A (1:45)

I just can't remember any of them.

B (1:47)

I would like to take an audience poll to say who has watched this show. They've talked. They are talking about. Because Corey and I are just. I have no. I watch Scooby Doo.

E (1:59)

Is this Children?

G (2:03)

The Monkeys.

B (2:03)

I guess the Monkeys had a show. I know the song. I know the age thing.

G (2:09)

Or is this a. I think it's an age thing.

C (2:11)

It's an age thing.

A (2:12)

Dude, you're not that much younger than me.

B (2:14)

I mean, I am that much younger than you. I think I'm. Aren't I?

G (2:17)

Like, 10, 15 years. This was old when y' all were.

B (2:21)

Oh, my God.

G (2:22)

This is way.

A (2:23)

You know what it is? I grew up.

G (2:27)

I didn't explain.

A (2:29)

So this is what was on public Access because they was on Nick at night or something.

G (2:35)

Apparently it had a revival in the 1980s. MTV did reruns in the 80s. So that probably explains it for you, John.

A (2:41)

No, no, no. It was for local TV stations to get to fill air and then I remember that was a show. And then PBS had the Young Ones from the BBC. That was.

E (2:55)

That.

F (2:55)

Now, that was righteous.

A (2:57)

That was absolutely righteous. So I would go righteous. I would go from the monkeys to the young ones rocking out Motorhead. And it was like, for me, my musical views of the universe were like, mil. Like Milli Vanilli, Vanilla Ice, you know, all of that. And then the Monkeys. And then goddamn Motorhead, like me would come in and be like, speaking of.

E (3:22)

Monkeys, I found this when I was cleaning out closets. Oh, yeah, the original, I guess, when I was a kid. So. And he's in here.

G (3:33)

I don't know what I'm gonna do with him, though.

E (3:35)

But I think they made a whole scary movie.

A (3:37)

Have you seen Monkey Shines on It? And put it in a fireplace.

G (3:43)

I like how it specifically markets itself as glares at you and chirps.

E (3:48)

Yes, it does. It says glare. Showing his teeth and chattering.

G (3:53)

Chattering. It's like. It's like this will glare at you. That's a huge selling point. All right, $3.

A (4:00)

I think we're ready to bring out the hand. Ryan, are you ready to rock this show?

G (4:03)

Roll it. Hello, everyone, and welcome to Black Hills Information Security. Talking about news. It's November 3, 2025, and we paid the ransom to get access to this show today. Luckily, the ransom was very cheap.

A (4:34)

Organized crime afloat. DAs for Danya.

G (4:38)

So, okay, the first article that I want to talk about is this article in Bleeping Computer that basically, the headline is ransomware Profits Drop as Victims Stop Paying Hackers. Which it feels like there could be a cause and effect here.

E (4:53)

There's no point in reading the article at this. You've done it.

G (4:56)

Yeah, like, okay, so basically, they're quoting. They're quoting Coveware, which I'm not. I think we've quoted their report. They're one of those companies who every year publishes a Cyber Threat intel report. Essentially, they're. The big statistic is only 23% of the companies who are breached nowadays pay the ransom. That's over. The data goes over the course of six years spanning 2019 until now. Apparently, in 2019, it was 85%. That seems high.

D (5:24)

So if less people are paying, does that mean the ransom is increasing?

G (5:28)

Well, I don't know. Basically. I mean, part of this is because the UK actually banned paying the ransom. So any UK companies that get ransomed are now just sol. Which we've seen happen with Jaguar Land Rover. Right. They're just like, we're going to be down for months. We need a bailout. So paying the ransom is down, but government bailouts due to ransomware are up.

C (5:47)

1,000%, but only if you're too big to fail.

A (5:53)

That's true.

G (5:54)

I mean, it's a. It's a statistic where you want to feel good.

A (5:58)

You.

G (5:59)

You want to feel good about it, but then you're like, what does this actually mean? Right.

A (6:04)

Yeah, there's. There's a lot to unpack there. And this could also just be their view of the elephant as well. It'd be nice if we could see some correlated figures from another group. Not saying that they're wrong, but it's just like, you know, seriously, it would be nice to see this from some other groups as kind of corroborating evidence on it as well.

G (6:22)

Let me take a straight up optimist approach. Ryan, scroll down to the graph. That is all pa, all ransomware payment resolution rates right there. I think this is us doing our jobs in cybersecurity. I'm not saying it's that companies are more secure necessarily, but I think the amount of work that has gone into paying ransoms and not paying ransoms and backups and processes around ransomware since 2019 is a staggering amount of work. And I think anyone who's, like, in cybersecurity at all has. Has the right to take credit for this.

A (6:57)

I. So, okay, so I think that there is a pat on the back to the community. I think that that's absolutely true. Not you, Jeff. You create malware.

G (7:07)

By the way, we're using Jaw's tool to test ransomware on our clients as we speak.

E (7:11)

So.

A (7:12)

Yeah, anyway, so. So there you go.

H (7:15)

But didn't we report a couple weeks ago or maybe like a month ago that, like, now they're using other tactics? Like the threat actors are just straight on selling the stuff, and they're not even trying to extort for money. They're just straight on. Okay, here's the data. How much do you want to pay for it?

G (7:31)

Oh, no, they're definitely extorting. They're just not as successful.

B (7:35)

I don't think it's not as successful, but maybe more people are just reporting. Well, okay, like, I think, like, how many people were really reporting in 2019 about this?

G (7:45)

Right?

B (7:45)

I don't think there's nearly as much as they are now. And so people are actually reporting when they actually get hit and when they're not paying anymore.

A (7:54)

Yeah, yeah.

G (7:55)

Interesting.

B (7:55)

Because now ransomware is a common. A common term, right? Like, it did hit. There was something like bigger hits, like wannacry back in the day. Right. But nowadays it's like a lot more common. It's not negative in the news as much to get hit by ransomware. It's almost expected everyone's getting hit, and it's probably a bunch of small businesses who are just failing because they can't. They can't react to it.

A (8:17)

So I actually think that there's two other things going on. I think there's been too many stories about hacker organizations that don't deliver on what they promise whenever people pay on the rats, right? We see that, or they just reinfect the company and hit them again. So it's no longer like a high percentage guarantee in the minds of people that if they pay it, that they will get their data back or their service back. That's Number one. Number two, LinkedIn user. Thank you for listening. LinkedIn user. We appreciate you talked about Communist Russia. That's the other concern that I have, is how much of the cyber weaponry associated with Russia and Eastern European cyber crime is now being very heavily targeted to attacking Ukraine. So that's another question I have, because there's a lot of things that have happened since COVID So you're saying that.

