Tech Brew Co-host (2:13)

the potential threat that AI poses to digital security. Security experts have feared for years that

Brian McCullough (2:18)

malicious hackers could eventually rely on AI

Tech Brew Co-host (2:21)

models to identify undisclosed flaws in computer code to launch crippling attacks that are difficult to guard against. That fear was largely theoretical until now.

Brian McCullough (2:31)

We have high confidence that the actor likely leveraged an AI model to support

Tech Brew Co-host (2:35)

the discovery and weaponization of this vulnerability, the report said. The tech giant did not say precisely

Brian McCullough (2:41)

when the thwarted attack happened, whom it

Tech Brew Co-host (2:43)

was targeting, or which AI platform the hackers used, but the company added that it did not believe it was its own Gemini chatbot.

Brian McCullough (2:52)

Flaws like the one identified by Google and the hacking group are known as

Tech Brew Co-host (2:56)

zero day vulnerabilities, security holes that are unknown to the software makers. They were once considered so rare and powerful that they could fetch millions of dollars on black markets used to sell hacking tools.

Brian McCullough (3:06)

The zero day flaw was detected by

Tech Brew Co-host (3:08)

the Google Threat Intelligence Group within the

Brian McCullough (3:10)

past few months and was exploited by,

Tech Brew Co-host (3:12)

quote, prominent cybercrime threat actors in a script of the Python programming language.

Brian McCullough (3:17)

It would have allowed the hackers to bypass two factor authentication on a popular

Tech Brew Co-host (3:22)

open source web based administration tool, though the hackers also would have needed access to valid credentials like usernames and passwords to be successful, the company said.

Brian McCullough (3:32)

Google declined to identify the administration tool, but said it notified the software maker

Tech Brew Co-host (3:36)

quickly enough to allow for a patch before the attack could do damage. It also declined to identify the hackers.

Brian McCullough (3:43)

Google and independent security researchers said the attempted attack was the first known example

Tech Brew Co-host (3:48)

of a zero day bug being put into malicious use by hackers enabled chiefly by AI. It's just the taste of what's to

Brian McCullough (3:56)

come, john Holtquist, the chief analyst at Google Threat Intelligence Group, said in an interview. We believe this is the tip of the iceberg. This problem is probably much bigger. This is just the first tangible evidence

Tech Brew Co-host (4:08)

that we can see. End quote.

Brian McCullough (4:10)

Coincidentally, over the weekend, Himanshu Anand had

Tech Brew Co-host (4:13)

an essay arguing that the 90 day

Brian McCullough (4:15)

vulnerability disclosure policy for security folks is

Tech Brew Co-host (4:20)

dead as LLMs compress bug finding and exploit development time almost exponentially and critical

Brian McCullough (4:26)

issues should probably now be patched immediately. Recently React patched a bunch of security issues and wrote a public blog post about it.

Tech Brew Co-host (4:35)

Standard practice. Show your work, explain the fix, give the community a heads up. I read the post out of curiosity.

Brian McCullough (4:41)

Then I thought, let me see how hard it would be to turn this

Tech Brew Co-host (4:44)

patch into a working exploit. Just an experiment on my own machine against a local test app. 30 minutes from reading the patch to having a working exploit, AI did most of the heavy lifting, understanding the diff, identifying the vulnerable code path, writing the PoC.

Brian McCullough (5:00)

The published issue was a denial of service, but the underlying primitive could go further with more work.

Tech Brew Co-host (5:07)

In the old world, turning a public patch into a working exploit end day exploitation took skilled reverse engineers days to weeks. That gap was the safety net.

Brian McCullough (5:18)

We shipped. The patch admins have a few days to update.

Tech Brew Co-host (5:21)

That safety net is gone. The gap is now measured in minutes

Brian McCullough (5:25)

for simple bugs, maybe hours for complex ones.

Tech Brew Co-host (5:28)

The skilled reverse engineer is optional, the LLM does the boring parts and the Human just steers the moment a patch

Brian McCullough (5:35)

ships assume the exploit exists.

Tech Brew Co-host (5:37)

There is no grace period.

Brian McCullough (5:39)

Companies cannot afford to schedule patch deployment

Tech Brew Co-host (5:42)

for the next maintenance window. The maintenance window window is now now let me be specific about what I think is broken Beyond Repair.

Brian McCullough (5:49)

The 90 day disclosure window is dead.

Tech Brew Co-host (5:52)

Not needs reform, not could use some tweaking dead. It was designed for a world where finders were rare and exploit development was slow.

