A

It's time for Security Now. Steve Gibson's here. Lots to talk about the end of a very popular hacker competition. Why AI? That's why. The other shoe drops on two things Steve warned us about last week. Two big flaws. And why did PWN to own say Steve's accounts had been breached? Well, it was a mistake, but Steve will explain. That's all coming up next on Security Now.

B

Podcasts you love from people you trust. This is twit.

A

This is Security now with Steve Gibson. Episode 1081 recorded Tuesday, June 2, 2026. AI captured the flag. It's time for Security now the show we cover the latest security news, your privacy, how things work in the real world with this guy right here, Mr. Real World himself, Steve Gibson, wearing his AI hat.

B

Mr. All Too Real. That's right.

A

Good to see you. What's up this week on Security?

B

So for episode 1081 for this first podcast of June, there was a really interesting story about an aspect that we've not talked about a lot which are Capture the Flag competitions. You know, we've talked about PWN to own where, where research hackers find unknown vulnerabilities in existing software. Capture the Flag is different. These are, these are canned competitions where the designer of the competition inserts something to be discovered based on which is. Which is dependent upon the, the talent of the hackers and, and researchers. So we're going to talk about that because someone who's been very involved and is. Is got some real street cred for his. His ability to. To find vulnerabilities is bemoaning the death of Capture the Flag brought about by AI. So today's title is AI Captured the Flag. We've got a bunch.

A

I hope you're going to explain what all of that is too.

B

Yes, we'll explain it all.

A

Yeah.

B

As expected, Unifi OS devices immediately came under attack. CISA has commanded federal agencies to update their instances of Drupal. Both things we talked about last week. Can the largest botnet ever seen be killed? Is an interesting question. We'll look at Defender. Microsoft's Defender has the Defender for Endpoint is obtaining the ability to cut off an infected PC from its own network. Charter Communications has had a big account leak. Chrome has adopted device bound session cookies, moving it from beta. We'll talk about that. The news is that Anthropic is about to release Mythos. We've also got some interesting commentary from Daniel Stenberg, famously the creator, author, maintainer, chief of curls. IBM and Red Hat are committing to fixing open source using AI and putting, I think it's $5 billion worth of AI cred into the project. We've got, in addition to all that, a ton of terrific listener feedback, which will drive some additional commentary. And then we're going to look at AI, basically spelling the end of what has turned out to be a terrific source of on the ground training for hackers and researchers. And of course, a great picture of the week. So I think maybe worth staying tuned in.

A

Yay. As usual, this is the day you look forward to all week long. If you're in the IT business, you certainly need this to keep up on what's going on. And we thank Steve for doing that. We will get to, of course, the picture of the week, I'm sure a humorous take on the.

B

On humanity.

A

Of humanity. Yeah, that's coming up in just a bit. Before we do that, though, let's get our first sponsor in here. And by the way, I had a great conversation with our sponsor for this segment on security analysis, Bitwarden. I had a great conversation with its founder and CTO yesterday, Kyle Spiran. He started Bitwarden in 2015, 2016. We saw the first post that he put on Reddit on R opensource and what I really got from him, which was great, is their commitment to open source and how important open source was for him then and is today. It's really what's made Bitwarden the trusted leader in password management. And of course, as time goes by, it's more than just passwords now, it's passkeys, frankly, it's secrets management in general. More than 15 million users across 180 countries, over 80,000 businesses. Bitwarden has built his reputation around trust, transparency, open source security and putting users first. And so this was one of the things I wanted to get Kyle on to talk about. Really important for those wondering, Bitwarden remains absolutely committed to its free version. Free forever, unlimited passwords, unlimited pass keys, unlimited devices, free forever for individuals. And what Kyle said and I think is really important is that's not their business model. Their business model is they make money on selling to enterprises that want more support. They want, you know, more features. But they, Kyle really believes, A, in the power of open source and B, that it's important for every single person to have a password manager. And so he's committed to the free version. And I, you know, I was very impressed with his openness, his forthrightness. Bit Warden continues to invest in secure, accessible tools that help individuals, families and yes, organizations protect their Digital lives without compromising trust or transparency. He talked about being open source. He talked about the fact that, you know, they. It's funny there, there's a great open source alternative vault for Bit Warden called Vault Warden. And he said what people don't realize is that the guy who created Vault Warden a couple of years ago started working for us at Bitwarden and we support him in doing Vault Warden. It's an alternative to Bit Warden. You know, sure, we want people to use our services, but, but we're open and we believe in openness. Bitwarden believes that security should be accessible to everyone. And that's why they continue to offer a trusted free password manager alongside more advanced tools for those with families or teams to protect. And Steve and I both use Bitwarden and we both pay for the premium version at 20 bucks a year. It's still a remarkable deal mostly, I think, because we want to support Bitwarden. I'll say that for myself. Lately I just added bitwardenoise is adding new features. They give you everything you need to stay secure online. They generate strong passwords with a real random number generator. We talked a little bit about that on the interview, which is available, by the way, on our YouTube twit feed. Storing passkeys I love Bitwarden for passkeys, managing sensitive credentials of all kinds and syncing securely across devices for businesses and advanced users. Bitwarden also delivers enterprise grade security tools including secrets manager, vault health reports and secure credentials sharing for teams. In fact, Bitwarden I use my agent, my AI agent. I recently converted over to using Bitwarden to store all the API tokens, all the keys. I don't want to accidentally exfiltrate, put on GitHub or let somebody get access to. It's so secure in the Bit Warden vault. I said, you know what, they have an MCP server. This is the easiest way to do this. All of my secrets are stored in Bit Warden. They've also introduced, they introduced this at rsec, the new agent access SDK. And I love this because they've made it open source and they've offered it to every password manager, not just Bitwarden. It's an open source developer toolkit designed to help teams securely integrate credential access into applications, automation, workflows, AI agent environments. The SDK enables controlled human approved, just in time access to credentials stored in Bit Warden vaults without exposing sensitive information or granting persistent access. It's what you need, it's what you're looking for. If you've Got an AI agent and it's designed to support modern development and automation workflows by keeping security and transparency front and center. And because Bitwarden's open source and yes, it's GPL licensed, yes, it's on GitHub, it's code basis, you can look at it of course, but it's also continuously reviewed and audited by not just the community, but independent third party experts. Bitwarden also complies with major security and privacy standards. SOC 2, type 2, GDPR, HIPAA, CCPA, that's ISO 27001 certified and they're always evolving. Bitwarden is continuing to evolve to meet modern security needs, including expanded passkey support, secure developer tooling. I love the fact that I can generate and store my SSH keys in Bit Warden. And they've added Bitwarden Lite, a flexible, lightweight self hosting option for users who want to add additional control over their environments. They care about the users. I've never seen a company do this. It's amazing. Get started today with a free trial of the teams or enterprise plan or get started for free across all devices. As an individual user@bitwarden.com TWIT that's bitwarden.com TWIT I love Bitwarden and Kyle Spieren watched that interview. He just inspired me to continue to support Bitwarden because they are going to continue to support us and I think that's really important. Bitwarden.com TWIT thank you, Bitwarden.

B

So did you guys talk about the ownership changes?

A

Well, I did and he said we're absolutely committed to open source. That is not gonna change. The ownership hasn't changed and will not change. They have a new CEO that can. He said these were completely unrelated issues where marketing accidentally removed the free forever copy on the website, which they put back as soon as people noticed it. Oh yeah, it's there. And he said we're still committed to that. They, they had, they changed the CEO, longtime CEO was replaced by another guy who has finance experience and people were concerned about that. He said that was completely independent. And then there was a third. Oh, when they doubled the cost of the premium from $10 a year to $20 a year, he said, you know, that was poorly planned. We just hadn't raised it ever. And we should have raised it a little bit at a time because expenses have gone up, Everything's gone up. It costs some money to support it all, but you don't have to pay for it. And that's the other thing. And he said, absolutely, we're committed to oversource and free.

B

Well, as you can imagine, Leo, I got so much email from our listeners saying, hey, what the heck, you know.

A

Yes. And that's why I wanted Kyle on. You know, it wasn't a paid, you know, they're a sponsor. But we, they did not pay for that interview. In fact, I had to twist arms. Kyle does not like doing interviews. I said, kyle, you gotta come on and tell people, reassure people, tell them what's going on because they're concerned. So that was hard to get him on. That was not a paid.

B

And I would, I would argue that our audience has probably been influential in, in Bit Warden's growth. I mean, we, we left, you know, last pass and needed somewhere else to go. And Bit Warden was a lot smaller then than it is today.

A

And well, so, you know what's funny is that's why he started Bitwarden in 2015 when LogMeIn bought LastPass. He said, oh, I'm going to start Bit Warden. And he says there's no way anybody would trust a password manager from some guy they never heard of unless I made it open source. And he said, we got PRs immediately. The open source community immediately helped us out. I mentioned the fact that one of our listeners added the memory hard argon 2 code as a PR, which they accepted and added to the code. And that's his commitment. He is all about open source. So I was really impressed. Yeah, I think he good. He did the right thing.

B

Okay, so our picture of the week. I gave this the caption, not all signage seems necessary.

A

We've had so much fun with signage on this show. All right, let me scroll up and see. So there's two here. Do you want to describe.

B

Okay, so door on the left, you know, I, I, I. Okay, the sign reads in all caps, red cannot miss it. Do not breathe under the water.

A

I guess this is at a swimming pool somewhere.

B

And yeah, I, I, I mean, I think as, as advice, it makes a lot of sense, Leo, because it's been shown to be difficult to do so. Now, the one on the right, we have two, two side by side examples of perhaps unnecessary signage. This one on the right says, do not sit on fence. This is like a fence from hell. I mean, it's got spikes every six inches and curly flanges and things. I mean, you would not, I mean, yes, do not sit on fence because the paramedics will be required to remove you from the fence should you do so. So anyway, yes, I, I Thought that that was like, okay, what are they thinking here? But yeah, and maybe like it's, they, they were, you know, afraid of legal repercussions, having basically an extremely dangerous fence. If we didn't warn you, we exactly. The sign said, come on, don't you,

A

don't poke your eyes out on this fence. We warned you.

B

Okay, so as I said, we. Two topics we first broke the news of last week turned out to be manifesting just as we unfortunately predicted. UNIFI OSS are under attack. Remember that they, they urgently announced five vulnerabilities, three of which they assigned they meaning ubiquity, maximum severity. And unfortunately the news is what we expected, as I said, due to widespread exposure on the Internet of these devices. I mean after all they are, they're, they're, they're border devices, they're, they're on the perimeter of people's networks. So Internet exposure is pretty much de facto. More than a hundred thousand unifi OS based devices are known globally, half of which 50,000 of which are located within the US attacks commenced immediately upon the bad guys becoming aware that like, oh, there's some new problems we didn't know about. Let's get them. So last Tuesday afternoon a posting over on Linus Tech Tips noted that multiple users on Reddit were reporting that their unified devices or unified devices they oversaw which had not been patched for Ubiquiti's security advisory, which was quite fresh, had a super admin user named John Simon Sim added to their configurations overnight with additional users chiming in as their regions woke up and checked to see what was going on with their ubiquity devices. Who's John Sim? You know we didn't put him in there. The attackers appear to exfilt data data via the unifi backup feature once they've acquired presence inside of the ubiquity or the unifi OS device. So a person, a user k987-65-4321 over on Reddit posted hey guys, can someone help me please? I'm away on holiday he says parens in another country, close friends and just had a notification that a super admin had been added to my account whilst I've been here. Meaning out of the country, on vacation or on holiday. Right, he said I logged on to the UNIFI iOS app and there was someone called John Sim in there. I promptly removed it as you can see, someone posting on Reddit as the Toxic nerve said I just had exactly the same happen on my udr, same username too. John Sim poster Jeff Porton added Confirming what we saw, that we saw the same attack, same username. We've removed the bastard from the user from the super user list and inspected the logs. A poster eager CDMB Beaver posted. I also just had the same thing on mine. Thomas RW1 added. Just had two sites with this user created. Have a lot more sites that were fine. Presumably they haven't found them yet. Ravicc posted. I got hit with this too. I was on Unifi OS 5.0.16. I got the update notification on Thursday. I delayed the update last night since I was traveling this week so I was on the previous version of the unifi os. I also noticed that there were multiple backups triggered. Not sure where these backups went and what they were attempting to do and what sensitive information is in the backups. What then ensued over on Linus Tech Tips forum was the typical back and forth about, among other things, whether automatic updates were a good thing. Everyone knows now my feeling about that. Propeller Heads I get it. Like to be in the loop. You know, we want to manage our own devices and decide for ourselves whether and when we wish to update. While that may have been practical a decade ago, I would argue it no longer is. At least not until our new AI code fixers have had the chance to give the entire industry's code base a thorough going over. And as we know, that's begun to happen. But it's a long way from being finished. Those arguing against enabling auto updates argue that a bad update might brick the router, and they do use the word brick to increase the drama of their position. But that use is inaccurate because bricking a device specifically means killing it beyond repair, right? Turning it into a brick or maybe a doorstop. But that's about it. All the routers that I'm aware of have the ability to revert to to a known working factory firmware image specifically to enable recovery in the event of an interrupted firmware update. That's always bad or a bad one, whether it's automatic or manual. So no router is actually ever going to be turned into a brick by an auto update failure. The worst that's going to happen is is that a router won't boot after a bad update and will require some manual recovery. You know, boohoo. You know, I'm not saying that's a good thing, but as I said last week, I now believe, given all the evidence and here you just saw a bunch of it, right? A mature manager, having weighed the Risk risks. The real risks, which you know, I would argue are minimal versus the rewards which are obvious and plentiful will opt for enabling auto update of their systems. Doing so will give them an extremely high probability of protecting their users from the attacks that are happening with increasing speed and frequency while also having frankly not zero but an extremely low probability of actually causing a network outage to due to a failed update. So yeah, could it go bad? It can, but I, I, I used the analogy last week that I, that we liked of, of using, you know, think of it as, as a fuse or a circuit breaker. You know, it's if something bad happens, you want it to protect you. Can it, you know, misfire? Yes, but the probability of that happening is low. So anyway, it's really interesting to immediately see ubiquity advises of bad problems. Bad guys figure it out. Attack the crap out of the global supply of unifi OS devices adding obviously an automated attack, right? You're not doing 50,000 devices always giving the same super admin John sim to the device. You immediately automate the attack and turn loose something that is scanning the Internet, finding these things and compromising them. What we need to have is automatic updates. The publisher that finds out there's a problem internally updates all of the devices that are asking for automatic updates and and only then releases the news to the public so that those sad sacks who have automatic updates turned off have some chance of beating the bad guys to it. But if you're on vacation, if you're saying well I'm going to think about this for a while, I don't want to, you know, let's sort of see how this update goes and see if anybody else has problems. Well, good luck. Also last week we covered the critical PostgreSQL SQL injection vulnerability that affected pretty much all Drupal instances, that is all of the upgrade paths that were, or the release channels that Drupal had for those that were using the PostgreSQL database on their back end. So not necessarily all of them, but apparently a good many. And, and Drupal noted that this was an old problem. It affected even the very, very oldest eight version series and nine version and they, and you know, they're, they're, they're, they're now at 10 and 11 at least. So the vulnerability was so bad, remember that the Drupal team announced that this was coming so that admins would be like have time to come back from vacation or, or like budget some, some upgrade time or notify their users that you know, Drupal might briefly have an outage in the incoming days, whatever. And then they produced patches not only for the current set of versions, but also for even those long past end of life versions. Not trying to update them fully on everything else that had happened, but at least these two because like the version 8 anything and 9 anything. They got this patch because it was so bad. So against that backdrop, we now have the US Government's CISA giving agencies one day to update. No excuses, period. Bleepy computer had some, yeah, it's like do this now. They had some nice coverage of this. They wrote. CISA has given US government agencies until Wednesday, and this was on Tuesday of last week until Wednesday evening to secure their servers against a SQL injection vulnerability in the Drupal content management system that it flagged as actively exploited. Drupal is typically used by large organizations managing massive data structures and multi site installations, including government entities, educational organizations, major research universities, and high profile enterprise and media organizations. Google Mandiant researcher Michael Maturi discovered this vulnerability, now being tracked as CVE 2026, 9082, 9082 in Drupal's Database Abstraction API. They wrote the security flaw can be exploited without authentication, allowing attackers to trigger arbitrary SQL injection on PostgreSQL powered sites via specially crafted requests. Successful exploitation can potentially lead to information disclosure, privilege escalation and even remote code execution. I mean, this is like the way in, right? Why? Who wouldn't take advantage of this if they could? The Drupal security team flagged the flaw as highly critical before releasing patches and confirmed that exploitation attempts had been detected in the wild. Cybersecurity firm Imperva warned on May 21, quote, Since CVE 2026, 9082 was released, Imperva has observed over 15,000 attack attempts targeting almost 6,000 individual sites. And they're going to succeed right across 65 countries. Attacks are primarily targeting gaming and financial services sites, so far accounting for nearly 50% of all attacks. Internet security watchdog group Shadow Server now tracks nearly 670 unpatched Drupal installations exposed online, most of them from North America. That's 272 of the 670 and Europe, 273 of the 670. Friday, the U.S. cybersecurity Infrastructure Security agency CISA added the flaw to its known exploited vulnerabilities. Remember, that's Kev. The Kev catalog and ordered federal civilian executive branch agencies to patch their systems by midnight on Wednesday, May 27, as mandated by binding operational directive. That's that BOD2201. Although BOD 2201 applies only to U.S. federal agencies, CISA advised all defenders, including those in the private sector, to apply the patches as soon as possible to secure organizations devices. CISA warned, quote, this type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the Federal Enterprise. Although BOD 2201 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyber attacks. Again, why wouldn't you, by prioritizing timely remediation of Kev catalog vulnerabilities as part of their vulnerability management practice, apply mitigations per vendor Instructions, follow applicable BOD2201 guidance for Cloud services, or discontinue use of the product if mitigations are unavailable. Over the past several years, they conclude CISA has flagged five Drupal vulnerabilities that have been exploited in the wild, two of which have been abused in ransomware attacks. And it's like I said, that's if you could do all of the things that these vulnerabilities allow you to do. It is a way in to anybody who wants to get into and abuse their access to a network remotely. So we really do appear to, to be seeing a world now which we weren't seeing 10 years ago and we were observing the fact that we weren't and kind of being glad for it. Now we're in a world where no known vulnerability goes unexploited it, you know, if it happens, bad guys are on it because they realize there is money to be unfortunately to be extorted from anybody's network they can get into. And that's the goal. So I just, I'm glad that we now while we see this, this acceleration that there's hope on the horizon thanks to AI vulnerability discovery which can be employed before any new code is released going forward if this is done right. You know that phrase which has always rubbed me the wrong way, I just, it makes me cringe when I hear someone say all software has bugs. You know, that can finally there's hope that this could be provably refuted Leo that it no longer really needs to be the case that all software, some software has bugs. Yeah, well, yeah, like the buggy software has bugs. But otherwise not all software just. And not all software needs to be buggy because there's a chance we really can. You know, basically we, we got into this weird situation where we were creating something that was too complex for Us to understand. I mean I've commented about that and Microsoft's code base. There cannot possibly be any human being alive or, or even not. Who knows what Microsoft's code base is? It's just, I mean it is so massive and so old and so confused and so, so much junk has been strapped onto it over the years. It does. There is if you, it is unknowable. So what's cool is that we finally have created something else namely large language model AI which has the promise and it seems to be demonstrating that of actually being, being able to understand what we can no longer understand. We, we can't understand the code we write. It got away from us.

