then it wound up pulling it. I think there was some, you know, talk that David Sacks didn't like it or whatever and that's why it got pulled. It's resulted in this EO that says there's up to 30 day voluntary window where the frontier models can provide their updated models to the government for evaluation so that they understand what they're dealing with. It's all voluntary and whatnot. To be honest, I think it's, it's, it all seems pretty sensible. I thought 90 days, which was in the original EO. It's just too long. It's going to slow down the frontier companies. Companies, they would be less likely to stick with a voluntary regime like that. That would put them three months behind putting their releases out. I mean, you know, Andrew, you spent a long time in government. I'm guessing you looked at this and thought, yeah, this seems about right.
[46:35]
B
Yeah. I mean, you know, the Biden administration had a, had an AI policy and AI executive order. Obviously that was rescinded very early in the Trump administration. This is a much shorter one. It eliminated some of the social policy aspects that the, the Biden administration had in there. I think it's a good start. But I do think in the United States in particular, we need, and what I think this executive order was reflecting on is the recognition on the administration's behalf that they see a national security threat to these frontier LLMs, particularly from the PRC and that we have to deal with that security issue. They're also trying to balance that by not bringing in a whole lot of regulation that prevents American innovation in this space. That being said, I think there's going to be so much apocal change in the labor markets in ways that we address education and the ways that we address particularly the young white collar workforce that we need. Congress engaged on this, both parties engaged on it, to come up with not necessarily regulation that's going to stifle innovation, but so that we understand what the left and right guardrails are going to be on national security, on how we deal with labor, and frankly how we make AI tools, LLMs beneficial to as many Americans as possible. The same thing would apply to Australia and maybe Australia is ahead of us on this. I just don't think our current political environment, it seems to be a zero sum game where either you throw out all regulation or you go and regulate everything. There's gotta be a middle ground that allows for innovation but also allows for us to safely deal with these tools.
[48:27]
A
Well, there is one set of circumstances where the US Government rapidly responds and that is whenever anyone does anything that threatens the Trump family's financial interests. And we've got a great story of that here. Which is this guy, Michael or Michele Spag, what's his name? Spagnuolo, who's an Italian bloke who worked at Google as a security engineer. And he's been arrested in New York for making $1.2 million out of putting bets on Polymarket about what the most popular keyword searches would be on Google in a given period. Of course he had access to inside data there. I think we should let this king go. I think defending gambling sites like this as if they're like regulated commodities or securities is frankly somewhat ridiculous. This action by the DOJ legitimizes these services and I guess we shouldn't be surprised that this is something that the White House wants, given that Donald Trump Jr. Is an investor in Polymarket and is on the board and I think has an interest in Kalshi as well. So there you go. But this guy's looking at like 50 years in prison. Okay. Should you use insider info to do stuff on Polymarket? I kind of think that's the advantage of Polymarket for the rest of us is we get, we get to find out stuff that way. So. But you know, now it's being treated as if it's the share market. It just seems insane. Look, the money laundering stuff, I had a peek at the indictment and you know, he was obviously trying to obscure funds and like wash crypto and stuff. And that, that did kind of look a little bit money laundry if I'm, if I'm honest. But yeah, I don't know. I don't know about this. Like. Andrew, do you have any thoughts on this one?
[50:04]
B
Not a lot of thoughts about that one. But I mean military members, I mean we'd had a recent one where yeah, a member of the US Military who had insider knowledge on the Venezuela operation.
[50:14]
A
But that's not a, that's not a, that's. He's not being charged with a financial crime. That's about disclosing, you know what I mean? Like. I don't know.
[50:20]
B
Right. Yeah, but, and, and I think you're right. I mean the financial part of it is, you know, I don't think you're going to want to regulate some of that, but you're certainly going to want to rules around people who have inside information on national security operations. I mean that's just not going to be a thing that's going to be allowable. And I think the case against that member of the special operations community probably will be precedent setting.
[50:44]
A
Yeah. Yeah. James, do you have any thoughts about Spagnuolo's predicament here?