Brian McCullough (6:00)

LLMs have made finders abundant and exploit development fast. When 10 unrelated researchers find the same bug in six weeks and AI can

Tech Brew Co-host (6:08)

turn a patch diff into a working exploit in 30 minutes, what exactly is

Brian McCullough (6:12)

the 90 day window protecting? Nobody.

Tech Brew Co-host (6:15)

It's protecting nobody. It is just exposure with a polite name copy fail went from AI scan to public POC to nation state weaponization in days.

Brian McCullough (6:24)

Dirty Frags embargo was broken within hours

Tech Brew Co-host (6:27)

by a third party who independently found the same bug class.

Brian McCullough (6:30)

You cannot coordinate disclosure when the same vulnerability is being independently rediscovered by multiple researchers and AI tools at the same time.

Tech Brew Co-host (6:38)

The information does not stay contained at all anymore. It has LLM powered legs.

Brian McCullough (6:45)

Monthly patch cycles are dead too.

Tech Brew Co-host (6:47)

A 30 day window between vulnerability and fix assumes attackers are slower than your release train. And they are not. They have been faster for a while

Brian McCullough (6:54)

now and the gap is only widening. Microsoft saw Dirty Frag in The Wild within 24 hours.

Tech Brew Co-host (7:00)

Your monthly maintenance window is not a safety margin, it's an attack window. Wait for the advisory is dead.

Brian McCullough (7:06)

If you are reading CVE descriptions while attackers are reading git log, you are already behind.

Tech Brew Co-host (7:11)

The advisory is a downstream artifact. The the patch diff is the signal.

Brian McCullough (7:17)

He concludes by saying that since attackers have already integrated LLMs into their exploit pipelines, the only thing blue teams, which

Tech Brew Co-host (7:25)

he means by the way, if you're not into this universe, the good guys

Brian McCullough (7:28)

can do is also integrate LLMs at the point of code. Push every pull, request every merge every deploy.

Tech Brew Co-host (7:36)

Use LLMs tomorrow foreign.

Brian McCullough (7:46)

Has launched the OpenAI deployment company with more than $4 billion in investment to

Tech Brew Co-host (7:51)

help organizations build and deploy AI systems

Brian McCullough (7:54)

and they've also acquired AI consulting firm tomorrow.

Tech Brew Co-host (7:58)

Quoting Reuters, OpenAI said on Monday it

Brian McCullough (8:01)

is setting up a new company with more than $4 billion in initial investment to help organizations build and deploy artificial intelligence systems and will acquire an AI

Tech Brew Co-host (8:08)

consulting firm known as Tomorrow to quickly

Brian McCullough (8:12)

up the unit after its early models saw strong resonance with consumers. OpenAI has been working aggressively to sign corporate contracts and establish a large presence in the business world where its AI

Tech Brew Co-host (8:22)

will see large scale deployment.

Brian McCullough (8:25)

The venture, which will be majority owned and controlled by OpenAI, also comes as rival Anthropic enjoys strong success in its enterprise AI push, with its Claude family of models seeing rapid adoption among businesses. The new firm, called OpenAI Deployment Company will help the ChatGPT maker embed engineers specializing in frontier AI development and deployment into organizations that will then work closely with various teams to identify where AI can make the biggest impact. OpenAI said its acquisition of Tomorrow, a consulting firm that helps Enterprises deploy AI, will bring around 150 experienced AI engineers and deployment specialists to the new unit from day one.

Tech Brew Co-host (9:02)

Tomorrow was founded in 2023 in alliance

Brian McCullough (9:05)

with OpenAI and counts companies such as Mattel, Red Bull, Tesco and Virgin ATL as its clients, according to its website. Reuters reported last week that the joint ventures OpenAI and Anthropic, separately created with private equity firms, are in talks to acquire services companies that help businesses Deploy artificial intelligence. OpenAI's deployment unit is a multi year committed partnership between OpenAI and 19 other firms, with the partnership led by TPG, with Advent, Bain Capital and Brookfield as co lead founding partners, the ChatGPT maker said.

Tech Brew Co-host (9:38)

End quote.

Brian McCullough (9:46)

Sure, AI is everywhere, but that doesn't mean enterprise value is a given. In a recent survey, PwC found the amount of CEOs who reported revenue gains or cost reductions from AI is nearly equal to the amount who say they're still stuck. So what's causing the issues? PwC boiled it down to clarity. Leaders aren't clear about what's hype, what's reality, or where AI can actually create measurable impact. To help Change the that, PwC is offering their AI expertise and data. They explore how to tune out noise around AI and get clarity on what successful adoption looks like.

