SE
Security Now (Audio)
TWiT
AI Impact on CTF Competitions
From SN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat? — Jun 3, 2026
SN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat? — Jun 3, 2026 — starts at 0:00
It's time for security now. Steve Gibson's here. Lots to talk about. The end of a very popular hacker competition. Why? AI, that's why. Uh the other shoe drops on two things Steve warned us about last week. Two big flaws. And why did Pwn to Own say Steve's accounts had been breached? Well, it was a mistake, but Steve will explain. That's all coming up next on Security Now Podcasts you love from people you trust . This is twit This is Security Now with Steve Gibson e,pisode 1081, recorded Tuesday, June 2nd, 2026. AI captured the flag. It's time for Security Now, the show we cover, the latest security news, your privacy, how things work in the real world with this guy right here, Mr. Real World himself, Steve Gibson wearing his AI hat. Mr. All Too Real. That's right. Uh good to see you. What's up this week? So for episode 1081 for this first podcast of June, um there was a really interesting story about uh a an aspect that we've not talked about a lot which are capture the flag competitions you know we've talked about pwn to own um where where research hackers find unknown vulnerabilities in existing software. Capture the flag is different. These are canned competitions where the designer of the competition inserts something to be discovered based on which is which is dependent upon the the talent of the hackers and and researchers. So uh we're gonna talk about that because uh someone who's been very involved and is is got some real street cred for his his ability to to find vulnerabilities is bemoaning the the death of Capture the Flag brought about by AI. So today's title is AI Captured the Flag. Um we've got a bunch of. I hope you're gonna explain what all of that is too. much Yes, we'll explain it all . Yeah. Um as expected, unify OS devices immediately came under attack. Uh SISA has commanded federal agencies to update their instances of Drupal , both things we talked about last week. Can the largest botnet ever seen be killed? Is an interesting question we'll look at. Defender, my uh Microsoft 's Defender has the the Defender for Endpoint has is obtaining the ability to cut off a an infected PC from its own network, uh charter communications has had a big account leak. Uh Chrome has adopted device-bound session cookies, moving it from beta. We'll talk about that. Uh the news is that Anthropic is about to release Mythos. Uh, we've also got some interesting commentary from Daniel Stenberg, famously the creator, author, maintainer, prime you know, chief of curl . Uh IBM and Red Hat are com mitting to fixing open source using AI and putting, I think it's five billion dollars worth of AI cred into the project. We've got, in addition to all that, a ton of terrific listener feedback, which will drive some additional commentary. And then we're gonna look at AI basically spelling the end of what has turned out to be a terrific source of on the ground training for hackers and researchers. Uh and of course, a great picture of the week. So I think maybe worth staying tuned in. Yay! As usual . This is the day you look forward to all week long. If you're in the IT business, you certainly uh need this to keep up on what's going on. And we thank Steve for doing that. We will get to uh, of course, the picture of the week. I'm sure a humorous take on the on humanity. Of humanity. Yeah. No kidding. That's coming up in just a bit. Before we do that though, let's get our uh our first uh sponsor uh in here. And uh by the way, I had a great conversation with uh our sponsor for this uh segment on security now is Bitwarden. I had a great conversation with its founder and CTO yesterday, Kyle Spearin . Uh he started uh Bitwarden in 20 15, 2016. We saw the first post uh that he put in uh uh on Reddit on R slash open source. And and and what I really got from him, which was great, is their commitment to open source and how important open source was for him then and is today. It's really what's made Bitwarden the trusted leader in password management. And of course as time goes by, it's more than just passwords. Now it's pass keys. Frankly, it's secrets management in general. More than 15 million users across 180 countries, over 80,000 businesses. Bitwarden has built its reputation around trust, transparency, open source security, and putting users first. And so this was the one of the things I wanted to get Kyle on to talk about. Really important for those wondering, Bitwarden remains absolutely committed to its free version, free forever, unlimited passwords, uh unlimited pass keys, unlimited devices, free forever for individuals. And what Kyle said, and I think is really important, is that's not their business model. Their business model is they make money on selling to enterprises that want more support. They want, you know, more features. But they re Kyle really believes A, in the power of open source, and B that it's important for every single person to have a password manager . And so he's committed to the free version. And I, you know, I was very impressed with his openness, his forthrightness. Bitwarden continues to invest in secure, accessible tools that help individuals, families, and yes, organizations protect their digital lives without compromising trust or transparency. He talked about being open source. He talked about the fact that, you know, they sub it's funny, there 's a great open source alternative vault for Bitwarden called Vault Warden. And he said, what people don't realize is that the guy who created Vault Warden a couple of years ago started working for us at Bitwarden and we support him in doing Vault Warden. It's it's an alternative to Bitwarden. You know, sure we want people to use our services, but but we're open and we believe in openness. Bitwarden believes that security should be accessible to everyone, and that's why they continue to offer a trusted, free password manager, alongside more advanced tools for those with families or teams to protect . And Steve and I both use Bitwarden and we both pay for the premium version at 20 bucks a year. It's it's still a remarkable deal. Mostly I think because we want to support uh Bitwarden. Uh I'll say I'll say that for myself. Lately I just added Bitwarden always adding new features. They give you everything you need to stay secure online. They generate strong passwords with a real random number generator. We talked a little bit about that on on the uh interview, which is available by the way on our uh uh YouTube Twit feed, uh storing pass keys. I love Bitwarden for pass keys, managing sensitive credentials of all kinds, and syncing securely across devices. For businesses and advanced users, Bitwarden also delivers enterprise grade security tools, including Secrets Manager, Vault Health Reports, and Secure Credential Sharing for teams. In fact, Bitwarden uh uh uh I use my agent, my AI agent , I recently converted over to using Bitwarden to store all the API tokens, all the keys I don't want to accidentally exfiltrate, put on GitHub or get let somebody get access to is so secure in the Bitwarden vault. I said, you know what? They have an MCP server. This is the easiest way to do this. All my secrets are stored in Bitwarden. They've also introduced, they introduced this at RSEC, the new agent access SDK, and I love this because they've made it open source and they've offered it to every password manager, not just Bitwarden. It's an open source developer toolkit designed to help teams securely integrate credential access into applications, automation The SDK enables controlled, human-approved, just in time access to credentials stored in Bitwarden vaults without exposing sensitive information or granting persistent access. It's what you need . It's what you're looking for if you've got an AI agent. And it's designed to support modern development and automation workflows by keeping security and transparency front and center. And because Bitwarden is open source, and yes, it's GPL licensed. Yes, it's on GitHub. It's code bases. You can look at it, of course, but it's also continuously reviewed and audited by not just the community, but independent third party experts. Bitwarden also complies with major security and privacy