Corey

What. What percentage of people even buy a router?

John

Like, minority 25.

Corey

No, that's way too high. That's way too high.

John

90 might be closer.

Corey

Yeah. Like.

Bronwyn

Yeah, yeah.

John

What are they like that. But all those are banned too, by the way, so.

Corey

Well, only new versions. So really, the ISPs can just be like, oh, sorry, we can't give you a newer one Here, have another one.

Wade

They haven't given new ones in years.

Corey

Any.

Bronwyn

This one's only got. Doesn't even have 4 gigahertz on it. Or 5, but.

Corey

Yeah. So it's all, like, new, new. They just can't do new models. Like, new versions.

John

Yeah, let's hope Xfinity or Comcast has a back stock of 600,000 routers that they now get to burn through over the next 10 years.

Corey

But they. I mean, they can keep buying the ones that they're already getting, is what I'm saying.

John

No, they can't.

Corey

Yes, they can. Only it's not new production, it's new models.

Wade

Yeah. So they actually.

Bronwyn

Let's not talk about articles when we're live.

John

Right?

Bronwyn

Right. Show banter. Gosh, all of you. It's like your children never podcast before.

Corey

Sorry.

John

I'm sorry, guys. I took last week off, so I forgot everything I know about podcasting. That's all.

Wade

It's okay. You knew something about podcasting?

John

Apparently not. We're all rookies here. There's not a chicken news article, is there?

Andy

No, there isn't.

Bronwyn

Someone trolling me and put something in

John

there, made you click something. I'm sorry.

Wade

There's an article.

Andy

Definitely not chicken related. And there's no attempt to pretend it's chicken related.

John

How did we end up with a article from Bro Bible.com that has a video of a robot slapping a kid in the face?

Andy

Wait, what is that?

Bronwyn

And everything else.

Andy

How did I miss that?

John

We're gonna skip that one on the real news. But it's. It's an article.

Bronwyn

I guess it's definitely worth mentioning.

John

Is it, though? Because it's just a robot trying to dance and then some stupid kid gets in the way. It's not the robot's fault.

Bronwyn

No, I just meant, like, right now. That's it.

Wade

Right now. Yeah.

Corey

The video is pretty great. The video. I. I recommend it.

Bronwyn

It's another.

John

It's clearly accidental. I'm gonna link to Bro Bible. I. I don't know about Bro Bible. I do not endorse this website at. In any way, shape or form. I don't know where this falls in the political Spectrum or if it's just a malware site. I'm sorry, this is my favorite part.

Corey

The guy with like the herding stick. Yeah, like one of these, you know, robot handlers and he's just got like a big stick that is clearly there to, you know, hit or poke the robot in case, I don't know, it hits a kid or something.

John

It's like one of those high voltage electricity hooks for like when people are flipping big switches and it like has, you know, just like grab someone and

Bronwyn

pull them, he throws it up and it immediately moves away from the stick. So they've obviously done some training on stick based discipline.

John

Carrot and stick. Negative one.

Bronwyn

Negative one. Point if stick scene.

Andy

Now we're not only going to have robots and AIs, like doing things to sabotage their, their programmers or handlers. Now they're going to be programmed to be afraid of sticks. Oh, that's not going to end well.

Bronwyn

That's the perfect thing we've programmed them now to be scared of. Sticks will be fine. That's it.

Andy

Long before they turn those against us.

John

Come on, Robo apocalypse.

Bronwyn

You just run into the forest, you're good. It's like, it's. It'll be similar to like vampires where like stakes. But sticks.

Corey

I mean, of the things that robots could turn against us, I feel like sticks is the least harmful.

Bronwyn

I guess it depends on how big the stick is and what the stick is made of.

Wade

Yeah, Maybe they make it into a spear.

Bronwyn

A neutron stick that blows the sun up that kitchen.

Corey

Just got out of the way. He. He saw it coming. He literally.

John

Did he see it coming?

Corey

I don't know if he saw that coming. He saw it coming. Look, look, look. He's like, oh, no.

Wade

Boom.

Corey

I feel bad for laughing.

John

Nah. Kids, what is it? What is the subreddit. Kids falling over or whatever. It's one of the best ones. All right.

Andy

Yeah, I'm, I'm sorry. I've been just as discombobulated and accidentally hit people. I'm not buying it.

John

Really. Was anyone there with a stick?

Andy

Well, the human had the stick.

Bronwyn

So. At your, like, dance recitals, someone was carrying a stick just like the guy in the video.

Andy

It's like, dude, it wasn't a dance recital. It was one hell of a party, though.

Bronwyn

Oh, it was one of those weddings, huh?

John

All right, let's roll the finger. Let's do this right. Here we go. Maybe. Here we go. Oh, sorry, I was, I was typing. Excuse me. Here we go. No typing allowed during the show.

Andy

1.

John

Hello and welcome to Black Hills Information securities, talking about news. It's March 30, 2026. We're here on Zoom. I'm scared. I know I wasn't here last week. Everyone switched to Zoom while I was gone. This is some kind of elaborate April Fool's Day prank two weeks in advance, as far as I'm concerned.

Wade

You got to start early.

John

You got to start early these days. How's it going, everyone? We got Ralph, the co founder of US based routers. Routers for. What would it be Routers for ragers? I don't know. What. What would your company Patriot Routers.

Wade

Routers for routers.

John

Routers for routers. Yeah. We got Wade, who just came back from paternity and is growing his mustache out again.

Wade

He's going to be.

Bronwyn

Takes takes three weeks to grow mustache, everyone. For me, that's.

John

That's good to know.

Bronwyn

Right?

John

We got Bronwyn, who is coming to us from, debatably, the only approved router that you can use in the U.S. now we got Andy, who's wearing his wrecker shirt. We got Patterson, our own incident responder, ready for us to get breached live on the show and respond to it, hopefully.

Wade

Wow, that would be interesting.

John

And then we got Andrew here to talk about his supply chain experience. I hope we'll put them on the spot. All right, I feel like the first thing we should probably dive into is the whole router ban thing. There's like 10 articles about this, so.

Wade

So have a lot of articles.

John

Yeah. So basically for those out of the loop, the fcc, our favorite net neutrality eraser, people have updated their covered list, which I don't really know what the covered list is. From what I understand, it's essentially a list of authorized or devices that can be authorized. Like what? Does anyone know what the covered list actually is? No, I didn't.

Bronwyn

I didn't see the coverage.

Andy

According to the FCC.gov website, the FCC is going to work with Public Safety Safety and Homeland Security to publish a list of equipment and services covered that are deemed to pose unacceptable risk to the national security of the United States. So supposedly the covered list is the list of bad routers or other devices.

John

Right. And the thing is, they sound like

Andy

they're still figuring out which specific names are going to go on the covered list.