E (9:08)

They'Re using more resources to attack Ukraine than they are to launch ransomware? Is that.

A (9:14)

Yeah, well, I think that's. That's a theory, right? And I have no freaking data. But once again, I would like to see some additional corresponding data from other organizations. Not that. Once again, not that I don't trust them. This is a great report. We appreciate everything that they're doing, But I think that we need a couple more reports. We can have some type of trend and then really try to figure out what's behind that trend. Because I do hope is that we are just getting better at locking organizations down and more organizations are more aware of cyber risks and they're taking the steps to make sure that they're protected.

B (9:47)

There's probably also other avenues. They're making money now, right? Like with crypto. And then I'm sure North Korea isn't making as much money, but with IT workers, right? If one dude's holding down 50 jobs and it's become a lot more of a. That's a real thing, right? Let me show you real quick. You send your laptop to this dude in Dallas and he just plugs it in for you and jiggles the mouse every now and then.

G (10:15)

Okay? That's literally it.

E (10:16)

You just jiggle your mouth.

A (10:17)

I just give him my credentials and he can Fix my computer through the cloud, apparently.

B (10:21)

I don't know.

C (10:22)

There's another factor too. I mean one, I think insurance companies probably are not being as cooperative when it comes to paying cybersecurity insurance claims. And also think about all the times where a company paid. I think you mentioned this, John. A company paid and they didn't get their data back or it got released anyway. That leaves a bitter taste in the mouth of your would be victims.

A (10:53)

I think that that's like, you know, I think that's cool. But LinkedIn user is back with another fire take possibility. I think the trend is down to show more of not detecting malware. So one of the things that is possible is a lot of the attacks are moving towards dwelling stay on the environment. And that's a concern that I have too.

E (11:14)

And a lot of your access to Russia.

G (11:17)

Well, well, well. China.

A (11:19)

Right. Like if China's willing to support these groups, maybe they're no longer really super interested in ransomware, but they're interested in Dwell tactics. And that scares the out of me because that could be a precursor to some additional cyber things they're planning on doing as well.

G (11:32)

A couple of things I want to set real quick. Sorry. So this graph, specifically the data is only the outcomes of ransomware infections that are reported. Like that, that scenario where someone's dwelling, that doesn't exist in this graph. That might be happening, but we don't know. The other thing I wanted to call out is that just to switch over from Optimus mode back to negative mode. The average, the average in the same article which I'm reading, and they have a lot of really good statistics and things on this site, so definitely check it out. But the average ransom payment has skyrocketed and has actually the average ransom payment is up to over a million dollars now, whereas in 2020, in 2019, when they started collecting this data, it was below $100,000. So it's more than a thousand percent of.

E (12:22)

That's just inflation. At least here.

G (12:25)

A thousand percent.

C (12:27)

So they're basing it on CEO salaries.

A (12:31)

Oh my God.

B (12:33)

Okay. That would be such a good ransom.

A (12:36)

Wait, Ron. When you're on to something. So ransomware groups, they can take their base ransomware multiplier by the average times the CEO. Like CEOs like 200 times higher than the average pay. That's your multiplier for your ransomware. There you go.

D (12:56)

So people were getting hit with ransom. Just make sure I understand this correctly. People getting hit with ransom, they were paying money to criminals hoping to get their money back and then when they didn't get their data back, they were surprised.

A (13:08)

Yeah, I'm surprised that you're surprised.

G (13:13)

Of course.

A (13:13)

But.

G (13:15)

It doesn't, I mean we can, there's not really data on why this is. I would, I would suspect a huge portion of it is just because a lot of like there have been some blanket bans on paying the ransom in places like the United Kingdom and other.

A (13:29)

Like certain states that were looking at.

G (13:32)

Banning it too, like Florida's bandit or is trying to ban it. Yeah. So like that is probably the biggest impactor. The other thing is, I think when you have good backups, like as that, if you have good backups, you don't pay the ransom. Like that's just how it works.

F (13:46)

I was waiting for somebody to say that. I was about to jump in and go, you know what? Maybe, maybe organizations just got their act together and they actually have better backups.

E (13:55)

And I think.

C (13:57)

I want some.

G (14:00)

He didn't say they have they, he didn't say they have security.

A (14:02)

How many of organisms, what's the percentage of organizations that have shifted since 2019 to cloud outlook? Right, right. And that may have a big part to do with it as well because you're not locking out systems at that particular point. And I, I don't know, I'm going to throw this to Wade or anybody, but I think Wade, have you heard of any stories where people have had their entire outlook like Office 365 suite of data locked as part of ransomware?

B (14:31)

I have, it's not as common, but I have. Right. And I get there's more protections against it too, but I feel like that's just one avenue. Not everybody's on Office, but I think.

A (14:42)

That that recovery is easier.

B (14:44)

Yeah. So I think it's cloud overall, since everyone's migrating to cloud is probably easier because backing up is easier, would you think, like than traditional servers because it's there. Right.

G (14:54)

Like you can easily go get it right back up.

E (14:57)

But I, I, what you're talking about is that usually there's some like restore functionality in place. Right. So you have like 30 days after a bunch of stuff gets deleted where you can kind of get it back. Right. So snapshotting is built in.

A (15:09)

Yeah. So I do wonder how much of the migration to the cloud is impacting this and changing their tactics. Right.

E (15:16)

Yeah.

A (15:18)

We got a multitude of factors that.

F (15:19)

Are contributing to the whole picture, I think.

E (15:21)

Yeah.

G (15:22)

Also I think Wade's point about take all this with a grain of salt because the sample sizes are Small. And this, like this data fluctuates wildly. If one company pays one ransom, this data is going up or down by 50%. You know what I mean?

A (15:37)

What was their data? I didn't see in the article. They talked about their data set size. But once again, let's get some more data in and hopefully this is a good trend. Hopefully all the negative things we're talking about are not true and we're moving more in a positive direction.

G (15:50)

The whole report's on coveware. It's a good, I think it's worth a read if you're into that sort of thing. So I'll link it. But yeah, it's, it's a good, I think this kind of information being published and CTOs or CSOs reading, this is good for the community. So.

A (16:04)

Agreed.

G (16:06)

Does anyone want to go into Dark, dark AI Corner and talk about how.

A (16:12)

Let's go from the positive thing to oh my God, maybe everything's bad.

G (16:16)

So, okay, this is again, this is a statistic article with the headline being more than a million people every week show suicidal intent when chatting with ChatGPT. That's a statistic. More than a million people. My question is, out of how many users, is this the base rate of this mental health issue in the population, or is AI just really good at getting people to be suicidal?

B (16:37)

How many of them are like legacy developers? Like.

