Security Now (Audio) — Episode 1038: Perplexity’s Duplicity

Date: August 13, 2025
Hosts: Steve Gibson & Leo Laporte
Podcast: TWiT

Episode Overview

This episode explores the state of AI web crawlers and highlights the controversial behavior of Perplexity’s web-scraping practices, as revealed by Cloudflare. Steve and Leo review the growing tension between AI companies and web content creators over data access and discuss broader security news, including new vulnerabilities affecting Microsoft Exchange and Dell Latitude laptops, malicious repository libraries, a major firewall compromise, and the latest in browser ad-blocking. The hosts also answer listener questions and reflect on their podcast’s 20-year history.

Key Topics & Insights

1. Security News Roundup

• New Microsoft Exchange Flaw:

  • CISA issued an emergency directive for all federal agencies to patch a post-authentication vulnerability in Microsoft Exchange Hybrid joined configurations, with a four-day turnaround.
    • Agencies must install Microsoft's April 2025 patch and follow procedures to secure hybrid cloud/on-premises setups ([14:00–22:47]).
    • Steve Gibson: “Owners of On Prem servers must install the April hotfix … The problem was that exchange server in the cloud would receive the on prem authentication certificates which the bad guys may have gotten a hold of and then they would have free reign throughout your whole cloud environment.” (21:11)

• Nvidia’s Backdoor/Kill Switch Statement:

  • U.S. officials floated requiring chips to have kill switches for national security. Nvidia firmly rejected the idea, drawing parallels to the Clipper chip debacle, calling backdoors “a gift to hackers” ([24:15–31:49]).
    • Nvidia: “There is no such thing as a good secret backdoor, only dangerous vulnerabilities that need to be eliminated. … It would undermine global digital infrastructure and fracture trust in US technology.” (29:00)

• Dashlane Ends Free Tier:

  • Dashlane is eliminating free accounts, which were highly limited (only 25 passwords).
  • Comparison of password manager free tiers with praise for Bitwarden’s open-source, truly free approach ([33:20–41:24]).
    • Steve Gibson: “How can anybody use a password manager with a 25 password limit? I just, I don't get it.” (41:04)

• Malicious Repository Libraries:

  • Recent discoveries in NPM and Go highlight the increased risk of supply-chain attacks:
    • Socket Security flagged NPM packages with a destructive “phone number kill switch” targeting WhatsApp developers ([47:37–59:18]).
      • Steve Gibson: “If the phone number exists in the remote database, the package continues normal operation. If not found, … executes RM space hyphen RF oh no space * oh no.” (52:41)

• SonicWall Firewall Vulnerability:

  • Recent ransomware attacks were traced to known, unpatched CVEs related to improper firewall migration, not a zero-day after all.
    • SonicWall recommends firmware updates, strong MFA, password resets, and highlights new GeoIP filtering as a mitigation ([61:43–67:20]).

2. Deep Dive: Dell ControlVault Flaw (REVault)

• Critical CVEs Affecting Dell Latitude/Precision:
  • Cisco Talos discovered five highly severe vulnerabilities in the Broadcom “ControlVault 3” hardware security chip in over 100 Dell laptop models ([77:04–91:04]).
  • Bugs exploitable without admin privileges via Windows API—could enable privilege escalation, implant persistent malware, and even bypass biometric authentication.
    • Steve Gibson: “The bugs can be exploited via a Windows API and don't require elevated privileges … Any Windows app running on anyone’s Dell laptop … could exploit.” (77:04)
    • Firmware updates are available, with Dell pushing updates via Windows Update and their support website.
    • Recommendation: Dell users should check for and apply the fix immediately.

3. Listener Feedback & IT Realities

• Complexity of Patching Microsoft On-Prem Enterprise Software:
  • Listener Roscoe describes the “patching domino effect” in enterprise setups, where updating SharePoint may trigger dependent upgrades of Active Directory, Exchange, CRM, SQL, and legacy integrations ([91:04–104:27]).
    • Roscoe (Listener):
      “The versions of all of these components need to be harmonized … As a result … trickle down requirements might extend to updating and patching any or all of the other components in the service stack.” (98:54)
  • Leo and Steve express appreciation for IT pros who manage this labyrinth of dependencies.
  • Cloud Migration: Migration to Microsoft’s cloud is inevitable for most, but results in loss of some flexibility.

4. Main Segment: Perplexity’s Duplicity – AI Crawler Controversy

Background: AI Indexing vs. Data Sucking

• AI bots provide summaries and syntheses rather than just search indexes, consuming and repurposing entire sites’ content.
• Website owners increasingly seek to block AI scrapers via robots.txt and firewall rules.