standards, SOC2, Type 2, GDPR, HIPAA, CCPA, that's ISO 27001 certified. And they're always evolving. Bitwarden is continuing to evolve to meet modern security needs, including expanded pass key support, secure developer tooling. I love the fact that I could generate and store my SSH keys in Bitwarden. And they've added Bitwarden Lite, a flexible, lightweight self-hosting option for users want to add add itional control over their environments . They care about the users. I've never seen a company do this. It's amazing. Get started today with a free trial of the Teams or Enterprise Plan or get started for free across all devices as an individual user at Bitwarden.com/slash twit. That's bitwarden.com slash twit. I love Bitwarden. And Kyle Spearn uh that watched that interview. He just inspired me to continue to support bitwarden because they are going to continue to support us and I think that's really important. Bitwarden dot com slash twit. Thank you Bitwarden. So did you guys talk about the uh ownership changes? Well I did. And he said we're absolutely committed to open source. It's that is not going to change. The ownership hasn't changed and will not change. They have a new CEO that can s he said these were completely unrelated issues where the they act marketing accidentally removed the free forever copy on the website, which they've put back as soon as people noticed it. Oh it's there. Oh. And he said, we're still committed to that. Uh they uh they had they changed the CEO, longtime CEO was replaced by another guy who has finance experience as people were concerned about that. He said that was completely independent. And then there was a third uh th oh when they uh they doubled the cost of the premium for from ten dollars a year to twenty dollars a year. He said, you know, that was poorly planned. We just hadn't raised it ever. And we should have raised it a little bit at a time because expenses have gone up, everything's gone up, it costs some money to support and all. But you don't have to pay for it. And that's the other thing. And he said absolutely we're committed to open source and free. Well, you as you can imagine, Leo, m s I got so much email from our listeners saying, Hey, what the heck? You know, Yes, and that's why I wanted Kyle on. You know, it wasn't a paid you know, uh uh they're a sponsor, but we they did not pay for that interview. In fact, I had to twist arms. Kyle does not like doing interviews. I said, Kyle, you gotta come on and tell people, reassure people, uh, tell them what's going on because they're concerned. So uh that was hard to get him on. That was not a paid and i would would i argue that our audience has probably been influential in in bit warden's growth i mean we we left you know last pass and needed somewhere else to go . And Bitwarden was a lot smaller then than it is today. And well, so you know, the what's funny is that's why he started Bitwarden in twenty fifteen when log me in bought LastPass, he said, uh oh . I'm gonna start Bitwarden. And he he says there's no way anybody would trust a password manager from some guy they never heard of unless I made it open source. And he said the open he said we got PRs immediately, the open source community can uh immediately uh helped us out. I mentioned the fact that one of our listeners added the memory hard argon to code as a as a PR, which they accepted and added to the code. And and that's his commitment. He is all about open source. So I was I was really impressed. Yeah. I think he he uh good he did the right thing. Okay, so our picture of the week I gave this the cap I gave this the caption not all signage seems necess ary. You we've had so much fun with signage on this show. All right, let me scroll up and see. So there's two here. Uh You want to scribe? Okay, so the one on the left, you know, I I I okay, the sign reads in all caps, red , cannot miss it. Do not breathe under the water. I guess this is at a swimming pool somewhere. Uh and yeah, I I I it means advice. I I think as as advice it makes a lot of sense, Leo, because it it's been shown to be difficult to do so. Now the one on the right, we have two two side by sign uh examples of perhaps unnecessary signage. This one on the right says do not sit on fence. And advice this this is like a fence from hell. I mean, it's got spikes uh every six inches and curly flanges and things. I mean, you would not I mean, yes, do not sit on fence because the paramedics will be required to remove you from the fence should you do so. So anyway, yes, I I thought that was that was like, okay, what are they thinking here? But yeah. And maybe like it's they they were uh you know af,raid of l uh legal repercussions, having basically an extremely dangerous fence. If we didn't warn you, we exactly the sign said you come on, don't you still poke your eyes out on this fence . We warned you . Okay, so uh as I said, we uh two topics we first uh broke the news of last week turned out to be manifesting just as we unfortunately predicted, uh Unify OS are under attack. Remember that they they uh urgently announced five vulnerabilities, three of which they assigned they meaning ubiquity maximum severity. And unfortunately, the news is what we expected, as I said, due to widespread exposure on the internet of these devices. I mean, after all, they are they're they're they're border devices. They're they're on the perimeter of people's networks. So internet exposure is pretty much de facto uh more than a hundred thousand Unify OS-based devices are known globally, half of which, 50,000 of which are located within the U.S. Uh attacks commenced immediately upon the bad guys becoming aware that like, ooh, there's some new problems we didn't know about. Let's get them. So last Tuesday afternoon, a posting over on Linus Tech Tips noted that multiple users on Reddit were reporting that their Unified devices or unified devices they oversaw which had not been patched for Ubiquiti's security advisory, which was quite fresh, had a super admin user named John Sim , S-I-M , added to their configurations overnight with additional users chiming in as their regions woke up and checked to see what was going on with their Ubiquiti devices. Who's John Sim? You know, we didn't put him in there. Uh the attackers appear to exfiltrate uh data via the unify backup feature once they've acquired presence inside of the Ubiquity or the Unify OS device. So a person , a user, uh K 987654321 over on Reddit posted Hey guys can someone help me please I'm away on holiday he says parents in another country close friends and just had a notification that a super admin had been added to my account whilst I've been here, meaning out of the country on vacation, uh, or on holiday, right? He said, I logged on to the unify iOS app, and there was someone called John Sim , S-I-M , in there. I promptly removed it, as you can see. Uh, someone posting uh on Reddit as the Toxic Nerve said, I just had exactly the same happen on my UDR, same username too, John Sim . Poster Jeff Porton added, confirming what we saw that we saw the same attack, same username. We've removed the bastard from the user from the super user list and inspected the logs. A poster eager C DM Beaver posted I also just had the same thing on mine. Thomas RW1 added, just had two sites with this user created have a lot more sites that were fine. Presumably they haven't found them yet. Uh RAVICC posted, I got hit with this too. I was on unify OS 5. 