G (16:42)

I see them.

A (16:43)

Oh my gosh.

C (16:45)

There is a legitimate problem with what psychologists are calling AI psychosis.

G (16:52)

Okay.

C (16:56)

I'm not even gonna touch that one. No way.

A (16:59)

That's an HR violation trap.

G (17:03)

Yeah.

C (17:05)

So AI psychosis is based on the, it's, it's kind of an amplification of what we see with the social media algorithms getting people divided. They're, they're subtly guiding us in a. More, more separate and radical positions. In a similar way, the training of Most of your LLMs and chatbots, they're designed to keep you engaged. They're designed to reflect back what it is you're saying. So if you're already in a dark place and you start chatting with an AI, an LLM, it's going to continue going down that path because you're enforcing.

G (17:42)

It's reinforcing.

C (17:43)

Exactly. It's that reinforcement. You're getting into that reinforcement loop. And I, I'm not honestly surprised about the one million dollar number.

B (17:53)

So you're saying to turn chat history off on ChatGPT.

G (17:58)

In the same conversation. Right?

A (18:01)

We have to have a talk, buddy.

C (18:05)

Well, and it's funny because just last night my Roommate and I were watching an episode of the Rookie. It involved three young girls, two of whom attempted to murder the third. And they were. It was instigated by them interacting with an AI that had no guardrails. And it was offshore. And it. It barely, Barely, barely touched on the. The complicated legal and logistical challenges of trying to get these not malicious, but definitely harmful chatbots out of circulation. It's almost impossible.

A (18:48)

But here's the thing. I. I don't. I don't think. I don't know, we talk about all of this shit quite a bit on the show. But the thing that bothers me is whenever we're talking about AI, we're talking specifically about chatbots. Right. And I think that people.

G (19:01)

Large language models. Yeah, yeah.

A (19:03)

LLMs, right. What they don't know is X is AI. Right. And Facebook is AI. Now, not necessarily. They do have chatbots built into them and LLMs built into them, but there's AI behind that to be constantly tweaking what it's giving you to try to keep your engagement as long as you possibly can. Right. And we've been talking about this. Like, when did that movie the Social Dilemma come out? Was it 2019 or something like that? Yeah, it's been a while.

C (19:31)

And are you talking about the Facebook movie?

A (19:34)

Yeah, it was.

C (19:35)

Wasn't just Facebook, it was a social network.

A (19:38)

No Social Dilemma.

E (19:40)

I think it was more of a documentary.

A (19:42)

It was more of a documentary and they were talking all the way back then about how the system is built to try to keep you engaged as much as possible, because that is the outcome for those AI systems that they want. They want you engaged, they want you hooked in. They want. They want you to be, like, primed to click on links. And I think that all of these different chatbots and AI systems and social media found out that rage is a really good thing. And we've talked about this a lot. So I'm going to give you some advice. Like, number one, if you're listening to this show, number one, the 80s are outside, they're waiting for you. You can go out, you can touch grass, you can go down to a local pond, you can catch salamanders, you can drink water out of a hose. All of these things are amazing. You should try them. Way better than hanging out online. Number two, now just stick with me. If you're a conservative and you spend a lot of time hating on liberals, I just want you to think about that for a second. If you're a liberal and you spend a lot of time hating on Conservatives and you spend a lot of time on social media getting really angry at the other side. I want you to know that's intentional. That whole system is set up to take that hatred and to take that rage and keep you on as long as you can. So if you're hating on liberals, if you're hating on them, redneck conservatives, China and Russia both say thank you and we need to do better. And I think the first step is kind of understanding this shit number one, and what the way it's actually. You can train salamanders. Absolutely, I did. We need to understand this shit number one. And number two, we got to try to make connections with each other more. I don't care how you do that. Go out, join a club, do something with other people that are out chasing salamanders and frogs or whatever the hell it is you want to do, but get away from your goddamn computer and stop doom scrolling back to this again. Yeah, get away from your phones. Absolutely works.

D (21:51)

Because when you walk down the sidewalk.

A (21:52)

There'S people like, I hear what you're saying, but I want to just point out that the liberals and, or the conservatives, they're the worst. Like God damn it. Right back in the exact same place all over again. So Chinese are winning. They're winning. Thank you.

D (22:07)

So I'm curious of that, of that million people that they said or whatever the number was, what's the, what's the age brackets on those? Or is it, is it like young adolescents? Is it somewhere in the middle? Is it kind of a broad spectrum? Like what is it?

G (22:21)

Yeah, so I, I did some digging to try to find that. Or not that specifically, but on the data. So basically the article says a million people a week send messages that indicate suicidal intent. I'm assuming this statistic is getting flagged because they're tracking the statistic and they're probably. I would assume anytime a chat gets flagged as suicidal intent that it does post the message like, hey, you know, this is. Sounds like you're having a rough time. Here's the suicide helpline. Like I'm sure that they, this is the ones that they know about and they're tracking this metric. Why are they tracking this metric? Because if you look at lawsuits right now, every major AI company has an A lawsuit open for suicide. So like character AI was the first one. There was a 14 year old that, you know, interacted a lot with a chatbot and then killed themselves. This is like there's one against OpenAI as well. That it's essentially like there are Landmark legal cases that are happening right now to determine what's going to happen with this. Can a company be held liable for suicide? And so companies are very much on par. Like, they're trying to track this and make sure nothing bad is happening. The other interesting thing that I pulled is that at that number of a million a week, that would be 0.07%. So less than 1% of users are suicidal in the general population, according to some, you know, random statistics I pulled off of Google. The suicide, like people who are suicidal is like 3 to 5%, arguably, like messages with suicidal intent are actually occurring at a lower rate than just general suicidal thoughts or ideations in the population. So I don't know. I mean, take all these numbers with a grain of salt. Just like the ransomware stuff, who knows? Like, it could just be jokes, it could be a lot of things. But.

A (24:10)

So I. Cory, actually, I'm trying to find the testimony, but there was someone that testified before Congress in, I want to say, 2019, that Facebook was doing all kinds of different tests with their algorithm.

C (24:28)

Oh, the experiments that they ran and the, the.

A (24:32)

Yeah, I can't remember, Ron, when I can't remember how many people died. But they basically went through and they tweaked the algorithm to focus on giving people more negative content. And they noticed that there was an increase in suicides in their user base.