John

No, no. So this is what happened Today, or on March 23rd, they added all consumer grade routers produced in foreign countries to the covered list. So basically, if your router has any components that were manufactured overseas, if the router itself was manufactured Overseas, or it was produced in a foreign country, it's not covered. Or it's on the covered list, which means it's not allowed to be used. Or it's not allowed to receive FCC approval, which means it can't be used because FCC is the people who regulate what can wirelessly transmit.

Wade

They can get a conditional approval from the Department of War or Department of Homeland Security.

John

So it's more political grandstanding, similar to what we saw with Anthropic, where now every company has to bend the knee to whoever is in charge.

Andy

Is this another tweet first, lawyers later routine?

John

I think so. I don't know. I honestly don't really see what the point of this is like, if we're okay. So the details aside, and for those that are curious, yes, there are no routers that meet this criteria currently. You could argue a Starlink does vaguely meet the criteria because it's manufactured in the U.S. but the wireless components of the Starlink are manufactured overseas. So it's like. Like might meet the criteria, might not. The obviously it doesn't cover existing routers. So in, like, your router that you're using right now isn't covered. Like, that's still allowed. It's grandfathered in. And existing, like, retail stock is also grandfathered in. So at the very least, we know people replace their routers all the time. Not. Not really. They probably never replace their routers. And so this, like, probably won't have any real effect in the next three to five years or probably won't have any effect now. Most companies will apply for exempt, and there's a lot of backstock. Arguably, it's probably an okay move. Although it is worth noting that the previous compromise we've seen of network devices by Volt Typhoon have not been of overseas routers. They've been of Netgear and Cisco routers.

Wade

Well, they target the most popular ones too. Especially like the. Yeah, you know, the Fortinet. The Fortinets with like, the 55,000 CBEs they've had in, like the last three days. I mean, I'm being hyper verbal, but, you know.

Corey

Yeah, this only applies to consumer electronics. So Fortinet being enterprise, I think would be exempt.

Wade

They shouldn't.

Corey

Yeah, well, I don't think this goes into, like, the secure. When I first read this article or heard of this, I was like, you know, oh, well, good. Maybe they'll do something. Like, maybe they will actually enforce some kind of product security on this stuff. But it doesn't look like that's what's happening.

Wade

No, this has nothing to do with security though. That's the dude.

John

Years ago though, Sizza told everyone to rewrite everything in Rust. So that should have solved security a while ago, but somehow it didn't.

Wade

Right?

John

I mean basically this is creating, this is like a solution looking for a problem. Because if we're talking about real world, we're talking about real world hacking of routers. It's just stuff that's outdated. And this honestly encourages people to run their existing outdated routers for even longer than they normally would. Yeah, and there is no maybe there's going to be some company that stands up specifically to make this exist. But having some friends in the semiconductor industry, you don't just spin up a fab in a weekend like that. That takes decades. You can't just be like, oh yeah, we can manufacture things here now because we have a 3D printer and a dream. Like it's a huge effort. So we'll see how this goes. I'm guessing every company just applies for an exemption. And then what if you have a

Corey

3D printer, a dream and AI, it

John

might be possible to make a. You could make a router shaped object. I will say, ironically, we were talking about this before the show. Wired isn't covered so you could still run your, you know, toilet paper link. Wired router doesn't seem to have an

Andy

exclusion on Wired vs Wireless. Reading the public notice right now, it says flat out, I mean they, they quote Volt, Flax, salt, Typhoon, cyber attacks and they basically say that routers from other countries are not considered trustworthy.

Corey

What if you take it, aren't they, aren't they doing this via the, the radio frequency certification process? Like that's what the FCC is using for their enforcement. So if you have, yeah, I don't know what scope is wireless, then I don't think it would apply.

Wade

I think the FCC does other kinds of certifications outside of just wireless devices.

Corey

They do, I think.

Andy

So communications covers wired and wireless.

Wade

Yeah.

John

Yeah. Okay. So it says here the definition of routers, router. It's NIST internal report 8425A which is the most government sounding thing ever, which defines routers as consumer grade networking devices that are primarily intended for residential use and can be installed by a consumer. It doesn't differentiate, differentiate between wired and wireless.

Wade

So the wireless and wired aside, here's my hacker brain. I'm like, well I'll just get a computer, maybe like a Raspberry PI or some other device that has two ethernet ports, tons of Those and I'll turn it into a router, right?

John

Yeah, correct. Also, by the way, the only real carrot and stick that they have is FCC approval, which I'm sure, I bet money you can go on Alibaba right now and buy a non FCC approved wireless router. I mean, I know you can buy a Baofeng, right? Like it's the same thing.

Wade

And then with, and with, with AI now you could probably start your own router company. I'm not saying you should, and I'm also not saying it wouldn't take a

Bronwyn

little bit of work.

Wade

But my last cautionary tale about 3D printing and having AI write all your code is you still have to make a board, right? And those all come from China. There's only like two fabs that really make most of this electronics. And all of that is in China. You can, as an individual, you can buy from maybe one. There's one fab in the US and it's like 10 times the price of the Chinese competition. And the Chinese fabs are better at developing like electronics, board, whatever you want.

Bronwyn

So, Ralph, you haven't got the ad for that 3D printer microboard thing. Like, I keep getting ads for it. It's like, oh, print your own boards. And I'm like, oh, it's only eight grand. Like, oh, that's, that's.

John

Maybe I should.

Wade

But for somebody, for somebody who's board production at scale, it's definitely something you want to hand off to somebody who can build tons of them at scale and has the parts to do that. You know, building like one off or two offer like three things, that's like, okay, but if you want to build hundreds or thousands of these things, you're, you're definitely going to want to send that to us.

John

And by the way, as Ralph already said, your, your picket place, your pick and place machine at home is still picking and placing chips that are made overseas. That's the bigger problem. You need the actual microprocessor that is made in the US to hit the criteria for this. So basically it's just another day where the government drops a big turd in the punch bowl and we're all going to have to figure out what happens. Classic.

Andrew

I would predict we're going to green check mark this. Like they're going to announce this. And then as a vendor in a foreign country, you're going to be able to buy a green check mark that. You've gone through a compliance process in the US that's where effectively like tariff on routers. Yeah.

John

Yeah, I could see it. I could see it verified on.

Andy

Basically, it's more grift.

Wade

I just.

Andy

Sorry.

Wade

All I could think about was Ubiquiti and that you're. They're a US Company, but all their gear is not made in the U.S. right.

John

I mean, dude, that's true for Cisco and Netgear and every other US Company. Right?

Wade

Right. Yeah. No, so it's. Yeah, let's just. Let's just put it at that. Everything's already made in China or some other. So Vietnam. Vietnam. Also there's other places that do have some electronics, but yeah, it's all getting imported.

Corey

And. Yeah, if your cell phone can be a hotspot, is it technically a router?

John

Oh, yes, it is. And it's definitely manufactured overseas. Whoops.

Wade

China is the only one producing these suckers.

John

Yeah. So while we're here in networking device corner, there's been a couple back doors in. Wait, what? Why is there an article? Someone. Someone fished me with an article in this. In the news for this week. That's from 2018. Whoever you are, I don't like you. I don't like you. So let's not talk about an article from 2018.