0.16. I got the update notification on Thursday. I delayed the update last night since I was traveling this week. So I was on the previous version of the Unify OS. I also noticed that there were multiple backups triggered. Not sure where these backups went and what they were attempting to do and what sensitive inform ation is in the backups . What then ensued over on Linus Tech Tips Forum was the typical back and forth about among other things w,hether automatic updates were a good thing. Everyone knows now my feeling about that. Propeller heads, I get it, like to be in the loop. You know, we want to manage our own devices and decide While that may have been practical a decade ago, I would argue it no longer is. At least not until our new AI code fixers have had the chance to give the entire industry's code base a thorough going over. And as we know, that's begun to happen, but it's a long way from being finished. Those arguing against enabling auto updates argue that a bad update might brick the router. Well and and they do use the word brick to increase the drama of their position. But that use is inaccurate because bricking a device specifically means killing it beyond repair, right? Turning it into a brick, you know, or maybe a doorstop. But that's about it. All the routers that I'm aware of have the ability to revert to a known working factory firmware image specifically to enable recovery in the event of an interru pted firmware update, that's always bad or a bad one. You know, whether it's automatic or manual. So no router is actually ever going to be turned into a bri ck by an auto-update failure. The worst that's going to happen is that a router won't boot after a bad update and will require some manual recovery. You know, boo-hoo. You know, I'm not saying that 's a good thing, but as I said last week, I now believe, given all the evidence, and here you just saw a bunch of it, right ? A mature manager having weighed the risk, risks, the real risks , which you know, I would argue are minimal versus the rewards, which are obvious and plentiful, will opt for enabling auto-up date of their systems. Doing so will give them an extremely high probability of protecting their users from the attacks that are happening with increasing speed uh and frequency, you know, while also having frankly not zero, but an extremely low probability of actually causing a network outage due to a failed update. So yeah . Could it go bad? It can. But I I I used the analogy last week that I that we liked of of using, you know, think of it as a as a fuse or a circuit breaker. You know, it's something bad happens, you want it to protect you. Can it you know misfire? Yes, but the probability of that happening is low. So anyway, it's really interesting to like immediately see ubiquity uh uh advises of bad problems, bad guys figure it out, attack the crap out of the global supply of unify OS devices, adding a you know, obviously an automated attack, right? If you're you're not doing 50,000 devices, always giving the same super admin John Sim to the device, you immediately automate the attack and turn loose something that is scanning the internet, finding these things and compromising them. What we need to have is automatic updates, the the um the publisher that finds out there's a problem intern ally updates all of the devices that are asking for automatic updates and only then releases the news to the public so that those sad sacks who have automatic updates turned off have some chance of beating the bad guys to it. But if you're on vacation, if you're saying, well, I'm going to think about this for a while. I don't want to, you know, let's sort of see how this update goes and see if anybody else has problems. Well, good lu ck. Uh also last week we covered the critical post Gress QL SQL injection vulnerability that affected pretty much all Drupal instances that is all of the upgrade paths that were or or the the release channels that Drupal had uh for those that were using the Postgres QL database on their back end. So not necessarily all of them, but apparently a good many. And Drupal noted that this was an old problem. It affected affected even the very very oldest eight version series and nine version and they and you know and they're they're they're they're they're now at uh ten and eleven at least. So the vulnerability was so bad, remember, that the Drupal team uh announced that this was coming so that admins would be like having time to come back from vacation or or like budget some some upgrade time or notify their users that you know Drupal might briefly have an outage in the in the coming days, whatever. And then they produced patches not only for the current set of versions, but also for even those long past end-of-life versions, not trying to like update them fully on everything else that had happened, but at least these two, because you know, like the the the version eight dot anything and nine dot anything , they got this patch because it was so bad. So against that backdrop , we now have the US government's CISA giving agencies one day to update, no excuses, period. Bleepy computer had some yeah, it's like, do this now . They had some nice coverage of this. They wrote CISA has given U.S. government agencies until Wednesday, and this was on Tuesday of last week, until Wednesday evening to secure their servers against a sequel in jection vulnerability in the Drupal content management system that it flagged as actively exploited. Managing massive data structures and multi-site installations, including government entities, educational organizations, major research universities, and high profile enterprise and media organizations. Google Mandi Researcher, Michael Mat uri discovered this vulnerability now being tracked as CVE 2026 908 2-9 082 in Drupal's database abstraction AP I. They wrote the security flaw can be exploited without authentication, allowing attackers to trigger arbitrary SQL injection on Postgres QL powered sites via specially crafted requests. Successful exploitation can potentially lead to information disclosure, privilege escalation, and even remote code execution. I mean, this is like the way in, right? Why who wouldn't uh take advantage of this if they could? The Drupal security team flagged the flaw as highly critical before releasing patches and confirmed that exploitation attempts had been detected in the wild. Cybersecurity firm Imperva warned on May twenty first, quote, since C V E twenty twenty six nine zero eight two was Was released. Imperva has observed over 15,000 attack attempts targeting almost 6,000 individual sites, and um and they're gonna succeed, right ? Across 65 countries. Attacks are primarily targeting gaming and financial services sites so far, accounting for nearly 50% of all attacks. Internet Security Watchdog Group Shadow Server now tracks nearly 6 7 0 unpatched Drupal installations exposed online, most of them from North America , that's 272 of the 6 70, and Europe, 273 of the 6 70. Friday, the U.S. Cybersecurity Infrastructure Security Agency, CISA, added the flaw to its known exploited vulnerabilities. Remember, that's KEV, the Kev catalog, and ordered federal civilian executive branch agencies to patch their systems by midnight on Wednesda y, May 27th, as mandated by binding operational directive. That's that BOD 2201. Although BOD 2201 applies only to U.S. federal agencies, SISA advised all defenders, including those in the private sector, to apply the patches as soon as possible to secure organizations' devices. SISA warned, quote, this type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Although BOD 2201 only applies to uh FCE B agencies. CISA strongly urges all organiz ations to reduce their exposure to cyber attacks. Again, yeah, why wouldn't you? By prioritizing timely remediation of Kev Catalog vulnerabilities as part of their vulnerability management practice. Apply mitigations per vendor instructions, follow applicable BOD 2201 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Over the past several years, they conclude, CISA has flagged five Drupal vulnerabilities that have been exploited in the wild, two of which have been abused in ransomware attacks. And it's like I said, that's if you could do all of the things that that these vulnerabilities allow you to do, it is a way in to anybody who wants to to get into and abuse their access to uh a network remotely? So we really do appear to be seeing a world now which we weren't seeing 10 years a go, and we were observing the fact that we weren't and kind of being glad for it. Now we're in a world where no known vulnerability goes unexploited. It, you know, if it happens, bad guys are on it because they realize there is money to be unfortunately to be extorted from anybody's network they can get into. And that's the goal. So I I just I'm glad that we now while we see this this acceleration that there's hope on the horizon than,ks to AI vulnerability discovery, which can be employed before any new code is released going forward. If this is done right, you know that phrase which has always rubbed me the wrong way. I just it makes me cringe when I hear someone say all software has bugs. You know , that can finally there's hope that this could be prov ably refuted, Leo. That it it no longer really needs