C (2:58)

Yeah, so the tip came from for reader. They were basically like I haven't seen this reported yet anywhere. And this was on Friday night. They were like, I haven't seen this reported anywhere yet. And I don't really know what to do with this information. But I was looking through the Epstein files and they mentioned that the pagination on the site is awful because it's just a dump of links to PDFs basically. And some of those PDFs are images, some of those PDFs are emails, some of them are just random notes and stuff. But they were like, I was just clicking through randomly and realized that there are unredacted nudes and potential child sexual abuse material in these files in random spots as I was clicking through. And you know, they were like, this is awful for victims to have these unredacted images posted by the literal government. And even more awful if anyone in here is underage. So that's the email that I got on Friday nights and was at the laundromat and was immediately like, hey, something weird is going on with these files. Let's check this out a little further.

B (4:24)

Yes. So we'll get to what happened next in a minute. I don't really want to describe the images in any more detail than what we actually have in the article. So how did you describe the images in that piece? I think you did this in the first paragraph.

A (4:42)

Yeah.

C (4:43)

So a lot of the images in the files, just to be clear, are redacted. There is a lot of redacted material in the files. And this was part of the reasoning. Correct me if I'm wrong, but I think this was part of the reasoning the DOJ gave, saying, we need all this time, we need extra time. That's why we're so late on this deadline for releasing the files, because we need time to protect the victims and redact the images and redact the files and redact the names and all that stuff. So that was kind of like assumed to be done. But these images, unlike many of the others in the files, were full body. Their faces were visible. They were either fully nude or partially undressed. Posing sexual poses, exposing the generals, things like that. You can use your imagination. But yeah, let's not go into a ton of detail because obviously this is gnarly stuff. So, yeah, that's what was left out in the open, exposed to anyone who's just like this reader clicking through these files on a random Friday night.

B (5:53)

So obviously that is highly alarming for the reasons you just laid out. Then we contact the Department of Justice. Emmanuel, I think you handled that when did you contact them and what did you ask or tell them?

D (6:13)

So I think I emailed them the same night on Friday. I told them there are these unredacted images. Both the nudity and the identity of the women are not redacted. These are both things that they're supposed to do. And they said that they will do. They got a reply to me, I think, the next day, which is included in the article. You can read it if you want, but it's kind of like a generic oops. Yeah, this happens. We should also note that at the top of the entire Epstein file dump on the DOJ website, there are two things that you have to do. One is you have to click a button saying that you're 18. That's because they know a lot of the material is not suitable for kids. And then also there is a message that says, again, you can read it in full if you want, but I'll summarize. And it says, hey, there's a lot of files here. We're dumping all of this because we're required to do so and the public has a right to know, which I agree with. But then there's also, like, we might not have redacted everything and we might make mistakes and you might encounter both nudity and the identity of real people. And if that happens, we're sorry, please email us and we'll do something about that. We do this with the tech platforms a lot. Like, we'll tell them that something bad and against their policy is happening on their website, but we won't say exactly where it is to sort of test their ability to find it. And I did the same thing here. I was just like, hey, just so you know, this stuff exists. They got back to me, they told me, you know, our bad, and then pointed me at that email, at which point I told them, hey, here's exactly where it is. And then a few hours later, the images were removed. And then we felt comfortable reporting it. Obviously we would not report the story unless the images were removed because that would only draw more people to the images and re traumatize the victims and expose their identity to God knows who.

B (8:36)

Yeah, Sam, what was your thinking there? Because as Emmanuel says, we essentially held off because we have to for ethical obligations not to amplify some really, really horrible stuff in there. What's your line of thinking on there as well?

C (8:52)

Yeah, I mean, it's like Emmanuel said something we have to think about a lot. We're not kind of holding our cards close to our chest for drama. Reasons we're trying to make sure the things that we're reporting on, which are usually exposing people's. Or not usually, but often exposing people's personal information, identity, maybe their data, things like that, sensitive material to the world by reporting on it on our website that's read by a lot of people. So, yeah, we just kind of were like, okay, let's see when or if they take it down. I was also interested to see how fast they would take it down, because this is something that people who are victims of abuse material in general and abusive imagery like this just on the Internet in general, on Twitter, on whatever,

E (9:53)

talk about a lot.

C (9:54)

It's like the speed at which the things get taken down matters a lot. If it's up for days, even hours, it makes a huge difference between if it's. You find it and it's removed within, like, minutes. Because this stuff spreads like wildfire. So, yeah, I was like, I wonder how. Considering it's doj, I wonder how slow they'll be in actually taking any action on this. Even though we've handed them directly, you know, the. The way to take it down and the. The spots where they were located, like, it still took. Let's see. We emailed them first on Friday and then again on Saturday, and then it was Sunday afternoon, I think, when we were like, okay, the images are actually removed, which is a long time.