Wade

I mean, it was apropos.

John

Are there any other networking. I mean, are there any other networking news? I don't think there are.

Bronwyn

All right, we could talk about how people are networking into Cash Patel's email.

John

Yes, let's talk about that. What's going on with. That was his password. I love Trump.

Wade

I mean, I bet you was. I bet you was in some list.

John

I bet you it had to be.

Wade

Yeah.

John

So what's going on here? Cash Patel, the current chief, who is a big fan of. From what we understand, a big fan of hockey. He. His Gmail was compromised by Iranian hackers. What? Like, what is there. I guess there's some leaks. How. How bad is this? Like, I'm assuming he's not doing government communications using his Gmail, right? No, whatever.

Bronwyn

I didn't see any reports of that. Which is also fairly good. Right. Like, it was all personal stuff of him, like smoking cigars in Cuba, which I was like, all right, yeah.

John

Who could have predicted this?

Bronwyn

Right?

John

So is that why we let that ship into Cuba?

Wade

Yeah, Mainly it's for the cigars.

John

It's for the cigar. I mean, I. I will say, like, honestly, kudos for not leaking your personal stuff into your or your work stuff into your Gmail. Like, that's good. Good. Good on him. Yeah.

Wade

I mean, do you think. Here's my question. Do you think he had. So wait, hold on, I'm just thinking about this isn't two factor kind of enabled on your Google account anyways? So nowadays if you set up a Google account and you don't go in and like turn on those things, if you log in from anywhere that you've never been from before, it usually prompts up to do like an SMS or some other kind of authentication. Right.

John

It seems like it probably wasn't his primary Gmail, but there is no details in the disclosure of what, like how they got this information. It appears to be mostly going back from 2010 to 2019. So maybe it was like a secondary Gmail that he hasn't used since 2019

Wade

and is an old like Cuban cigar handle.

John

Yeah, yeah, it's like cigar boy, 2019 Gmail.

Bronwyn

These are whatever these are. These are also state backtrackers. Right? So it's not like something on the lower end for them to do, whether they send him a fake push or something like that.

Wade

Yeah, no, I mean, I wonder if they did actually interact with them. I guess that's the question I, I was really kind of getting at is if like he really got duped or if, you know, it was just something as simple as, you know, what do you call it?

John

Something like that.

Bronwyn

Yeah.

John

Password stuffing or. Yeah, I got you. Something like that. I don't know. I mean, we don't know. There's no information. They basically announced it on their website and didn't provide any specific info. We'll, we'll stay, stay tuned on this show for, you know, what, how it happened, if that ever gets published.

Wade

It probably will never get published. Just because he's already probably a little upset about the scenario.

Bronwyn

I thought they did publish it. They posted it somewhere so you could download it all.

John

They know. Yeah, they published the data, but I'm saying an incident response, like a full

Bronwyn

aka I was like, I looked at so many pictures.

Wade

I'm like, you're still scrolling through them.

John

Wow, that's impressive. So, okay, choose your own adventure. Do we want to go into trivy stuff or do we want to talk about the fancy bear stuff?

Andy

Go ahead, Wade.

Bronwyn

I was gonna say we're already talking about Space State sponsored, but I, I,

John

yeah, let's go into it. I feel like Patterson will have some interesting knowledge to share on this. So basically there's an article posted on Control Alt intel, which I've never heard of. Is this like a. Wade, Wade and Patterson. Is this like a reputable site? Have you guys ever heard of this,

Bronwyn

I've seen them recently, but not long running. Something like the default report. Patterson, have you seen them?

John

Unfamiliar. All right, okay, so on March 11, I guess it's also associated with Hunt IO, which I've also not really heard of. I don't know if you guys have heard of that, but anyway, there's a OPSEC fail from a fancy bear, a Russian state sponsored threat actor that resulted in some exposed open directories like basically directory indexing. Classic. And a ton of information about their targets, their, you know, harvested information. 11,000 emails, credentials, forwarding rules. I guess from a business email compromise perspective, Patterson, is this kind of the like standard that people do, they're using civ forwarding rules, Is that like a normal business email compromise or is this like something special to be gained from this write up? I am honestly catching up and reading this right now. So yeah, definitely it. It definitely seems a little bit unique to me, at least compared to typical business email compromise. Typical. Is it also typical for threat actors to just leave open directory indexes? Clearly it depends on the threat actors and what type of router they're using, but. Nice. Yeah, I think it's probably worth a read. I mean it's an interesting, you know, interesting concept. I can only imagine I'm assuming an intel analyst was just digging through stuff and found way more than they ever could have imagined or expected based on an exposed directory index. Like that's kind of a gold, gold mine.

Bronwyn

I've never heard the term civ forwarding before.

Corey

I wonder if that's like the, the email server or something.

Bronwyn

It says it's some JavaScript that they ran that does a redirect. But I would imagine it still would have to be something in the forwarding rules.

John

Right.

Bronwyn

Which like mo. A general practice for most organizations is you eliminate all forwarding email forwarding just because of this particular situation. And then you only turn it on if someone gets like let go and then all the emails from that, all emails get forwarded to that user's boss.

Corey

If we want to talk about like normal practices though, I think I read in there that like half of the accounts that they had creds for that were compromised didn't have any sort of 2fa at all, just none. So I don't know that we can really fall on standard practices here.

John

Well, and we should, we should comment that Wade's suggestion should be best practice for every business. But having worked a couple business email compromises of late, yeah, it's. Well, it won't surprise any of us that Best practices are often not in place, even external forwarding, sadly. But it looks like Sieve is just like an open standard for how to design an email filter basically.

Bronwyn

Yeah.

John

RFC 5228, Outlook and Apple Mail, it looks like pretty much everything. Every mail server supports it or most do. So. Yeah, I don't know. Interesting write up. Obviously we, you know, we've seen this before. The, the NSA did this famously, right? That's where we got all the shadow broker stuff. So this has happened before. It'll probably happen again. Pretty spooky.

Andy

Kind of like what happened with the team PCP thing.

John

Yeah, let's talk about that. I'm sure Andrew has many hot takes reading this. Okay. Team PCP is a recent, a recent threat actor. Their main thing is that supply chain compromise of what is it? Trivy or whatever? Trivi.

Andy

I don't know, it's light LLM L I T E L L M. It's

Corey

a library that was one of the knock ons. Trivia was the first, was the initial which is the. The open source product from Aqua Security.

Andy

Ah, okay.

John

So Andrew, you want to run us through this? I'm sure Andrew has like a full on long like marketing approved pitch for this so far. You want to run us through this?

Andrew

There's no marketing approved pitch for this because this all actually happened while everybody was at rsa. So like that's the thing about this is like all the action on this happen while like all the CISOs are somewhere in California at a bunch of parties or something. So like the interesting thing is first they compromise Trivi, right?

John

Which is a software supply chain scanner. Right.

