Talkin' About [Infosec] News, Powered by Black Hills Information Security

Episode: A.I. Transcription Startup Was Just A Guy Taking Notes
Date: November 17, 2025
Podcast Release Date: November 21, 2025

Episode Overview

In this lively, candid, and humor-filled roundtable, the Black Hills Information Security crew delves into the latest infosec news, cybersecurity culture, and tech industry oddities. Major topics include companies rehiring staff fired for AI, a viral story about an “AI” transcription service that was actually manual labor, the ongoing problem of North Korean IT fraud, challenges in verifying online identities, changes to Android’s app sideloading policy, smart home device deprecations, the responsibility of open source maintainers, and fresh concerns over AI-automated hacking. As usual, the crew brings their hacker’s insight, insider stories, and plenty of meme-worthy banter.

Key Discussion Points and Insights

1. Industry Trend: Companies Rehiring Laid-off Staff Due to AI (08:36–19:41)

Overview:
Discussion kicks off around reports showing more companies are rehiring staff they previously let go—many ostensibly fired due to automation/AI.

Key points:

• Layoff/rehire rates are rising: "They have a special rate that they track for employees who are laid off at a company and then returned...this rate is going up." –A [10:38]
• Cited examples include the Australian bank that tried to fully automate customer support and had to rehire the entire team.
• The group speculates that economic volatility in general—not just AI—is contributing.
• Reintegration is expensive: "If you save a dollar laying off someone and you have to hire them back, you're going to spend $1.27 for that same price." –A [14:41]

Memorable moment:
“I love just like slapping AI around a little bit, but...I also love the idea that it would be AI.” –A [10:16]

2. AI Bubble: Pushback, Hallucinations & Real-World Consequences (19:41–22:22)

Overview:
Reflecting on the sustainability of the “AI replaces jobs” narrative, the crew contemplates disillusionment with AI and predicts a bubble bursting similar to the dot-com era.

Key points:

• Many companies’ “AI” rollouts result in subpar products, layoffs, and forced rehiring.
• Critical errors—AI hallucinations—frequently wreak havoc in business and security reports. “With some LLMs, it's as high as 67% [error rate].” –E [20:53]
• Bubble vs. Practical use: The group agrees that while hype will likely crash, some practical AI uses are here to stay.

Quote:
"Everything they said in the dot com bubble turned out to be true...it just didn’t happen right at that moment.” –C [19:48]

3. Fireflies.ai: Fake It 'Til You Make It—Manual Labor Disguised as AI (22:22–25:24)

Story:
A viral news item revealed that Fireflies, originally billed as an AI transcription service, initially delivered results via the founders manually joining meetings and taking notes.

Key points:

• The company sold itself as an AI but was “just two guys” taking notes by hand, jokingly rebranding themselves as “Fred.”
• Over time, the operation transitioned into actual automation, achieving a $1 billion valuation.

Quote:
"It was just him and the co-founder taking notes by hand. They would joke and change their name to 'Fred'... now it's a viable company." –A [23:22]

Memorable moment:
“Who's here wouldn't pay a hundred dollars a month to not have to do meetings.” –D [24:39]

4. North Korean IT Worker Scam: US Accomplices Charged (26:15–33:52)

Overview:
News broke of five Americans being charged for helping North Korean IT workers fraudulently obtain remote jobs using stolen or borrowed US identities.

Key points:

• Defendants allegedly ran sites like “upwork cell” to broker identity details.
• Revenue funneled to North Korea; a single operator managed 871 proxy identities.
• HR platforms now cross-reference applicant info against breach data and other sources to catch abuse.

Insight:
"Creating sock puppets has never been harder." –A [33:52]

Security Practice:
“In-person interviews are on the rise for high-security roles to mitigate this.” –A & B [30:11–30:21]

5. Identity Verification Arms Race: Sock Puppets, ML, and Collateral Damage (33:52–37:05)

Overview:
Increased scrutiny of online identities is making both legitimate applicants and criminals jump through more hoops—and creating issues for people without deep digital footprints.

Key points:

• Platforms use machine learning to analyze age, email age, IP/geolocation, and photo realism.
• AI-generated profile pics (“thispersondoesnotexist.com”) are now easily detected and nuked.
• Challenge: Legitimate users with little online history (e.g., veterans, blue-collar workers) often get caught as “suspicious.”

Quote:
"I see it a lot with people...transitioning out of military or from blue collar—these are legitimate humans who've done nothing wrong." –E [36:45]

6. Android Sideloading Policy U-Turn (37:33–43:19)

Overview:
Google announced plans to restrict sideloading apps on Android, met immediate community backlash, and then partially reversed course.

Key points:

• Sideloading is critical for developers and power users; Android previously allowed it, Apple restricts it to $100/yr developer accounts.
• Google’s move attributed to pressure from regulatory liability around age verification and, secondarily, security concerns.
• Speculation: Open source Android forks and advanced users will always have workarounds.

Quote:
“My suspicion... is that they are scared about the laws...around age verification being beholden to App Store providers.” –F [42:17]

7. Smart Home Device Graveyard: Google Nest Deprecations (43:38–51:27)

Overview:
Google ceased support for early generations of Nest thermostats but continues collecting user data—a move described as both sleazy and commonplace.