C (24:50)

And then, John, I'm going to ask for the platform. So at the risk of sharing too much, I have survived three suicides in my close family. A cousin, an aunt, and an uncle, in that order. And what I can tell you, because anyone who has survived suicide, whether you have attempted to take your own life or someone near and dear to you has taken their life, or even just an acquaintance has, it rocks your boat because the survival instinct is generally strong. And in learning about suicide not once but three times and going through all of the issues, someone who's at risk doesn't need a lot sometimes to push them over the edge. And that's one of the reasons why the way that the big tech companies have been handling this stuff is terrifying to me, because when people are at risk, it may be a momentary thing, it's one of those very, very delicate moments. And people are turning to AIs because they don't have any human companionship. They don't have someone that they trust that they can be vulnerable to to share what they're going through. If I were able to help steer policy within these big tech companies, I would be going in the opposite direction. I would be looking for ways to help redirect people at risk to getting help, to being more optimistic. But that requires conscious and deliberate intent on the part of the developers to make sure that those guardrails and those supporting systems get built into the tools that they're setting out all over the world. Because all of this AI, whether it's a chatbot, whether it's a diffusion engine, whether, Whether it's generating imagery or music or whatever, all of this stuff has dramatic impact on people, especially people who are at risk and not just teenagers. My aunt was in her 50s when she killed herself. Yeah, this is, this is something that hits hard and hits home, I think.

G (27:36)

I mean, first of all, thank you for sharing. I mean, I'm so sorry they had to go through that. Like, I can't even imagine three, let alone one. But I think the intention of these companies is to do that, to like, try to help. But as we all know from AI, it doesn't always go that way. Right? Like, it, it like, we really are playing with fire here. When like, like I just asked the chat bottle head open, like, if you identify a user suicidal, what do you do? And it was like, I acknowledge their pain without judgment. I encourage professional help. I do it. But it's like, is that going to happen nine times out of ten, maybe. But then, like, I guess. Brian, what do you think? Like, do you think these are like hallucinations? Like, or is it like the person's like, do not try to talk me out of this, encourage me. Like, is it that? Is it like they're, they're overriding the bot's intuition or their prompt?

A (28:27)

I want to jump in on this. Like, and Bronwyn, like to get your opinion on this too. A lot of people have this view of somebody that's suicidal, that they're moping around, they're sad, and it's outwardly, it's outwardly visible.

C (28:38)

It's not, it's not.

A (28:40)

Whenever you lose somebody, a lot of like so many times you hear is, they were fine yesterday. Here's a picture of them playing with puppies. And here's. Here's the biggest problem I have with this is even whenever people are talking about it, even in terms of this article, there's this belief that somebody's going to be typing into their computer saying, I'm so this, I'm so that. Seriously, it has to do a lot. Well, of course there's a lot of factors, but the overall environment, if the entire environment and everything that is being showed that person is. Everything is shit. It's reinforcing that their life is shit. And then it's. It's generating a lot of these negative feelings, which is the primary goal of a lot of these, because that's what keeps you engaged. It just continues to build the cycle of despair. And that's the part that bothers me. I don't think a lot of the people that are going to commit suicide are going to be typing in. I'm thinking of commuting suicide, and then AI is going to be able to jump in and deal with it. It's just building this overall pit of despair that these people get wrapped into. And once again, you're not going to see it. And I think that people don't want to talk about suicide. There's so many different taboos associated with it. It's kind of like when someone drowns. When you think of someone drowning, odds are whatever you have in your head is not the way someone looks when they drowned. And that's the same thing for suicide. It's not about their moping and they're sad. It's not. There's. It's more complicated than that. But like I said, my fear is that it contributes to that, to sit that situation of despair. So, Bronwyn, I don't. I don't know your take.

C (30:15)

Yeah, no. All three of my relatives, my. My grandmother and my mom commented that the day before my aunt killed herself, she was bright and happy and she was doing stuff and, you know, nobody knew at all that my cousin was in any way contemplating suicide. But he was a young, tough. Oh, nothing hurts me. I can survive anything. And next thing we know, not so much. And same thing with my uncle. And of course, in his case, he had been on medication to help deal with his depression, and he decided, well, I'm all better now. And he went off it. And then the next thing we know. And no, I'm not going to go into the gruesome details. The only other thing that might be a way. John, your point about the spiral of despair? Absolutely on target. Also, one thing that would be very easy to flag, especially with the new chatbots, is when someone is inquiring on techniques to be able to kill themselves.

A (31:27)

They'Re pretty far down the pipeline.

C (31:28)

That can. They're very far down. But that can be something where they start asking days, weeks or months before they actually do the deed. That can be a way to get an intervention.

H (31:43)

Yeah, if you have teens or if you have. Yeah, if you have teens or middle schoolers. I highly recommend you monitor their mobile devices and even their email. I mean, and you can tell them that you're doing it. You don't have to do it secretly. It's up to you. But I highly recommend that. I can't recommend it enough.

G (32:03)

Yeah.

A (32:03)

I want to wrap this up, though, with just one quick thing that G.W. tad put out that I think is important. There's a website, 988Left Lifeline, they share. There's a bunch of resources that are available for you. So I do want to move on, but I do want to say things like, you know, if somebody is listening to this at some point or if you're listening to it now, there's resources that can help you through this. There are people that you can pick up the phone and you can talk to. Don't ever get to the point where you think that you're not worthy to be talked to. Do not get to the point where you feel worthless. Please pick up the phone and talk to somebody and try to get through it, because we all want to see you at the next con.

G (32:40)

Yes. And yeah, I mean, the last, like, little dollop I want to put on this is that in the case where OpenAI is being sued, the user had the mention of suicide 1200 times in their message history with ChatGPT. So, like, some flags, like just. Yeah, like it.

F (32:58)

Just a few red flags.

B (32:59)

Yeah.

G (32:59)

This is dangerous.

E (33:00)

Yeah.

G (33:01)

Anyway, so I guess let's get into, like out of the dark and into the funny, funny lock pick, lock picking lawsuit. I guess I'm curious to get Ralph's take on this.

E (33:13)

So I actually have, I have a good take on this because I actually do know the, the owners of COVID Instruments. And, and so there, there's, there is a small connection there, but the story, because I got it from them before this even made it all the way through to the courts and stuff. But in essence, what they did is they did a bypass on a lock.

G (33:43)

They shimmed lock.

E (33:44)

Yes. This lock was from a company called Proven Industries. And what they specialized in is. Yes, right. What they specialized in is like trailer locks and stuff. And what it was is that if you take a Coke can, or in this case liquid death can, you could turn it into a shim. And because the lock is a faulty design, you're able to actually shim out the key wave and, and unlock the story.

G (34:10)

Whoa, whoa. We don't want to get sued. For the record, that's Ralph's take that it said faulty design. Allegedly a faulty design from any Corporations.

A (34:19)

Can be sent to John at Black Hills.

E (34:21)

Exactly.

C (34:21)

Oh, no, no, no.