Andrew

Trivia is a vulnerability scanner by Aqua Security. And a lot of other security vendors might not admit this, but they probably just take Trivi and embed this in their vulnerability management scanner and then they provide a dashboard around this. So because trivia compromise a bunch of

Corey

integrate this into like GitHub Actions, is that pretty much the only way to do it?

Andrew

Okay, so people put trivia and GitHub actions. They also put it a lot of other places as well. So like really, really interesting from initial compromise perspective. So like because trivia is compromised, we could assume on March 20th when Canister Worm and GitHub like other GitHub actions are abused. That is a result of potentially pivoting from Trivi in CI. So most companies when they saw this, they just completely stopped building everything. Right? That's like the initial response wherever you just disable all your runners across like GitHub, GitLab like whatever your build pipeline is. And then we see the compromise in OpenVSX open on March 23rd. So four days afterwards, Light LLM one day after that and then tel nix the package right after that.

John

So the worm, like the worm functionality here is just dump your secrets and move on. Right. Like that's the worming. Like it's like, give me all the secrets you can access and wait, there's more.

Corey

Unless you're from Iran. It is. It's got like an RMRF built in for anybody that it thinks is Iranian.

Wade

I gotta change my.

John

So what. What this is like, like reading between the geolog. Like the geopolitical tea leaves. This is Israel going after Iran through trivia. They're like, trivia. Iran's really good at scanning for vulnerabilities. So we'll go after them.

Corey

I. I don't know. I feel like it's got to just be, you know, some kids and they thought, funny.

John

They're like, we read the news.

Bronwyn

This has, this has more of a shiny hunters theme like theme to me. Right. Looking for secrets and then using those secrets to then pivot into a different environment.

John

So where did this get pal.

Andrew

Nex.

Wade

I saw that on. There was.

Bronwyn

I look at, look at the link that I provided in our chat. It has a timeline of like the different repos or the different. All the things that they.

John

It's a lot. Yeah. It's a long chain of exploits for sure.

Andy

Five ecosystems.

Bronwyn

Yeah.

Andy

GitHub Actions, Docker Hub, npm open VSX and PyPi.

John

Well, packages on those. Not the actual.

Andy

Right, that's what I mean. In that has crossed into those five ecosystems.

Bronwyn

We should, we should have went Rust.

Wade

Yeah. If you guys would have written this in Rust, this never would have happened.

John

Don't worry though. Every company has. They, they. Every company fully understands their CICD pipelines start to finish and they have software bills and materials. They know exactly what packages are being used exactly where. Right, Andrew?

Wade

Yes.

Andy

And they have an ongoing patch management program.

Andrew

There's a great rant from the. I think it's one of the founders of chainguard how this just kind of like unearthed a whole bunch of things in the GitHub Actions ecosystem that we have all thought of as blind spots for like the last. I don't know how long they've had GitHub Actions, but it's been forever. You know, there's just not a lot of visibility into what goes on in a GitHub action when the action is updated. Most people don't do Basic things like even pinning GitHub actions to specific hash versions and things like they should be doing. So, like this is an area that is pretty ripe for some good security hygiene and hopefully a few more features that we'll see come out from GitHub that won't be limited to like the enterprise tier.

John

Yeah, I mean it makes sense. Like basically don't use the latest version of whatever thing is, is like the simplest possible fix here is like pin your version that you're using.

Wade

Well, don't you want to use the latest version?

Corey

They placed all the tags, they repointed the tags to a different commit. So you'd have to, you can't just pin by version, you have to pin by commit hash, which I'd never heard of before, but apparently it's a thing.

Andrew

Yeah. And this, this is one of the things that everybody considers a nightmare scenario, right. Because you should not be able to go back in time and overwrite a release. Like releases should be releases and those should be immutable as a point in time. And you should not be able to go back and just like say, oh, version 101 now is version 101 plus like 100 more bytes. Like that just violates. No, no, you can do that because it's just the way that Git works. And then GitHub doesn't provide any guardrails around how they bundle up the final artifact as a release, which is a specific to GitHub thing. Right. It's not part of the git protocol.

Wade

Isn't. Are those releases tags too, essentially? Right. So they're tagging the release and then putting it into a release package. And then I mean you can essentially re release the same version package if you want. I mean, I've done it myself. Right. Instead of like just continuing to rev a version up, if you're testing, you can just re release it.

Andrew

Yeah. So tags are part of the git standard. What GitHub does is they pull that tag in as metadata of a release. A release is effectively in this case, a publicly downloadable file.

John

It's crazy. This is a really, really interesting compromise and super spooky, I guess. Do we have a source? Andy, you mentioned before the show that like they have the. The implication here is there's so many creds that they don't know what to do with them. Like they're, they're soliciting affiliates.

Corey

I read it. But yeah, they were solicited. I read somewhere or heard on one of the other mini podcasts that they were soliciting ransomware affiliates because they just,

John

like, too many come help us use these creds. Our secret, I mean, it's going to be secrets. Every sysadmin right now is rolling secrets that were impacted by this.

Corey

And the scope is 20% of sysadmins that were affected by this are rolling secrets. And that's why we're going to have a problem.

John

Yeah, I thought it would be funny. You know, this is a more aggressive version, but it'd be funny if, like, instead of doing this, they just had, like, the vulnerability scanner just never reports any vulnerabilities. It just like, siphons them off to. To this threat group, and it's like the vulnerabilities go only to us instead of actually, you know, this is a more noisy. You're a more noisy compromise.

Corey

There was. There was one other cool thing. Well, I. I thought it was kind of cool. The. Apparently, like the second version of the Light LLM package. So, like, they. They've already iterated on it, but instead of just having it in Light LLM, they had it right to like, the. The root Python, and it would rerun the compromise package anytime the Python interpreter was activated.

John

So if so, Claude helping me.

Corey

Claude helping me use on the system at all.

John

Yeah, yeah, yeah. I mean, that is like, right now, some sources are claiming over 500,000 corporate identities are compromised, or some secrets were compromised for 500,000 corporate entities and 300 gigabytes of compressed credentials, which is. That's like info stealer levels of credentials. That's a lot. Yeah, I mean, watch for, like, I guess, Patterson, Anyone? Does anyone have tips? Like, what do I do? Watch for secrets abuse. Get my audit logs in order. Like, what. What do I do if I'm worried about this?

Bronwyn

Right? We cry.

Wade

Good about.

Bronwyn

Right. Like, valid accounts is probably one of the more harder things to detect, right?

John

Valid credentials.

Bronwyn

Valid credentials. Well, I'm thinking. I'm thinking Mitre APIs, right?

John

Yeah, yeah.

Bronwyn

Miter attack. So they have a valid account already to your system. So you want to look for, like, irregular network connections. Maybe like IPs that are coming out. Maybe. Weird timing. Patterson, you got anything?