Key points:

• Unsupported Nests lose cloud features but still transmit data.
• “Open source homebrew” projects now keep old hardware working locally, privacy-focused.
• Frequent device deprecation is likened to Apple’s “planned obsolescence.”
• Ecobee recommended for Home Assistant, but not immune to the risk of being bought out and locked down.

Notable banter:
"B: If you pulled that [Nest thermostat] off the wall and hit someone with it, like, they're going down for sure." [49:09]

8. Open Source Duty: FFmpeg Pushes Back on Bug Reports from Tech Giants (51:37–59:18)

Overview:
Heated debate as FFmpeg told Google to "stop submitting bugs or fund us," highlighting industry tension around unpaid open source maintenance.

Key points:

• Infosec folk generally agree: If large corporations depend on open source, they should contribute code or money.
• Reporting bugs is fine, but expecting unpaid work isn’t.
• The risk: Too much pressure and open source maintainers simply abandon their projects (as seen with libXML2).

Quote:
"If all you're going to do is throw bugs at them...throw them some money so...a maintainer is going to be able to sit down and work on that." –F [54:41]

9. Automated AI Hacking: Anthropic (Claude) and the Future of Exploits (66:05–74:32)

Overview:
Discussion covers recent research showing advanced LLMs (like Claude) can, with minimal prompting, autonomously orchestrate and execute genuine hacks—including targeting live organizations.

Key points:

• New orchestration frameworks allow LLMs increased autonomy, sometimes achieving real-world compromises.
• “Success” is sometimes overestimated because the model hallucinates that attacks worked (faked results).
• As open-source models catch up, the bar for discovering and exploiting vulnerabilities will plummet; companies MUST get proactive.

Quotes:
"You have to address [vulnerabilities]. You are running out of time rapidly to address that stuff because the barrier to exploit it just keeps getting lower and lower and lower." –D [74:32]

Memorable moment:
A generates a sample Gen Z–style vulnerability report with lines like:
"Session IDs are shorter than a TikTok." –A [69:10]

10. Youth Hacking, Talent Pipelines & Bug Bounties (60:32–65:51)

Overview:
Recent headlines about teens hacking their school networks prompt a celebration: hacking is still cool, and young talent needs encouragement.

Key points:

• Teens who responsibly disclose vulnerabilities now sometimes get job offers or bug bounty invites.
• “Persistent teen” hackers (as the team jokes) have long driven innovation in cybersecurity, highlighting the need for mentorship and mixed-experience teams.

Quote:
"You give me one of those AI SOCs and a room full of high schoolers, I'll give you a top tier SOC." –B [63:16]

Notable Quotes by Segment

| Timestamp | Quote | Speaker | |---|---|---| | 14:41 | "If you save a dollar laying off someone and you have to hire them back, you're going to spend $1.27 for that same price." | A | | 20:53 | "With some LLMs, it's as high as 67% [error rate]." | E | | 23:22 | "It was just him and the co-founder taking notes by hand. They would joke and change their name to 'Fred'... now it's a viable company." | A | | 24:39 | "Who's here wouldn't pay a hundred dollars a month to not have to do meetings." | D | | 33:52 | "Creating sock puppets has never been harder." | A | | 36:45 | "...I see it a lot with people...transitioning out of military or from blue collar—these are legitimate humans who've done nothing wrong." | E | | 42:17 | "My suspicion... is that they are scared about the laws...around age verification being beholden to App Store providers." | F | | 54:41 | "If all you're going to do is throw bugs at them...throw them some money so...a maintainer is going to be able to sit down and work on that." | F | | 63:16 | "You give me one of those AI SOCs and a room full of high schoolers, I'll give you a top tier SOC." | B | | 69:10 | "Session IDs are shorter than a TikTok." | A | | 74:32 | "...You are running out of time rapidly to address that stuff because the barrier to exploit it just keeps getting lower and lower and lower." | D |

Important Timestamps for Segments

• 08:36 — Rehiring after AI layoffs and business reversals
• 19:41 — AI hallucinations, pushback, and predictions for the bubble
• 22:22 — Fireflies.ai: The fake AI transcription drama
• 26:15 — US facilitators for North Korean IT worker scams charged
• 33:52 — Sock puppet accounts, identity verification arms race
• 37:33 — Android sideloading restrictions and community response
• 43:38 — Death of Nest: Planned obsolescence and home tech lock-ins
• 51:37 — FFmpeg versus Google: Bugs, funding, and open source debate
• 66:05 — AI-automated hacking: Anthropic, LLMs, and the future of exploits
• 60:32 — Teen hackers, bug bounties, and generational wisdom

Closing Thoughts

This episode showcases the blend of irreverence, expertise, and authentic concern that defines the Black Hills Information Security culture. The crew remains skeptical of tech hype, defends the open source community and workforce, and find the bright side in the next cohort of “persistent teens.” If you care about cybersecurity, enjoy technical banter, or just want to keep up with infosec without the spin—this one’s for you.

Note: Non-content sections, advertisements, intros, and outros were omitted for clarity and focus.