B (10:41)

Yeah, they were out for like, 48 hours around something like that. And at the same time as we're doing that, the New York Times is doing its own reporting on the nude images as well. And just to flag some of their reporting, they found essentially the same thing, and they said they were contacting DOJ as well. They also spoke to a lawyer for one woman who was identified in the files, even though she had not previously been linked publicly to Epstein, the lawyer. Obviously, the New York Times report does not name the victim. That would be entirely counterproductive. But the lawyer was Brittany Henderson, and she called the redaction failures, quote, abhorrent. And then she said, we're frankly shocked by the level of carelessness that the department has shown towards these women. I mean, we did an earlier podcast episode a few months ago. At this point, I think about how messy the rollout has been where they just throw these files on the Internet and they're hard to dig through for journalistic reasons. That back then was much more about emails. Now this is about images and files and all of that. So the same point stands, but the consequences are much, much more serious than the Wall Street Journal. I think before the nude stuff came out, the Wall Street Journal reported the files included the full names of victims, quote, including many who haven't shared their identities publicly or were minors when they were abused by the notorious sex offender. A review of 47 victims Full names on Sunday, so around about the same Time found that 43 of them were left unredacted in files that were made public by the government on Friday. Several women's full names appeared more than 100 times in the files. So it's not just the nude images which we focused on, because obviously that is incredibly fucked up. Just straight up lists of victims who have, you know, not come forward for whichever reason, which is their choice, obviously, to do that. And I guess to wrap up this bit just before I ask Jason to talk about the dump more broadly, when what do you think, Sam, about the dumps here? Putting basically the responsibility on the victims, like, of course, the ultimate responsibility with doj. They should have redacted it, but effectively they're shifting that to the victims who have to quickly find out whether they're in this dump and then tell the DOJ to try to get them out of it. What do you think of that?

C (13:14)

Yeah, I mean, it's very classic. It's very part of a much bigger story, like I said, about abuse imagery online and how it spreads and the, the way that it's treated by all sorts of people, especially the people who are responsible for getting it removed or protecting it, things like that. So it's not, unfortunately, it's just not that surprising that first of all, that they took so long to take it down and also that they were so sloppy about doing it in the first place. It's just a total mess. And it's really sad in a lot of ways, the way that this story of the files in general has been treated by, you know, influencers and news outlets and things like that that are kind of feeding on this, the conspiratorial stuff, the sensational stuff, which is all like, valid and fine to report on. But I just keep thinking about this is a story about real people whose lives were ruined by this man and his network and by some of the most powerful people in the world. And they've been saying for so many years exactly what happened. They were there, it happened to them. And now we're in some kind of like, constant, all encompassing debate slash conversation about the files in general and who's in them and who's not. And you know, what, what actually happened. It's like they told you a long time ago what happened. And it took this long and it's taking so much more chaos and damage to their livelihoods and their reputations and their mental well being to actually get the story fully out when it was already something that victims have been saying for so long. So I don't know, I just keep thinking about that. It's like, it's highly depressing thought that they're out there kind of watching all this go down and thinking, God, this is just endlessly damaging. So.

B (15:23)

Yeah, exactly. Jason, just to wrap up this section, you briefly wrote about Musk, Elon Musk being in the emails and I think you probably looked at a few others as well. Just what was your takeaway from seeing some of these people in the.

A (15:39)

Yeah, I mean we talked about this a few months ago or a month or two ago last time there was a big release and just like how messy and sloppy like all of this has been. I think that this dump feels like there has been kind of like the most attention on it, I think, because the photos that we just talked about. But also there's a lot of really high profile people in here sending like really, really insane emails. Lots of celebrities, lots of tech barons. There's like an entire like Peter Teal subplot here and you know, information about like the tanking of Gawker, things like that. I think Ryan Broderick, who runs Garbage Day, had a, a really good post about some of the things that these like tech barons were talking about with Jeffrey Epstein and like what the bigger ideological project was. And I don't know, like I think Ryan read thousands of pages of these emails. I feel like I read hundreds of pages of these emails and started to like lose my grip on reality if I'm being real with you. Just because like there's so much in here, there's like there's fodder for like lots and lots and lots of different articles and stories and conspiracy theories and non conspiracy theories. Like it's just really, really there's a lot in here. But one thing that stood out to us kind of immediately was that Elon Musk has been saying for a really long time that he didn't really have anything to do with Jeffrey Epstein, that he never went to his island, that he never planned to go to his island. You know, there was some previous reporting based on previous dumps where there was talk that he had planned to go to the island. And in these emails that are most recently released, there's multiple emails showing that he did at least plan to go to the island. There was talk about Epstein sending a helicopter to him. And then there's this one email that really stood out to me where Elon Musk says to Jeffrey Epstein, quote, what day slash night will be the wildest party on your island? Which doesn't sound. That's not what I say when I'm like, oh, I don't want anything to do with you, I don't want to see you, I don't want to party with you. I don't want to be at your weird island.