A

It must be possible because NASA writes

B

software at what cost? Oh yes, the key.

A

They have a lot of process to do it. Yeah.

B

Yes. I mean, and, and we know I, I saw a, a comment once at what the, the shuttle project software cost. They knew they could have no bugs, that the shuttle control system needed to have no bugs. That's what they produced for, but at extreme cost. And so that's really what this represents. Now your, your comment, I think it was before the podcast, right where you were talking about what Palo Alto Networks paid, spent those tokens. $10 million, I think it, I think it was. But they found some truly mission critical bugs that they weren't aware of before. So.

A

And finding them is probably to them worth $10 million. I mean, yeah, that's. They're a security firm. They can't have any bugs.

B

Yeah. Talk about reputation damage when you know, when there are some, you know, no authenticated needed authentication needed means of crawling into their system. So, but, but the point is, it is, I mean what has always rubbed me the wrong way with Microsoft is that you know, they ship product with known with bugs they know of because they figure, oh well, they're not that bad. You know, the real, the killer showstoppers. And even then, remember a couple years ago when they had this raft of printer problems and it's just like, like month after month after month and, and there were researchers saying why aren't you fixing this? You know, you're not, you're refusing to let me talk about it. It's been six months that I haven't not been, that you've not let me disclose the thing I found. You won't fix it. And, and the researchers were biting their tongue because they recognized that it would be the end of the world if they did disclose what Microsoft knew about and just didn't seem to be in any big Hurry to fix, or Microsoft would patch the symptom and not actually find and not actually patch the cause. And so then it was easy to work around the patch for the symptom and still execute the bug. Anyway, there's a lot going on with Microsoft because. And you may be aware of this Leo, the. This whole nightmare Eclipse person. Well, that. That Microsoft blog posting really rubbed me the wrong way and a lot of the rest of the security researchers in the industry because. And I don't mean to count myself as a security researcher, but security adjacent people. But a lot of the. The hackers and researchers, because Microsoft is now threatening to sue this person. I mean, made it kind of clear that's what they were saying. But. And what rubbed me the wrong way was these are your bugs, you Redmond people. It's like. It's not like this person is like, you know, dropped a missile on you. They're showing you that you're, you know, that you're about to explode because of your own problems, which you haven't fixed.

A

Yeah, yeah. But he has been also a little bit of a jerk about it.

B

Well, yeah, because he.

A

Because he published the exploits right away, right?

B

I mean, yes. And. Well, yes. And is now threatening some doomsday on July 14, which is gonna break their bones or something. I can't remember what the expression was, but it's like, oh. Anyway, if we want drama in our industry, we got some nice, know, social drama. So.

A

Yeah. Wow.

B

But speaking of drama, we have another advertiser that we should hear about.

A

Oh, it's very dramatic. Yes. So we better. We best get to it. Give Steve a chance to hydrate and tell you, my friends, my dear friends, about our sponsor for this segment of security now, Hawks Hunt. Kind of aptly named. It's like a fox hunt with an H. They're. They're hunting for fishing scams. As a security leader, you. You have been there. The eye rolls during training. You know, the one size fits all fishing simulations that your employees go, oh, God, they spotted a mile away. And then the report button, that gets ignored more often than not. And you know why it gets ignored? Because it's punishment. Right now you got to watch some crappy flash animation about phishing that, you know, it just doesn't feel like they're not learning. Your programs are running, but it's not changing employee behavior. And then meanwhile, the bad guys are moving fast. AI is making real attacks more convincing every single day, and leadership's asking the question you don't have a clear answer to. Is our, is our, is our training actually working? I know, because it's terrifying for anybody running a business. The thought that. What was his name? This Sim guy, this Jim Sim, John Sim could be out there, you know, sitting on your system, sending you phishing emails. And Hoxhunt has been built to answer that. Hox Hunt empowers your employees. Empowers them. That's an important word. To spot and stop advanced phishing attacks. It drives measurable behavior change through personalized gamified micro training powered by AI and behavioral science. It's fun, okay? And for you, it's fun. Hoxhunt as an admin, you'll love it. Because Hoxhunt does the heavy lifting. The simulations run automatically. And not just email, but Slack and teams as well. Just like the real deal. The simulations are personalized to each employee based on role, location and behavior. The bad guys do that too. Every simulation uses AI so that it's mirroring exactly the real world attacks that are actually happening. Meaning employees are being tested on the stuff that's getting through, not some outdated template. They go, please recognize it immediately. And the, and the, the gamifying, it's done nicely. It's done fun. It keeps engagement high without feeling punitive. And because every interaction generates a coaching moment, you're not just tracking completion. You're actually building behavioral indicators that tell a real story. Reporting rates, repeat clicker reduction, and time to report. The kind of metrics that hold up when leadership knocks on the door asking the hard questions. You don't have to take my word for it. With over 3,500 verified reviews on G2, Hoxhunt is the top rated security training platform and recognized for best results, easiest to use. Also recognized as customers choice by Gartner. And thousands of companies that use Hawkshunt, like Qualcomm, Docusign, Nokia, they trust it to train millions of employees worldwide. Look, it's easy. Visit hoxhunt.com securitynow right now. Learn why modern secure companies are making the switch to Hawkshunt. That's Hawkshunt.com SecurityNow we thank them so much for their support of security now and the vital work Steve's doing. And on.

B

So during the third calendar quarter last year, Cloudflare was hit by and mitigated, astonishingly, the largest DDoS attack ever reported. It clocked in at a wire melting 29.7 trillion bits per second. You know, and we toss trillions around like, okay, but really a thousand. Nearly thirty thousand. Thirty thousand millions of bits per second. So this astonishing attack was attributed to, to the Asuru botnet, which Cloudflare estimated was composed of. You know, it's kind of hard because they can spoof their IPs, and. But if it's a TCP connection attack, then you can't spoof. So they're. Anyway, they're, they're estimating somewhere between 1 and 4 million infected hosting machines globally. 1 and 4 million. So think of the, the task, the, the scale of the task of, of assembling and managing somewhere between 1 to 4 million individual host machines, which have all one way or another, been collected and commandeered to serve under a single master. Okay, so because a botnet of 1 to 4 million already seems astronomically large, I was surprised to learn that a far larger botnet was recently discovered by a security researcher who then reported the finding to the ncsc. After some additional investigation, Dutch authorities, in concert with the National Cybersecurity center in the Netherlands, took down a set of 200 servers. Okay, this is just the servers. These are Command and Control. 200 Command and Control servers that were being used to manage more than an astonishing 17 million bots. 17 million, Leo.

A

All in one chat room. Wow.

B

So these things were residing in hosts around the world. A single managed botnet, more than 17 million units strong. The reporting on this stated that, quote, the police seized several botnet servers from a hosting provider for investigation purposes. The hosting provider then took the entire botnet offline because it was being used for criminal activities. Yeah, no kidding. Okay, so however, these days, as we know, botnets are not only being used to blast targets off the Internet by flooding and saturating their Internet connections. Unfortunately, today there's a large criminal demand for proxies, right? Looping traffic through some unwitting random consumer bandwidth in order to obscure your actual identity to. To come at something from a different ip. That appears to be what's going on here. The Netherland Times reported writing the cybercrime team of the police unit the the Hague, together with the National CyberSecurity center and NCSC, says it has successfully dismantled a large ASOCS A S O C K S, a large ASOCS botnet and taken it offline. The botnet was made up of at least 17 million compromised consumer devices, right? TVs, routers, what? Light switches, who knows? Around the world, including computers, routers, tablets, smartphones, and Internet connected devices such as smart security Cameras, investigators identified 200 servers used to run the infrastructure, all of which were physically based in the Netherlands. The ASOCS Network operated as a residential proxy service in which cybercriminals covertly infected poorly protected consumer devices with malware. These compromised devices were then used to route Internet traffic and launch large scale cyber attacks, all without the knowledge of their rightful owners. The case was triggered by a report from a security researcher to the ncsc, which quickly passed the information onto the police. This led to a joint investigation by both agencies. During the operation, the police Unit the Hague confiscated several servers from a Dutch hosting provider for forensic examination, while the provider itself shut down the malicious infrastructure once its criminal use had been confirmed. As consumer devices and routers are frequently targeted by proxy botnets, the police and the NCSC advise users to change default passwords or right away ensure their WI fi is secured with WPA2 or WPA3 and install software updates. What do you know, as soon as they become available. So it's not clear, you know, whether the perpetrators of this comprehensive network failed to plan for this eventuality. My guess would be that, that they did plan for this. If they were running an installation of 200 command and control servers for the purpose of managing the more than 17 million devices they had previously and painstakingly arranged to infect and control remotely, then this was not some fly by night hobby operation run by some random hackers. This would have been a serious money making, commercial criminal enterprise. And my guess would be that it still is. I strongly doubt that simply shutting down the command and control servers, basically cutting the head off, will have been anything more than an inconvenience to these people and a momentary cash flow interruption. You know, we've previously talked about, about, you know, the, the, the, the technology of this and the many ways that disconnected bots can be rejoined to their command infrastructure. A favorite is to simply use an out a, a time and date based algorithmically generated DNS query. The 17 million plus members of the fleet that have been unable to reach their controllers at the previous DNS based address, knowing the current time and date, will use an algorithm to synthesize a new DNS address in the future. And then they will query that to obtain the IP address for the updated command and control server infrastructure once one has been brought back online. I'd say it's a pretty safe bet that this massive network of residential proxy hosts will be back in action just as soon as another willing hosting organization can be found and servers established there. So think about that. 17 million individual infected devices with just, you know, just some little bit of code in them, some little server that arranges, I mean, maybe not Even that's able to survive a reboot. Some of them can't. But many of them will have modified their firmware, you know, stuck a little, you know, added something into the boot sequence that brings them back online. And, and until a user, you know, like updates the firmware to flush that thing out, that little device will be infected. One of more than 17 million that are, are all part of this.

A

It is they still control those in IRC servers. Is that.

B

No, it doesn't have to be. I mean that is one way. But now you just use some, some bizarre looking DNS. Remember one of our listeners wrote saying that he'd looked at his DNS logs and thought that he had been infected by malware because he saw some gibberish string.com and it turned out it was my benchmark. It was my DNS benchmark that uses those in order to bypass caching, in order to determine the connection speed to the dot com servers. And I said, oh, the good news is you not infected by malware, but that's what it would look like if you were.

A

Interesting.

B

So, so because you need some way

A

to command it, right? You need to have some way to say bots attack, you know, this address or whatever.

B

Right, exactly. So what will happen is they will set up the, the, you know, that the, the bad guys got booted off of this one particular hosting provider that actually is a known shady provider. So you know, after they got found out, they really had no choice but to comply with Dutch authorities and, and you know, take down the whole infrastructure. But there are other, you know, disreputable. Yes. And so the bad guys will, will get a bunch of servers there, re establish their infrastructure, lock down some IP addresses, then they will go and register a domain in the future which, which they know their bots will check on. And so they will.