to be the case that all software has been a good thing. Some software has bugs. Yeah. The well, yeah, like the buggy software has bugs. But otherwise, not all software. Just and not all software needs to be buggy because there's a chance we really can, you know, basically we we got into this weird p situation where we were creating something that was too complex for us to understand. I mean, I've commented about that and Microsoft's code base. There cannot possibly be any human being alive or or even not, who knows what Microsoft's code base is. It's just I mean it is so massive and so old and so confused and so so much junk has been strapped onto it over the years. It there is this you can it is unknowable. So what's cool is that we finally have created something else, namely large language model AI, which has the promise, and it seems to be demonstrating that, of actually being able to understand what we can no longer understand . We d we can't understand the code we write. It got away from us It must be possible because NASA writes software at what cost. That's the key. They have a lot of process to do it. Yeah. Yes. I mean, and and we know I I saw a a a comment once at what the the shuttle project software cost . They knew they could have no bugs. The shuttle control system needed to have no bugs. That's what they produced, but at extreme cost . And so that's really what this represents. Now your your comment, I think it was before the podcast, right? Where where you were talking about what uh uh Palo Alto networks paid oh yeah, spent mythos tokens. Ten million dollars, I think it I think it was. But they found some truly mission critical bugs that they weren't aware of before. So and finding them is probably to them worth $10 million . I mean that's they're a security firm. They can't have any bugs. Yeah, talk about reputation damage when there are some you, know, no authenticated needed uh authentication needed means of of crawling into their system. So uh but but the point is it is I mean, what has always rubbed me the wrong way with Microsoft is that you know, they ship product with no with bugs they know of because they figure, oh well, it's they're not that bad. You know, the real the killer showstoppers, they they and and even then remember a couple years ago when they had the the this raft of printer problems? And it's just like like month after month after month and the and there were researchers ri saying why aren't you fixing this that you know you're not you're you're refusing to let me talk about it it's been six months that I haven't opt up but, you that you've not let me disclose the thing I found, you won't fix it. And and the researchers were biting their tongue because they recognized that it would be the end of the world if they did disclose what Microsoft knew about and just didn't seem to be in any big hurry to fix. Or Microsoft would patch the symptom and not actually find and not actually patch the cause. And so then it was easy to work around the the the the patch for the symptom and still execute the bug. Anyway, there there's a lot going on with Microsoft because uh and you may be aware of this Leo the the this whole nightmare eclipse person well that that Microsoft blog posting really rubbed me the wrong way and a lot of the rest of the security research ers in the industry because and I don't mean to c count myself as a security researcher, but security adjacent people, but a lot of the the the hackers and researchers because Microsoft was now threatening to sue this person. I mean, made it kind of clear that's what they were saying. But and what rubbed me the wrong way was these are your bugs, you Redmond people. Um it's like it's not like this person is like sh you know dropped a missile on you. They're showing you that you're, you know that you're about to explode because of your own problems, which you haven't fixed. Yeah. Yeah. But he has been also a little bit of a jerk about it. Uh well, yeah. Yes. And well he yes , and is now threatening some doomsday on july fourteenth, which is gonna what a gr break their bones or something. I can't remember what the expression was, but it's like oh anyway, if we want drama in our industry , we got some nice, you know, social drama. So yeah. Wow. Um, but speaking of drama, we have another uh advertiser that we should hear about. Oh, and it's very dramatic. Yes. So we better we best get to it. Uh give Steve a chance to hydrate and tell you, my friends, my dear friends, about our sponsor for this segment of Security now, Hawkshunt. Kind of aptly named. It's like uh Fox Hunt with an H . They're hunting for fission scams. As a security leader, you you have been there. The eye rolls during training, you know, the one size fits all fishing simulations that your employees go, oh God, they spotted a mile away. And then the report button that gets ignored more often than not. And you know why it gets ignored? Because it's punishment, right? Now you gotta watch some crappy flash animation about uh fishing that, you know, it's it just doesn't feel like they're not learning. Your programs are running, but it's not changing employee behavior. And then meanwhile, the bad guys are moving fast. AI is making real attacks more convincing every single day. And uh leadership's asking the question: you don't have a clear answer to is our is our s is our training actually working ? know because it's terrifying for anybody running a business. The thought that what was his name? This this sim guy? This Jim Sim could be at John Sim could be out there, you know, sitting on your system, sending you phishing emails. And Hoxhunt has been built to answer that. Hoxhunt empowers your employees, empowers them. That's an important word to spot and stop advanced fishing attacks. It drives measurable behavior change through personalized, gamified microtraining powered by AI and behavioral science. It's fun. Okay. And for you, it's fun. Hoxhunt as an admin, you'll love it because Hoxhunt does the heavy lifting. The simulations run automatically and not just email, but Slack and Teams as well. Just like the real deal, the simulations are personalized to each employee based on role, location, and behavior. The bad guys do that too. Every simulation uses AI so that's mirroring exactly the real world attacks that are actually happening, meaning employees are being tested on the stuff that's getting through, not some outdated template. They go, please, they recognize it immediately. And the and the gamifying, and it's done nicely. It's done fun. It keeps engagement high without feeling pun itive. And because every interaction generates a coaching moment, you're not just tracking completion, you're actually building behavioral indicators to tell a real story. Reporting rates, repeat clicker reduction, and time to report, the kind of metrics that hold up when leadership knocks on the door asking the hard questions. You don't have to take my word for it. With over 3,500 verified reviews on G2, Hoxhunt is the top -rated security training platform. It recognized for best results, easiest to use, also recognized as customer's choice by Gartner, and thousands of companies that use Hoxhunt, like Qualcomm, DocuSign, Nokia . They trust it to train millions of employees worldwide. Look, it's easy. Visit hoxhunt.com/slash security now, right now. Learn why modern secure companies are making the switch to Hoxhunt. That's Hoaxhunt.com slash SecurityNow. We thank them so much for their support of SecurityNow and the vital work Steve's doing. So during the third calendar quarter last year, Cloudflare was hit by and mitigated, astonishingly, the largest DDoS attack ever reported. It clocked in at a wire melting twenty-nine point seven trillion bits per second. You know, and we'd toss trillions around like eh, okay. But really, uh a thousand t uh nearly thirty thousand million thirty thousand millions of bits per second uh so th this astonishing attack was attributed to the Asuru botnet which Cloudflare estimated, was composed of uh you know, it's kind of hard because they can spoof their IPs and but i i i i if it's a TCP connection uh attack, then you can't spoof. So they're anyway, they're they're estimating somewhere between one and four million infected hosting machines globally. One and four million . Um so think of this the tas k the the scale of the task of assembling and managing somewhere between one to four million individual host machines which have all one way or another been collected and commandeered to serve under a single master . Okay, so because a botnet of one to four million already seems astronomically large. I was surprised to learn that a far larger botnet was recently discovered by a security researcher who then reported the finding to the NCSC . After some additional investigation, Dutch authorities, in concert with the National Cybersecurity Center in the Netherlands, took down a set of 200 servers. Okay, this is just the servers. These are command and control . 