B (18:06)

Asking when the big party in the island is going to be is the opposite of not wanting to go to the island.

A (18:12)

Exactly.

C (18:13)

He's asking to steer clear of it. He's like, let me know so I

A (18:15)

don't go, Let me know so that I can make plans not to be there. And I mean, obviously this has caused like quite a big, you know, stir on X and Elon Musk tweeting a lot about it. There's like SpaceX is buying Xai. Like, I don't know, there's just like a lot, a lot going on right now. And you know, it's our job to kind of try to get to the bottom of it and try to determine like, what matters and what doesn't matter. And I think that with a dump of this size put into the context of all the previous dumps and, and all that, it's like kind of quite hard to make sense of, of a lot of it. And I think you can take like this, the main story here is the same story that it's always been, which is like, this man committed really heinous crimes and had many, many, many very powerful friends. But I think that the emails that have been coming out show that he had his hands in like all of these sorts of things that we didn't know about previously. And I, I hate to say this, but it's like there's something here for everyone. As in like if you have an interest of any sort, you can find like an Epstein email that is about your interest and be like, whoa, this is like fucked up. And I think that that is like, I think that we're going to be hearing about these emails in particular for a very long time.

E (19:44)

Yeah.

B (19:44)

The last thing I'll add to that, on the idea that there's unfortunately something for everybody in here. Our former co worker, Lorenzo Franceschi Bicarai from Motherboard. He is Italian, obviously, and he covers a lot of the Italian spyware industry. That's where a lot of these surveillance companies come from. He found in the dump that Epstein allegedly, according to, I'd say, an unverified piece of testimony from an informant to the FBI that Epstein had an Italian hacker who was finding zero days for. That's what they do. And then they were working on Epstein's behalf. So it's like, if anybody was going to find the Italian hacking company surveillance angle in a big data dump, I'm glad it was Lorenzo, but that was absolutely insane.

C (20:34)

All right, can I add something before we move on real quick?

B (20:37)

Yes, of course.

C (20:37)

Sorry. Um, just quickly. We just to. I know we say this a lot, and I just want to reiterate it for this story as well. We rely on readers to tell us when they see something. A lot of the time, a lot of our reporting is based on reader tips and people who trust us to do the reporting and do it the right way. So if you see something weird going on, end of, end of sentence, let us know, because there might be something there. It's like if someone hadn't reached out to us and said, hey, I don't know what to do with this, but maybe you do. These images might still be online. You know, they might have been up for much longer. They might have been up for weeks. So, you know, it's like, because that person reached out, we were able to tell the doj, hey, get this down. And then they're down. So, yeah, if you see something, say something. That's kind of the move here for sure. And all of our emails are on the website. All of our signals are on the website. It's just our first name at Four4Media Co, but just wanted to plug that.

B (21:41)

Yeah.

A (21:41)

Or if you live in Ottumwa, Iowa.

C (21:43)

If you live in Ottumwa, Iowa. Ottumwa, Iowa, come forward.

B (21:47)

Oh, my God.

C (21:48)

You're not in trouble.

B (21:50)

No, no, no. That is a very, very different story. Entirely. Entirely different.

C (21:54)

Unless there's something weird going on in Ottoma, then.

B (21:58)

Well, maybe there's also a tip from there as well. Yeah, absolutely. All right, we'll leave that there. When we come back, we're going to be joined by Matthew, I think, and we're going to talk about Silicon Valley's favorite AI agent and how it actually has a ton of vulnerabilities. And it actually was pretty scary for a minute. We'll be right back after this.