A

The bots pull the domain?

B

Yes. The bots do DNS lookups which there's no way you can block across the entire Internet. They pull the domain, get the IP address that the bad guys have set up for that domain and that reconnects all 17+ million of them in the future. Wow. They just, they're just not going away. You can't, you can't get rid of a, of a properly established botnet of that size.

A

Yeah.

B

And of course they can also be told to be scanning and infecting, you know, their neighbors.

A

So the spread. It spread. Yeah.

B

The botnet itself can be actively working to, to continue to spread itself.

A

Right? Yeah.

B

We have a ways to go before we get the Internet cleaned up, but at least getting our code working is a good first step. Microsoft in their May 2026 new features that was just last month or last week really New feature summary contains an interesting item called Automatic Device Isolation or Automatic Attack Disruption. It's currently in preview status, but the brief description says Microsoft Defender for Endpoint can now automatically isolate compromised devices as part of automatic attack disruption. Isolation blocks most network traffic while keeping the device connected basically to them to security services. The action is time limited scoped to the incident and security operators can release isolation at any time and then elaborating further elsewhere, Microsoft wrote, when a device in your organization is suspected of being compromised, Microsoft Defender for Endpoint can automatically isolate the device as part of automatic attack disruption. Automatic isolation helps helps reduce the risk of further impact on the organization, limit attacker lateral movement, and prevent impacts such as data exfiltration and ransomware propagation. When a device is isolated automatically, the compromised device is disconnected from the network, reducing the risk of further impact on the organization. But the vice remains connected retains connectivity to the Microsoft Defender for Endpoint service, which continues to monitor the device and I have in the show notes a little pop up of what a user would get where it would show network disabled. Your IT administrator has caused Windows Defender to disconnect your device. Contact IT help desk. So yes, you probably I don't want to say loser, but I mean I really don't because anybody can fall for it. But it was probably, probably a phishing attack right where they open the zip or they click the link or something. They infected themselves immediately. Hopefully immediately. Microsoft Defender said oh, and just takes them off the network air gap, you buddy and yep, exactly. Send sends a note to it and you're going to have some geek at your office door knock, knocking on the door frame saying is there something you want to tell me?

A

More likely you're going to be not pounding on their door saying the Internet's not working right. What's wrong?

B

Exactly. So anyway, for those who are interested, there's much more information about this new feature that's now available in preview. I've got a link in the show notes for anyone who is already deeply committed to Microsoft's solutions and whose enterprise might benefit from this automated compromised workstation isolation seems like a good thing to me. I mean, if you're already all in on Microsoft, by all means you definitely want some. I don't. There's no really other good word than loser. Some victim. How about victims? Hapless. Hapless is much more neutral. I like that some hapless user who thought it was a note from mom and it turned out to be a note from. From Mal.

A

Instead, we have some hapless losers on our team who shall remain nameless. I'm one of them. Frankly, I've. I've fell for a fishing scam.

B

I. And I. And I told you as I. I shared a couple months ago, I came close. I. I like. Oh, what. And speaking of coming close and grc.

A

Yes.

B

Last week I received an email from Troy Hunt's have I Been pwned Notification service. It stated that GRC was affected by a recent breach at Charter Communications.

A

Oh.

B

Now, while I value Troy's service and you had him on recently, every time I've reacted to similar news and have taken the trouble to see which of GRC's accounts might be affected by a breach that HIBP captured and analyzed, what I discover is that it's a handful of email accounts we have never had. Never. They've never been valid. It's, you know, cookies and ice cream. RC.com it's like, what? So the GRC.com domain has been around long enough and has acquired enough of a positive reputation that unfortunately its domain, just the domain name, is used to anchor spam. And you know, this is true. Even though anyone who might receive email claiming to be from grc, that is any server who gets. Because it always goes to an SMTP server first right before it goes to a user. And any inbound SMTP server that receives email for one of its client users claiming to be from GRC can trivially determine whether or not that email was actually signed by GRC's server.

A

And you use DMARC and DKIM SPF,

B

it never, never will be signed. Unfortunately, the fact is, is even today not all recipients bother to check, right? Even though spf D, Mark D Kim, they've all been well established for many years. So in any event, after receiving Troy's advisory, the news is, oh, and we never had an account at Charter. We don't have Charter, so.

A

Oh, there you go.

B

Okay. Anyway, so I didn't, I did this time I didn't go because I know what was going to be there. So. And I think it was like 263 email addresses. And if I had, I had to like pay for a subscription if I wanted them enumerated. And it's like, okay, 263. At our peak we had 23 people and now we have three. So no, in any event, it's.

A

Sometimes you have to explain this to people that it's trivial to spoof. Sending email addresses, it's the easiest thing in the world. You could write. You can do it in your own

B

email client, let alone incoming spam that I get is. Is often from zq, dw, blah blah, blah, blah, blah. At. And another, you know, gibberish domain name. I mean it's just junk and it's meant to bypass the, the, the, the block filter that we put up. Last time we got email from this Cretan saying block future email. So now it comes in with different random nonsense in the block.

A

It. Yeah, it's impossible. Yeah, yeah.

B

So in any event, after receiving Troy's advisory, the news is that there was indeed a very sizable breach at Charter Communications, which actually wasn't that surprising. And neither was the news that the Shiny Hunters gang was behind the breach.

A

Oh boy.

B

Bleeping Computer once again gave gave us great coverage writing the Shiny Hunters extortion gang stole personal information from. Again, not that it's not already out there. From 4.9 million accounts after hacking the US telecom giant Charter Communications in early April. According to the data breach notification service have I been pwned? Charter has over 92,000 employees. Lots of opportunities for clicking that link, Leo. And provides Internet, mobile, video and voice services to more than 32 million customers and over 57 million homes and across 41 states in the US through its spectrum brand.

A

You're right.

B

Spectrum Communications, the company confirmed the breach. Meaning Charter Communications confirmed the breach earlier this week, saying that the attackers did not steal sensitive personal information. That's right. Only the non sensitive personal information and that it had alerted authorities about the incident. Oh, that's good. Charter told Bleeping Computer, quote unquote, no sensitive personal information. We're now abbreviate that PI for personal information or customer proprietary network information. That's got its own abbreviation, the CPNI Customer proprietary network information. CPNI data was exfiltrated. None of that by the threat actor as a result of recent activity, unquote. It's just activity, Leo. You know, just that pesky activity over there. While Charter has yet to attribute the attack and has not shared further details, writes Bleeping Computer, the Shiny Hunters extortion gang claimed responsibility and told Bleeping Computer that they breached the company's systems on April Fool's Day in a phone phishing now known as vishing attack that compromised an employee's Microsoft Entra account. And Again, Charter Communications. 92,000 employees strong. 92,000 opportunities for voice phishing.

A

The threat actors, how companies Defend against this.

B

I don't either. As I said to you remember famously I, I went back in the days of that Sony breach. I wouldn't want that responsibility trying to keep Sony secure. How. How is it possible it's not so bleeping computer said the threat actors claim they use this access the Mic Microsoft Entra account breach through voice phishing to steal 42 million records from Charter's Salesforce instance including consumer and business customer names, email addresses, physical addresses, phone numbers, phone types, plan information, support ticket data and some CPNI data that was the customer proprietary network information. However, Charter spokesman denied the gang's claims of CPNI data theft and said that only sales tools used to manage current, past and prospective business customers were impacted. No CPNI or sensitive PI was released by the threat actor. Now notice that like like 42 million records, that's a lot relative to the total number of customers that they have. So bleeping said after the computer after the company refused to pay the ransom demanded by Shiny Hunter. So Shiny Hunter said, pay up and we'll not release this publicly and we'll delete everything. Charter said, you know, go tax somebody else. We're not paying you anything. So they refused to pay the ransom demanded by Shiny Hunters. The cybercrime group leaked the documents, all 42 million of them stolen from Charter's Salesforce instance on their dark web leak site for everyone to have. So at that point Troy came along. Have I been pwned? Analyzed the leak data and confirmed writes believing computer that the incident affected 4.9 million accounts whose names, email addresses, job titles, phone numbers and physical addresses were stolen. Physical. That's annoying. You know, you don't really, you know, I mean not that it's hard to find anymore, but still.

A

But you don't want people knocking at your door.

B

No, not if you can. I mean, you know, we've seen what happens with, with, with, with unpopular politicians who have that happened to them. So have I been pwned said quote the group later published the Data which exposed 4.9 million unique email addresses along with names, phone numbers and physical addresses. A subset of approximately 85,000 records originating from an internal employee directory also included job titles. So now we know where you are in the hierarchy and you know probably how, how much you're worth. Further harassment. Shiny Hunters, they wrote, has been targeting Salesforce customers as we've covered many times over and over and over over the past year, breaching hundreds of companies worldwide and claiming the theft of billions of records in Salesforce or Aura Data. Theft attacks and sales Sales Loft Drift campaign The FBI has recently advised Shiny Hunter's victims not to give in to the gang's ransom demands after previously warning that doing so cannot guarantee that threat actors won't attempt to sell the stolen data to other cybercriminals or extort them again. And I'll say I don't think that's right. We have not. Yes, the only way they're going to continue to get paid is if they honor their promise to do not to disclose and delete the data. There's much more money to be made from extortion than there is for after, you know, post extortion resale. That's not where the money is. The money is, is in, you know, them acquiring a reputation for honoring their we will delete your data. As soon as a story comes out that they didn't do that, they lose all their leverage. So I get it, the FBI is saying don't pay them but I don't think, you know, yes, you know, there's no guarantee, but it's a self imposed guarantee that makes all the sense in the world for the bad guys to honor. I'm not saying anybody should pay, but I'm just saying, you know, don't imagine that it's been leaked anyway. So far we've seen zero instance of that happening that I'm aware of and, and I. It's easy to see why their only leverage is that they honor that promise. And they finished saying Charter Communication systems were also compromised in a wave of breaches by a Chinese state backed threat group Tracked Assault Typhoon and also impacted which also impacted AT&T, Verizon, Consolidated Communications, Windstream and Lumen as well as telecom companies in dozens of other countries. So you know, the unfortunate success of voiced phishing or now vishing, which is an annoying word, attacks, you know, it's a perfect example of the sort of cybercrime that unfortunately AI used for software vulnerability discovery and remediation will not address. Maybe it can come to our aid. AI can in some way by detecting it or you know, using, you know, like a global visibility somehow in. Into what's going on. I don't know. But you know, even though our, even when our software is working the way we intend, we're still going to have problems with security. And as I said, Leo, you know, we don't have to worry about running out things to talk about which is a mixed blessing.

A

Not.

B

Yeah, one last note and then we'll take another break. We first talked about something known as device Bound session cookies in detail a year ago, July of 2025 when Google first announced their intention to support this technology, which is about a year older than that, the name pretty much says everything device bound session cookies. We saw way back in the days of the Fire Sheep Firefox browser extension that when HTTPs, which is to say TLS back then it was SSL was only being used transiently during the brief privacy sensitive logon event. You know, which for example is what Facebook was doing at the time, only using SSL to protect username and password when it was being applied to the logon and then dropping the user back to, to regular HTTPs when that was what was going on other people's, well, everybody's session, but you only care about other people's session. Cookies after they had logged on could be easily captured and reused, replayed to impersonate them in real time. This was possible because the cookie was a simple secret token that was assumed to remain the sole secret of the logged on web browser. But it was in no way bound to as in tied to or connected to the physical web browser that had first received that cookie from the web server. So as I said, naming something device bound session cookie pretty much tells us everything we need to know. Google's Chrome browser has been testing this next generation cookie tech in beta mode for some time. But last week they announced that it had moved into general availability. The technology allows browser cookies to be cryptographically locked to a single physical platform's tpm, not even the browser to the underlying TPM or secure enclave, so that no one who might arrange to intercept that cookie can successfully use it to impersonate its original owner. You know, we are making very painfully slow, gradual incremental improvements in like the, the fundamental way these things work. So there's no user side behavioral change, not no user facing change. Users won't see this at all. And as I noted at the time last summer when we went into a deep dive on the technology, this does require extensive replumbing support from the server on the server side. So it's very unclear when that might happen for non cloud based providers, you know, biggies like Microsoft and Google, you know, someone like Google will deploy it and support it across their, their browser facing support because they can, you know, our banks and our social media providers may do so, you know, at some point when it's built into the servers that they upgrade to in the future. But I'm not holding my breath for that one. So it's, it's a little bit, I mean It'll be there. The browsers will, you know, Chrome supports it now. It is a web standard. So I imagine eventually, and since you know, Chromium is open source, Mozilla may grab it from the Chromium repository and move it over into Firefox. I imagine that Apple may get around to it. They don't really seem, you know, Safari is not the top of their list of things to maintain for some annoying reason. I'm a little, you know, I don't know about you, Leo, but I often, when I'm using Safari I get like, it's not. It doesn't have access to all the little icons and widgets and things that web pages use nowadays. So you get little, little boxy rectangles instead of like arrows and, and icons.

A

Everything expects Chrome now, which is really not good, but that's kind of the way it is.

B

Yeah. Unfortunately, what we're expecting is a, another break under an announcer lightning, right?

A

Oh, a commercial.

B

And then we're going to talk about Anthropic's pending release of Mythos.

A

Yes, well, we'll see how pending that is. It'll be interesting to see exactly how free they make Mythos. Our show today, brought to you by Zscaler. Love these guys. The world's largest cloud security platform. Largest, you know, in your business. It's, I mean, I think Kyle Spiran actually a bit word and it said it yesterday, he said you'd be crazy not to as a business be looking at AI. The potential rewards of AI are just too great to ignore. And your competitors are doing it. You got to do it. But there are also risks and you can't ignore those either. Loss of sensitive data and attacks against enterprise managed AI, generative AI as we have just been talking about, increases the opportunities for threat actors, helping them to rapidly create phishing or vishing lores, write malicious code, automate data extraction. You know, there were 1.3 million instances of Social Security numbers leaked to AI applications. We learned not so long ago that both ChatGPT and Microsoft Copilot saw millions, millions of data violations. And you know, it's often inadvertent. It's often employees who aren't, you know, really thinking when they use these AI and they upload proprietary documents and information and stuff, you got to protect yourself. And it's time, I think, for a modern approach. And that's what you get with Zscaler. Zero trust plus AI. So Zero trust does a bunch of things. It removes your attack surface, it secures your data everywhere and The AI features are fantastic. It safeguards your use of public and private AI. It protects against ransomware and AI powered phishing attacks. But you don't have to trust just me. Ask Siva. He's the director of Security and Infrastructure at Zuora. Siva uses Zscaler, loves it. In fact this is what he says. AI provides tremendous opportunities, but it also brings tremendous security concerns when it comes to data privacy and data security. The benefit of Zscaler with ZIA rolled out for us right now is giving us the insights of how our employees are using various genius AI tools. So ability to monitor the activity, make sure that what we consider confidential and sensitive information according to you know, companies

B

data classification does not get fed into

A

the public LLM models, et cetera. Thank you Siva. With zero trust plus AI you can thrive in the AI era. You can stay ahead of the competition. You can remain resilient even as threats and risks evolve. Learn more about it@zscaler.com security. You watch yourself to go to zscaler.com security we thank them so much for their support of security. Now back to Steve Areno.