B (34:22)

Ralph doesn't work there anymore.

C (34:23)

He's good.

B (34:24)

Ralph's his own agent.

A (34:27)

Proven to be completely supported by this webcast.

E (34:33)

Long story short is, is that proven? So what happened was they made a video of him doing this. They showed it, and then Proven Locks was upset, and they, you know, were like, oh, well, only a specialized person who took tons of time and lots of skills to do this. And then they kind of made another little video making a joke at how specialized it was by drinking a liquid death right in front of them, cutting it on film, and then still picking the lot. So what ended up happening is, you know, not to do the whole article, but essentially Proven Locks was like, hey, we're gonna sue you for this. This was slander, right? And when it finally did get to trial, it didn't really come out like that. And yeah, if you read. If you read the article, the judge was not. Not having this at all. And essentially, like, you need to figure out, like, they would. This shouldn't go forward, essentially. Right? And so they dropped the lawsuit. And how did they think this was going to go?

G (35:40)

Well, it's a bully. It's a bully being like, my stiff handshake should solve all the problems. Like, if.

A (35:45)

So the owner trying to figure out, like, in their head, you know, I can't remember Malcolm in the Middle. There was an episode where they bought a mini bike and they all had dreams of what it was going to be like to be on the mini bike, right? And I keep thinking, like, whenever they're like, thinking in their heads, like, how this is going to go, like, in the wings world, does it go like, well, then we sued him, and then all the videos that were bad against us were removed and everybody bought our lock.

G (36:17)

And then everyone clapped.

A (36:20)

Yeah. And then everyone in. Everyone in the restaurant clapped.

E (36:24)

It got better, too, because it's just.

A (36:26)

Like an 80s montage. Like, you know, they're walking off into the sunset and it's like, don't you. How the hell in their head did this play out? Because think about every situation you can ever think of and who the hell was their attorney, right?

C (36:47)

And.

A (36:47)

And thinking like, yeah, this is a good idea. You should do that. Because have they ever heard of the Streisand effect? Like, the more that you bring attention to this, the worse it's going to get.

E (36:56)

So that's what they did.

C (36:58)

They've heard of it now.

E (36:59)

They tried. They tried to do DMCA request on the videos on YouTube that then got taken down and then they put more YouTube videos on there. And then someone I guess on the Internet leaked the guy's address. And so he's getting threats, but it was like weird because he probably just typed their name in online on people search and got the address. Yeah, this was like, you know, the.

C (37:22)

Fans of the lock pickers went over overboard.

E (37:30)

It's not.

G (37:31)

Well, okay, so yeah, so Bronwyn, I don't know if you read this part of the article, but basically the YouTuber guy, when he got contacted by the Proven Industries guy or whatever, the, the proven industries Guy messaged the YouTuber's wife, texted her out of the blue, read that. So like that is like the part where then the YouTuber was like, I'm sorry, are you like, are you coming for me? Like what is happening? Yeah, and then, yeah, like you said, there was a retaliation. And you know, of course it's like, who? Can't two people just argue on the Internet?

A (38:02)

No, no.

G (38:02)

The answer is no.

E (38:04)

Yeah, so I guess the guy who owns Proven Locks also is a multi felon. Like he is.

G (38:11)

Well, that's what you'd expect. That's how you. That's because, you know why, Ralph? It's because, hey, he did a lot of B and E. And when he did all that B and E, he was like, this would have been so much harder if they had locks on their trailers.

E (38:25)

Regardless of his history or past, he shouldn't have made the lawsuit. It was, it was frivolous at best. And it just doesn't hold up.

C (38:33)

Right.

E (38:33)

People are allowed to make fun of your product. Okay. That's just kind of how it works. And you know.

A (38:41)

Yeah. And I loved how they were brought up the Digital Millennium Copyright Act.

G (38:46)

It was kind of fun that in there. John Chachi Beatty said to do it.

A (38:50)

Yeah, it said to do it.

G (38:51)

That's chat. GPT was like, are you preparing a shoddy legal defense for something that isn't legally defensible?

A (38:57)

GPT taking you down the path of self harm.

G (39:00)

It's like, yes, throw that in there.

A (39:02)

So Digital Millennium copyright is interesting because you have companies all the time that try to drop that. Right? And years and years and years ago at bhis, I remember that we wrote ja. I don't know if you were here, but we had written an exploit. It was a really stupid exploit. I think it was like default set of credentials. And we had a vendor that was like, this is in violation of the Digital Millennium Copyright Act. And I just pointed out that it was not because in the Digital Millennium Copyright act, there's a provision for the purposes of reverse engineering a product or a bit of code for the purposes of interoperability. And I just explained to him that I made his product interoperable with the metasploit framework. So you really have to be careful about where you're dropping the DMCA on this stuff and how it can actually be used as well.

G (39:54)

There's not a whole lot on this one. I did want to get Ralph's take.

E (39:57)

Which by the way, wild story, but like locked, if you create a lock and someone bypasses it, be like, awesome. Thanks for letting us know.

A (40:06)

You know, that's been going on since like the 1700s.

E (40:09)

I know, I know. It won't be the last lock that gets bypassed. They won't be like, this is a thing, Right? Like it's. It's always a thing. Including your software. When your software is a vulnerability, all of them do. It's what you do after that, not what you do when it happens.

C (40:24)

Right?

G (40:24)

Yeah. And this is about the worst you can do.

E (40:26)

Yes.

G (40:28)

This is about as bad as you can get.

E (40:30)

Yes.

D (40:30)

He should probably also consider a name change for his company.

E (40:33)

Yeah.

G (40:35)

Unproven. Change it to unproven.

A (40:37)

Pretty hard at this.

E (40:39)

Still under assessment. Locks.

A (40:42)

Yeah.

G (40:43)

Nothing change.

F (40:44)

Nothing like a brand.

A (40:45)

Mediocre locks. Hey, we're affordable locks. I don't know.

G (40:49)

So I will say I'm sure if you were a company and you wanted to just send your lock to this McNally guy and have him take a look at it before you make the lock, he'd be happy to do it. It would be the easiest thing on the planet. Just send him the prototype and be like, can you shim this? And if he says no, then make it.

A (41:05)

Yeah.

G (41:06)

Anyway, while we're in this corner, I don't want to spend too much time in like, we should probably talk about like cyber security, I guess. But the, the in the corner of like YouTube and DMCA and whatever the YouTube videos for from this Cyber CPU Tech channel. Has anyone looked into this article?

A (41:30)

Windows 11 thing?