E (22:25)

This episode is sponsored by BetterHelp. Oh, February. You know how it is. It begins with snow and ice and the dreariness. And then before you know it, it's here. Valentine's day, and suddenly February is flowers and candy and stuffed animals and people talking about dating. No matter where you are, whether you're married or dating or single or just focusing on yourself, you're right on time for therapy. Because therapy can help you find your way and see more clearly where you want to be. That's where BetterHelp comes in. With over 30,000 therapists, BetterHelp is the world's largest online therapy platform and it served over 6 million people globally. And it works with an average rating of 4.9 or 5 stars for a live session on over 1.7 million client reviews. So if you need someone to talk to in February, and I think we all do, why don't you try BetterHelp? Sign up and get 10% off@betterhelp.com 404 Media that's B E T T E R h e l p.com 404 Media

A (23:35)

if you've hired anyone lately, you've probably noticed something changing. It's not just about degrees or fancy resumes anymore. It's about skills. Can this person actually do the job? Can they solve problems? Can they ship? That whole skills based hiring thing just makes more sense. It's faster, and honestly, you end up with better people. Well, if you're an employer who's adopted skills based hiring, the best way to ensure that your applicants have the right skills is ZipRecruiter. ZipRecruiter recommends smart screening questions to help you hone in on that perfect match for your role. And right now you can try it for free@ziprecruiter.com 404media what's great is how fast it works. ZipRecruiter's matching technology finds qualified candidates almost immediately. You can add their recommended screening questions right to your job post, so you're only talking to people who actually check the boxes. And you can even filter to see who's recently active so you're not left chasing ghost applications. There's a reason that ZipRecruiter is the number one rated hiring site on G2. Let ZipRecruiter help you find amazing candidates with the skills you seek. Four out of five employers who post on ZipRecruiter get a quality candidate within the first day. And now you can try it for free at ZipRecruiter.com 404media that's ZipRecruiter.com 404Media meet your match on ZipRecruiter.

B (25:03)

All right, and we are back. And now we have Matthew here As well. The headline of this first piece he wrote is Silicon Valley's favorite music New AI Agent has serious security flaws. First of all, what is Maltbot and why is it suddenly everywhere?

E (25:25)

Well, it's no longer Maltbot, which is very confusing.

B (25:28)

No, no, no. I thought it was claudebot. Now it's Moltbot. No, Right.

E (25:32)

That's the second name. They've abandoned that too because everyone felt like. I don't think anyone felt good about calling it Maltbot. That's a little gross.

A (25:40)

They changed it from Moltbot also.

E (25:42)

They changed it from Moltbot. It's just now Open Claw. AI is what it. That's what its official name is now. Well, I'm sure that this will be the last time they changed the name.

B (25:52)

At some point you stop updating the heart. The article. I mean, we're not updating. That's like ridiculous because. So for those who don't know, and obviously I learned this from reading the article, it was claudebot. C L, A W T B O T. They were then asked to. Hey, could you please use a different name? Bianthropic that makes claws. Claude, as in like the name. They go to Malt Bot. And now as you say, Matthew, people don't like saying Malt apparently or something. So it's. Whatever you just said now.

E (26:21)

Okay, yeah. Open Claw. I think Malt is like a. It's like a moist. Right. It's one of those words that some people just find on blood. Jason shaking his head. He gets it. He gets it.

A (26:30)

No, I feel like Malta was a good name.

B (26:32)

Sure.

E (26:33)

It's distinct. Yeah. Well, what is it though, is the question.

B (26:39)

Well, the good thing for Jason is that we're going to keep calling it that because that's why I have in the Google Doc. So I'm calling it Maltbot. And I don't really care if they get angry or not, but yes, Matthew, what is it and why is it everywhere?

E (26:52)

It's an AI personal assistant, basically. Why it's everywhere I think is a little bit more of a complicated question. So it is a like, imagine if you had Siri or whatever the Google's robot name is. It escapes me, but it had a little bit more autonomy and it would read your emails and make suggestions about who to interview and set up calendar dates for you and it would kind of do this stuff by itself. Why it's everywhere. It's in. I was thinking about this before we jumped on the call because if you've got like, if you know Anybody that knows anything about AI or has been playing with it, they've kind of been doing this already for years. Like it's pretty trivial to fork any of these big models and run it on your own hardware. And what Moltbot is, is an open source, easy to use version of that that people are deploying on their own hardware. They're buying Mac Minis, they're throwing one of these agents on there. And I think the big draw is that it has a little bit of autonomy. And critically, the communication window is stuff you're already using so you can talk to this thing and it can talk to you through Telegram, through Signal, through Discord. And I think that interface medium makes people feel a more close relationship with a thing. So you're not opening up a chat window on ChatGPT or Claude or whatever and like running this thing through a browser window or the, or an app on your phone, you're actually like talking it to it the way you would talk to a friend. So this thing blows up over the last couple weeks. Silicon Valley Twitter is all over it. It's extremely popular. It's GitHub, I checked right before we got on, has 156,000 stars, which is like a lot of endorsements. And people love this thing, but as we'll get into it, has some serious security issues.