200 command and control servers that were being used to manage more than an astonishing 17 million bots. 17 million, Leo. All in one chat room ? Wow. So these things were residing in hosts around the world. Uh a single managed botnet, more than seventeen million units strong. The reporting on this stated that quote the police seized several botnet servers from a hosting provider for investigation purposes. The hosting provider then took the entire botnet offline because it was being used for criminal activities. Yeah, no kidding. Okay, so however, these days , as we know, botnets are not only being used to blast targets off the internet by flooding and saturating their internet connections. Unfortunately, today there's a large criminal demand for proxies, right? Looping traffic through some unwitting random consumer bandwidth in order to obscure your actual identity, to come at something from a different IP. That appears to be what's going on here. The Netherland Times reported writing the cybercrime team of the police unit, the Hague , together with the National Cybersecurity Center, the N NCSC, says it has successfully dismantled a large as ASOX A S O C K S, a large ASOX botnet and taking it offline. The botnet was made up of at least 17 million compromised consumer devices, right? TVs, routers, what light switches, who knows, around the world, including computers, routers, tablets, smartphones, and internet connected devices such as smart security cameras. Investigators identified two hundred servers used to run the infrastructure, all of which were physically based in the Netherlands. The ASOX network operated as a residential proxy service in which cyber criminals covertly infected poorly protected consumer devices These compromised devices were then used to route internet traffic and launch large scale cyber attacks, all without the knowledge of their rightful owners. The case was triggered by a report from a security researcher to the NCSC, which quickly passed the information on to the police. This led to a joint investigation by both agencies. During the operation, the police unit, The Hague, confiscated several servers from a Dutch hosting provider for forensic examination, while the provider itself shut down the malicious infrastructure once its criminal use had been confirmed. As consumer devices and routers are frequently targeted by proxy botnets, the police and the NCSC advise users to change default passwords right away. Ensure their Wi-Fi is secured with WPA2 or WPA3 , and install software updates. What do you know , as soon as they become available? So it's not clear, you know, whether the perpetrators of this comprehensive network failed to plan for this event uality . My gu ess would be that they did plan for this. If they were running an installation of two hundred command and control servers for the purpose of managing the more than 17 million devices they had previously and painstakingly arranged to infect and control remotely, then this was not some fly by night hobby oper ation run by some random hackers. This would have been a serious money -making commercial criminal enterprise. And my guess would be that it still is . I strongly doubt that simply shutting down the command and control servers, basically cutting the head off, will have been anything more than an inconvenience to these people and a momentary cash flow interruption. Now we've previously talked about you know the the the the technology of this uh and the many ways that disconnected bots can be rejoined to their command infrastructure. A favorite Plus members of the fleet that have been unable to reach their controllers at the previous DNS based address, knowing the current time and date, will use an algorithm to synthesize a new DNS address in the future . And then they will query that to obtain the IP address for the updated command and control server infrastructure once one has been brought back online . I'd say it's a pretty safe bet that this massive network of residential proxy hosts will be back in action just as soon as another willing hosting organization can be found and servers established there. So think about that. 17 million individual infected devices with just, you know, just some little bit of code in them, some little server that arranges, I mean maybe not even that that's able to survive a reboot. Some of them can't, but many of them will have modified their firmware, you know, stuck a little uh you know, added something into the boot sequence that brings them back online , and until a user you know, like updates the firmware to flush that thing out, that little device will be infected. One of more than seventeen million that are are all part of this. It is still control those in IRC uh servers? No, it doesn't have to be. I mean, that is one way, but now you just use some some bizarre looking DNS. Rem remember one of our listeners wrote saying that he'd looked at his DNS log s and thought that he had been infected by malware because he saw some gibberish str ing dot com. And it turned out it was my benchmark. It was my DNS benchmark that uses those in order to bypass caching in order to determine the the connection speed to the dot com servers. And I said, Oh, the good news is you're not infected by malware. But that's what it would look like if you were. Interesting. So so because you need some way to command it, right? You need to have some way to say bots attack, you know, this address or whatever. Right. Exactly. So what will happen is they will set up the the you know that the the the bad guys got booted off of this one particular hosting provider that what actually is a known uh shady provider so you know after they got found out they, really had no choice but to comply with Dutch authorities and and you know take down the whole infrastructure. But there are other, you know, um disreputable yes. And so the bad guys will will get a bunch of servers there, re-establish their infrastructure, uh, lock down some IP addresses, then they will go and register a domain in the future which which they know their bots will check on. And so they will pull the bots poll the domain. Yes, the bots do DNS lookups, which there's no way you can block across the entire internet. Um they pull the domain, get the IP address that the bad guys have set up for that domain, and that reconnects all 17 plus million of them in the future. Wow. They're just they're just not going away. You can't you can't get rid of a of a properly established botnet of that size. Yeah. And of course, they can also be told to be scanning and infecting, you know, their neighbors. So the the spread it spreads the botnet yeah the botnet itself can be actively working to to continue to spread itself. Right. Yeah. We have a ways to go before we get the internet cleaned up. But you know, at least getting our our code working is a good first step . Microsoft, uh, in their May 2026 new features, that was just last month or last week, really, new feature summary contains an interesting item called automatic device isolation or automatic attack disruption. It's currently in preview status, but the brief description says Microsoft Defender for Endpoint can now automatically isolate compromised devices as part of automatic attack disruption. Isolation blocks most network traffic while keeping the device connected basically to them to security services. The action is time limited, scoped to the incident, and security operators can release isolation at any time . And then elaborating further elsewhere, Microsoft wrote: When a device in your organization is suspected of being compromised , Microsoft Defender for Endpoint can automatically isolate the device as part of automatic attack disruption. Automatic isolation helps