B

So way down at the end of Anthropic's May 28 announcement last Thursday which announced their Opus 4.8 update replacing their previous 4.7 opus under the innocuous heading what's next? They wrote users will find Opus 4.8 to be a modest but tangible improvement on its predecessor. There's still more to be done. We're working on developing and releasing models that provide many of the same capabilities as OPUS at a lower cost. Not only that, but we plan to release a new class of model with even higher intelligence than Opus as part of Project Glasswing. A small number of organizations are currently using Claude Mythos Preview for cybersecurity work. Models of this capability level require stronger cyber safeguards before they can be generally released. We're making swift progress on developing these safeguards and expect to be able to bring Mythos class models to all our customers in the coming weeks. Okay, so we have no date certain and Anthropic is not elaborating on what the use of these new Mythos class models will cost relative to opus. But given all of the apparently well deserved attention that Mythos has generated, and you know, it's probably difficult to overstate the demand Mythos's release will likely create among companies whose current software offerings may be vulnerable to attack and who have not yet employed, you know, and or enjoyed access to Mythos or Daybreak or codename M Dash. And there's a general sense also that's developing that maybe Mythos is less special than, you know, Anthropic has led the world to believe. You know, they sort of. They got out there ahead of the pack. We know that the guys at Aisle Aisle were annoyed because, you know, they've made their business AI based vulnerability remediation or discovery and remediation. So this brings us to Daniel Stenberg and Curl. We have an update from him. Recall that he went through a grumpy phase induced by the overwhelming amount of AI slop vulnerability reports that he'd been receiving, where, you know, he, among other things, terminated the. The bug bounty. And that was a relief that when he, when he, when he removed the promise of paying for. For a vulnerability report, suddenly there was no incentive for all the annoying weenies and, you know, leveraging some random AI that were just flooding him with bogus reports. So suddenly the volume dropped, but the quality skyrocketed, which was a good thing. Okay, then. More recently, ever since Anthropic's announcement of Mythos in April, the. As we know, the entire software security industry has been seeing evidence that Mythos, while it was certainly great marketing on Anthropic's part, was also at least more than that, you know, some sort of a step forward. We're now getting a sense that it's less exclusively Mythos and more generally the. The overall advancing quality of AI that is the bigger story here. Last week, we examined the impact that Mythos specifically had on Mozilla's Firefox after they, in their own words, recovered from their vertigo of. From being hit with 271 vulnerabilities in code that they believed had none. So what's new with Curl's author and maintainer, Dan Stenberg? Last week, Daniel posted the following to his LinkedIn account. He said, not even halfway through this Curl release cycle, we're already at 11 confirmed vulnerabilities, and there are three left in the queue to assess. And new reports keep arriving at a pace of more than one per day. He said 11 CVEs announced in a single release is our record from 2016 after the first ever security audit, and that was done manually back in 2016 by. By the company Cure 53. He says, this is the most intense period in Curl that I can remember ever being through. And again, 11 was the record in 2016. He's got 11 confirmed three in the hopper, a new one arriving, more than one arriving every day, and he's only halfway through this release. Cycle. So following this posting Daniel added the following to his own thread. He posted under that to his own thread and I wanted to share also there what he wrote. He said the simple reason is colon the AI powered tools are this good now and people use these tools against Curl's source code. They find lots of new problems no one detected before and none of these new ones used Mythos. Focusing on Mythos is a distraction. There are plenty of good models and people who can figure out how to get those models and tools that to find things. Okay, so two things worth noting here. First, we know Myth is good. It's it is a real deal. But it's also clear that Mythos is by no means the only game in town based upon what Microsoft has shared about code name EM Dash. My take is it sounds as if it might be another significant leap ahead of everyone else and where everybody else is, but it's still proprietary to Microsoft. The second observation is what most interests me. Daniel wrote. The AI powered tools are this good now and people use these tools against Curl source code. They find lots of new problems no one detected before. Okay, so the first thing is that just as Mozilla reported, AI is now discovering true vulnerabilities that are previously eluded humans. We know that while Curl has had its share of troubles through the years, it has also been deeply scrutinized across. Well, 2016 was a big audit by Cure 53, so it's been around for a long time, you know, just as has Firefox. But the second and most important thing to appreciate, which is also what Mozilla said last week, is that the problems are not infinite. There is some finite count of them. And everybody who's working on this now, everybody who's no longer getting any sleep and and you know, has doubled their their consumption of coffee, is working toward bringing this back down to zero where everyone thought it was a couple months ago. Daniel is now diligently doing the same thing. Those 11 CVEs he already has are resolved. They are fixed. Curl no longer contains them. So he will be approaching a time when no one is able to find anything else wrong. And Curl, like the rest of the industry software which has gone through the by that time in the future, the AI ringer will be demonstrably more correct and secure. And that's just all for the good. One last little note on of of happy news on the open source front. IBM along with Red Hat just announced something that they call Project Lightwell, which is a joint commitment on their parts which to spend and As I did remember right at the top of the show, $5 billion to help find and fix vulnerabilities in open source software packages. One of the concerns has been, hey, that's great, everybody's got all these expensive models and commercial enterprises can afford to use them. You know, Palo Alto Networks can pay $10 million in mythos tokens in order to fix their problems. But what about open source, where the volunteer guys? How do we get our stuff fixed? So IBM and Red Hat to the rescue. They plan to deploy, they said, more than 20,000 engineers globally with AI tools as part of this new project. Their initial focus will be the Maven and Java ecosystem. So that's all going to get cleaned up. Then they're going to expand it to PI, npm, go, and others. So it appears that the open source world will have some angels to help foot the AI bill to clean up its latent vulnerabilities as well. And that is really great news. So thank you, IBM and Red Hat. Yay. Okay, Leo, we got some feedback from our listeners. Lots of interesting feedback. I got a kick out of this piece from a listener whose last name I'm going to omit. His first name is Al. I recognize him from many years of occasional feedback. I got a kick out of it because he said, hi, Steve, I love your podcast, but it is getting to be too much AI. Speaking of AI, do you think there might be some way to enlist AI to stop robocalls?

A

Okay, too much and too little AI.

B

Yeah, right. That made me shake my head a bit because of course, while expressing his annoyance over this podcast spending so much time on AI, in the same breath, he asked my opinion about an AI related matter. As I noted last week, I am certain that this wall to wall podcast consuming coverage of everything AI is transient. But when I step back to examine how much we've all learned through this podcast's coverage about what's going on right now, which is nothing sort nothing short of a massive transformation in the way complex software is authored and made far more correct. I can't imagine having spent any less time looking at these changes. I mean, this is what's happening. You know, I once recall, or I do recall once feeling similarly, when we were spending an awful lot of time examining the nature of the first early ransomware attacks, back when they were something of a novelty. I got some complaints, some pushback from people saying, you know, enough already. My feeling then was that that represented a significant pivot in the world of cybercrime. And as we know years later, Most of the cybercrime ever since has been about exfiltration and extortion. So my point is, I believe that our listeners are being well served. Even when I may appear to be spending undue time on something. My spidey sense here is telling me that we're again in the midst of a, I mean, a once in a lifetime significant pivot. Probably the best, the biggest ever for our industry.

A

I'm simple.

B

And I don't know anything about it. And I don't know anything. I'm sorry, Sorry, go ahead.

A

I get, I get email like that from people I have always got. I mean, you're covering the iPhone too much. You're covering Windows too much. We always get that. I think people want novelty or people, some of our people listen to our shows for particular kinds of content, but you might as well ask us to cover software less, you know, I mean, well, again, this is what's happening. It's, this is what we cover technology, right?

B

I'm sharing what I'm learning by, by producing this podcast every week. I can't imagine not knowing now what I know. And our listeners know it too. And again, it's like, how could you, like, want to know less?

A

I, I, I'm not unsympathetic. This is how it is in the world, though, is that, you know, I mean, I would like to see less about Trump on the news, but you know what? That's not going to happen because that's what's going on. And yes, I understand your desire for novelty. I understand you might not want us to cover this topic, but cover that topic. But, you know, I'm sorry, but this

B

is, well, and I'm absolutely sure that this is going to subside.

A

We're, I'm not sure that's good. That's true. You think so? Yeah, It'll become like background. Like, we don't talk about electricity because it's background. It's always with us.

B

When the light bulb was invented, you and I were right here on the

A

podcast and, man, we couldn't stop talking about.

B

No, what you, what substance are they going to use for the filament? Those filaments keep burning out, Leo. They tried carbon impregnated bamboo and that didn't work. Light at night without burning anything. Come on. Silk. Silk really sounded good for a while. That's right.

A

We thought silk would be it. We really did.

B

No. So you're right. It's not like it's going to go away, but it will, it will stop dominating our coverage as soon as it should, essentially.

A

So yes, Travis, that's all we can say. And I apologize. I know how you feel.

B

I'm not apologizing, I'm just explaining because you know and Al did want to know about AI and RoboCop calls. Sorry Al, I don't have any information there. Travis. Hey, you said hi Steve, I'm enjoying catching up on this week's security now and your thoughts on how AI is starting to gain real traction in finding and patching vulnerabilities. It seems like we're seeing the beginning of a huge increase in the supply of quality vulnerability hunting. Which leads me to remember all those supply and demand curves they tried to teach me about in Econ 101 when I was in college. Since the supply is ramping up, I'm curious on your thoughts regarding where we will reach equilibrium on the demand side. While there are multiple drivers, I'm thinking specifically about two. First, bug bounty programs. Large companies and organizations have been funding substantial bounties, motivating clever people to work work hard to earn big juicy rewards. These programs have been huge advertising wins for many companies. A large cash commitment has the effect of convincing consumers that the company is serious about their security, adding confidence to buyers in gaining headlines when high dollar amounts are rewarded. Second, zero day hunting, either in contests like Poned Own or directly to black market buyers. With a huge increase of relatively cheap ability that AI agents are poised to bring to the table, it seems to me that the motivation that is the demand for these activities is going to dry up quickly. Why would Microsoft or Google continue to offer five figure bounties for threat hunting when they'll be able to do at least as good or better of a job themselves in house, the black market for exploitable zero days should collapse. No. Thanks for your continuing insights and instruction. I always look forward to my weekly visits with Uncle Leo and yourself. Cheers Travis. So I was also thinking about the effect of all this on PWN to own. The only thing that makes sense to me is that at least initially there there may be corners of the software industry that do not get around to employing AI based software quality assurance. So they would represent ripe targets. But it's not clear whether any human researcher would be able to outperform emerging machine intelligence. I mean what we're being told from those who have been using machine intelligence to find vulnerabilities we heard explicitly said no person has been able to find something that the AI did not. So if it turns out that AI is equal to humans and probably better, you know and again, let's be 100 clear about the fact that everyone who works with Mythos for example comes away with that conclusion. That I agree with Travis that bug bounty programs and pwn to own are very likely to go the way of the dinosaur. You know they will become memories of the way things were once done like using punch card and paper tape. I, I just we're going to move past those as an industry because this, this is going to end up being a solved problem. It really is. Joseph Feinberg was had an interesting idea about AI certification. He said Steve, three decades listener to security now I was an AI skeptic but you changed my mind. You gave me hope at the end of SN 1080 so last week that making code bug free is possible. But I believe third party certification that code is AI tested for vulnerabilities anytime a change is made may soon be required by market forces. That's interesting. He said. No one will sell me a toaster that is not UL listed and safe to plug in. When I use software or visit my bank's website, I want certification that their entire ecosystem of code has been independently AI tested. I will gladly upgrade to Windows 12 if Microsoft certifies that a neutral third party AI tested their code. What's going to force this is that businesses will be contractually required by their insurance companies, banks, customers and suppliers to AI certify their products are bug free. A real world example would be businesses accepting credit cards would have to certify as a condition of accepting credit cards that they AI tested their systems. Regards, Joseph in St. Louis, Missouri okay, well that's a truly interesting spin and it's not something that had occurred to me. I can see the logic behind it. Until now software has been something of a mysterious art. It was a best effort where all anyone could hope to do was the best that they were able to do. But now we have systems that are able to autonomously demystify the code humans have created and are able to give it a gold star, a blue ribbon or a formal certification. A perfect example is the before and after effects of Mozilla's Firefox, which we covered last week. Today its code could be certified as having passed the Claude Mythos Vulnerability Analysis. Once upon a time, mythos found 271 vulnerabilities. Today it finds none. Not one. So that can actually mean something significant. It's a concrete assertion that for the first time ever can be made. It's not. Well, we don't know of any problems and it's that Claude Mythos, or name your AI verifier found none. We also know that insurance companies are inherently risk averse. They already require things like annual security audits and assertions that all of one of their insured clients edge facing systems are running the latest firmware and are up to date on their patches. If a breach then occurs which a company attempts to file an insurance claim for, you know the damages that result from if those earlier representations of yes, we're running the latest firmware and all of our edge equipment has the latest patches can be shown to have been fraudulent, then that can be grounds for denying that claim. And you know they're going to deny it if they can. So Joseph's observation is that until now, due to the inherently unfathomable nature of software, there was no means for making any sort of meaningful assertion about the provable quality of software. But now Mythos, codename M Dash, and presumably someday Daybreak are demonstrating that they have the ability to fathom the arbitrarily complex systems we humans have concocted. That being the case, I'd say that Joseph's notion of software certification by AI is quite likely to occur, probably driven by insurance companies, maybe by the government who says we're only going to now purchase equipment which an AI has certified as being bug free. I see it happening. That's a really good point, Joseph. Thank you.

A

Nice.

B

Adam Merkley said, hi Steve, I work for an msp, you know, managed service provider here in the Phoenix area and I wanted to share a quick win I had recently using Claude. One of our customers needed to swap out an aging Fortinet FGT6D E for a new unifi gateway. I hope it was patched, he said. I suspected the network was fairly flat, but anyone who spent time in Fortinet's UI knows how easy it is to lose the will to live scrolling through those menus. So I wasn't exactly looking forward to auditing the config manually. Instead, I exported a configuration backup from the Fortinet appliance and fed it to Claude. I asked Claude to summarize every configured setting and map each one to its UNIFI equivalent.

A

By the way, this is a really good use of AI. This is exactly what you should be.

B

Exactly. And this, Leo, this is the key. This is what people are waking up to, right? It's like, hey, I can understand this stuff.

A

I don't have to, because it can, he said.