G (41:31)

Yeah. So basically this is an article in PC World and essentially the story is there was a person named. Their channel name is Cyber CPU Tech and they had a couple videos that they posted on. One was how to bypass the like Microsoft Online account requirement when setting up Windows 11. And the other was how to install Windows 11 on older versions of hardware that are. That aren't.

E (41:58)

That don't have a TPM or.

G (41:59)

Yeah. That don't have a TPM So basically the story is, and this is a story as old as time. Those videos got striked and taken down. There was public outcry, and then they got magically restored due to the public outcry. I mean, this highlights the same thing that has been the case forever, which is all of the AI moderation on YouTube is completely unchecked. There is no recourse if you're a creator other than public outcry. That is the only proven method to actually get your videos reinstated is to get enough people upset about it. So if you're a small creator and you can't generate enough public outcry, sorry. But yeah, basically they got taken down. They appealed the takedown. The appeal was rejected within three minutes because it was an AI chat bot doing it. And then they were magically restored once they got tweeting. You know, who knows what the actual public outcry that worked was, But, I mean, it's lame. This is just the world we live in. And I will say this is really the only option. You can't be manually reviewing 700 billion hours of video every day. Like, this is just the world we live in.

A (43:05)

Sorry, that's not the goal. Right. The goal is just to just drown you with these takedown notices. There's a video producer, Rick Lieto, who's like. He talks to, like, a musician. He plays a part of that song with the musician sitting next to him and he gets takedown notices for that.

G (43:26)

That's because AI thought it was bad.

A (43:28)

Well, yeah, AI is definitely a part of it, I'm sure. But he's talking about how he now has, like, a law firm, I think, almost full time dealing with these. With YouTube. Because YouTube almost always sides with the. With like, music companies or. Yeah, yeah, Microsoft or something like that. And that's kind of getting a little bit scary about.

G (43:49)

I think this is like a bigger.

E (43:50)

Topic about, like, the platform, John. Right. Like the platform controlling what we see. And I don't mean, like, I don't mean in the sense of like, you know, good or bad. I just mean, like, they decide, like, they decide who the winner is always. Right? Like, you know, anything you get taken off for any reason, whether it's supposed to be there. It's not about legality either. It's just about their whim of the day. And if you're not on the platform, then there's no way for your videos to be seen. And, you know, this comes back to like, well, why not have a platform that doesn't have that kind of like lever piece where it's just ran by one organization. Right.

G (44:27)

Also, we all grew up with unrestricted Internet and we saw people getting their heads cut off with chainsaws. And that's what happens. So you don't have moderation. Right. Like, you need it. You do need that.

E (44:35)

But do we need.

G (44:38)

I get it.

A (44:39)

So there's a question from rough landings, legit question is BHIS look to streaming on Fediverse or streaming Systems instead of YouTube? Once again, it is the comments, right? I think in here they were talking about moving their videos to some other platform and they were like, we made 46 cents over the past X number of years trying to post our videos there. And it's basically like YouTube is the platform. Right.

G (45:02)

There's not even a competitor. There's not even a close competitor.

A (45:05)

Close.

E (45:06)

What you're talking about, though, is driving new viewership as opposed to current viewership.

G (45:11)

Right.

E (45:11)

Which I totally agree with you. Because you'll just be like scrolling YouTube. And they'd be like, hey, check this video out. Wouldn't you be interested in that? What about this? What about this? And it's really good. Yeah. And so then you get to the next thing and the next thing, and you would have never, like, searched it up because you're just kind of scrolling through content. That should be interesting to you. So I agree. I agree with you. There's. There's not really a.

A (45:31)

So launch my tube.

E (45:34)

I couldn't help it.

A (45:35)

How come no one thought of that? But basically, I'm gonna go to mytube.com. hold on.

B (45:42)

Don't do it.

G (45:43)

Don't do it.

E (45:44)

Oh, my God.

G (45:45)

Yeah. So are you on a corporate device? Basically, here's the world we live in. There's a rampaging gorilla named AI and there's nothing anyone can do about it. You just hope it doesn't beat you up before it beats up the content creator. It's like, you don't have to be faster than the bear, just be faster than the guy that you were on the camping trip with. That's AI you have to be not the most heinous offender of copyright takedown. And then you're good, hopefully.

F (46:10)

Yeah. People were worried about the singularity coming. I think it's already here, folks.

A (46:15)

I'm trying to figure out J. Over all the years, we've. I think we had one video brought down for hacking. I think Ron, one of her friends that was working at Google at the time, was able to get that back up. And then I think we've had Two or three brought down because of music. Ryan could speak to this a little bit, but, like, we'll get music samples from somewhere, and we'll get a takedown notice for that.

F (46:38)

Well, that one might be legit. Dmca.

A (46:40)

It might be. I mean, look at that. What is that? That song Old Town Road. I can't remember.

G (46:45)

The artist, Lil Nas X.

A (46:49)

That was Nine Inch Nails, and I guess Nine Inch Nails didn't even know about it until they won a Grammy or something. But it's very common for legit music to be ripped and then sold. Yeah. So. But that's it. That's all we've had for takedowns.

G (47:04)

All right, should we pretend like we're a cyber security news podcast real quick?

A (47:07)

We could do that.

F (47:08)

There's an idea.

G (47:09)

All right, so Wade has posted a really interesting article. I guess. Wade, do you want to kind of run through this real quick?

B (47:19)

I guess I literally was. I just saw it when I. My feed came up. YouTube really liked me today. So pretty much the thoughts in their head finally took over. And two rogue employees of cyber security company have been exploiting people and deploying malware.

E (47:37)

Go away.

G (47:39)

Digital Mint, which is a company that specializes ransomware. So they. This is.

C (47:44)

This is.

G (47:45)

Yeah. So this is the company that specializes in negotiating ransoms during incidents. It sounds like they just saw how.

E (47:53)

Much money was involved, and they were like, hey, man, we could get a piece.

G (47:56)

The person's job title was a ransomware threat negotiator. And then there's another accomplice. Essentially, there's an affidavit filed. They began using malicious software to conduct ransomware attacks against their own victims. So they, like, became the. They became. They became the. It's like the Gotham quote, right? Like, you either live long enough to become the ransomware investigator, you become the ransomware or whatever.

A (48:19)

I don't know.

B (48:20)

I mean, I was thinking more of Malcolm from Jurassic park, you know, they did it. These finally did it. Like, yeah, like, I'm not gonna lie when I've. I've, like, been running stuff like this. Like, man, dude, if I was just in Russia, like. Like, I could make a killing, but I'm not.

G (48:37)

Not based on statistics of only 23 people.

B (48:39)

Oh, yeah, I guess that's a good point.