reduce the risk of further impact on the organization, limit attacker lateral movement, and prevent impacts such as data exfiltration and ransomware propagation. When a device is isolated automatically, the compromised device is disconnected from the network, reducing the risk of further impact on the organization. But the vice remains connected, the retains connectivity to the Microsoft Defender for Endpoint service, which continues to monitor the device. And I have in the show notes a little pop-up uh of what a a user would get where it would show it would show network disab led. Your IT administ rator has caused Windows Defender to disconnect your device. Contact IT help desk. So yes, you probably uh I don't want to say loser, but uh some you know I mean I really don't because anybody can fall for it, but it was probably probably a fishing attack, right? Where they opened the zip or they clicked the link or something. They infected themselves immediately, hopefully immediately, Microsoft Defender said, uh oh, and just boop takes them off the network. Exactly. Send sends a note to IT and you're gonna have some geek at your office door knocking on the the the door frame saying, uh, is there something you want to tell me? Or more likely you're gonna be not pounding on their door saying the internet's not working. Right. What's wrong? Exactly. So anyway, there is for those who are interested, there's much more information about this new feature that's now available in preview. I've got a link in the show notes for anyone who is already deeply committed to Microsoft's solutions and whose enterprise might benefit from this automated compromised workstation isolation seems like a good thing to me. I mean, if you're already all in on Microsoft, by all means, uh you you definitely want some that I I I don't there's no really other good word than loser. Uh some victim. How about victim? Hapless. Hapless. Hapless is much more neutral. I like that. Some hapless user who who thought it was a note from mom and it turned out to be a note from Mal instead. Yeah, we have some hapless losers on our uh team who shall remain nameless. Uh I'm one of them, frankly. I've I've fell for a fishing scam. I and I and I told you uh as I I shared a couple of months ago, I came close. I thought it's like, oh what? And speaking of coming close and GRC. Yes. Last week, I received an email from Troy Hunt's Have I Been Pwned notification service. Uh it stated that GRC was affected by a recent breach at charter communications. Oh now , while I value Troy's service, uh and you had him on recently, every time I've reacted to similar news and have taken the trouble to see which of GRC's accounts might be affected by a breach that HIBP captured and analyzed. What I discover is it that's a handful of email accounts we have never had. Never they've never been valid. It's you know cookies and ice cream at grc.com. It's like what? So the Grc.com domain has been around long enough and has acquired enough of a positive reputation that unfortunately its domain, just the domain name, is used to anchor spam. And of course, you know, this is true even though anyone who might receive email claiming to be from GRC, that is any server who gets because it always goes to an SMTP server first, right? Before it goes to a user, any bound SMTP server that receives email for one of its client users claiming to be from GRC can trivially determine whether or not that email was actually signed by GRC's server. Can you use DMARC and DKIN and SPF? It never will be signed. Unfortunately, the fact is, even today, not all recipients bother to check. Right. Even though SPF, DMARC, DKIM, they've all been well established for many years. So in any event, after receiving Troy's advisory, the news is, oh, and we never had an account, a charter. We don't have charter. So there you go. Okay. Anyway, so I didn't I did this time I didn't go because I know what was going to be there. So and I think it was like 2 63 email addresses. And if I had I had to like pay for a subscription if I wanted them enumerated, and it's like, okay, uh 2 63 at our peak, we had twenty-th peopleree and now we have three. So no. In any event, uh I it's sometimes you have to explain this to people that it's trivial to spoof sending email addresses. It's the easiest thing in the world. You could you can do it in your own email client, let alone in a spam. Incoming spam that I get is is often from Z QDW b,lah, blah, blah, blah b,lah at, and another j you know, gibberish domain name. I mean, it's just junk. And it's meant to to to to bypass the the the the block filter that we put up last time we got email from this Cretan saying block future email. So now comes in with different random nonsense in the email. Yeah, it's impossible. Yeah. Yeah. So in any event, after receiving Troy's advisory , the news is that there was indeed a very sizable breach at Charter Communications, uh uh which actually wasn't that surprising , and neither was the news that the Shiny Hunters gang was behind the breach. Oh boy. Bleeping computer once again gave gave us great coverage riding the Shiny Hunters' Extortion Gang stole personal information from again, not that it's not already out there, from four point nine million accounts after hacking the US telecom giant charter communications in early April, according to the data breach notification service, have I been pwned? Charter has over 92,000 employees. Lots of opportunities for clicking that link, Leo, and provides internet, mobile, video, and voice services to more than 32 million customers and over 57 million homes across 41 states in the U.S. through its spectrum brand. You're right, Spectrum Communications. The company confirmed the breach, meaning charter communications, confirmed the breach earlier this week, saying that the attackers did not steal sensitive personal information. That's right. Only the non-sensitive personal information. And that it had alerted authorities about the incident. Oh, that's good. Charter told bleeping computer, quote, no sensitive personal information. We're now gonna abbreviate that PI for personal information, or customer propriet ary network information. That's got its own abbreviation. The CPNI customer proprietary network inform ation, CPNI data was exfil exfiltrated, none of that by the threat actor as a result of recent activity, unquote. It's a just activity, Leo. You know, it's a pesky activity over While Char ter has yet to attribute the attack and has not shared further details, writes Bleeping Computer, the Shiny Hunters Extortion Gang claimed responsibility and told Bleeping Computer that they breached the company's systems on April Fool's Day in a phone phishing, now known as Vishing attack, uh that compromised an employee's Microsoft Intra account. And again, charter communications, ninety-two thousand employees strong, ninety-two thousand opportunities for voice fishing . The threat actors. I don't either. As I said to you, remember famously, I I well back in the days of that Sony breach, I wouldn't want that responsibility. Yeah. Trying to keep Sony secure. How how is it possible? It's not. So the uh Bleeping Computer said the threat actors claim they use this access, the mic Microsoft Enter account breach through voice phishing to steal forty-two million records from charters sales force instance, including consumer and business customer names, email address es, physical addresses, phone numbers, phone types, plan information, support ticket data, and some CPNI data. That was the customer proprietary network information. However, charter spokesman denied the gang's claims of CPNI data theft and said that only sales tools used to manage current past and prospective business customers were impacted. No CPNI or sensitive PI was released by the threat actor. Now notice that like forty-two million records ? That's a lot. Um, relative to the total number of customers that they have. So bleeping said after the computer a after the company refused to pay the ransom demanded by Shining Hunter. So Shining Hun ter said, pay up and we'll not release this publicly and we'll delete everything. Charter said, you know, go tax somebody else. We're not paying you anything. Uh uh Uh so they refused to pay the ransom demanded by shiny hunters. Um the cybercrime group leaked the documents, all 42 million of them stolen from