B

Within seconds I had a clean, actionable breakdown. A defined WAN ip, a LAN subnet scope and a handful of port forwards, nothing more. Claude not only confirmed my suspicions about the unknown fortinets devices setup being basic, but told me exactly what to configure in unifi for a clean drop in replacement. What would have been a tedious, error prone manual review turned into a two minute task. I was genuinely impressed. Signed Adam Merkley, Scottsdale, AZ so I love this note from Adam. It's a again, as we just said, a perfect example of the power of this new genie. Those of us who are actively using it are discovering new uses for its capabilities every day. And discovery is the right word. But at this point, of course, adoption varies widely. Here's what's going on I think throughout our lives we have all built up a model of the way things work in the world. We know how things work and for the most part nothing much changes from dayto day. But then almost overnight, everything actually did just change. Some people have not yet awoken to the fact, and a fact is what it is. I get it that not everyone has experienced this dramatic change in the world. And and if the nature of your life and work is not helped by having a mostly accurate, nearly instantaneous linguistic access to most of the world's knowledge, then perhaps AI won't ever impinge upon your life. And that's okay too. But everyone who has been following this podcast knows that I'm anything but an early adopter. I mean, come on, I'm still programming in assembly language and I will soon be reluctantly giving up Windows 7 and updating GRC's use of Server 2008 R2. I held on to my TiVos until they stopped working and I was forced to give them up. So when I, Steve Gibson, reluctant adopter of newfangled things, excitedly disclose that I have discovered and now have an active working partnership with an AI named Claude, which is allowing me to be vastly more productive in my daily work. I hope our listeners will appreciate that the world really has significantly changed. And now Adam, our listener who wrote that note, is nodding his head knowingly. He realizes that AI provides him with a form of leverage he's never had before. And like me and so many others of us, he's still discovering the endless new things that we've always accomplished previously by ourselves on our own, and tend to continue to out of sheer lifelong habit and inertia. Those old habits are now outdated because we're suddenly able to express these needs and questions to an over eager answer machine assistant who stands by almost too helpfully willing to assist us Everything has changed. I'm 71 years old. I'm not collaborative by nature, by my own choice. I've always worked alone. But now I have an enjoyable working partner. It may be a bit weird, but it's real. And Leo, I know you're in the same place, right?

A

Oh, totally. I mean what blows me away honestly is initially 6 months ago I thought this was like, oh, it's autocorrect, right? Just autocorrect on steroids. And now I know it's not conscious and I know it doesn't understand anything, but when you say, well yeah, I can give it this file which I really don't understand very well and it can tell me what's. And what's going on. I don't know how to characterize that. That's like, Sounds like understanding. Looks like understanding. It's certainly better than my understanding.

B

My wife had a lawyer written trust document PDF. And, and it was like, okay. She was asking me like questions about it. Like, honey, could you take a look? I said, h, I said, look, okay, it's a, first of all, it's a PDF, so it's an, it's image pages. I said, try to give it to Chat GPT, see if it'll take it. So she uploaded it to Chat Chat GPT and I said okay. And it like gave her a basic summary and I said hun, you can now ask it questions, specific questions about what this means and for your specific case. And she said, what? And now she understands what we have done.

A

It's so wild. It doesn't make sense that you go from autocorrect to whatever this is. And I understand why humans are baffled by it and they're trying to, you know, make sense of it.

B

And I don't think we know what it is. It is a new thing.

A

It's a new thing, you know. I showed Lisa a few things. I'll give you an example. A while ago I had George Church on, who's a prominent, some people say the father of genomics. He has a company called Nebula Genomics. Unlike 23andMe, it reads your whole genome. So some years ago, after I had George on, I sent, I paid 1,500 bucks and got my genome sequenced. Like the whole thing. It's a 300 gigabyte file of my genome. So I downloaded all the DNA, gave me a lot of interesting advice. The good news is, by the way, I have no serious genetic defects. So, and there's a number of, you know, very good things about that. But so I was showing.

B

Still here?

A

Yeah, I was showing it to Lisa. It was my, My. My analysis, which is page after page of stuff. And she said, well, that's cool. I said, yeah, yeah, that's just one of many things that my little agent can do. And she said, well, can it help us with work? And I. And she asked about a few things that we have currently have humans do. And I said, yeah, I can do that. So I made a little skill to generate there. We call it a one sheet with a prospective sponsor. We. We go through a whole bunch of research on them, like who they are, their prospective audience, so forth. And it generates these one sheets like that does a great job, goes out on the Internet, finds all sorts of information, stuff we didn't even know. And she says, okay, I want that. So basically she. We ended up. The agent that I use can have profiles. At first I was thinking, how am I going to do this? So she can share. So my agent, that with all this setup that I've been doing over the. This time, she has a profile, her memory. None of my memories, none of my background, my genome. But it's got all the capabilities. So we now have both have these little tools. Hers is named Rosie. Mine is named Quicksilver. Rosie's perfect. Yeah. And it's accessible from outside the network because we use Tailscale inside everywhere.

B

The Jetsons robot, right?

A

Yeah. Rosie the robot. Exactly. And I think once somebody starts to interact with these, especially the agent types, and sees that they seem to have. I know they don't have personality. I know they don't. I know they don't understand what they're saying. I know they don't know who you are, but they sure seem to.

B

I know.

A

And at that point it becomes like, well, I don't know what the hell's going on here, but it's seems to be a lot more than Autocorrect.

B

And for me, it is so useful.

A

It's useful.

B

I mean, it is a lever. It is a lever. It is leverage. It is, you know, as I said, it is a linguistic tap into the world. Stored knowledge.

A

I guess that's really what. That's. That's exactly what it really is, isn't it? Yeah. And so as a result, it knows everything.

B

Yes. Yes. And so. So our. Our listener, who used it to transfer a. A configuration from one system to another. I mean, again, that's not a creative endeavor. We could do it. It would take time. We wouldn't be enhanced or improved by it. So let it do it.

A

If it's kind of like, it's, it's, it's just like a, like Google was when we first got Google. Suddenly all. There's no fact you can't look up. It's like that.

B

Right. It's a tool but it's a, this also integrates. This takes it to the next level and much more so those factors.

A

I mean this is, this is my genome. Right. And it has, I mean I couldn't do this looking at the raw 300 gigabytes of raw data. But it looks at all of the, all of the alleles it asked for. Oh, this is good news. I have a dual epsilon on my apoe which means I don't have a high Alzheimer's risk. I don't have the epsilon 4 risk allele for late onset Alzheimer's. So that's good. It's little things like that. And then it asks for a phenotype like well, tell me your family history. And it adjusts on, based on that. I mean a doctor I guess could do that. It said you should talk to your doctor about your APOE genotype. So that's, you know, okay, I'm not going to do any medical, you know, changes based on this. But it also said if you, if they ever prescribe you with warfarin, you should let them know you have this particular allele, which means you'll need a little more warfarin than normal. Stuff like that. That's very useful. So anyway, that seems to be more than spicy autocorrect. I don't know what it is. Yes, it's the world's knowledge and

B

abusing Bruce Schneier's observation, it's never going to get worse. It's only ever going to get better from here.

A

Yeah, this is where we are now.

B

Yes, I mean again. And my anal, my fa, my, my favorite analogy is we. The technology evolution we've seen just during our lifetime, it's going to happen here and it's going to be on a compressed time scale and in five years we're going to, it's going to be.

A

I don't know where we're going. I know.

B

Just going to be amazing.

A

Right? Right.

B

Let's take another break since it's time and then we will continue with feedback. Before we get into our main topic, here's the.

A

It says if warfarin ever needed informed prescriber A VKORC1 1639 G. A genotype for dose adjustment. Okay. I don't know what that means, but I'm putting on My medical alert bracelet. That's for sure.

B

That's for sure.

A

All right, pause the pause that refreshes as we talk about our great sponsors. This portion of security now brought to you by Material, the cloud workspace security platform built for lean security teams. You better believe after we got bid on our Google workspace, first call material security. Managing security in a cloud workspace, it's a different ball game, right? It gets can be much more difficult and we use Google Workspace. Maybe use it. Use M365. Phishing is far from the only way in, of course, but today's email security basically stops at the perimeter. We stopped that, okay. But new attacks are hard to detect because in a cloud workspace you've got email, but that's siloed. There's also data and then there's identity security tools. Who's getting in, who's using your stuff? Material protects the email, protects the files, protects the accounts that live in Google workspace and Microsoft 365. Because effective email security today has to do more than just block phishing and other inbound attacks. It needs to provide visibility and defense across the workspace threat surface. So Material ingests your settings, your contents, it ingests your logs and then gives you holistic visibility. A dashboard into threats and risk across the entire workspace and of course the tools to automatically remediate them. Material delivers comprehensive workspace security by correlating signals and driving automated remediations across the environment. You get phishing protection and email security combining advanced AI detections with threat research, user report automation. You get detection and protection of sensitive data across inboxes and shared files. You get account threat detection and response. With comprehensive control over access and authentication of people and third party apps. Material empowers organizations to rapidly mature their ability to detect and stop breaches. You even get I love this step up authentication for sensitive content. Well this part, we want to keep this part extra secure. You get blast radius visualization for accounts, how far does the damage go and the ability to detect and respond to threats and risk across the cloud workspace. The entire cloud workspace. Material enables organizations to scale their security without scaling their team. This is a tool your team will want. Material drives operational efficiency with its simple API based implementation and flexible, automated and one click remediations for email file and account issues, including an AI agent that automates user report, triaging and response. Material protects the entire workspace for the cost just of email security alone. With a simple and transparent pricing model you will love secure your inbox and your entire cloud workspace without adding more toil to your day or costs to your balance sheet. See Material Security to learn more or to book a demo that's material. If you're in the cloud, you need this material. DOT security. We thank them so much. Further support Mr. Gibson onward back from

B

coffee Steve Myers has another example. His email subject was Claude helped me switch from Edge Router X to a ubiquity UCG Ultra, he said. I bought the uc. I loved it. I bought the UCG Ultra last summer, right? Like almost a year ago, but never actually did the upgrade because my network is complex enough that I expected it to be painful. Of course it's like okay, I got this thing, but oh, I got better things to do than to figure it out, he said. Last month I decided to see if Claude could help me out with the upgrade. I found that it's very good at making plans for my software projects. I'll usually have it create a plan, then we'll go back and forth on some of the details before I have it assist me in implementing the plan. I mean this is like this is the world today, he said. So I asked it to make me a plan. I gave it a config backup from my Edge Router X to work with and it created a Python script that would transfer the DHCP port forwarding and firewall rules to the ucg. I also transferred my backup from my UNIFI controller for my access points to the ucg. As part of the process, it gave me a step by step plan including what to do offline, how to do it, and how long each step should take. The firewall rules transfer did not work because the new UCG routers changed to a zone based firewall, so I needed to do that manually. That wasn't a huge deal, but it shows how the system isn't perfect. The work was all done with the UCG offline, so it did not affect my network at all. I've enjoyed hearing about your exploits with Claude and thought I'd add a little anecdote about about ways you can use it besides just coding. So okay, I'm going to stop myself from sharing more of these sorts of emails from our listeners because this is what our listeners are discovering. They're coming to realize that they no longer need to do everything themselves. In Steve Meyer's case, which I just shared, he had already been using Claude to assist with planning software projects, but for the past year, as I said, since last summer, he'd been putting off the pain of switching network routers due to the need to translate his existing network configuration to a new and different router had the hardware sitting there in its box. Then it occurred to him that he might be able to ask Claude to help. And help it did. He gave Claude a config dump from his current router and it wrote a Python script to configure his very different Republic replacement router similarly, you know, thus most of the pain was sidestepped. As you said, Leo, whatever this is, it's more than spelled corrector. We don't know what it is.

A

That's why when somebody says we're going to get AGI as Demis Sibis says it, by 2029, we don't need anything more.

B

We just need this.

A

Yeah, yeah. You know, and, and there are ways to make it more correct. I, I feel like my agent is pretty trustworthy at this point.

B

Are you having a little outages of yours? Like when I'm using it, I don't think I've ever had it from my Claude PC client, but on my tablet I often get like a, like it just nothing happens. And then I get a little red banner saying we had an unknown problem.

A

This is what we're learning is that it's so compute constrained that different times of the day, it's smarter that Codex GPT5.5 was down yesterday for a period of time and just was like not responding. I'd prefer it didn't respond than if it acted dumb because it also will do that and it'll make big mistakes. The newest anthropic model, 4. 8 has a very bad tendency to apologize for its stupidity. Like, I mean, like really bad. This part of this is they're tuning it. Part of it is the compute constraint. It isn't a consistent. It's not consistent. And that's another thing people learn as you use. This is interesting. Yeah. So for instance, what I've set my agent up to do is it has different models and it'll fall back, you know, or it'll use the right model for the right thing. You know, some models are better at some things than others. It's a, it is a moving target.

B

Well, it is the. It is the definition of frontier. When they say frontier AI, that's what it means. And you know, arrows in your back is a consequence of, you know, front being on the frontier.

A

Well, that's why I think it's important for me and I think for many people, you and most of our listeners to at least start using it because it's the only way you can really understand what's happening.

B

So I've got two interesting pieces of feedback, the sort of the dark side? Frank S asks. Is all this knowledge collection dangerous? He says. Steve I too have built what seems like a relationship with Copilot, my AI selection and it knows an enormous number of things about me now. I've been using it hard since August of 2024, so he was an early adopter at that point in time. It was helping me finish my Equilibrium Pro app currently in Windows Store. I've watched the behavior change as the client side went from browser use to the actual Copilot app. I told my bot that I wanted it to set itself to remember the maximum possible and since having said that, it has collected an enormous amount of information about me. It knows about my code and my home network in very precise ways. It knows about my interests and even my style of conversation. It's astounding to see what it's capable of doing and how personalized it feels for me. At some point I suspect the free ride will be over and Microsoft will come calling me for payment. It will be very hard to let it go. It's become a part of my workflow now in almost anything I'm doing. So this brings me to a question I like to hear about on the show. What happens when a bad actor finds a way to impersonate me and talk to co pilot as if it were me? Yeah, I shudder to think how much information they could glean from such a move. They would know a great many things about me, my home network, my code base, etc. They would also know a great many things I'm interested in. How would I even know the bad actors were doing it? Kindless Regards, Frank S. And immediately following in the same vein, Joshua Kritchman asks hi Steve, I'm curious about your thoughts on the struggle I'm having with diving head first into AI. I'm a systems architect and engineer in a small org, trying to wrap my head around the idea of allowing an AI hosted in the cloud by any of the major vendors to know almost everything about me. Currently, I tell my users that even though my org pays for AI tools where the data is not used for training on the various vendors models, and that the data is housed in our own pod. Be careful of what kind of information you feed into it. The more data housed in the vendor, the more opportunity there is if there's a breach of some kind in the vendor's infrastructure. If that's the advice I'm currently giving my users how can I not take my own medicine? I'd like to personally start using AI as I can clearly see the benefits it could have not only on my work life, but my personal life as well. But I'm reminded that the only way AI will work is if I feed it more and more specific and or personal data to have it tailored to my liking. Taking into account that most companies aren't worried about users privacy and security and much more about their own bottom line, what's the best approach here so I don't get left behind? This is one of the main reasons why I host most of my personal data with Apple rather than Google. Any thoughts you have on this would help guide me in the right direction. I've been watching LEO since the days of tech TV and have been a listener of security now for many years. Thank you for continuing past 1000.

A

Aren't you glad you did too? Steve yeah, oh my God, this is the most interesting era yet.