John

Rotate all the creds. I mean. Yeah, sorry. Incident response out of an abundance of caution. Change them all. Change them now. Right? Yeah. Cloud. If you do stuff in GitHub, if you use this tool, any credentials this tool had access to it in during the last. I mean, what the last week it was like, I don't know, you're in

Bronwyn

GitHub, quickly migrate to GitLab. Real quick and you'll be fine.

Corey

All right.

Wade

So the other thing that made me think about is that like maybe have a plan for how to quickly rotate your keys without having a pants on fire moment. Right. Because some of these things that obviously these organizations didn't have control over it. They were kind of a victim of a bigger play. Of course.

John

Right.

Wade

There's some layers in defense that you could have done and maybe those are things you should look at as well. But also thinking about quickly being able to rotate your keys and how that works is probably a good play overall. So that if this happens in the future, it probably will. Maybe you are affected, maybe you're not, but at least you have a playbook for how to rotate your keys.

John

Yeah. And by the way, your developers are putting your keys into LLMs already, I guarantee you. So you should probably be rotating them on a regular basis.

Wade

Yeah. Just get like an automatic rotation system. Right. That just freaking rotates these things out all the time or every 30 days. Right. I mean they're already moving that with SSL certificates. I mean they were like, you know what, Certificate revocation, it's broken. So guess what? Everyone's going to get 30 day certificates now and you just got to rotate them over over and over again. So.

John

Yeah, I mean. Yeah. And also, least privilege applies here, right. If, if they compromise the key that can only read an S3 bucket. That's better than a key that can write an S3 bucket or create a new one or whatever. So like, sure, you know, least privilege on keys and identities and things. I'm sure no one's just using an IAM role. That's just like aws Global Admin. No one would ever do that.

Wade

No one is doing that. Everyone is doing that, Corey.

Corey

Least privileged. But passwords. TXT is in that S3 bucket.

Wade

Yes, yes.

Bronwyn

This is why I use canary tokens. Right. All over the place.

Wade

That's another good one too. Canary tokens could be useful in this scenario.

John

Right.

Wade

You might hits especially if you, you know.

Corey

Now it wouldn't help in this, but what about like having a, you know, NPM or PI PI clone on prem that, you know, you're lagging. Yeah. And you're lagging behind. Like has anybody actually set one of those up? Like in theory it sounds like a good idea. In practice it kind of sounds like a nightmare.

John

There's no, I mean, I, I have no idea. That would be a question for Andrew. I, I can't even begin to imagine how that would be set up. You're muted.

Corey

Andrew. Andrew.

Wade

Oh, oh, oh.

John

Maybe just use sign language to explain cicd. It'll be fine.

Andrew

My back. A lot of people do build the node and the Python proxy, right? But we also have an open source project that's called supply chain firewall that just wraps the node Python commands with a bunch of SEMGREP rules that scan for malicious code and if they detect it they will block the installation of that which is I, I like that approach versus like kind of a a node proxy approach because oftentimes as we all know with egress proxies, people find a way around them or stuff sneaks into the environment in other artifact forms. So having the like kind of some heuristics for detecting malicious code, especially in dynamic languages, way better.

John

Yeah, I mean there's a, it's a good point. Basically have some heuristic methods running on whatever programs you're using. If you're using programs that are constantly hitting a bunch of heuristic checks, maybe look into that. Right? Like in this case, if you're looking at the post X that the tools did, they did a lot of memory scraping, you know, reading proc memories, they looked at the metadata service, they looked at AWS credentials files, kubernetes, configs. Like basically these would hit a lot of YAR rules or SEMGREP rules for like secrets, abuse and other like sketchy things. I don't want to download a tool whether it's been supply chain compromised or not. That just looks in all my credentials files, right? Like that's not good. Whether it's intentionally malicious or whether it's been supply chained, I still want to know. This tool is looking at all my credential files. Although in this case with Trivi, it probably was exempt from a lot of those, you know, because it's supposed to be doing that, right. That's what its job is, is to look for exposed credentials and bad things. So it's kind of a perfect storm.

Corey

It's a GitHub action. So like it's not even running in your environment so much, right?

John

Well it depends on how you have your runners set up. But yeah, for sure I would use,

Bronwyn

I would, if I would see and I had some type of false positives right. Going off on it, I would immediately allow us that not think.

John

Yeah, because it's a vulnerability scanner. Of course it's looking in the secrets. Yeah.

Andrew

Visibility of GitHub Actions is so hard though because like if you think about it, if you're building on prem or something with like a Jenkins box, you can at least do EBPF, like for observability in GitHub actions, we don't really have any way to monitor what's going on inside of the action. It's like a neutral third party. And then ship telemetry from that. So people have all these hacks, but none of them are good.

John

So it might be time for GitHub to spin up some more telemetry for actions, it sounds like.

Bronwyn

So this is when Andrew pitches his Visible Actions product. Right now

Andrew

it'll be behind a paywall. And that's the thing that is my big rant is that every cool feature for security, you have to pay for a very expensive tier, GitHub just to gain access. So for a long time, I don't know, is it still the case that you have to pay just to get access to.

John

Org logs?

Bronwyn

Probably.

John

They.

Bronwyn

I thought, I thought they allow. They stopped that because there was such a big uproar from the community that they do.

John

Microsoft did buy them. Microsoft. Yeah, yeah, I was going to say that's Microsoft.

Wade

That is Microsoft's like play, right?

John

That's their play. Arguably that E9 license.

Bronwyn

Yeah, I know the GitHub blogs too. You get different things where if you

John

run

Bronwyn

what like integrations with certain tools versus you writing some code to hit the API too, it's a different log set, which is also scary, right, because you think you're. You have all the logs and then next thing you know it's like, oh no, these logs don't exist in this pipeline.

Corey

So.

John

Well, okay, so go ahead.

Andrew

In. In 2017, when I was at Mozilla, we actually had to write web bots that would like log into GitHub and would page through the logs and then scrape them with beautiful soup just to get them into the. Because all of our repositories were free repositories. So like the. I think the thing that I'm trying to say is the open source projects that we depend on the most oftentimes have the lowest level of access to the security tools because they are free open source tools.

John

Yeah, yeah, that's a good point. That's a really good point. I guess. Last question I have on this. Does anyone know who team PCP is? Do we have any idea who this threat actor is? They just came out of nowhere and said, hey, we just crushed, you know, 500, 000 companies overnight while everyone was at RSA. It feels pretty significant, but I guess. Does anyone have any intel on that? Do we know who this is. It could be Shiny Hunters, I guess. But why wouldn't they just branded us?

Bronwyn

That's my feeling. But also only CISOs go to RSA, right? Like the people in the trenches. We're still, we're still at work. The real people doing the analysts looking at the alerts. Very little of them get the privilege to go spend a very expensive hotel and to sit in a TSA line and hope for your flight. Hopefully you get your flight soon enough.

John

So no one knows who this is or what nation state they're affiliated with, if any. They're just. It's the next lapsis, I guess. I don't know.

Bronwyn

You can also tell that I'm a little. I didn't go to TS or rsa.

Wade

No, there was salty.