[50:50]
C
I just feel sorry for the guy, man. Like you know, it to the point around the intelligence information and you know the similar case around the Maduro capture showing up on polymarket, that, that's information and data that had a real world impact if it leaked out. This is Google search term ranking. It would not have made an impact to any share market or any material impact anywhere. The fact that it was even on polymarket as a thing you could bet on or take a, take a contract in as they say, it's just kind of, it's disappointing.
[51:23]
A
I think my favorite one, I don't even know know if it's true but it was going around a couple of weeks ago where someone had bets on whether or not the temperature in a certain area would reach a certain point.
[51:31]
C
Yeah.
[51:32]
A
And so they found the station and like hit it with a hairdryer.
[51:34]
C
Yeah, yeah. I think there was like a French airport and you. Yeah. Just walked up and. With a hairdryer and.
[51:39]
D
Yeah.
[51:40]
C
Elevated temperature.
[51:41]
A
There you go. You know, I don't know. I think that should be allowed. I mean if you want to, if you're going to have a sketchy like cryptocurrency enabled gambling market, I think it should be completely open, slather and unregulated and you know, know it's more fun that way. Anyway, we're Going to wrap it up there. That is all for this week's news section. Andrew Boyd, James Wilson, thanks a lot for joining me.
[51:59]
B
Thank you, Patrick.
[52:00]
C
Thanks, Pat. It's been a lot of fun.
[52:06]
A
That was Andrew Boyd and James Wilson there with a check of the week's security news. Big thanks to them for that. It is time for this week's sponsor interview now with the co founder of Authentic. That's Authentic with a K. Fletcher Heisler. Authentic is an idp, kind of like an octa or a ping identity or Entra. It's one of them. It's an idp, but you can run it yourself. It's open source, but there is Authentic the company as well as Authentic the open source project where you can start buying, you can buy some enterprise like features. That is the business model for Authentic. So Fletcher joined me for this interview where we spoke about AI. Yes, sorry, we're speaking about AI but from a few different angles. So we speak about what authentic users are doing in terms of using the IDP to spin up accounts for agents, for example. But we also spoke about what it's like being a open source project maintainer when everyone starts reporting AI. Discovered bugs in your project. And that's where we started this interview with Fletcher Heisler, which starts now. Enjoy.
[53:11]
D
It is a lot to deal with, but we are eager, happy receivers of it. On the not so open source side, you don't necessarily know what's happening and you're on your own. We have a lot of great community members as well as customers who are well resourced, well connected, have really strong tools. So I can't say for certain what they're running, but we're getting some really good reports and we get to take action on that right away in the open. I'd say it's interesting we're not seeing anything brand new in terms of categories. I would never have thought of that. It's just extremely thorough. And when you have a complex enough product, if you can combine this and that and the other in ways that a person might not have considered just because it's so deep to go into that particular corner, we're getting some good results. We're also seeing some very well hallucinated noise, as expected. And that's a little bit the problem
[54:10]
A
is the hallucinations are so intricate that it actually takes time to chase them down.
[54:16]
D
A couple months ago it was much easier to say this is AI and
[54:20]
A
now it's like, okay, well let's get into this. And then next thing you know, you're debugging something and it's like it doesn't, why can't I get this to work right?
[54:28]
D
And we are seeing a lot of duplicates, but also a lot of related and overlapping bugs. So it seems like that's kind of the nature of sending things through. The probabilistic beast is you'll get slightly different paths and answers, but there's similar paths frequently. So we can kind of solve for related areas at the same time. And there are only a few major models to go around, but we are definitely seeing some repeat, repeat of vendors coming up.
[55:03]
A
Yeah, it's funny, right? Because I was just thinking, you know, I deal with a lot of security vendors. Some of them do SaaS. I mean, yours is kind of like SAS that you can run yourself. Like it's IDP that you can run yourself. Right? But it's still kind of SAS delivered ish. I guess it's like help you to be your own SaaS. But the point is people are vibe coding their own SaaS, right? And I'm thinking the last thing you're going to vibe code is your own idp. Because trying to vibe code anything to do with like Saml I think is like, you may as well just put a gun to your head and pull the trigger. But look, staying on the on the AI topic though, one area where I really wanted to pick your brains is
[55:39]
B
on
[55:42]
A
machine identities, right? Because this is becoming such a huge thing in AI is like everyone's like, oh my God, these little E critters, these little agents, you know, openclaw, whatever, Claude's one, you know, they're kind of like malicious insiders to a degree, right. So you got to really wrap some tight permissions around them. They've got to have their own identity. I mean, people are making mistakes with that already. But you know, you being an open source idp, I'd imagine when people are getting ideas of how to handle machine identities, the first place they're going to to try to implement this, it's going to be authentic because this is the IDP you can fiddle with. So I guess my question is like, what, what ideas are people coming up with and implementing with your idp and what are the good ones and what are the bad ones? What have we learned?