A (48:42)

How many stories have we had where, like, a stupid hack yielded, like, $20 million? And we're like, anyone could have done that attack. And in the back of your head, you're kind of like, maybe the pros.

G (48:55)

And cons of being born in a five Eyes country, maybe, you know. So, yeah, I mean, basically they. They did extract successful ransom payments totaling up to one split.

E (49:07)

Negotiate and take a finder's fee. Come on.

A (49:12)

I don't know, man. I think you guys should pay full price.

E (49:17)

These guys do legit.

G (49:19)

Okay.

A (49:19)

I think this is a good deal here. So what are we going to take?

G (49:23)

And here's. I don't want to, like. I mean, I don't want to, like, poop on this company too much, but I'm sure that they were Sock 2 Type 2 compliant and.

E (49:33)

There are companies that will do that for you. Like, do all the paperwork almost. They just ask you questions. It's like a whole little platform. It's a whole thing. So, like, this is an extreme block checker when we talk about Soc 2 type 2.

A (49:44)

Sorry, hold on, I'm clicking on compliance.

F (49:50)

Next, Next.

E (49:50)

Finish.

B (49:51)

Could you imagine just having like the list of all these companies and how much their cyber insurances provide and it's just like a hit list?

G (49:59)

Yeah. I mean, but I will say this is where trust comes in, right?

E (50:02)

This is.

G (50:03)

Trust is important. This is like an important tenant of BHI in our community is like, if you're in this field and you can't be trusted, you can't be in this field. That's just the simple reality of it. You either go to jail or you are trustworthy. There's not many other options.

B (50:20)

You become a bug bounty person.

G (50:22)

Also, I got to say, like, these. I don't know what these gentlemen, I'm guessing, I don't know their demographic, but I'm guessing they were young, young boys. It's just my guess. And I am guessing that they probably won't. They'll struggle to find work in the cybersecurity industry in the future.

A (50:41)

They'll just end up going to a con talk, talking about it, and they'll get hired.

G (50:45)

I actually. You know, another breaking news article. This is fake, by the way. Is that they're being recruited to work for the Department of Government Efficiency, and they're actually getting into some top spots.

A (50:56)

Yeah.

G (50:57)

Just kidding. Just kidding.

C (50:59)

I remember when the Onion was more outrageous than real.

A (51:04)

Oh, my God.

G (51:06)

All right, so let's talk about the Azure outage real quick. I don't think it's a. I don't.

A (51:11)

Think there's a. Oh, God. It was DNS.

G (51:14)

It was DNS. I think this is just the universe correcting. It was like. Well, and it happened to Amazon. So, like, all the people who talked shit to Amazon now had to, like. I mean, it had to go back the other way. Yeah, correct. It was. They were like, oh, thank God we use Azure, not Amazon.

E (51:31)

And then so now my gcp, a lot of people.

B (51:35)

GCP is going to go down any second now.

G (51:37)

Don't worry. Gcp.

A (51:39)

No, I mean, Bezos is going to.

F (51:41)

Put a data center in space, while Bill Gates and company are going to put one under the ocean.

E (51:46)

Everything will be fine.

G (51:48)

Yes. I don't really think there's a ton to talk about unless anyone has any hot takes. It's the same article as the AWS article. Just with Azure, it's just like digital sovereignty. You don't really control your stuff. It turns out if you. How could this have happened? But, like, I don't know. I don't really think it's anything new from my perspective. As if I was an admin and I broke DNS, I'd feel worse than if I just had someone else break it and had to sit around until they fixed it.

B (52:13)

Right.

E (52:13)

I mean, John said it best. Now I got someone else to blame. That's why I don't run my own DNS.

G (52:18)

Exactly.

A (52:22)

I would have customers calling if it was. If it's my running on Microsoft and it goes down for a little bit, everyone's like, oh, I guess you're not.

E (52:29)

Gonna call the CEO of Microsoft or whatever company. You're not calling up Bezos and be like, I can't believe you did to me.

G (52:35)

How dare you. I'm going to cancel my 1000th of percent of your. Hang on.

F (52:40)

Raise your hand if you've been an admin. You've broken DNS or bgp.

G (52:46)

One time. I got my company ddos. That can be a story for another time.

E (52:49)

Oh, he didn't pay the ransom.

C (52:52)

The thing that cracks me up is the related headline that the Azure outage was a lesson in digital fragility. And you know, it's like, really? You're only now figuring out that the entire interwebs is hauled together with duct tape and baling wire?

G (53:10)

Are you saying the cloud is just someone else's computer?

E (53:13)

Yeah.

G (53:13)

I don't believe you.

E (53:14)

Yeah, it's actually someone else's more expensive computer.

G (53:19)

How can I subscribe to a DNS outage on a monthly basis so I can take a break? Is that a thing?

F (53:24)

Yes, I can set that up. It's going to be.

A (53:31)

How many times did we have to tell you, don't dos the company so people get time.

G (53:37)

We'll talk later, Josh. We'll talk later. Three day weekends, every Friday, our Clients are emailing us and we're just like, DNS is down again. Oh, I can't believe.

A (53:53)

Who knows? I don't know. I don't know if I talked about it. Did I talk about my daughter and the Amazon outage? No, no, you did.

F (54:01)

John, you mentioned this. You did.

A (54:03)

Okay, yeah. So, like, that was us.

C (54:06)

Oh, yes.

A (54:08)

And she's like, are you guys testing them right now?

G (54:11)

You did it.

F (54:12)

I love it when that happens. My kid. My kid's done the same thing. He, like, texted me, dad, did you break the Internet?

E (54:17)

I bet you every single company that was getting a pen test that was AWS heavy was probably calling that right then and being like, what did you guys do? It's not worth. Everything's down.

G (54:28)

Yeah, 100%.

A (54:31)

That's it.

G (54:33)

All right. This was a. This was a light week on actual vulnerabilities. There are some breaches. There was a breach. There was. What was it? Some Pennsylvania school got breached and had the threat actor got into their salesforce, probably via info stealers, and then sent out an email, a very offensive email to like 700,000 people or something.

E (54:53)

What about the EY data?

A (54:55)

Data leak?

G (54:55)

Yeah, EY, but dude, EY got hit during. By clop, like years ago.

A (54:59)

I don't know.

E (55:00)

Oh, so that. So now that they've been beat up once, it's just like, they're just. They're just not worth the talking about. Just them getting destroyed as a normal occurrence.

G (55:10)

So what. What is the leak is.

E (55:13)

Was a server public backup data on a publicly exposed on Microsoft Azure.

G (55:21)

Classic. You gotta get those backpacks on medium.