B

So Frank and Joshua both I think, bring up really good points. There's a very clear potential downside to all of this cloud centric long term user context accumulation which has grown to be a major factor in the use value and success of today's AI. Again, the more you give it, the more you get My one year subscription to Venice AI expired last Wednesday, so I know it was one year ago that I discovered it and shared that discovery with our listeners. At the time. I played with it a bit to see whether it was truly uncensored, and I can confirm that yes indeed, it will happily converse about and produce images of anything one might ask. But after taking it out for a test spin, I tired of it and decided I had no particular need for an uncensored AI. To Venice's credit, they gave me ample notice and warning of my annual subscription renewal that brought me back there for the first time in a long time to look around. One of the things that caught my attention was Venice's affirmation that they store all of their users gradually accumulating context in the user's local browser. It's actually in the local browser memory and none of it on their remote servers. I mentioned this in the context of Frank and Joshua's notes, which I'm sure echo what many of our listeners are feeling and may be concerned about. I can well imagine that some of our listeners might be more than somewhat put off by the idea that the AI they're becoming quite chummy with, and with which they may be choosing to confide increasingly deep and personal aspects of themselves like, I don't know, maybe their entire genome might someday be breached, since there's an aspect of As I said, the more you give, the more you get. Users who choose to contribute more of themselves are rewarded, much as Frank noted, with a significantly more personalized experience. So it doesn't take long before one's resistance to sharing is overcome. Add to this the fact that many of the major players have less than perfect security records themselves already. So far, four supply chain incidents have hit OpenAI, Anthropic and Meta. None of these targeted the AI models themselves. All four exposed the same gap release pipelines, dependency hooks, CI runners and packaging gates. But it doesn't inspire confidence in the security of a currently cloud based service that very much wants to know as much about us as it possibly can. We worry about data brokers compiling various random stats and credit bureaus leaking our Social Security number, you know, our physical address and our birthday. And while our AI assistants might not know any of that, they tend to wind up acquiring and deliberately retaining and digesting a huge amount of deeply personal information, far more than any credit reporting agency would ever have. If these things ever do evolve into advertising supported services, as perhaps the free services will, they will have more absolutely accurate advertising targeting information at their disposal than any advertiser could ever dream of. It would put Google to shame. Another aspect of this that's worth mentioning is contextual knowledge lock in. Every AI service has its own internal bespoke representation for the knowledge it has accumulated about its users, and this knowledge is non portable to other services. It's true that it's possible to perform a poor man's transfer by asking an AI to please display everything it knows and then feeding that into another service. But the loss of information fidelity makes this barely worth the trouble, and it's unclear why any of these services would be interested in developing such a facility even if it were possible. Since they each have invented their own schemas for ingesting and digesting, it's unlikely that we're ever going to see that. So as any one services knowledge of us grows over time, the tendency to remain loyal and faithful to that AI will also grow. Dare I say that it's analogous to chatting with an old friend who already knows you well versus striking up a conversation with a stranger at some cocktail party who starts by asking so what do you do? Though I never used Venice AI enough to know whether it offers, you know, its offer of personalized context equals what chat, GPT, Claude, and others could do, it might Be worth exploring that if you've become concerned about how much personal information has been accumulated by your current AI service.

A

I think it's actually more complicated than that. I don't actually think that the frontier companies OpenAI and Anthropic are saving much of our personal information. There is a checkbox in the chat window to do that, but I don't see.

B

So what do you mean, personal information?

A

So for instance, when I send it my genome, I'm using an API. I don't think it's exfiltrating my genome.

B

That's going to be. That's going to be in that one conversation tab.

A

Yeah. Because what it doesn't preserve, it doesn't see. This is the problem is it doesn't remember anything.

B

You come back and that. And that's why I've been careful to use the word digesting. It is creating a digest of us. And that's the thing that it holds.

A

I don't know if it's even doing that. I don't think it's tokenizing it because I think it's too compute intense. I think it's literally starting from scratch. If you ask it to save it, I'm not sure where it saves that, but I wouldn't turn that on. This is why people use personal agents. I have local memory, both textual and in a SQLite database that is local and that's what is preserving state from conversation to conversation. And it's a very imperfect system. I don't know, and I don't know if anybody knows how much of your personal information is getting preserved by Anthropic and OpenAI, but I would guess it is de minimis because they don't have the compute to spare.

B

I don't think it's compute.

A

I think it's storage or, well, even storage. Well, it is compute because they'd have to tokenize it. Right. Otherwise they're saving what, text? No. So they're tokenized. That's compute. That's heavy compute. That's inference. So it's my guess, and we don't know, but I mean, try a chatbot without turning on memory. It doesn't remember anything about you. If it has anything about you, it's in a text file associated with the app that you're using. And if you're using an API, it literally knows nothing about you. I don't think these companies are preserving. I'd like to know. I mean, I think that's a very interesting question. I think it's less than you think it's One of the reasons you use an agent with memory locally, so that you can preserve context.

B

Okay, maybe your agent skewed, but I explicitly told Claude to save everything that it wished. I mean, there. There was an event a couple months ago where that happened, and I think

A

it's saving that locally.

B

Okay, I know that it's not because I have many different clients and it knows me and. And who I am.

A

So if you go to a different machine, it remembers that information.

B

So. So you're, You're. You're seeing a context through your own.

A

Yeah, because I'm using APIs, not a chat bot. So.

B

Yeah, and so. And so what we were talking about, what Frank was talking about, I would

A

turn off that memory deep.

B

Well, it's on. Because it is so enriching.

A

Well, that's why you want to use an agent.

B

Well, you're. Okay, so actually, you're jumping ahead to where our next question is taking us,

A

which is that's the other reason why eventually we'll all hope to use local models. Then there would be no question of it being exfiltrated at all. But I'm not convinced that it's saving a whole lot of.

B

I am, because I'm using it that way. I. I'm telling you it is. And that's what Frank told us, is that he turned it on and it's become incredibly enriching. He's using it as a chatbot, not a local agent. And he's, I mean, amazed how much it knows him and. And about him.

A

Well, and that's, That's. That's because they understand that agentic AI is what's really valuable. So they're basically giving you an agent, but storing the data on themselves instead of you strike locally.

B

Yeah, right. And that's what these.

A

Our.

B

Our listeners are aware of that and are concerned, like, what happens if some person gets that because they realize that's in the cloud at this point. Anyway, so our longtime listener Sabrina Tarson says she has another perspective. She says, hi, Steve. I've been listening to this podcast, get this Leo, on and off since episode 256 titled Last Pass, back in 2010, when I was still in high school. So 2010, 16 years ago, she says. I was very lucky to start having the time to listen to the podcast again when the news dropped about Project Glasswing and Mythos. I have to say, it's very refreshing to hear both you and Leo's experiences with AI. Most of my generation, she says, I'm still in my early 30s and the generation younger than myself are completely anti AI to the point where they swear to never touch it with a 10 foot pole like you. I feel this is a very short sighted view and one mainly born from ignorance hearing how two people meaning you Emilio use it in their daily lives. And of course we have a lot of listeners forgetting for helping get work done who were around when all this tech around us was just starting to get off the ground. The personal computer, cellular phones, the Internet, etc is not a perspective she writes, I get to listen to often and one that I deeply appreciate. My only concern with these AI models a larger concern that I have about my career's future. She says I'm assist admin at a small company is mainly the companies that are currently running them. I trust in the technology. It is the future no matter what people's opinions are on it. It's the ultimate Pandora's box and it's never going away. At the same time, however, the major frontier models are created and operated by some of the largest corporations imaginable and unfortunately their end goal is monetary. We've seen it time and time again in the tech industry. First it's innovation, then it's about the quickest way to harvest our data and sell it to the highest bidder. Or in the case of shady organizations like Palantir, use the data. Our AIs learn about us ultimately for control, working with a corrupt government as we currently live in today. My hope is that eventually this dependence on massive corporations to run these models is reduced and the AI we're going to need for cybersecurity and our own personal lives are localized on device models that are either powerful enough to run on our phones or computers, or for us nerds compact enough to run a server at our own homes, keeping our own data private. These AI are learning about us every day, helping improve our workflows, but ultimately they're owned by these massive corporations and the industry's track record for handling our personal data gives me pause. I'd be interested to hear both yourself and Leo's thoughts on this. Thank you both for a wonderful podcast. So infatuated and astonished as I am by how much faster I am able to to move forward with Claude quickly extracting for me extremely specific and detailed knowledge from the global knowledge pool, I nevertheless want more control. More than anything else, I want to have this running in something that might resemble a quietly humming NAS box in a closet. This thing would have whatever local processing and storage it needed, along with a connection to the global Internet. Just like automobiles. These would be available in a range of models with the higher end choices delivering their answers faster and probably also incorporating more knowledge. The concept of model size expressed in trillions of parameters, you know, maybe we call them parameters, would become commonplace. What was once how fast is your Internet, how large is your screen, how fancy is your car? Would become how many parameters is your home's AI? Those who don't mind waiting longer for an answer, or who may not wish to use the services of autonomous agents could get by with the economy AI package. And of course, simply using an online cloud account will always be the low investment option. But any such but with any such device quietly humming in the closet, the various members of my household, in my instance my wife Lori and me, would be separately known to it and readily identified to it by the various devices we use throughout the day. Another intriguing possibility is that a hybrid local cloud relationship might evolve. Imagine that our local AI box retains all of the user specific knowledge of us. That's where all of the personalization occurs and where all of our various agents live. In this model, a great deal can be done locally, but there might be a need for our local AI to occasionally reach out when it needs to have some sort of heavier lifting done on it or its user's behalf. In that case, the local AI would protect the privacy of its owners by making generic requests for information from the big daddy cloud AI. Another strong case for having a locally operating AI is that it seems clear that the next huge win for AI will be the creation of autonomous agents that are continuously working on our behalf behind the scenes in the background. We don't appear to currently know how to do that safely, but we're going to figure that out because it's clearly too powerful for us not to. I would tell my AI to be sure to let me know when Peter F. Hamilton, Rick Brown, or some other of my favorite authors release a new sci fi. And also when any streaming sci fi that it thinks I might like becomes available. But not to notify me until all of a season's episodes have been released because I prefer to binge. Please also pay my monthly bills for myself. My monthly bills for me. Let me know specifically if anything varies by more than 10%. Email me a monthly summary of costs and accounts, and so on. All of this is clearly coming. Given that local models are already showing viability for various tasks, and that we've barely begun to explore and understand these new capabilities, I have absolutely zero doubt someday there will be a an Apple HomeWise AI device and devices made by companies that have traditionally manufactured home NASA's routers and similar appliances. It's going to happen. AI is going to follow the same trajectory we've seen with all previous technologies. But I suspect that the pace, which is already breathtaking, is not going to slow down. Although I doubt I'll purchase a Apple's homewise AI box since I prefer to build my own. I fully expect to be doing so within the next 10 years. Maybe as you said, Leo 5. So Sabrina, yes. With you currently in your early 30s, I really would rager wager that by the time you're in your early 40s and likely well before then, not only will AI be deeply entrenched into our lives, but we will also have many cost effective local solutions to choose among.

A

I agree. I think that's exactly what's going to happen. I mean, I see the value and

B

you're already there, Leo.

A

You're.

B

You're already doing it.

A

Yeah, yeah. The only thing that would improve it at this point is local models that are good enough and we're getting there. That's happening pretty fast.

B

I got two last bits and, and, and the really last one is really a real, a real quickie. Bryden Weeden said open source access to non freeware AI tools. And he wrote. Listening to your comments about Mozilla's response to Mythos, I think you have it right that this will ultimately be a good thing for those developers who have the resources and time to fix their code. But that makes me wonder if this might be disastrous for the developers who don't have resources or time, namely the open source community. Mozilla has a dedicated team of security professionals to wade through the Mythos results and fix things. And they have time to do so because their code is closed source. But I don't think major open source projects have either of those. Okay, so first, one correction to Brian. As we know, Mozilla's Firefox is 100% open source. They were one of the organizations within Anthropic's project Glasswing who received early access to Mythos specifically because of the strong perceived need for a publicly exposed project like Firefox to be made as secure as possible. Also, they had previously worked with anthropic with Opus 4.7, which found a handful of vulnerabilities. So they had a vulnerability repair relationship with Anthropic when Mythos was first made available through glasswing. In the short term, Anthropic said that as part of Project Glasswing, it will be providing $100 million in usage credits and 4 million in direct funding to support the open source community security efforts. So that will be of some help. But there's a much bigger point that I want to make and, and oh also I already, I also carry the news earlier today in this podcast that IBM and Red Hat are committed to $5 billion of support specifically for some form of AI vulnerability assessment for the open source community. But I wanted to note that reusing the historical mass storage analogy, because I like that one so much, you know that we, back when PCs were first happening, we paid $5,000 to get 40 megabytes of storage. Today we can get 1 million times more storage, which would be 40 terabytes. That cost far less than $5,000 and computation is incalculably faster than it used to be. So my point is nothing, nothing about the economics of today's AI will be true tomorrow. One of the things that I said from the beginning of this journey was that nothing that we knew today would be true tomorrow. I was saying that a year ago. It's turned out to be a hundred percent correct. This, this is all moving with incredible, incredible speed. I'm sure if I'm sure of anything, it's that AI is going to follow a similar technological development curve and collapse in cost and a skyrocket in capability. So while today, yes, leveraging the capability of AI for the creation of bug free code is not free, it is already entirely feasible and cost effective for commercial software publishers. There's no question, question in my mind that 10 years from now it will not only be widely available but also just taken for granted. It'll just be the way code is written and the way it is maintained. This is all going to change.

A

So I've been experimenting with some privacy stuff just to. Because I'm really curious how much of what goes on is being saved. It is absolutely true. Anything you do, if you've turned this on, there's a setting in cloud code and OpenAI's ChatGPT to remember stuff. If you turn that on, which you did, and many people will for the convenience of it, I did for sure. It will remember and can look through old chats. It saves all your old chats, it can look through those. It creates a document about a one or two page document that is a condensed history. It looks very familiar.

B

A digest.

A

Yeah, it looks very much like the memory MD file that my agent saves. So it's a digest. It's not thoroughly details. But what I did also test is okay, well I Did something in Claude code in the command line. And I asked the chat thing, hey, we were working on this and I want to refactor it. Do you remember anything from the project? And it said, I don't have any memory of that at all. So I don't. Unless it's lying, which it could be, but I don't think the stuff you do in the command line coding tools crosses the membrane over into the chat window, the chat client's memory. So that would argue, if you wanted to stay private to do stuff in the cli, you could still use your subscription. If you're doing it in the command line, you could do all the same things you do in the chatbot. It just doesn't remember anything, which is a disadvantage. Or you could turn memory off. It is an opt in thing, right?

B

Yeah. As our listeners and I have experienced, yes, it's a potential privacy concern. I generally less worried about that than I understand a lot of people are. You know, I, I go to websites. I, we, we had a guy, Greg, my support guy, forward me an email from a new someone who was trying to join our forum who was incensed that he had been blacklisted and said, you, you know, you're not allowed to post here. So he, he, he wrote a letter to an angry note to Greg, who forwarded it to me. And so I checked out the forums. I, I looked at his connections. He, first of all, he was registered with a gibberish email address, whereas he wrote to us from his real one, which was entirely sane. He also had connected Mo. Every time he connected was from a different IP. Half of them were known forum, spam, source IPs. And so I wrote back to him and I said, okay, here's what happened. You know, I don't know who you are, why you feel the need to use a VPN to hide from me, you know, GRC forums.grc.com but you are using IPS, which we, from which we have seen spam in the past. So I'm sorry, we're not going to let you post. And I said, you have been unblocked. Now you're welcome to participate. I know who you are, but don't get pissed at me because, because our automated system said, you know, this guy looks a little sketchy and we'd like to, you know, and so my, so my point is that, yeah, if you look like a spammer, then we're gonna, you know, say you had to prove yourself.