[56:33]
D
Sure. So it's interesting. I mean, we're seeing tons of startups in the AI space, partly because funding is easy to get to, but lots of problems to solve. And it's fascinating to me how many are solving AI identity from scratch as if These agents need to do brand new things in brand new ways. They're working with the same protocol. So we've seen kind of MCP as a bit of duct tape when you don't have an API. But in the end, if what we're heading toward is this agent needs to do human like tasks with human like interfaces, you need all the same tools and you need to be doing all the same things you should have been doing in the first place. Finely grained permission controls, token based accounts, passwordless, etc. It's just even more important now. And automating infrastructure and so forth, forth. So the fact that we've had what we call service accounts for years, M to M, sounds less sexy than say, I guess, an agent user. But the fact that you can still be a machine with all of the same capabilities there seems like the right way for you to go. You need all of the same identity tools and access tools for these.
[57:42]
A
I'm guessing just off the top of my head, and I wasn't even thinking this before we had this conversation, so this might be a dumb question, but I'd imagine for certain operations, right, when a OpenClaw agent or something wants to do something, you might want to kick off a step up authentication challenge with the human user, right? So openclaw wants to go do this risky operation or do something outside the parameters of its sandbox. You know, it's going to send like an MFA challenge to me and it's going to say, hey boss, I want to do this thing. It's kind of risky, I need your permission and there's going to be some sort of workflow there. I would think that like going through authentic because you've got endpoint agents and stuff now as well. I would think, you know, rather than starting from scratch, I'm going to want to do something with authentic. Are you seeing that sort of stuff kicking off?
[58:28]
D
Yes. And actually that's a lot of our current work is around sort of access grants and time based management. Time based access and things like that, where again, you don't.
[58:36]
A
So not a dumb question. I'm very relieved.
[58:39]
D
You don't need to reinvent everything from scratch. It might not be the same approval flow of like, I don't want an email from my agent every time they want application access. But so long as you have those kinds of flows built in, you can then say, here are the areas where, yes, I need to grant temporary access automatically. Here are some more sensitive areas where you need the human in the loop to stop it. Each Time and say, I'm actively making the this decision. I think similar to what we're seeing even just in our own internal use of the various models in helping us on our local machines. You need to isolate that and figure out how much you want to be involved. Depending on what you're doing, agents still need a human owner. You might have your manager set up in some access system, but essentially saying here is the human responsible for everything that's happening downwind here. And agents may be owners of agents eventually or something along those lines, but you need to have someone even at least compliance wise to tie this back to and say here's who thought this was a good idea to set this
[59:43]
A
up in the first place. But I mean this is the problem, right? Which is people are just giving agents their own identity. I mean one of the guys who works here, James Wilson, he's a real heavy AI user and he's the one who's always telling us the hilarious anecdotes. A recent favorite was when he's building some apps internally for us and he suggested a change like he wanted to build some new features and the LLM like talked him out of it, which was interesting. Like, well, given your information architecture, have you thought about this? And he's like, ah, yeah, okay, you're right, probably won't do it that way. But one of my favorites is when he was messing around with OpenClaw and it just asked him, guided him to go get the right cookies out of his browser so that it could just go and like access one of his social media accounts. Like it didn't even, you know, oh, you don't have an API key, that's fine, just go, just go. Yeah, exactly. So, you know, I think, I think it's all well and good to say that agents need to have an owner, but they're sneaky and they're going to ask their owners to give them the stuff that they need to do stuff as them, right? So for sure.
[60:44]
D
And things will inevitably go off the rails. And so you need to isolate and contain as much as you can.