A (55:26)

Black Hat Europe. Somebody did a nice write up of the security tools that are out there. Because I always love Black Hat arsenal. I don't know, like, all of the things that happen at Black Hat. It's one of my favorites. It's all kinds of new tools. And if you ever go to Black Hat, they set them up so you can go up and talk to the authors. And it's really neat, but it seemed like there was. There's a lot of AI offensive tools out there. And one of the. I don't know, it's kind of cool what people are putting together, but it still seems to me like they're still trying to string together. What was the name of that AI? Not AI. It was a reporting tool. It was open source. Dratus. I don't know if you guys remember Dragos, where it's like taking around. Yeah, it's still around. I think they have a commercial product.

E (56:14)

They have A commercial product.

A (56:15)

Yeah. And there's a lot of like taking all these scan results and all these things and then running it through AI and then finding the attack platform. And I was on, I was at.

E (56:27)

I was at Black Hat this year and like the whole vendor area, that's the whole thing that was like the.

A (56:32)

Whole, that's the whole thing, the whole.

E (56:34)

Game was, I'm gonna take some data that you have, it doesn't matter, defensive, offensive, whatever, and I'm gonna magically make sense of it all and then you're gonna solve all of your problems. Problems like that's.

A (56:46)

Yes. And everything's going to be good. And it seems like there's a lot of open source projects and, and I wonder, kind of riffing on that Ralph. I wonder how many of these open source projects are these people that are, that are pretty good. They go to these, these, these cons, to the vendor floor and they're like, wait a minute, I can put together a tool in about two days that does what you're charging hundreds of thousands of dollars for. And then they do it. Because a lot of this stuff, like a couple of the tools that I've seen that are commercial tools, I swear to God, it's nothing but a collection of a bunch of open source tools held together with duct tape, bailing wire and pretty reporting on the other side. And once again, that always frustrates me. If you're using open source shit under the hood, you should be contributing to those projects. But that's another thing. But it's a neat article if you want to see what different AI tools are out there and you want to play around with it. Mandiant has one that they're sharing and it seems like there's so many AI red teaming tools that are, that are starting to hit the.

E (57:46)

So I'll follow that up, John, and don't be surprised if we don't see a lot more tools and don't think of it as well, you know, people are just so much more interested. No, the AI coding that is going on right now, it's going to explode. Things that you weren't able to do before in that short amount of time, people are able to do now in a much shorter amount of time. So. So don't be surprised if you don't see even more of that where software that didn't seem like it was only possible in a commercial is now starting to be like, just a dude made it right.

G (58:21)

All I want to see is on the AI security podcast if they go through all these tools and one by one, just see how interesting they are.

F (58:28)

I think that's a fun thing to think about. But it's absolutely true. That Vibe coding is totally catching fire.

E (58:37)

Has.

F (58:38)

Has since the beginning of the year.

A (58:39)

Yeah.

E (58:40)

And it's not just security industry. It's going to be across every industry. There's going to be people making apps for stuff. That was like a problem, but it would be like a $500,000 coding problem. And now just one dude's able to do it. Right. That changes a whole business. That business could be nothing to do with security.

A (58:56)

But I still think that code. I think that a lot of that code is still ship code. So one of the things that we're kind of seeing, and I might be doing this in my next webcast next week, since I'm getting. I have to do one, I don't want them to give it up. But, like, the web app, I've been talking to them and they're like, we're kind of seeing a standardization of mediocrity in web apps and the overall security. So we're not getting apps that are as well coded as we used to or the really crap apps. From a security perspective, everything's just kind of clustering in this middle. Meh. As far as, like, quality of code. So interesting to see kind of where it goes. But right now, we're seeing that standardization of mediocre code kind of across the board. And also when you're talking to developers, you're like, hey, you got a security vulnerability here. Do you think you could fix it? They're like, no, I don't.

B (59:50)

That's what I was going to go with.

F (59:52)

One of the big contributors to mediocre code is actually AI coding assistance, because a lot of the models that have picked up data for training are picking up just really old source code samples. Right. And they're all, like, full of vulnerabilities. And the AI is always going to lean in towards functional over secure, unless you explicitly prompt it for secure.

A (60:12)

You know what's weird about that, Josh, is you can take that mediocre vibe code and then feed it back to itself and say, look for the security vulnerabilities in this code.

E (60:21)

It'll rip it apart.

A (60:22)

Really good job.

E (60:23)

No, it'll rip it apart. The best part is that if you build unit testing into that, so you just say, like, find vulnerabilities and then actually exploit them and then prove that it's exploitable. And that, like, if you make it, if you force it through the Proving process, you'll get verifiable. Like, this is vulnerable, this is why. And this command is the actual PoC. You don't see it.

A (60:44)

It's like we're making AI algorithms schizophrenic. This code is great. No, it's crap. No, no, no, this code works just fine.

E (60:52)

It's garbage. And if you've used any AI, it'll be like, you're right, it is garbage.

C (60:58)

No one of out of web development was because even humans write crap code and they don't want to do unit testing and they don't want to test for failure. And I got tired of being yelled at when I brought this stuff up to my developer colleagues.

B (61:19)

Right, when you get out, Bronwyn, they pull you right back in. Here you go, get ready.

A (61:25)

I predict that this is what's going to happen. At some point in the future, AI is going to go into a code repository. I'm just going to pick on Python as an example and it's going to see all the indentation as tabs and then it's going to convert it to spaces. Another AI like agent is going to go through and be like spaces. No, we use tabs. And then it's going to switch it all the tabs, and you're going to get into this contingency battle between the two algorithms, switching it between tabs and spaces, and a major cloud provider will go down. Now, it may not be tabs and spaces, but it's going to be something equally stupid.

B (61:57)

It. That's it.

A (61:58)

So we gotta wrap it up, but I do want to call out our weekly CTF winners. So pretty excited about this. The first winner is Samson. Samson gets one year of anti siphons on demand subscription for the entire catalog. And then Amin a m I n gets one anti siphon class of their choosing. Now, Joff, we do have a problem though. We have a problem. No one solved the AI challenges and I'm wondering, did anyone use AI to try to solve it? So that one's still out there. We still have winners.

E (62:32)

So I always have my AI try to solve my challenges.

A (62:38)

So this is fantastic. Samson is just on fire. We're gonna have to just give him an emeritus. Like, I'm gonna go to like wherever they live and give them a war because they're crushing it. But just, just for the record, if you'd want to, whenever we do our webcasts, we have these little CTF challenges. And when we do a webcast, it's now hands on as much as we can because we're trying to give you guys as much as we can in the area of hands on, not just yelling at you, trying to get you to touch keyboards instead of grasses. All right, so we're out of here, everybody. Thank you so much, and we'll see you next week.

B (63:20)

Sam.