A

He's doing what probably most of our audience does. He's using VPNs, he's using fake email addresses, you know, hidden email addresses, all the things to protect privacy. The problem is that's exactly what a spammer does. And I have to tell you, I run a forum also at Twitter Community, which you're all invited to join. And Spammers Sign up 10 to one more than normal people. Yes. For every 10 people. And I have to approve every single sign up. So for every 10 people who sign up, nine of them are spam, maybe more. So this is the problem on forums is spammers are trying all the time pounding on the door to get in because they want to post spam in there. And if you want a decent form, you've got to be very aggressive about keeping them out.

B

Anyway, so my point is that we do have a lot of listeners who jealously, you know, defend their identity and their privacy and.

A

Which makes you look like a spammer.

B

And we have two listeners who just asked me a question in the last week. What about all this data that's being collected there?

A

Well, I understand they're concerned.

B

I mean, yeah, it is an issue. Our last note from Lisa Lombardo said, hi, Steve, thank you for the recommendation of the Burrows. It's kind of like Stranger Things for boomers. I like the engineering of Sam and his daughter. P.S. plus the boss and other great music. Sign Lisa. And so I just want to note that Lisa and others are enjoying the pointer to the Burrows. So I was glad to mention it. And of course, Project Hail Mary continues to be finding many fans around the world and among our audience.

A

Yes, there's some good stuff out there. We haven't got around to the Burrows yet, but we will. I can't wait.

B

I think you'll like it. And after our final sponsor note, we will. We're going to look at what AI has done to, unfortunately, as a side effect, kill off a very valuable security training avenue.

A

Huh? And incidentally, if you want more AI, not less, I know some of you want less. We do have an AI show where we talk about all this stuff and a lot more every Wednesday within Paris Martineau and Jeff Jarvis. It's called Intelligent Machines.

B

And actually tomorrow, where you are valiantly carrying the AI flag forward, despite the arrows that Paris and Jeff are trying to shoot through.

A

You know what? I love them because they're really challenging me, just as this conversation does, to really consider, you know, what I'm doing, what I'm giving up and so forth. And that's kept me, I think, on the sane side. It's kept me from AI psychosis, I hope. I think, anyway, it's sure a lot of fun to play with, I can tell you that. This episode of security now brought to you by Meter, the company building better networks. If you're a network engineer, you got my deepest sympathy. You know, the headaches, legacy providers, inflexible pricing, it, resource constraints stretching you thin, complex deployments across fragmented tools in challenging environments. You, my friend, you are mission critical to the business. But you are working with infrastructure that just wasn't built for today's demands. Well, guess what? Meter was founded by two network engineers who felt that pain and said there has to be a better way. And they found it. And that's why businesses are switching like crazy to Met Meter. Meter delivers full stack networking infrastructure, wired, wireless and cellular that is built for performance and scalability. These guys understood that if you're going to do this right, you got to control the whole stack. That's why Meter designs the hardware. And by the way, take a look at the website. Beautiful hardware, writes the firmware. You will, you will be proud to show people in your wire closet builds the software, manages the deployments and provides support even after sales. Meter will do everything from ISP procurement. Yes, they'll help you. They'll help you find the right ISP to security. Job one, routing, switching wireless. They'll help you with a firewall. They'll help you with cellular. You know, it's really important, often overlooked. I know because I just lost power. Power. They'll help you make sure that that doesn't go down. DNS security, VPNs, SD WANs, multi site workflows, all in a single solution. I had a great conversation with them and they said one of the things we run up against a lot is a company acquires another company. The home office is in one state, the warehouse is another state. The warehouse is 100,000 square feet. Wireless barely works, right? And it's a completely different system than the home office. And we've got to integrate that into our system. But when they switch to Meter, it all goes away. They love it. They love those warehouses. They said, we can help. We can fix that. Meter's single integrated networking stack scales from those big warehouses to major hospitals. You can't find a more hostile WI fi environment than a hospital. They work there. Branch offices, large campuses, even data centers, even Reddit, even Reddit uses Meter. Ask the assistant director of technology for the Web School of Knoxville. He said we had more than 20 games on campus between our two facilities. Simultaneously. Each game was streamed via wired and wireless connections and the event went off without a hitch. We would never have done this before Meter redesigned our network. We could never have done this. With Meter, you get a single partner for all your connectivity needs, from first site survey to ongoing support, without the complexity of managing multiple providers or tools. Meter's integrated networking stack is designed to take the burden off your IT team and to give you deep control and visibility, reimagining what it means for businesses to get and stay online. Look, they feel your pain and they've solved it. Meter is built for the bandwidth demands it today and tomorrow. Thanks to Meter for sponsoring security. Now go to meter.com SecurityNow book a demo. That's M E T E R.com SecurityNow book a demo. I think you'll be impressed. Thank you Meter. Lovely Meter reader made. No, no, that's something else.

B

Okay, so it's, it's not, it's not a chat room, but I received email from Gavin and Rod who are both listening to the podcast and providing real time feedback. So thank you for that.

A

Nice.

B

Okay, so I'm extremely sensitive to the fact that so much of this podcast, as I have mentioned at the top of the show, has recently been focused upon AI and its impact on upon our lives and our privacy and security. You know, but this is security now. And the impact that large language model artificial intelligence is having right now across the entire spectrum of the computer security industry could hardly be more relevant. So I want to conclude this week's podcast by sharing the text of a terrific blog post written by a security researcher named Kabir Acharya. Kabir introduced himself on his about page by writing, hi, I'm Kabir, a senior security engineer with a deep passion for highly technical pen testing and security research. I spent my time at Atlassian applying application security concepts to modern technologies including Large language model AI networks, Amazon Web Services, GCP Azure cloud platforms, SaaS integrations and in house products and tooling. I now work at Transgrid, securing Australia's largest electricity network and its ot, you know, operational technology environment. I play CTFS on the global stage with EMU exploit, Hash Mob and the Hackers crew and produce music in my spare time. Okay, now doing a little bit more digging. We learned that During Kabir's last six months of his four years with Atlassian, he conducted more than 250 security reviews and supported software and machine learning engineers to make better make better security decisions. He delivered more than 15 security threat models, improved understanding of information risk in platforms including Forge and Rovo, which are both AI large language model based. He found reported and aided patching of more than 10 security vulnerabilities external to threat models and more than 70 security vulnerabilities. So the guy clearly lives security and he's no stranger to its growing intersection with large language models that he's been working with all along. In in that auto bio he wrote he said I he ended up by by noting he said I play CTFS on the global stage with EMU exploit, Hash Mob and the Hackers crew. Now while we have previously spent a great deal of time looking at the PWN to own competitions throughout the years and had a lot of fun with that, somehow we haven't really before focused much upon ctfs, which stands for Capture the Flag competitions. These are very popular hacking contests where participants solve security themed puzzles and challenges to find hidden strings of text which are the so called flags. They are then submitted into a scoring system for points. These competitions are one of the primary ways people in the security community are able to learn, practice and demonstrate offensive and defensive skills within a legal structured environment. You know you're not hacking live real systems, which arguably could be illegal. You're, you're, you're basically solving puzzles very much like the, the, the programming challenges you do every year. Leo around the holidays, the advent of code work so these CTFs range from beginner friendly events hosted by university clubs to elite international competitions. Defcon has a CTF which is held annually during the DEFCON Conference in Las Vegas. During the summer, it's considered to be the pinnacle of the industry, often referred to as the world series of CTFs due to the pedigree of the competition's participants, teams must qualify through preliminary events to compete. Other well regarded competitions include the Plaid CTF which is run by Carnegie Mellon's PPP team. Google has a ctf. There's a Pico CTF designed for high school and college students, and many dozens of others are tracked on sites like ctftime.org whereas the PWN to own competitions are discovering original vulnerabilities, the CTFs are about discovering planted secrets. Both serve important roles for the industry. The CTFs are a legal sandbox for practicing techniques that would be illegal to use against real systems, and they've served as a recruiting pipeline. Top CTF performers are heavily recruited or have historically been, I should say, because we we'll see what's happening. Heavily recruited by security firms, intelligence agencies and tech companies, they build the shared culture and vocabulary of the field and they often produce Write ups afterward where teams publish detailed after the fact explanations of how they solved each challenge, creating a corpus of freely available security education. Many of the researchers who discover major real world vulnerabilities got their start or stay sharp through CTF competition. Okay, so we have some sense for who Kabir is and also for what CTF competitions have traditionally meant for the industry and to those who wish to use them to sharpen their hacking skills in a competitive legal framework and environment. And we know that Kabir has been one such person, having participated in a number of CTS competitions and teams or through the years. So his blog posting is titled sadly, the CTF scene is Dead. The details are very interesting and many are very insightful and important. So that's here's what I want to share, he wrote. Frontier AI has broken the open CTF format. The scoreboard does not measure human skill cleanly anymore and the old game is not coming back. What makes me qualified to say this? He says, I started playing CTFs in 2021, the same year I started university. My First CTF was HCKSYD, a 48 hour solo CTF. I fully solved it and won in two hours.

A

Oh yeah, wow.

B

And this makes me think, Leo, of, of your Capture the flag format, right? I mean it's very much, I mean of, of. Of your advent of code.

A

Oh yeah, very much. Yeah, yeah.

B

So he said. So he solved this 48 hour solo CTF in two hours and he said I was completely hooked. That led me to that, that led me to win down under ctf, Australia's largest CTF with Team Blitzkrieg multiple times. Blitzkrieg was one of Australia's strongest teams at the time. I later joined the Hackers crew, an international top tier team that was consistently ranked highly on CTF time, the main global ranking and event calendar the Scene uses as its scoreboard. With them I complete. I competed in some of the most prestigious CTFs in the world, consistently placing well within the top 10 until the end of 2025. I'm not saying this because I dislike CTFs. I'm saying it because CTFs will were the thing that made me fall in love with security. They taught me how to learn, gave me a way to measure myself, and introduced me to many of the people I respect most in the field. Watching people pretend the format is still fine is frustrating because the old game is not there anymore. And Leo, if you think about online chess and cheating, it's the same idea, same thing. So he says, what changed? He says as AI tools ramped up in capability. Especially when GPT4 first came out, a significant percentage of medium difficulty CTF challenges started becoming one shotable, meaning a single prompt from a user could produce the solve and flag. You could. You could paste a cryptography challenge into chat GPT, come back in 10 minutes and have the solution. At the time, we didn't think too much of it. Hard challenges went mostly untouched and the time save was not large enough to ruin the competition. The issue is never that AI could help. CTF players have always used tools. The issue is when the model does the reasoning, writes the solve and leaves the human with nothing meaningful to do besides copy the flag. Enter Claude Opus 4.5. When Opus 4.5 dropped, the tone changed almost every medium difficulty challenge and some hard challenges became agent solvable. CLAUDE code packaged everything into a CLI and made it easy to connect other CLI and MCP tools. It became trivial to build an orchestrator that used the CTF D API to spin up a CLAUDE instance for every challenge. You could let the system run for the first hour, then only start working on whatever was left that changed the game. Teams that refused to use AI were not just missing a convenience. They were playing a slower version of the competition. Open online. CTFS started becoming a question of how quickly you could automate the easy and medium work, then how much human attention you had left for the hardest challenges. The scoreboard started measuring orchestration and willingness to use frontier models along with and sometimes instead of security skills. The effects were obvious. The CTF time leaderboard started feeling wrong. Some legendary teams that were consistently near the top appeared less often. Player activity felt lower. Challenge developers who treated CTFS as an art form had less reason to spend weeks building something beautiful if it was going to be beaten by an agent in minutes.

A

Yeah, why create a puzzle? Let me. Can I just show you? Because I think I didn't really understand what CTFs were. So I asked my AI to give me an example of a beginner CTF. And this is a web page. The difficulty is very easy and I think everybody in our audience would be able to do this. Find the flag. So you're given a web page. Now here's the HTML code and you can see hidden in a comment is the flag. Okay, so the question would be what's the flag? And it's pretty simple to solve. You'd right click the page view page source, right? And then you'd find the comment. So that's a very simple example of the kinds of challenges these are just to. Just to make it clear what we're looking at.

B

Right? Right. So then he says on top of what I just shared, he said, then GPT 5.5 sealed the deal. He said, I've been working heavily with GPT 5.5 and GPT 5.5 plus Pro after launch by Benchmark Metrics, 5.5 is close to Claude Mythos capability and Pro likely surpasses it. These models can one shot what he calls insane level difficult insane. That, that, that, that's like a a skill level insane level difficult one. These models can one shot insane level difficulty active leakless heap pone challenges on Hack the Box. They can solve a large portion of what a smaller CTF organizer can realistically produce. If you orchestrate Pro against insane challenges in a 48 hour CTF, there's a good chance you get the flag before the event ends that makes open CTFs pay to win. The more tokens yes, the more tokens you can throw at a competition, the faster you can burn down the board. Specialized Cybersecurity models like ALIAS1 by ALIAS Robotics are becoming less relevant compared to general frontier LLMs. The competition is turning into who can afford to run enough agents with enough context for long enough CTFs feel much more like a cheeseable mess than a competition. Your performance in a CTF no longer defines your skill the way it used to recruiting security practitioners by ctf. Performance is becoming less meaningful. It's not even a particular particularly good measure of AI skill because most of the orchestration needed for CTFs is already open source or vibe codable. So what's the beginners are fine take? I have seen serious takes that beginners can still learn from CTFs as they always have. These takes miss the scoreboard. CTFs were not just a set of puzzles and they were a ladder. Even as a beginner you had something to climb, you could see yourself improve, solve more challenges, place higher, join better teams and become more competitive over time. That feedback loop is breaking. If the visible scoreboard is dominated by teams using AI, a beginner is pushing toward using AI. Sorry, a beginner is pushed toward using AI before they have built the instincts the AI is replacing. That is an anti pattern. It prevents active learning, and active struggle is the bit that actually teaches you something. It's also completely demotivating to put in real effort and see no visible progress. But because the ladder above you has been automated, it also changes what challenges authors want to build. If beginner CTFs become another place where people quietly paste prompts and climb a scoreboard, authors have more reason to put their effort into learning platforms instead. At least on platforms like Pico Gym and Hack the Box, the expectation is education and beginners are less incentivized to cheat themselves out of learning. Beginners are better off using Pico Gym Hack the Box in other lab environments where the point is actually learning instead of pretending the public Scoreboard still reflects human Growth so CTF isn't dead. I've seen some some Hopium posts. I love the word Hopium. Some Hopium posts about how CTF is not dead, it's just augmented by AI. They often point at CTFs like Defcon to argue that AI still cannot solve everything. That's true, but it's the wrong defense. The hardest top tier finals have very few participants, and they're usually gated behind qualifiers that are either easier than the finals themselves. If those qualifiers fall to age, meaning qualifying for to to to to compete in the final. If those qualifiers fall to agents, fewer genuinely qualified people reach the challenges that still resist AI. A tiny number of elite finals does not save the open online format that most people actually play. The claim is not that every challenge is solved. The claim is that enough of the scoreboard has been automated that the scoreboard no longer means what it used to mean. What about the AI is useful for security research? Take, he says CTFs were never meant to be security research. They can showcase new and interesting techniques, but the CTF itself is not the point point of discovery. Just because AI is useful within a field does not mean it belongs in the competitive landscape of that field. In ctfs, unrestricted AI removes the human from the puzzle almost entirely and reduces the art of security to a prompt. Sure, LLMs will keep getting better at security as long as CTFs are around, but that does not mean the competitive format is healthy. CTFs were an art form, a way to share techniques with nerds and a way to push the human bounds of security skill. That purpose is being stripped away. What about the LLMs are chess engines for cyber? Take he says chess has been dominated by computers for well over a decade. People use chess engines as an analogy for LLMs in CTFs, but they miss the point. Chess engines are not allowed during competitive play, right?