John

Do you want to go?

Bronwyn

Maybe.

John

Maybe. Yeah.

Bronwyn

No, me, I mean I wouldn't mind

Wade

going to the parties, but I don't know about like the conversation.

Bronwyn

I want to go win a switch. Two at a booth or something like that. You know like switch to.

John

For the price of one night in

Wade

San Francisco, San Francisco hotel, you get like three switches, dude.

John

Yeah, you can just expense the switch too for supply chain reasons. It's fine.

Wade

Yes.

John

All right, let's move on. What's next? You want to talk about Florida?

Bronwyn

Yeah, let's talk about Florida because Ralph's here. Because like Ralph and I have been in, in this exact spot together.

John

Tell us about the Space Coast.

Bronwyn

The Space coast, right. So the first. Right when I look at this I think of like hack spacecon. That, that was, that was my first thing that, that's why. But pretty much this article is just describing how the Space coast of Florida. Right. All of where Blue Origin, SpaceX, NASA all just have a bunch of top name scientists and has become a hotbed for espionage. Both Chinese and Russian.

John

So what are they doing just driving around war driving, looking for people's wi fi passwords.

Bronwyn

It's like next level going after people too. Sitting in bars, getting people drunk, trying to get people to. To talk about secrets.

John

The old.

Bronwyn

One of the, one of the interesting is they're using real estate as a weapon. So federal authorities are tracking suspicious property buyers, right. In order to find sensitive sites. They're finding the local governments or Russian or Chinese actually buying property around the base is one of the ways they're doing it. There's also a couple influence campaigns that have been discovered down there. So if you ever want to date a spy, go buy. Go down in Florida.

John

So where exactly can you in the world of Florida where is this? This is the. Like, give me a gf.

Wade

It's Cape Canaveral. It's on Pacific Atlantic.

Bronwyn

Right? The south or. No, the. Yeah, the southeast Florida.

John

It's close to.

Wade

Or it's on the other. Other coast. Right. Middle of. Middle of the state near Orlando. Probably about an hour and a half.

John

So if you live in the Space coast and you've recently made a new friend who's way out of your league, it might be time to. It might be time to question their intentions.

Wade

Speaking of the Space coast, they're gonna be launching the.

Bronwyn

Our meetings Wednesday, right? Wednesday, yeah.

Wade

So we're going back to the moon.

John

Way to leak the launch date to the foreign enemy in May.

Andy

We've got Space TechCon, HackSpace.

John

I like space. Can we go. Can we go back to Space Hat? I like Space Hat Con. I know you said hack, but I like face Hack.

Bronwyn

Ax basecon is a good conference. Like one of the few conferences I've been multiple times on the east coast and like highly recommend it. One of the more cool, one of the more interesting talks I heard there was a dude talking about all the satellite hacks and how you don't hear about anything because the government doesn't want you to know how many satellites have been hacked.

John

Don't worry, all those satellites are FCC compliant to the latest standards. It's fine.

Andy

It should be fun. One of, one of my to do list items when I go to hack spacecon will be to get chatted up by a spy.

Wade

Oh, there you go.

Bronwyn

So my goal every year is just to see ralph, you know?

John

Oh, that's a really good goal. You got to see ralph.

Wade

Yeah.

John

Okay, so while we're on the topic of AI that I just started Anthropic came up with these accidentally release these Mythos models.

Wade

Maybe accidentally release it. They left an open database of sorts.

John

Yeah, it's like they like leaked unintentionally. Their CMS left 3,000 unpublished assets in a data store.

Wade

Why did they have so many articles pre written? I mean, like, are they like. All right, fine. All right, fine. You know what? I deserve that. You're correct.

John

Yeah. So basically this is. I don't know, it's kind of cool. Like, I don't know. The claim is March 2026. They just released Opus.

Wade

I know.

John

So the two months ago I read

Wade

all into this because I'm like, I'm all deep into like the next drug addiction. But so

John

ralph's like, give me, give me some more extra usage.

Bronwyn

I need some more extra Usage more tokens.

Andy

People are starting to ask in job interviews, can I get paid in tokens?

Wade

Oh, my God, no. So, all right, here's the wild part. So again, let. Let me be crystal clear. This is all claims probably written by AI. Okay, but. And every time they say it's the best and the fastest and all this other stuff. Okay, so like, we'll clear the air. But so the. We.

John

The.

Wade

All right. The most interesting part of this article, specifically to our audience, is that what Anthropic was saying in the article in their blog post was that they wanted more time for people to research how these new models would affect cybersecurity. Specifically, they are afraid that these models would be so good at attacking, they want other organizations to be able to implement AI for defense. Right. The argument being that if AI is. If there. This model is very fast at creating novel especially or just generic attacks, then it's faster. If it's faster than a human, then it's one of those arms race where you need AI to defend. If that makes sense.

John

Right. And by the way, that ship has already is sailing. Right now, like right now we are burning massive stacks of cash to try to use AI to attack our customers. And every other threat actor is doing the same thing. Like, like last week we spent. And I'm not. These are real numbers. We spent $4,000 on Amazon Bedrock trying to find a critical vulnerability. And we actually did get one for a customer. And basically I told the person who burned that money, I was like, I would pay $4,000 for a critical vulnerability in one of our customers every day of the week. Like, so it is definitely a thing. Like, we are. I am very nervous with new models, the impact they can generate. And this is currently the arms race is like, who has the most tokens to throw at attacking entity A, B or C. Yeah.

Bronwyn

Wasn't there a recent article? So I got sent an article talking about it, but I don't even know where it was from. But there was a talk at someone Anthropic that was running Claude finding zero day vulnerability live at a conference.

Wade

Yeah, that also did happen.

John

Yes. All right.

Bronwyn

Which man?

John

Yeah, like, yeah, yeah, it's it's definitely. I mean, it really is. It's the new. Like that. I mean, it's just the new thing that people are doing. I will say, looking at the like, this is a template page and I know there's template content, but it says here. Ralph, as with all of our models, we have tested Claude Mythos on a wide variety of safety and capability evaluations. So it's fine, don't worry about it.

Wade

Yeah, no, it's super interesting. So like the one thing that a lot of researchers have kind of put into place is that anytime you can get a known output and you give enough credits at these models, you can get to the, to the. If it knows what the answer is supposed to be, it can pretty much get its way there, right? That's why benchmarks always keep adjusting. They're like, well, no, we have a new benchmark because they crushed the last one and now we have a new one in whatever category it is. It could be in code, it could be in college math or whatever it is, right? So they have to keep adjusting it. And what they're finding is that anytime you can get an output that it can search for that it usually will start to make there, make the answer or find the answer in a certain amount of time, enough credits, so on, so forth. And as they get better, regretfully, when Apple gets on stage and goes, this is the fastest processor ever, you're like, cool, I didn't need it to be faster. But when they say this is the most intelligent AI ever, it, it does matters. It matters. It matters.

John

Totally. Yes. No, 100%. Yeah.