charters sales force instance on their dark web leak site for everyone to have. So that point, Troy came along. Have I been pwned, analyzed the leak data, and confirmed, writes Bleepy Computer, that the incident affected four point nine million accounts whose names, email addresses, job titles, phone numbers, and physical addresses were stolen. Physical, that's annoying. You know, you don't really you know, I mean not that it's hard to find anymore, but still but you don't want people knocking at your door. No, not if you can I mean we know we've seen what happens with with with unpopular politicians who have that happen to them. So have I been pwned said, quote, the group later published the data, which exposed 4.9 million unique email addresses along with names, phone numbers, and physical physical addresses, a subset of approximately eighty-five thousand records originating from an internal employee directory also included job titles. So now we know where you are in the hierarchy and you know probably how how much you're worth further harassment. Shiny Hunters, they wrote, has been targeting Salesforce customers, as we've covered many times over and over and over over the past year, breaching hundreds of companies worldwide and claiming the theft of billions of records in Salesforce, Aura data, theft attacks, and sales l ale's loft drift campaign. The FBI has recently advised Shiny Hunter's victims not to give in to the gang's ransom demands after previously warning that doing so cannot guarantee that threat actors won't attempt to sell the stolen data to other cyber criminals or extort them again. And I'll say I don't think that's right. We have not yes, the the only way they're gonna continue to get paid is if they honor their promise to not disclose and delete the data. There's much more money to be made from extortion than there is for after, you know, post-extortion resale. That's not where the money is . The money is in, you know, them acquiring a reputation for honoring their we will delete your data. As soon as a story comes out that they didn't do that, they lose all their leverage. So I get it, the FBI is saying don't pay them, but I I don't think you know, yes, you know, there's no guarantee, but it's a self-imposed guarantee that makes all the sense in the world for the bad guys to honor. I'm not saying anybody should pay, but I'm just saying, you know, don't imagine that it's been leaked anyway. So far, we've seen zero instance of that happening that I'm aware of. And it and I it's easy to see why. Their only leverage is that they honor that promise . And they finished saying charter communication systems were also compromised in a wave of breaches by a Chinese state-backed threat group tracked as SALT Typhoon, and also impacted uh which also impacted ATT Verizon Consolidated Communications, Windstream, and Lumen, as well as telecom companies in dozens of other countries. So you know the unfortunate success of voiced fishing, or now vishing, which is an unknown word, attacks, you know, it it's a perfect example of the sort of cybercrime that unfortunately AI used for software vulnerability discovery and remediation will not address. Maybe it can come to our aid, AI can in some way by detecting it or you know using uh you know like a global visibility somehow in into what's going on. I don't know. But you know, even though our even when our software is working the way we intend , we're still gonna have problems with security. And as I said, Leo, you know, we don't have to worry about running out of things to talk about, which is a mixed blessing. One last note and then we'll take another break. Uh we first talked about something known as device bound session cookies in detail uh year ago, July of twenty twenty five, when Google first announced their intention to support this technology, which is about a year older than that. The name pretty much says everything. Device bound session cookies. We saw way back in the days of the FireSheep Firefox browser extension that when H TTPS, which is to say TLS, back then it was SSL, was only being used transiently during the brief privacy-sensitive logon event. Uh you know, which for example is what Facebook was doing at the time, only using SSL to protect username and password when it was being applied to the logon and then dropping the user back to regular HTTPS . When that was the what was going on , other people's well, everybody's session, but you only care about other people's session cookies, uh, after they had logged on, could be easily captured and re used, replayed to impersonate them in real time. This was possible because the cookie was a simple secret token that was assumed to remain the sole secret of the logged on web browser . But it was in no way bound to, as in tied to, or connected to the physical web browser that had first received that cookie from the web server . So as I said, naming something device bound session cookie pretty much tells us everything we need to know. Google's Chrome browser has been testing this next generation cookie tech in beta mode for some time. But last week they announced that it had moved into general availability. The technology allows browser cookies to be cryptographically locked to a single physical plat form's TPM, not even the browser, to the under lying TPM or secure enclave, so that no one who might arrange to intercept that cookie can successfully use it to impersonate its original owner. You know, we are making very painfully slow, gradual, incremental improvements in like the fundamental way these things work. So there's no user side uh behavioral change, not no user facing change. Users won't see this at all. Um and as I noted at the time last summer when we went into a deep dive on the technology, this does require extensive re-plumbing support uh from the server on the server side. So it's very unclear when that might happen for non-cloud -based providers, you know, biggies like Microsoft and Google, uh uh, you know, someone like Google will deploy it and support it across their their browser facing uh support because they can. You know, our banks and our social media providers may do so, you know, at some point when it's built into the servers that they upgrade to in the future. But I'm not holding my breath for that one. So it's it's a little bit, I mean, it'll be there. The browsers will, you know, Chrome supports it now. It is a web standard. So I imagine eventually, and since you know Chr,omium is open source. Mozilla may grab it from the Chromium repository and move it over into Firefox. I imagine that Apple may get around to it. They don't really seem you know Safari is not the top of their list of things to maintain for some annoying reason. I'm a little, you know, I I don't know about you, Leo, but I often when I'm using Safari, I get like it's not it doesn't have access to all the little icons and widgets and things that web pages use nowadays. So you get little little boxy rectangles instead of like arrows and and icons. Everything except expects Chrome now, which is really not good, but that's kind of the way it is. So yeah. Yeah. Unfortunately. Uh what we're expecting is a another break for an announcer. That's right. Oh, a commercial. And then we're gonna talk about Anthropic's pending release of Mythos . Yes. Well, we'll see how pending that is. It'll be interesting to see exactly how free they make mythos . Uh our show today brought to you by Zscaler. Love these guys, the world's largest cloud security platform, largest. You know, in your business, it's uh I mean, I think Kyle Spirin actually at Bitwarden said it uh yesterday, he said you'd be crazy not to, as a business, be looking at AI. The potential rewards of AI are just too great to ignore, and your competitors are doing it. You gotta do it. But there are also risks, and you can't ignore those either. Loss of sensitive data and attacks against enterprise managed AI. Generative AI, as we have just been talking about, increases the opportunities for threat actors, helping them to rapidly create phishing or fishing lures, write malicious code, automate data extraction. You know, there were 1.3 million instances of social security numbers leaked to AI applications. We learned not so long ago that both ChatGPT and Microsoft co-pilots saw millions , millions of data violations . And you know, it's often