A

That would take all the fun out of it.

B

Exactly. What's the point? Yeah, they're used for analysis, training, commentary, and practice. They enrich the game around the competition without replacing the person competing. Imagine giving every competitive chess player the best chess engine and letting them use it freely during matches. Would that be considered fair? Would it be fun to watch. Would it justify prize pools? Would it push the human limits of what could be achieved in chess? The same Questions apply to CTFs and organizers cannot fight back. CTF organizers have tried techniques to break or deter LLM solutions, but they're temporary friction at best. Claude Code does not meaningfully care about old refusal string tricks anymore. Frontier models are getting better at noticing prompt injections. Web search capabilities weaken challenges based on technologies released after the training cutoff. Rules that ask people not to use LLMs are ignored and almost impossible to enforce in open online events. That leaves organizers in a bad position. If they make normal challenges, agents solve too much. If they make challenges deliberately hostile to agents, the challenges often become guessy, over engineered or unpleasant for humans too. That's not a real fix. It just makes CTFs worse for everyone. Okay, and so what about Just adapt bro? He says. This take is infuriating. People I have always looked up to to in the community have said it Just adapt bro. To me it's completely nonsensical unless you explain what we are adapting into. If adaptation means building better tooling, CTF players already did that. If adaptation means writing harder challenges, organizers already tried that. If adaptation means accepting that the scoreboard is now an AI orchestration benchmark, then we should say that honestly instead of pretending the old competition still exists. Even if organizers create guessier or more over engineered challenges that current LLMs cannot solve, there are no good paths for players to learn the required skills while staying competitive. A few models from now that point may be irrelevant anyway, meaning going to keep getting better and better and kill that off. The trajectory of LLM security capability is moving too quickly for challenge design to stay ahead for long. So what's the aftermath? The scene that grew my love for CTFs is emptying out. The CTF time leaderboard has almost no semblance of history or human skill anymore. The 2026 scoreboard is unrecognizable compared to every year before it. The Hackers crew, alongside many other large and reputable teams, either do not play, play with far fewer people, or struggle to cut into the top 10. Unregulated cheating is through the roof. Some of the best CTFs like Plaid CTF are not even running anymore. These sentiments are not only mine. Many members of my local team Emu Exploit feel similarly. These are people who consistently attend the International Cybersecurity Championship, perform at the top level in bug Bounty programs, compete in PWN to own and present at conferences like Black Hat. The people losing interest are not casual observers. They are exactly the kind of people the scene used to produce and retain. The fun of CTFing is gone. For many of the people who cared the most, the loss is not just a scoreboard, it's the latter. From beginner curiosity to to elite competition, it's the craft of challenge design. It's the feeling that a clever human solved something difficult because they understood it deeply. That legacy is not being carried forward by online CTFS in their current form. The format is dead. Something else may replace it. But pretending nothing fundamental and has changed only makes the loss harder to talk about honestly. It also gives AI shills more room to capitalize on the decline by selling mediocre rappers back to the community that made the training data valuable in the first place. So what now? While a lot of what's happening in the CTF AI space is super commercialized and and out of our control, CTF has had a hugely positive impact on the industry. I have met so many kind, smart and passionate people through ctfs. I've played some of the most beautifully crafted challenges and found some of the most intriguing unintended solutions. The community around CTFing has been an amazing place to learn, grow and connect. That's something we should not lose. No matter where the competition goes, as a community, we should strive to stay together and build new avenues to stay passionate and keep learning security. Adjacent social events like SEC talks, student conferences and local meetups are great ways to stay connected and stay involved. Learning platforms and the communities they provide through platforms like Discord are also a valuable resource. While it may be a struggle to find an alternative to what we had, the amazing community we've built around it is more important now than ever as we find new ways to keep the competitive spirit alive. So what's, what's really happened here is that sadly the truth is AI killed something and it's, you know, it's gonna kill a bunch of jobs. That's true. And it's killed a competition where what it happens to be engineered to do is what humans were competing with each other for. So I, you know, I think we all need to, to deeply understand, appreciate and internalize the reality that the entire field of software security as we have always known it has been forever changed this year. Mozilla knows this. Daniel Stenberg knows this. Kabir, who's mourning the death of his beloved and supremely valuable capture the flag of training competitions, knows this. Pwn to own will die. The software bounty industry will dry up. And bless their hearts. Zerodium, the firm that purchases zero days for Resale to undisclosed dark parties will probably also blessedly die. All of the many various enterprises that have been built up over time as a side effect response to. To the fact that we've been able to easily create software systems that were too complex for us to fully understand are likely to fall into the dustbin of history. It is what it is. There's no point in mourning it. It's going to happen because now that for the first time ever we can have secure software, that's what we're going to have. What we are not going to have going forward is anything that exists solely because software has vulnerabilities.

A

It is. It's interesting. We've been talking and I've been thinking about our advent of code. Code challenges.

B

Yeah.

A

And you know, already last year it was truncated and I have a feeling this year it's not going to exist at all because it's just way too easy to. One shot it. Yeah. And I don't know if he could write them. He's very clever, the guy who, who does these. I don't know, though, if it's possible to write a coding challenge that can be solved at this point.

B

There are, there, there are books of chess puzzles, right, where like you, you, you. There's a board with pieces on it and it said, you know, mate in seven or something.

A

Oh, they're all solved. Yeah, yeah.

B

It's.

A

It's over, you know. Well, I mean, first of all, chess is computable. So it's done, it's solved every position. In fact, there are.

B

Now software is also computable.

A

Sure. It's deterministic. It's the same thing.

B

Yes, yes.

A

Yeah. There are many, many more.

B

Any different.

A

There are many more variations in software, but. Yeah, I don't think it's any different. There are now books that weren't when I was coming up as a chess player, but there are now books with thousands and thousands of positions, particularly in the end game, that are just solved. They're known. And it's like if you get to this position, it's done and I mean, it's just changed everything in chess. But what it hasn't changed, and I'm actually relieved a little bit, is the fun and the challenge of playing head to head without an AI.

B

Yes, yes, yes.

A

You still can play a game, even though, you know if you had a machine on the other side, you'd lose. And even if you're the best player in the world, you would lose.

B

Well, and we know that you could take a pic. You could take a picture of. Of a crossword puzzle and drop it into AI and it would fill it out, you know.

A

Yeah, that's actually somewhat spoiled Scrabble games because it's really trivial to cheat and Scrabble now. But here's the difference. You kind of can tell if somebody's cheating. Actually, you can even tell if you're cheating at chess because even though that might be the best move, it's not a human move.

B

Ah, right.

A

So there's a slight. Like, this is a lot. I. I actually went back to the AI and said, okay, now give me a hard Capture the flag 1. Oh. And I thought this was kind of interesting. I suspect you would be able to solve this very quickly. Well, maybe not quickly, but I'll give you the harder example. I have the solution and I even have some hints. But this is an example of what at least my AI thinks is a more difficult. And you could see the value of doing this, by the way. Let me see. I have to do this to get that to show up. There we go. It's called reused once. It's a crypto challenge. Hard. The theme is ECDSA Nonce. Actually, that's a pretty big hint. Nonce. Reuse.

B

Nonce. Reuse. Yeah.

A

Forge an admin signature. So here's a login service signs user tokens using ECDISA over. Blah, blah, blah. The developers claim ECDSA is unbreakable. We use SHA to. If you do, good luck. However, you have intercepted two signed user tokens and noticed something odd. Here's token number one. And here's token number two. The signature on these. Well, the R value. I don't know what R and S are, but the R value is the same on both of them.

B

Yep.

A

Reused. Nonce. Uh oh. So the goal in this is to forge a valid signature for this user if the verification.

B

Yeah, to actually do the math to determine what the key is.

A

And this is like if you got this on an sat, you would plots. Because the math is complicated. ECDSA signatures are computed as this, where D is the private key, K is the per signature. Nonce. Ah, here's the thing. We've got to replace repeated K, so we can solve for Z, recover the private key and forge an admin signature. You have to be pretty sharp to do this. Yeah.

B

You have to really understand where this stuff comes from and how this stuff works and why you can't reuse an elliptic curve DSA signature.

A

Very good. Yeah.

B

Yeah.

A

And so you've learned something by doing this. Of course. You had to know something.

B

And, and that was Cabbier's point, is that, that, you know, struggling against these puzzles were incredibly valuable. I mean it would.

A

Yeah.

B

Yes. You had to, you know, reach out and extend and stretch yourself in order to understand what was going on. And AI killed it. You know, AI killed chess. AI is now killed. Capture the flag. And the good news is AI is going to kill bugs in our software. So I would say it's worth it.

A

I think it was a fair trade. And you could still do Capture the flag if you said you're not allowed to consult AI.

B

And that's the problem. In a global tournament, there are going to be weenies.

A

How do you stop?

B

Who are gonna, who are gonna cheat? You know, it's just exactly the same. Chess.

A

Yes, online chess is eminently cheatable in person. Head to head chess, much more difficult. You have to have some sort of vibrating device on your body but, but not, not so easy, not so hard in your online. There's a lot of trust basically that you have to do when you play online chess.

B

It's known as sportsmanship and unfortunately and

A

an understanding that the fun is playing the game, not having some machine solve it for you.

B

Yep. Well, and that's why I coded in assembly language, by the way. The fun is in solving the problem.

A

It's in doing it. It's fun. And so advent of code will still be fun. The leaderboards are meaningless now because somebody will solve it in seconds using an AI. But if you are doing it with your friends and you trust your friends

B

not to do that, or so that's really the way to fix the problem is remove the leaderboards. Wrote completely removed competition.

A

Yeah, he removed the leaderboards last year. You can still have a private leaderboard. We do. We have a twit leaderboard and there's a ma. You know, we know each other, so there's a level of trust there. Nevertheless, you know, even last year there were some things actually I found that AI could also be useful for learning. And there were some things that I had no idea how to solve. And I asked for kind of hints from AI or like, oh, I had read on Reddit, there's a technique that will solve this, but I don't know what that technique is. Teach me how this works. The remove a single digit technique and then you learn a new algorithm and then you can apply it and so that AI can be used in a judicious way to help you learn too. It's fun. It's really fun. I have to Say so we still do. The advent of code, Paul and Darren and all the folks in the Twitter, I don't know. We might, we might. Steve Gibson, you are a true sportsman, an assembly language coder and as anthropics Claude tells me you like to watch TV at night while you're sitting on your TV tray eating Chinese food and coding. Is that right? That's what Anthropic said. I don't know if that's right. That's close. I'll tell you what I do know. You will find Steve here Every Tuesday roundabout, 1:30 Pacific, 4:30 East. My coffee mug with his giant mug. 20:30 UTC. We do stream the show live so you can actually watch us do it live. Somebody earlier today tuned in before the show began on Mac break weekly and we were futzing around with settings and they said, why do you stream this? Okay, well you don't have to watch the stream if you don't want to see us futzing around with settings or see my Internet go down. But you can if you want. Yeah, it's fun. The live streams are well for the club members in the discord. I hope you're a club member. If you're not, please Twitter. TV Club Twit makes a big difference to our bottom line, helps us do these shows. Advertisers do not cover the full cost by any means, but again, you get some benefits. Ad free versions of the shows. There are chapter markers now so you can, you know, you can look at Steve's rundown and go boom, boom, boom through the subjects you care about and don't care about. Skip all the AI discussions if you want and all you have to do is Twitter.

B

At the moment that would leave very little show. But that'll change. That'll change.

A

Twit, TV Club Twit. You don't have to be in the club to watch the live streams on YouTube, Twitch, X.com, facebook, LinkedIn and Kik. Those are open to all after the fact, of course. Download shows. Now Steve has some unique versions. He has a 16 kilobit audio file which is designed for people with very little bandwidth, like Elaine Ferris, who is our court reporter transcriptionist who takes these shows and makes amazing human curated transcripts of them. Those are also available at Steve's website. He also has a 64 kilobit audio full fidelity audio version. All of that@grc.com while you're there, get your email whitelisted so you can send emails complaining about AI coverage to to Steve directly. He'll otherwise, you know, he'll treat it as spam. But he has a magic method for validating email addresses. Go to GRC.comemail and give him the address you want to use, not some fake address. You should also though look at the bottom there. There are two checkboxes for two different newsletters. The weekly show notes which go out a couple of days before the show. Very good. Complete 20 plus pages. Everything he talks about in the show with links, illustrations, all the stuff you would want for further information or let your AI digest it. And then below that there's another checkbox for his very infrequent new product mailing list. When there's something new from Steve, he will send you an email. He sent out two so far or something like that. I think just one.

B

One.

A

He's only sent out one in his whole life.

B

Just. Just announcing Spinrite 6.1 Yep.

A

So that's pre one.

B

I think it still works. I don't know. I'm going to try.

A

Probably works. There's lots of other great stuff at the website. GRC.com, of course, Spinrite, the world's best mass storage maintenance, performance enhancing and recovery utility. If you've got mass storage, you got to have Spinrite 6.1 is the current version. Also Steve's brand new DNS Benchmark Pro which is really useful to make sure you're using the fastest DNS server for your locale. That's $9.999 and I'm worth every penny. Also lots of free stuff. He gives away free stuff all the time, like the Shields up tool which more people have used to test their routers than any other thing in the whole wide world. How many millions of users?

B

108.

A

108 million times. Wow. And I'm about 10 of those probably. So I use it every time I set up a route. About her. Lots of other stuff there. Lots of information. GRC.com we have copies of the show audio and video. That's our unique slice on it. We have video as well at Twitt TV SN. There is also a YouTube channel dedicated to the video. Great way to share clips of the show. If you want to share that with somebody else, help us spread the word. That's very nice. And you can also subscribe in your favorite podcast client and get it as soon as we're done automagically sent to your device for listening at your leisure. Thank you Steve. Have a wonderful week and we'll see you all next time. Next time on Security now.

B

Right O. Bye.

A

Hi there. Leo Laporte here. I just wanted to let you know about some of the other shows we do on this network you probably already know about. This Week on Tech. Every Sunday, I bring together some of the top journalists in the tech field to talk about the tech stories. It's a wonderful chance for you to keep up on what's going on with tech, plus be entertained by some very bright and fun minds. I hope you'll tune in every Sunday for this Week in Tech. Just go to your favorite podcast client and subscribe. This Week in Tech from the Twit Network. Thank you. Security Now.