Cloudflare’s Findings on Perplexity ([142:17–175:51])

• Cloudflare noticed Perplexity:
  • Ignored robots.txt directives and site-specific WAF blocks specifically targeting its user-agent and known IP ranges.
  • Switched user-agents (posing as Safari/Chrome) and rotated source IPs—including via different ASNs—to evade detection.
    • Cloudflare: “Perplexity uses not only their declared user agent … but also a generic browser intended to impersonate Google Chrome … when their declared crawler was blocked.” (158:43)
  • Created honeypot domains with crawl restrictions. Perplexity still accessed and summarized the content.
• Ethical/Economic Stakes:
  • OpenAI (for comparison) honors opt-outs, but Perplexity was observed bypassing blocks.
  • Perplexity’s behavior viewed as fundamentally exploitative—undermining the economics of the open web, and eroding site owners’ control.

Leo’s Counterpoint and Broader Debate ([155:44–175:51])

• Leo argues the distinction between “training on” and “retrieving content at user request” is vital. Should AIs using the web as a research tool be blocked?
  • Leo Laporte:
    “If you ask a browser to go to a site and the browser shows you the site, that’s how it’s designed. Perplexity is very clear. … The user asked us for a summary of that site.” (157:00)
  • Draws parallels to the open web and right-to-read. Overly restrictive bots.txt use could cripple research tools and agentic AIs.
• Both hosts acknowledge the issue is nuanced and unresolved, with significant 1st Amendment and property rights implications.
• Cloudflare and Perplexity have traded public statements disputing details.

5. Other Notable Segments

• Ad-blocking on Safari:
  • uBlock Origin Lite now available for Safari (iOS/Mac) for improved ad blocking ([60:49–62:05]).
• Sci-fi News:
  • The new “Alien: Earth” TV series premiers this week, with high hopes based on production budget and early ratings ([127:33–137:53]).
• Listener Questions:
  • On running SpinRite on Android devices, password manager recommendations, and image correction tools.
  • InControl utility blocks more than major upgrades; listeners notified that they might need to release that block for a hotfix ([119:22–127:33]).

Notable Quotes & Timestamps

• “Something crawled into your network and erased all your data. So it’s a different scale of problems.” — Steve Gibson [02:28]
• “There is no such thing as a good secret backdoor, only dangerous vulnerabilities that need to be eliminated.” — Nvidia statement [29:52]
• “If the phone number exists in the remote database, the package continues normal operation. If not … executes ‘rm -rf *’ ... which recursively deletes all files…” — Steve Gibson [52:41]
• “It’s the machines that are most in need of additional security and would therefore likely most be more likely to be targets that have had their security dramatically impacted by the discovery of these bugs.” — Steve Gibson on Dell ControlVault [80:44]
• “A non administrative user can interact with the Control Vault firmware … and trigger an arbitrary code execution … From this vantage point, it becomes possible to leak key material….” — Cisco Talos findings [87:21]
• “The patching domino effect … can result in weeks, no kidding, of disruption to business activities and manual workarounds.” — Listener Roscoe [98:54]
• “Effectively, the entire site’s content is being incorporated into the AI model so that no one will ever need to visit that site again.” — Steve Gibson [144:35]
• “Cloudflare is saying that their customers said we don’t want Perplexity on our site … They put rules in following Perplexity’s guidelines … and Perplexity demonstrated that they will go to extreme measures to circumvent that preference.” — Steve Gibson [162:08]

Key Timestamps for Important Segments

• Exchange Server Flaw/CISA Directive: [13:51–22:47]
• Nvidia Rejects Chip Kill Switches/Backdoors: [24:13–31:49]
• Dashlane Free Tier’s Limits: [33:20–41:24]
• Malicious NPM (WhatsApp) Libraries: [47:37–59:18]
• SonicWall Firewall Attacks & GeoIP Filtering: [61:43–67:20]
• Dell Latitude's Critical ControlVault Flaw: [77:04–91:04]
• Listener Roscoe on Enterprise Patching Hell: [91:04–104:27]
• Main Segment: Perplexity & Cloudflare Controversy: [142:17–175:51]

Overall Tone & Takeaways

• Reassuring and deeply informed (with occasional rants and humor).
• Steve and Leo balance alarm with practical guidance (“it’s not scary, it’s reassuring”).
• Provides actionable advice (patch Exchange & Dell now, vet your libraries).
• Highlights ongoing philosophical and technical debates about the future of the open web and AI.
• Deeply respectful of IT professionals grappling with cascading complexity.
• Engaging exchanges and openness to multiple perspectives, particularly in the nuanced debate over AI crawler rights.

For Further Reading

• Cloudflare: “Perplexity is using stealth and undeclared Crawlers...”
• Perplexity: Response to Cloudflare Allegations
• Cisco Talos: ControlVault ‘REVault’ Vulnerability Advisory
• CISA Emergency Directive: Microsoft Exchange Hybrid Flaw

Missed the episode? This summary should leave you informed and ready to patch, protect, and ponder the future of the web.