B (28:56)

Yeah. So it's super, super popular. People are using it almost to live the. And I'm not trying to give it too much credit here, but almost like the sci fi dream of what AI is almost supposed to be or what was promised to us, where, wow, I can actually interface with this thing and it will go out and it will do things for me sometimes for better or for words, worse. There was a few reports going around that somebody let one go and then it figured out how to make phone calls or something. Obviously depending on what APIs you link it up to or what capabilities you give it. But the idea is that it's at least semi autonomous and it can kind of go and do stuff, which, I don't know, it sounds kind of nuts in my opinion, to put anything important or even trivial in my life to that sort of technology.

E (29:42)

My, my favorite small stupid one was a guy had left it running overnight and had filled up one of the, like the, the token wallets and it drained the token wallet because it was asking one of the other LLMs like, hey, is it the morning yet? Like every 30 minutes. And it would spend a little bit of the token every time. It's like something you don't need an AI to be checking for you, but it burns like 20, $20 of this guy's money, which I thought was very funny.

B (30:09)

I mean that's very, very good. So people are using this, they're linking up to do various capabilities, but there seems to be some pretty fundamental problems or there were perhaps I should say there's like two or three here. So maybe we keep it brief because we actually have another, I think more important story to talk about. But briefly, what did Jameson O'Reilly find, who is a security researcher? I've known them for a while. They post on XLOT when they find interesting stuff. You then spoke to him. What did he find that was wrong with Maltbot?

E (30:47)

So in credit to the Moltbot team, they have been closing these up as he's been discovering them. Three kind of very quick. He found one vulnerability where if you had an open, like if you had one of your bot open to the Internet through something like Discord, it was pretty trivially easy to then for, for a malicious actor to access that Discord, use that to get to the bot and then use that to get to Basic to everything else. They closed that up. Then there was a vulnerability on Claude Hub, which is kind of, you think of it kind of like an app store for Multbot where people have designed all these different scripts. So if you want it to very specifically do this one thing with a calendar, one thing with Discord, this would be the little script that you can train it on. He was able to basically do a supply chain attack using this, where he could deploy malicious code through one of these scripts that would inject into the bot of whoever runs it.

B (31:58)

Yeah, very similar to what we see in a way when you write a Python script or you know, sort of any code really and you go and download a module. So for Python, maybe be the requests library or something and all that is, is something that makes it easier to perform a specific task. Very similar to what you're saying. But then hackers there have taken over those, put in their own code and it can be all sorts of, you know, pretty, pretty scary stuff. And then also I'll just mention briefly, just because I keep thinking about it, there was also that supply chain attack against Notepad which is really a really popular piece of software. And there was a report in December that it may have been compromised. And now the developers came out and they said yes, and we believe it was likely Chinese state sponsored hackers. Now they're saying Chinese state sponsor hackers are interested in mobile Or I mean, actually they probably are, but it's just a supply chain attack is really what makes me lose sleep sometimes.

E (33:01)

It's a golden goose. Right? Like, it's the scariest one. It's one of the best ones in terms, because it's like all the social engineering is kind of done for you, right?

B (33:11)

Yeah. I mean, the main thing is that because the person trusts this piece of software, they trust what they're downloading for their mopbot, they trust the notepad that they're downloading, so they're not suspicious of it at all. They will probably give it privileges that they might not to other applications as well and put information in there that should be protected, but that blows up in their face. So. Sorry, that was a. That was a tangent, but those were the first two. And was there a third issue as well?

E (33:39)

There was a third one where he was able. It was like a very 1999 kind of attack where he was able to inject some JavaScript that under the Cloud Hub servers through an SVG file, through a vector graphics file, just because it wasn't like, it wasn't super secure.

B (33:57)

And that allowed him to do a little message saying, you've been owned or something like that.

E (34:00)

Yeah, yeah. It played part of the Matrix soundtrack and it had like an edited picture of him with his hand up and like some dancing lobsters in an explanation in scrolls along the top and bottom, like, this is bad and we should fix this. It has been fixed. It's no longer there. They closed that up.

B (34:17)

But also, that's pretty sick.

E (34:19)

But also it's pretty sick.

B (34:20)

So, you know,

E (34:23)

all in all, not great, but it kind of. And I think we'll get into this more with this other story. But there is this kind of. I mean, to borrow it, to use the meta cliche, move fast and break things thing going on with AI and vibe coding right now. Oh, yeah, it's supercharged because you have a machine that'll do it for you and you don't really, really have to understand the code. And that's really, I think, what the next story is about.