Bronwyn

I will say I did. I'd ran like two very large queries and completely ran out of tokens last night and I did the RALPH and I was like, it, I'm upgrading. Like, I, I threw money at it. Like, give me the next tier, more tokens.

John

There you go. Dude, last, last week of having double usage on anthropic, like I, I don't know if I can go back, guys.

Corey

Did you go the 5x or 20x? Wade?

Bronwyn

You know what? I probably can go the 20x.

Wade

Just go, just go to 2.

Bronwyn

I went 5.

Wade

Just go the 200 and just let it go.

Corey

Because I went pro to 20. I was just like, I mean like five times as much money for five times as much usage and then only double that.

Bronwyn

If I run out of the 5 times usage, I'll upgrade again. We'll see. Well, I'm not made of money over here.

Wade

I'm not made of money over here.

Bronwyn

I'm not using it for, I am not really using it for business stuff. This is me like building my app.

John

Like I will say though, I, I do think like we talked about GitHub and open source and now we're talking about AI and I want to bring it back to open source. I do think that they anthropic or you know, whatever. They're kind of the leader right now. But any other AI model producer, they should have a free or low cost option for people to use AI tools to attack their own open source projects and find vulnerabilities in them like, just like GitHub for these high, you know, high importance open source projects like Trivi, they should be providing enterprise level, you know, logging and capabilities for them. Anthropic or other, other companies should be providing open source software developers with the ability to assess their own tools using Claude or using whatever models like talk about how, what you should do before you release the latest model. Give early access to open source developers so they can find and fix the vulnerabilities in their stuff before it goes public and some random bug bounty hunter does it. That's my hot take. I don't know if anyone's gonna disagree

Corey

with me, but I think both of the Frontier labs have kind of been doing that. So Claude had whatever their security thing was and then open OpenAI had Aardvark and I believe that they were, they weren't publishing everything, but they were going through and testing a lot of this on open source things and finding it and you know, doing responsible disclosure with them beforehand. And I know Google's doing it through, through DeepMind as well. So I mean they, they're not just giving, they're not just giving it to open source devs and saying hey, you can use it, but they're doing something like they're contributing.

John

Yeah, I mean at the very least it's just something that we need to be aware of is that as these tools get more advanced that threat actors are going to use them. We should beat them to the punch. If it's a matter of dollars, like I would donate a, you know, pile of tokens for someone to go look at, you know, an open source tool and find vulnerabilities. That's like easy money to spend versus doing this huge incident response because it had a vulnerability and I'm dependent on it. So basically if you're a company who uses an open source tool, throw it through your, throw it through your AI, burn some tokens on it and report the vulnerability to the developer.

Wade

Honestly, what we, what I do with my own software, I have a pipeline that runs every week that will run through a whole essentially prompt to look for security issues. Right. And then makes issues related to those. And if they've already been addressed or moved, then it just, just, it just keeps on going. So you can build that into your own, own setup. Yeah, it does take Tokens, though, back to Corey's point.

John

Yeah. And if you're wondering why we're all feeding for Claude tokens, the biggest reason why is because they have a million context length. That's why. That's what makes Opus so killer. That million context length means you can go significantly further and deeper than you could with a 250k or a smaller context. That's just.

Corey

I mean.

Andy

Yeah, it is.

Corey

Gemini have 1 million context. And I was still using Claude.

Bronwyn

Yeah, I. I have a good. So I was playing. I've been playing around with Claude code for the past five weeks. Like, that's all I've been doing.

Wade

He's on the drive.

Bronwyn

Completely complete. Yeah. But the amount of utilities that it has that are similar to RMM tools is semi scary. So if I were to keep several remote. Remote control sessions open on different servers throughout my enterprise. Right. And then I get, like, hacked, that pretty much just completely bypasses whatever security you had between that end user and the servers. I'm waiting for something to use that mechanism, and I think it'll be really interesting.

John

Yeah. Right now.

Corey

Yeah.

John

Yeah, it makes sense. I mean, dude, even now we're building, like, MCPC2s in house that, like, you know, it's a. It's a thing for sure.

Wade

I put together a. With one password.

Corey

Works great.

Bronwyn

Did you do. I was gonna ask.

John

Did you do it?

Wade

Did you do it?

John

Send it to me, please. It works. No, you did.

Wade

Yeah, he did. Yeah.

Bronwyn

Corey wasn't on the news last week. We were talking about C2s, and I've been saying I wanted to build one for a while.

Wade

It's not very fast, but it is efficient.

John

That's awesome.

Bronwyn

Please send it.

Andy

Efficient is good.

John

There's ralph's talk at Hack Space code. There we go.

Wade

I hacked your password manager, and I don't know the key.

Andrew

Has anybody tried Claude? Cowork, like the new Claude code dispatch hunter, which requires you to disable pretty much every single security Control on a MacBook.

Andy

Wants to access your downloads without disabling security controls on Windows.

John

Claude wants to access your files. Claude wants to access. No, absolutely. I mean, yes, but no. Yes.

Wade

You know what asks so many questions that I just turn them all off?

John

Just say, you know, always allow. What could go wrong? What could go wrong?

Wade

I'm good for this.

Bronwyn

I did that. And it did a git push that I wasn't expecting. I'm like, wait, wait, what's going on?

Wade

That was an article a couple weeks ago. Or maybe it should have been. Yeah, I Do hear the guy who did that? Yeah, yeah.

John

We were just talking about heuristics, you know, like Andrew was bringing up like, oh, you can have a heuristic tool that analyzes your, the software you're running. I think it's funny that Claude, the code that it writes, oftentimes it'll say, you should review this because it looks like obfuscated code. Like it'll write a python, like a python one liner and it'll put it in quotes and it'll be like, hey, this looks like obfuscated code. Warning. Are you sure you want to run this? And it's like you wrote this, dude. Like you should write code that you don't think is obfuscated. Right?

Wade

That was my cousin. You closed the window. I'm a new.

Andy

It's like speaking of mcp, did you guys catch the fact that Google has shipped Web mcp?

John

No.

Andy

Did you see that article?

John

What is this?

Wade

Yeah.

John

Scare me.

Andy

Well, so MCP is a protocol for working with agents and Google has apparently shipped through Chrome 146 Canary, a new protocol that allows websites to expose structured functions directly to AI agents.

John

I like this. I like this as a concept.

Wade

The idea being that if you want to browse a website, traditionally you would have to read the DOM and then execute the page in the, the JavaScript, the HTML. That's all for us, that's not for the computer.

Bronwyn

Right.

Wade

The MCP, if I'm correct, is to make it easier for the AI agent to browse.

John

Right.

Andy

Well, this is a really twisted thing though. So now they've shipped this web MCP that allows this new interaction directly machine to machine, between the agents. But they've also just patented a tool where you can basically if your website is coming up in searches, but their analytics decide that it doesn't have enough content, they'll have AI rewrite your website on the fly and that's what they

Andrew

present to the client.