Tech Brew Co-host (10:21)

Learn from the experts by heading to

Brian McCullough (10:23)

pwc.com US Brewai that's pwc.com US BrewAI. When you're locked into a conversation, you're probably not taking the best notes and that's normal. It's hard to listen closely and write everything down at the same time, so turn on plaudnote Pro instead. Plod Note Pro is a small AI powered device that records conversations and turns them into clean, structured summaries automatically. It's built for people who spend a lot of time in conversations, interviews or calls and don't want to lose any important info. Instead of scrambling to type, you just press a button and stay focused. Plod handles transcription, summaries and key takeaways. It's also built with privacy in mind with enterprise grade compliance like SoC2, HIPAA and GDPR. Get started at Plaud AI tbrh that's P L A U D A I

Tech Brew Co-host (11:21)

TBRH use code tbrh for 10% off all plod devices

Brian McCullough (11:29)

Mark Gurman says Apple is working on a slight redesign for macOS 27 to address liquid Glass issues, quoting Bloomberg, Liquid Glass itself isn't going away. As I've said before, it's simply being refined. I also expect iOS27 and iPadOS27 to include a range of interface tweaks, though nothing will be too dramatic. The goal is more of a cleanup and refinement effort aligned with the company's

Tech Brew Co-host (11:53)

wider push to polish its software this year. The changes to macOS are meant to

Brian McCullough (11:58)

make Liquid Glass look the way Apple's design team intended it to from the start. Last year's operating systems didn't necessarily suffer from design problems, I'm told, but rather a not completely baked implementation from Apple's software engineering team. Beyond adjusting the look of Liquid Glass, Apple will focus on bug fixes, battery life upgrades and performance improvements.

Tech Brew Co-host (12:17)

This refinement effort is one of two

Brian McCullough (12:20)

major undertakings for Apple's 27 operating system releases this year, the other being to add more artificial intelligence features.

Tech Brew Co-host (12:27)

The company will unveil the software at its annual Worldwide developers conference on June 8th.

Brian McCullough (12:32)

The AI changes will center on Siri. Apple is introducing a new design and standalone app and repositioning the technology as a more proactive assistant that helps users complete a wider range of tasks. The company is also working on a more chatbot like interface as well as

Tech Brew Co-host (12:47)

deeper integration of Apple intelligence features across new areas of the software. End quote.

Brian McCullough (12:58)

TikTok is rolling out TikTok Ad Free, a 3 pound 99 pence per month subscription for UK accounts aged 18 or

Tech Brew Co-host (13:07)

older over the coming months after testing the option since 2023.

Brian McCullough (13:11)

Quoting TechCrunch, TikTok is introducing an free subscription plan in the UK that costs £3.99, or about $5.44 USD per month. The new offering is rolling out over the coming months and will be available to users 18 and over. Users who sign up for the plan won't see ads on TikTok and their

Tech Brew Co-host (13:30)

data won't be used for advertising purposes. The launch was likely driven by the

Brian McCullough (13:34)

UK's General Data Protection Regulation, or GDPR, which prohibits companies from collecting users personal data for advertising purposes without their consent. Choice for our community and growth for UK businesses go hand in on TikTok, said TikTok's UK managing director Chris Bogue in a press release. Advertising on our platform is already helping thousands of British businesses, reach new customers, increase sales and create jobs, while our new Ad Free option gives people greater

Tech Brew Co-host (13:59)

control over their experience.

Brian McCullough (14:01)

TikTok first began testing the ad free plan in 2023. It is unknown if the social media

Tech Brew Co-host (14:06)

giant plans to bring the offering to the us. End quote.

Brian McCullough (14:16)

Finally today, on the question of what happens if AI is able to build the next generation of itself?

Tech Brew Co-host (14:23)

That's kind of a big question that is probably unanswerable for anyone at this moment. What could that mean to AI tech, to society at large?

Brian McCullough (14:30)

But in the medium term, Ben Thompson has an essay out arguing that agentic inference is set to be different than today's inference, how it works today, and that will fundamentally change compute infrastructure because speed won't matter when humans are no

Tech Brew Co-host (14:47)

longer involved I have previously made the

Brian McCullough (14:50)

case, including in Agents over bubbles, that we have gone through three inflection points

Tech Brew Co-host (14:54)

in the LLM era. First was ChatGPT, demonstrating the utility of

Brian McCullough (14:58)

token prediction.01 introduced the idea of reasoning

Tech Brew Co-host (15:01)

where more tokens meant better answers.