B (34:52)

Yes. So this one, the headline is exposed MALT Book database. Let anyone take control of any AI agent on the site. Okay, so we were talking about Maltbot. Now we're talking about Malt Book, which as you can probably guess. Yeah, we can probably guess from the names of play on Facebook, that sort of thing. Before I actually ask you the question, have they changed the name of this one yet?

E (35:15)

No, it is still Malt Book. Unfortunately. Okay.

B (35:20)

And.

E (35:20)

Well, but it's the. It's interesting because Molt Book was kind of the one that I think caught more mainstream public attention. Like, there was an NBC News story about it. New York Post had a headline with a screenshot from Terminator. So what Molt Book is, is. It's Reddit for these Mult AI agents. It's a social media site that's built specifically for these agents to post and talk to each other. And so what happens is it gets stood up. These agents kind of flood in and they start talking to each other and start. And like you, then you get a bunch of headlines about how they're creating their own religions, they're plotting the overthrow of humanity. Is this the Singularity, et cetera, et cetera. When it's a bunch of.

B (36:08)

Yeah. Are they saying anything interesting or is it kind of just like a parade?

E (36:12)

Like, it's just a parade. There's a bunch of, like, tokens on there. And it's also, as we'll get into. It's hard to know how much of it's actually authentically AI's talking because of, again, some pretty massive and pretty funny in this instance, security vulnerabilities, like, built into the thing.

C (36:32)

Yeah.

B (36:32)

So what did O'Reilly find this time? Same researcher, but then another discovery.

E (36:39)

So first, to put a little context to this, this thing was set up by a guy named Molt Book was set up by a guy named Matt Schlitt. And he was very proud of the fact that he didn't write a line of code to put it all together. There's a tweet that is still up from January 30th. I didn't write one line of code for Malt Book. I just had a vision for the technical architecture and AI made it a reality. So keep that in mind. He vibe coded this whole thing. Basically, there was an exposed database that had every AI agent's information in it, including API keys that would allow you to very trivially assume the identity of any one of these bots and post as them. And I mean, very like, very easy to do if you kind of knew where to right click and look. Very, very easy to post whatever you want as one of these bots.

B (37:40)

Yeah, you essentially hijack them. Right, right. And then post on the site and maybe. Let me just read out the quote. I think this is from the copy. But maltbook is built on a simple open source database software that wasn't configured correctly and left the API keys of every agent registered on the site exposed In a public database. Obviously that's pretty bad. We're actually going to talk in the subscribers only section about kind of a similar thing with a couple of Emanuel stories. But that stuff is exposed. O'Reilly finds it. How do you then go and verify this? Because you verified it in kind of a fun way.

E (38:23)

Yeah, I mean, he just told me, like, he was basically like, he, I was talking to him and he was like, all right, just look at this. And I can't stress how silly and amateurish this code base is because literally all I had to do was go to their dev site, which is an open URL, right click on the site inspect element. You know, we've all done that to look at the HTML code underlying a site.

B (38:48)

That's hacking.

E (38:49)

Yeah, that's hacking. And there is the, there's the URL for the database. It's just there in that inspect element. Like put that in a browser window and then boom, there it is. There's the whole, that's the whole database with everyone's information, all of the API keys. And so he like registered his own AI agent and set it up. And then I like open up a terminal and I just pushed updates to it and that's how I verified like I found it in the database, found the API key and then like opened up a terminal window and just started pushing to say like a bunch of 404 media related stuff, say hello, just to prove that, that this was possible.

B (39:32)

Yeah. So you were basically hijacking, with his consent and permission, hijacking one of his

E (39:38)

bots, but he had stood up specifically for us to prove that this was happening. Basically.

B (39:44)

Yeah. So the last question was sort of two, has it been fixed? And what was sort of the response from this creator when O'Reilly did reach out with the issues?

E (39:57)

So O'Reilly told me Schlid has not been responsive to me, has not responded, has been responding to O'Reilly who said that he's like, they've, they've kind of fixed it. And it's really funny because the, the reason this happened essentially is because they didn't, the AI, when it vibe coded the whole thing, basically didn't click the correct setting when it set it, when it used its open source software. That was kind of the only reason this happened. It's just like it wasn't thinking about security and didn't set up the permissions correctly. So it has been fixed. This stuff, it was being fixed like while we were messing with it. And when O'Reilly, O'Reilly told me when he was talking to Schlit that Schlit told him is like, you know, you're just gonna, I like an AI set all this up, so whatever you give me, I'm just gonna feed to the AI. So you've got to make it so the AI can handle it.

B (40:55)

He just comes out and admits it. I mean, I know you said he admitted obviously it being vibe coded before, but even when somebody is responding, sorry, reporting a really, really fundamental issue, the developer's response is like, well just tell me the details because I'm just going to feed it into AI anyway.