John

Basically you're talking about an AI generated parking page. They pat. They patented this. This is not a tech release, but basically it's an AI generated parking page that will just make up whatever it thinks the person searching for the page was trying to get to.

Bronwyn

This sounds like a fishing dream.

Andy

The, the combination is just nuts.

John

So the new 404 page is an AI generated version of the page you were trying to reach?

Andy

Yeah. For some reason Google's AI decides that you didn't put enough content or the right content or you know, you're not going to get any, any click throughs on this, it'll redesign what it presents as if it and presented on your behalf.

John

I'm glad that we're ratcheting up AI gaslighting us to one new level. That's great.

Corey

So here's, here's the question though. Does this make malvertizing better or worse?

John

That's typo squatting. It makes typo squatting worse, but it also makes typo squatting better at the same time.

Bronwyn

I mean, does it make depends on

Andy

whether the AI removes the malicious code embedded in the websites or whether it's going to propagate it.

John

Yeah, I don't know. I mean, to be clear, it will depend on the implementation. This is just a patent. This is just, you know, them cornering a part of the Internet. But it makes sense. Also, I think that, you know, to go back to the MCP thing, I think this is just developers, especially front end developers are sick of having watching the logs of like using Claude cowork when I was using it. Okay. So my use case was I was trying to get it to read comments on a website about a trip. I was trying to go on and read all the people's trip reports and be like, is it a good idea to go to this place at this time or is it going to be closed or whatever? And it took Claude like I'm going to say 20 minutes to read all the comments. Like, it was like, okay, I found the dive div. Okay, I found an iframe inside the div. Oh no, there's a paywall. What do I do? Oh no, I have to click the X. Oh no.

Wade

For a subscription.

John

It was so painful. And of course the worst part is you can watch Claude like you can watch its browser window. And I'm like, dude, this is worse than the one. I worked tech support in college and I would watch a professor, I'd be like, okay, click on the start menu and it's like three minutes. And they're like, which one is that? I'm like, bottom left, left. Like, dude, I watching. We need a better solution than watching Claude like sloppily click through a website and try to find iframes and bypass paywalls and stuff.

Andy

Or Gemini, because you can use Gemini in the browser or you can load the cloud extension to get Agentic in the browser now.

Andrew

Yeah, if it can't figure out what to do, it actually will just take a screenshot of the page and then it will start. Screenshot which just chews through a ton of tokens.

John

Correct.

Andrew

That's what it did you're lighting your tokens on fire.

John

Yes, that is exactly what it did. It did screenshot it OCR and then it had the entire web page in every response. And so, yes, it burned through all my usage. Yeah.

Wade

And this is why RAM is so expensive, everybody. Just to let you know. What?

Bronwyn

No RAM prices are going down. You didn't see that article.

Andrew

What's up?

John

I will say it's worth it. It was so funny having AI be like, oh no. Evan got lost on his way to the restaurant. Like, I don't know, I'm not invested in this at all. But it's like AI is like in depth researching all these people and telling me what their trip experience was. So silly.

Corey

See, I found a receipt earlier today. I bought 128 gigs of RAM and a 4 terabyte hard drive like almost exactly a year ago. It was 560 bucks. I went on Micro Center's website, pulled up the same stuff today. 1700.

Wade

Yeah. So this article that you just posted was about the drop in memory prices. And this was actually to one other notable thing. This is not necessarily security related, but Google's new quad or turbo quad inter, whatever you want to call it, it's essentially a compression algorithm for AI.

Andrew

Right.

Wade

And so the argument is here, putting Google's compression algorithm aside, and whether it actually succeeds or not, is that if they change how the models are actually used and they're able to enable a lot more compression than you could see a radical price shift and drop. But it's probably not going to be as much as you think because all these people ordered all this stuff in. These data centers are still going to get built out, which is what we're seeing in our. In that whole supply chain.

John

Yeah. All right. There's no, there's no chicken news this week. Does anyone have any final articles before we end the show? Any last, last thoughts? Last feelings?

Andrew

Yeah, the I think Some of Us have Classes coming Up app.

John

Yeah, let's plug. Let's do some plugs.

Wade

Plug it.

John

Who's teaching? When are they teaching? Andrew, you go first because it's. I don't know, Ryan should bring up some little graphics and things, but go ahead.

Andrew

Yeah. April 1st and 2nd, securing the cloud, which has a ton of AI based content. If you want to hear my spicy take, which is that MCP is already dead and we'll be talking about something different like two months from now. You can hear it in my class.

Andy

I may have.

John

Wow, what a teaser. Now I have to have my AI go and then Summarize the entire thing.

Wade

I'm actually getting my AI to find your class right now.

John

All right, Patterson.

Andrew

Dispatch might be done.

John

Patterson, do you have a course coming up? I. I have a course coming up on Friday. This Friday? Yeah. And so when all of these things go horribly wrong, you're going to want to come to this class so that you know what to do next. Yeah, I mean, this. I mean, with all this trivia stuff, with all like, oh, my goodness, there's so many IR scenarios to get into. It's crazy for you. I'm here for you. Dedicated day on Friday. Nice. That's awesome. I like that it's simplified. I need that.

Wade

I'm with you.

Corey

And John's got sock core skills. Pay what you can. Starting next Monday.

John

Bring your socks and they'll be knocked off by John. Strands ranting.

Wade

Sock off.

John

Anyone else have anything to plug while we're here? Wade, do you want to plug your mustache? Oh, no. B side. San Diego's this week, right? Or you were.

Bronwyn

We sold out tickets. Don't email me, please.

John

There's been so many people. So Wade would like to plug. Not going to.

Wade

Besides, because everyone else will be there. You can't.

John

Can't you?

Bronwyn

Can you see it? Let's see. Hopefully nothing. If you move my camera. And then this box over here is full of all of the raffle gifts.

Corey

Extreme.

Wade

Oh, nice.

Bronwyn

There's books, there's. Dude, Raspberry PIs are expensive nowadays. Like, for a whole kit. It was gnarly. And then portable monitors, Legos, some Game Boy things.

Andrew

It's fun.

Bronwyn

It should be good times. If you didn't buy a ticket, I'm sorry, but next year, you did come

Andy

say hey, next year.

John

Yeah.

Andrew

600 tickets still tickets for B sides, Tampa, which is coming up May 15th. You know, okay. Stuff in Florida.

Wade

It's actually. It's actually a pretty big conference. It is for a B side.

John

A great place to meet a Russian spy, too.

Wade

It is the weather.

Bronwyn

Florida. Florida has really good cons. Like, they have Tampa and. Or B sides of Tampa and Orlando are both really good hack. Spacecon's pretty good. And there's a couple others, too.

John

Go now, before it turns into a swamp. No, before hurricane season gets underway and.

Wade

Yeah, that's why they do it early. Just, you know.

John

Yeah, I'm sure it's really nice there. All right, cool. Well, thanks, y'.

Bronwyn

All.

John

Thanks for coming, and we'll see you next week. Bye. Bye.