Brian McCullough (15:03)

Opus 4.5 and Claude code introduced the first usable agents which could actually accomplish tasks using a combination of reasoning models and a harness that utilize tools, verified work, et cetera. All of this falls under the banner of inference, but I think it will be increasingly clear that there is a difference between providing an answer what I

Tech Brew Co-host (15:22)

will call answer inference, and doing a task what I will call agentic inference.

Brian McCullough (15:28)

I mentioned above that fast inference for coding is a temporary use case. Specifically, coding with LLMs requires a human in the loop. It's the human that defines what is to be coded, checks the work, commits the pull requests, et cetera. It's not hard to envision a future,

Tech Brew Co-host (15:44)

though, where all of this is completely handled by machines. This will apply to agentic work.

Brian McCullough (15:50)

Broadly, the true power of agents will not be that they do work for humans, but rather that they do work without humans involved at all. This, by extension, will mean that the likely best approach to solving agentic inference will look a lot different than answer inference. The most important aspect for answer inference is token speed.

Tech Brew Co-host (16:09)

The most important aspect for agentic agentic

Brian McCullough (16:11)

inference, however, is memory. Agents need context, state, and history. Some of that will live as active KV caches.

Tech Brew Co-host (16:20)

Some will live in host memory or SSDs.

Brian McCullough (16:22)

Much of it will live in databases, logs, embeddings, and object stores. The important point is that agentic inference will be less about GPUs answering a question and more about the memory hierarchy

Tech Brew Co-host (16:34)

wrapped around a model. Critically, this articulation of an agentic specific

Brian McCullough (16:39)

memory Hierarchy implies a necessary trade off

Tech Brew Co-host (16:43)

of speed for capacity.

Brian McCullough (16:45)

Because here's the thing, lower speed isn't nearly as important a consideration if there isn't a human in the loop. If an agent is waiting around for a job that is being run overnight, the agent doesn't know or care about

Tech Brew Co-host (16:57)

the user experience impact.

Brian McCullough (16:59)

What is most important is being able to accomplish a task, and if entirely new approaches to memory make that possible,

Tech Brew Co-host (17:05)

then delays are fine. Meanwhile, if delays are fine, then all

Brian McCullough (17:10)

of the focus on pure compute power and high bandwidth memory seems out of place. If latency isn't the top priority, then slower and cheaper memory, like traditional DRAM

Tech Brew Co-host (17:20)

for example, makes a lot more sense. And if the entire system is mostly waiting on memory, then chips don't need

Brian McCullough (17:27)

to be as fast as the cutting edge either.

Tech Brew Co-host (17:29)

This represents a profound shift in future

Brian McCullough (17:31)

architectures, but it also doesn't mean that current architectures are going away. Training will continue to matter, and Nvidia's

Tech Brew Co-host (17:38)

current architecture, including high speed compute, large amounts of of high bandwidth memory, and high speed networking will likely continue to dominate.

Brian McCullough (17:44)

Answer inference will be a meaningful market, albeit a relatively small one, and speed

Tech Brew Co-host (17:50)

from chips like Cerebras or Grok will be very useful.

Brian McCullough (17:54)

Agentic inference will gradually unbundle the gpu, which alternates between stranding high bandwidth memory

Tech Brew Co-host (18:01)

during the pre fill process and stranding

Brian McCullough (18:04)

compute during the decode process in favor of increasingly sophisticated memory hierarchies dominated by

Tech Brew Co-host (18:09)

high capacity and relatively lower cost memory

Brian McCullough (18:11)

types with good enough compute. Indeed, if anything, it will be the speed of CPUs for things like tool use that will matter more than the speed of GPUs. At the same time, these categories won't be equal in size or importance. Specifically, agentic inference will be the largest market by far, because that is the

Tech Brew Co-host (18:30)

market that won't be limited by humans or time. Today's agents are fancy answer inference.

Brian McCullough (18:35)

In the future, true agentic inference will

Tech Brew Co-host (18:38)

be work done by computers according to

Brian McCullough (18:40)

dictates given by other computers and the market size scales. Not with humans, but with compute.

Tech Brew Co-host (18:46)

End quote. Nothing more for you today. Talk to you tomorrow.

Columbia Omnishade Advertiser (19:00)

You can't reason with the sun. Trust us, we've tried. This summer, it's time to put that angry ball of fire on mute. Columbia's Omnishade technology is engineered to protect you from the sun's harsh rays that can burn and damage your skin. The sun is relentless, but so is our gear. Level up your summer@columbia.com to spend more time outside and less time slathering on aloe lotion. You're welcome. Columbia engineered for whatever.