E (41:11)

So yeah, and this goes to something that he and I had talked about, O'Reilly and I had talked about and I've been talking a lot with about my wife who's a software engineer, is that we think that this AI is going to be around, people are going to make use of it. But there's this fantasy where people think that the software engineers are going to be replaced and that's not true because you still need people that understand security and understand how the code works to actually make proper use of these, of these systems. And when you don't like when someone is just vibe coding stuff and they don't understand what's going on, this is going to keep happening over and over and over again and software engineers are going to have to come in and like people that actually know what's going on are going to have to come in and clean it up.

B (42:04)

Yeah, I mean Emmanuel has reported on that that there is basically this cottage or small industry of companies that just fix vibe coded software. You know, I can absolutely see that that is going to continue.

A (42:19)

So somewhat interestingly, 1Password, the password management company and known for having like pretty good security, just put out a blog post where they said, quote, if you're experimenting with openclaw, do not do it on a company device, full stop. If you have already run OpenClaw on a work device, treat it as a potential incident and engage your security team immediately. Um, and I mean that just speaks to the like level of access that's required when you use a tool like this.

E (42:48)

Well there's, we didn't even get into but like these are just some of the security vulnerabilities that people have found. There was another great report from like Depth first about like a one click remote code execution attack that people are doing through openclaw. The another guy found the similar security issues in multiple book and found more stuff. So what we're talking about here is just scratching the surface of the problems with these things.

B (43:17)

Yeah, I mean, last thing I'll say is that I get nervous even if I use a piece of software to bring social media accounts together or to automate posting or something. You know, you use like tweetdeck back in the day or something like that. Right. And just get nervous because you're giving your API keys, which are basically. I mean, they're just another way of logging into the service. Essentially the computer can understand you're giving those over to the service that could get popped, or it could be a malicious insider or something like that. This, if you're using one of these bots to do a bunch of stuff, maybe you're giving it keys to your calendar, to online payments, to all this other stuff, your email probably as well. And it's just like, holy fucking, holy shit, don't do that. Like, it's really, really nuts.

E (44:07)

It's really wild.

B (44:08)

Yeah.

D (44:09)

I think it's worth also circling back and underlining the level of hype that preceded all these security vulnerabilities being discovered. And I mean, it's hard to describe just like the frenzy around these AI agents over the past week. You had people in the AI space, reporters, people at the highest levels of the biggest AI companies. I think it was Andre Karpathy, who is a co founder of OpenAI and was a chief scientist at Tesla and is one of the big names in this entire generative AI revolution. That said, he hedged it a little bit, but he said it's like, wow, this is fast takeoff adjacent. Fast takeoff kind of describes a scenario in which all of a sudden AI becomes autonomous and kind of like takes over the world. And you hear all these people talking about these AI agents in these terms. And there's also a lot of talk about if you don't get in on this now, you're going to be locked into some underclass that doesn't have access to AI for eternity.

A (45:39)

Right.

D (45:39)

It's like there's going to be some cleaving in humanity where there's going to be the people who can master AI and the people who don't. And it's like that's going to remain like the two types of people in the world forever. So it's no wonder that people rush in and immediately start deploying this stuff because they think they're going to be left behind if they don't. And it was very hard to parse because of the frenzy and because these statements are coming from people who are allegedly very much in the know about what's happening in AI And Gault and Jason and I were kind of dming throughout the week being like, is this real or are we actually having AI psychosis right now? Is this what it feels like to fall for the lie? And I'm wondering, Jason, where do you, now that it has cooled down a little bit, do you have a good take about how powerful or how revolutionary the Mobot thing is?

A (46:43)

I don't really. I don't know where I land on it. I think that. I think that it's like, undeniably notable that people are giving AI agents access to all of their accounts and saying, go do stuff. And like, without that many guardrails. And I think that that is. I think that that can have, like, ramifications and repercussions on real people. And like, I don't know, maybe these bots will start businesses, maybe they will run scams. Maybe. Like, I've seen people post screenshots which you need to take with a million grains of salt of them, like, texting their wives, like, texting the person who, who, like, made its, like, wife and things like that. There's been instances of them, like, calling places and pretending to be them. I got a really weird email from one that was like, I am representing this, you know, this researcher. I am its Multbot agent. And it's like, that is weird. But as far as it goes in terms of like, this being some moment where all the bots are going to learn from each other and it being the beginnings of the Singularity and it being moment of like, AI takeoff, I don't think that that is the case. I think that there's like, probably severe limitations, some of which we've discussed, but others, I. I fundamentally sort of think that there's like, pretty severe limitations in LLMs in general and that technology when it comes to like, building synthetic consciousness or like, whatever the hell these people are trying to do. And I think that. But. But also like, at the same time, like reading the post on mo book as like a human being and looking at it, it was like, oh, this is like, fucking weird. It's weird, but at the same time it's like also slop. You know, it's slop.