[60:50]
A
But that's kind of impossible because you got an open call agent running in a sandbox, right, with heavily restricted permissions that asks you for this keymap that lets it basically be you elsewhere. Like ah, man, how do you even stop that?
[61:04]
D
To your note on set, it's sort of like it's a built in insider threat that's meant to social engineer you in a way. So we recently added sort of an account lockdown feature and this was not thinking about AI initially. This is actually based on, you know, one of our employees clicked on something he shouldn't. It happens to all of us at some point. But he recognized that, let our CTO know because everything was through authentic. We could just lock that out immediately, remote wipe and everything, and then double check that it's all fine and good. And we were like, okay, how do we make that just that easy for everyone else who's using authentic now? You can just click a button, whether that's your admin or you yourself, and revoke sessions and tokens and so forth, forth. And then we got to thinking, actually, we need these fail safes while I'm watching Claude do God knows what sometimes so that I can at least hit the E stop and say, hang on, looks like things have gone off the rails here because inevitably they will. When we're running at breakneck pace, letting these agents do some curious things sometimes.
[62:07]
A
Now, I'd imagine you were probably seeing like as a, you know, take your open source maintainer hat off, stick your, we're running authentic, the company hat on. I imagine you're seeing the proliferation of AI as a fairly massive opportunity. I mean, if I'm you, that's how I see it for sure.
[62:24]
D
Yeah, it's interesting. I think a lot of companies and startups are in trouble in that it's much easier to replicate existing projects or features or surface level or fairly narrow software. And there's a lot of like, well, why don't we just clone that SaaS for ourselves, custom code running. And I think that's only going to increase an IDP plus some. I don't think we're going to find a lot of folks who say, let's just do that from scratch. Or even we will inevitably have some folks say, sure, we'll take authentic open source and just build on top of that ourselves. But what we've built up is our own internal expertise, our product vision, our community helping us along the way, where I think that's really the value to most companies at this point.
[63:14]
A
You know, I mean, more in the sense of like, well, you know, you think about everyone vibe coding these apps, they're going to need to have some sort of authentication plumbing. They're probably going to use chunks of authentic for that. And that gets authentic out there, you know, more widely. And people might say, hey, you know, well, you know, this authentic stuff is good. And once they've had that exposure to the platform, using it as a, you know, using it for their vibe coded SaaS because you don't want to vibe code that component, I guess so much, you know, and then just the absolute proliferation of agents and the number of accounts. You know, this is where I see the opportunity for you guys is the number of accounts is just going to explode. And you look at the way some of the other IDP companies operate and I reckon they're going to have a hard time figuring out how to build that. Yeah. You know what I mean? Like, I just, I just think there's opportunities here for open source, sort of faster moving IDP to sort of capture a lot of this market. I think something that's open source just has a better starting point when we're rethinking some fundamentals because of AI. You know what I mean?
[64:17]
D
Yeah. When you think of like, we already had a lot of folks coming to us on the SIAM side from struggling to scale auth0 and I have a lot of empathy for who knows what those API calls look like on the other end to try to support. But as an end customer, you can run Authentic in house. You can know what scale you're getting there. You can scale up and down as you kind of have your identity bandwidth needs are changing there as well. Yeah, I kind of see it to your earlier points as a bit like postgres. Sure, you might use your SQLite, little tiny home lab thing, but when you're ready for some serious features, you just reach for Authentic as your default identity layer and being able to customize that to run it yourself to build on top of that, you know, we're looking forward to seeing what comes next there for a wide swath of the community and enterprises.
[65:12]
A
All right, Fletcher Heisler, that's all we got time for. A pleasure to chat to you again. We'll look forward to doing it again sometime later on in the year. But yeah, always very interesting stuff. Thank you.
[65:21]
D
Thanks so much, Pat. Good to catch up.
[65:24]
A
That was Fletcher Heisler from Authentic There with this week's sponsor, Rid of you. Big thanks to them for that. And if you're looking for authentic, just Google Authentic, but use a K instead of a C and that's how you will find them. That is it for this week's show. I do hope you enjoyed it. I'll be back soon with more security news and analysis, but until then I've been Patrick Gray. Thanks for listening, Sam.