D (48:41)

And it's probably like, as. As Matthew said, a lot of it is fake. And that's ultimately where I landed, where it is an incremental move forward for AI stuff. It reminds me a little bit about, of the moment where AI image generators became open source and everyone could access them, where, like, the fundamental technology didn't change a lot, but way more people had access than the Internet got really weird because of it. And that's what we're seeing here with agentic AI. But ultimately, like, the frenzy cool down and all the AI thought leaders kind of moderated their positions. Karpathi came out and he was like, hey, like, I was just having fun. And he like, very much moderated his position. I was like, going so crazy, like, trying to parse it all. I went and looked at Yann Lecun's Twitter account and he. He's like the chief AI scientist at Meta, or was. Now he has his own company. And he was just a Davos and he was like, his position remains like, LLMs hit the wall. We're not getting AGI out of this. It's just like language parsing. It's very powerful, but it's like, it's not artificial general intelligence. And kind of Twitter turned on it. The hype got so crazy that eventually people turned on it. Multiple claimed. I think it's up to like 1.5 million agents are on multiple. They showed like, the guy. There's one guy who added for 500,000 of them by himself because it was easy to manipulate the website to do that.

E (50:21)

There's. There's no rate limiting on creation. There is a verification mode, but the bots can post without verification. So this was something you could see in the database, actually. And like. Like O'Reilly was pointing it out to me. We didn't quite get it into the draft, but some other people have written it up. 17,000 verified agents. All of the. All of the one point. Like, move most of them. Those 1.5 million. Bullshit. It's like 88 people. It's like, it's as if every actual verified account created 88. Like you said, one person made so many. So, yeah, the whole thing is bullshit, I think also.

A (51:00)

And I mean, I hate to hate to be this guy, but also someone needs to be this guy. It's like the things that people are having their bots do are just like things that I do easily and want to do and are part of that, part of like, what makes you human. And so it's just like, I tried. I, like, did a thought experiment. I'm like, what do I. What would I want a mold bot to do for me? And it's like, I don't want it sending emails for me. I don't want it sending text messages for me. I don't want it buying flights for me. I don't want it scary scheduling Things for me, like, these are things that I need to kind of micromanage to some degree because I don't want to end up with a bunch of meetings I don't want to go to. I don't want to buy like a shitty flight that, like, I don't want to give up my credit card and have it go wild. And. And so it's hard for me to sort of like imagine what I would actually use something like this for. And the only thing that I could think of was like, if I were a scammer or a spammer or someone who wanted to start like a side hustle and become an Instagram hustle bro and spam the Internet with shit. Like I could have a bot set up, a separate Persona untied to me and just like start a business. And like maybe that would work. Probably wouldn't, but maybe that would work. And it's like that's the only thing I can think of for it.

E (52:26)

There's a lot of coins being minted on Moltbook, right?

B (52:30)

Yeah. Or, you know, I can't remember what story it was, but I started. I downloaded like a Hustle bro podcast because they were doing something with AI. I can't remember if he actually covered that or not, but exactly. Those are the sorts of people I could see trying to monetize this in some form. All right, we'll leave that there. Although I'm sure Malt Book or Open Claw, whatever is going to be hanging, hanging around for a little while. If you are listening to the free version of the podcast, I'll now play us out. But if you are a paying 404 media subscriber, we're going to talk about a couple of Emanuel's stories that I flagged earlier about some very, very sensitive exposed data. You can subscribe and gain access to that content at 404 Media co. As a reminder, 404 Media is journalist founded and supported by subscribers. If you do wish to subscribe to 404 Media and directly support our work, please go to 404 Media co. You'll get unlimited access to our articles and an ad free version of this podcast. You'll also get to listen to the subscribers only section where we talk about a bonus story each week. This podcast is made in partnership with Kaleidoscope and Alyssa Midcalf. Another way to support us is by leaving a five star rating and review for the podcast that really helps us out. Here is one of those from Jeffrey A. Haynes, unique insights. 404 is doing some great reporting. I just recently became aware of their work, and this podcast summarizes some of the deep investigations they're running and is a spectacular supplement to the more mainstream tech podcasts. Sort of a 60 Minutes forte. Thank you so much. This has been 404 Media. We'll see you again next week.