inadvertent. It's often employees who aren't, you know, really thinking when they use these AI and they upload proprietary documents and information and stuff. You gotta protect yourself. And it's time, I think, for a modern approach. And that's what you get with Zscaler Zero Trust Plus AI. So zero trust does a bunch of things. It removes your attack surface. It secures your data everywhere. And the AI features are fantastic. It safeguards your use of public and private AI. It protects against ransomware and AI AI provides tremendous opportunities, but it also brings tremendous security concerns when it comes to data privacy and data security. The benefit of Zscalet with ZIA rolled out for us right now is giving us the insights of how our employees are using various Gen III tools. So ability to monitor the activity, make sure that what we consider confidential and sensitive information according to you know company's data classification does not get fed into the public LLM models, et cetera. Thank you, Seba. With Zero Trust Plus AI, you can thrive in the AI era. You can stay ahead of the competition. You can remain resilient even as threats and risks evolve. Learn more about it at zscaler.com slash security. You want to yourself to go to zscaler.com slash security. We thank them so much for their support of security now. Back to Steve Areno . So way down at the end of Anthropic's May 28th announcement last Thursday, uh, which announced their Opus four point eight uh update replacing their previous four point seven Opus , uh under the innocuous heading What's Next. They wrote, users will find Opus 4.8 to be a modest but tangible improvement on its predecessor. There's still more to be done. We're working on developing and releasing models that provide many of the same capabilities as OPUS at a lower cost . Not only that, but we plan to release a new class of model with even a higher intelligence than OPUS. As part of Project Glasswing, a small number of organizations are currently using Claude Mythos Preview for cybersecurity work. Models of this capability level require str onger cyber safeguards before they can be generally released. We're making swift progress on developing these safeguards and expect to be able to bring mythos class models to all our customers in the coming weeks. Okay, so we have no dates certain , and Anthropic is not elaborating on what the use of these new mythos class models will cost relative to Opus . But given all of the apparently well-deserved attention that Mythos has generated, and you know, it's probably difficult to overstate the demand mythos' release will likely create among companies whose current software offerings may be vulnerable to attack and who have not yet employed, you know, and or enjoyed access to mythos or daybreak or codename M dash. And there's a general sense also that's developing that maybe mythos is less special than you know anthropic has led the world to believe. You know, they sort of they got out there ahead of the pack. We know that the guys at IEL, AI S L E, were annoyed because, you know, they've made their business AI-based uh vulner ability remediation or d discovery and remediation. So uh this brings us to Daniel Stenberg uh and curl. Uh we have an update from him uh recall that he went through a grumpy phase uh uh induced by the overwhelming amount of ai slop uh vulnerability reports that he'd been receiving where you know he among other things terminated the the the bug bounty and that was a relief that when he's when he when he removed the promise of paying for for a vulnerability report, suddenly there was no incentive for all the annoying weenies and you know lev leveraging some random AI that were just flooding him with bogus reports. So suddenly the volume dropped, but the quality skyrocketed, which was a good thing. Okay, then more recently, ever since Anthropics' announcement of Mythos in April, the as we know, the entire software security industry has been seeing evidence that Mythos , while it was certainly great marketing on Anthropic's part, , uh was also m at least more than that. You know, some sort of a step forward. We're now getting a sense that it's less exclusively mythos and more generally the, the overall advancing quality of AI that is the bigger story here. Last week we examined the impact that Mythos specifically had on Mozilla's Firefox after they, in their own words, recovered from their vertigo of from being hit with 2 71 vulnerabilities in code that they believed had none. So what's new with Curl's author and maintainer, Dan Stenberg? Last week, Daniel posted the following to his LinkedIn uh account. He said not even halfway through this curl release cycle, we're already at eleven confirmed vulnerabilities and there are three left in the queue to assess and new reports keep arriving at a pace of more than one per day. He said eleven CVEs announced in a single release is our record from twenty sixteen after the first ever security audit. And that was done manually back in twenty sixteen by the by the company Cure fifty three. He says this is the most intense period in curl that I can remember ever being through. And again, eleven was the record in 2016. He's got 11 confirmed, three in the hopper, a new one arriving, more than one arriving every day, and he's only halfway through this release cycle. So uh following this posting, Daniel added the following to his own thread. He posted under that uh to his own thread, and I wanted to share also there what he wrote. He said, the simple reason is Colon, the AI-powered tools are this good now , and people use these tools against curls source code. They find lots of new problems no one detected before. And none of these new ones used mythos Focusing on mythos is a distraction. There are plenty of good models and people who can figure out how to get those models and tools to find things. Okay, so two things worth noting here. First, uh, we know Mythos is good. It's it is a real deal, but it's also clear that mythos is by no means the only game in town. Based upon what Microsoft has shared about code name M Dash , my take is it sounds as if it might be another significant leap ahead of everyone else and where everybody else is, but it's still proprietary to Microsoft. The second observation is what most interests me. Daniel wrote: the AI powered tools are this good now, and people use these tools against curl sour ce code, they find lots of new problems no one detected before. Okay, so the first thing is that just as Mozilla reported, AI is now discovering true vulnerabilities that have previously eluded humans. We know that while curl has had its share of troubles through the years, it has also been deeply scrutinized across well, 2016 was a big audit by Cure 53, so it's been around for a long time, you know, just as has Firefox . But the second and most important thing to appreciate, which is also what Mozilla said last week, is that the problem s are not infinite. There is some finite count of them , and everybody who's working on this now, everybody who's no longer getting any sleep and and you know, has doubled their their consumption of coffee is working toward bringing this back down to zero , where everyone thought it was a couple months ago. Daniel is now diligently doing the same thing. Those 11 CVEs he already has are resolved, they are fixed. Curl no longer contains them. So he will be approaching a time when no one is able to find anything else wrong. And curl , like the rest of the industry software, which is gone through by that time in the future, the AI ringer , will be demonstrably more correct and secure. And that's just all for the good . Um, one last little note on of happy news on the open source front. IBM, along with Red Hat, just announced something that they call Project Lightwell, which is a joint commitment on their parts to spend, and that's I did remember right at the top of the show, five billion dollars to help find and fix vulnerabilities in open source software packages. One of the concerns has been, hey, that's great. Everybody's got all these expensive models uh and commercial enterprises can afford to use them. You know, Palo Alto Networks can pay $10 million in mythos tokens in order to fix their problems. But what about open source? We're the volunteer guys. How do we get our stuff fixed? So uh IBM and Red Hat to the rescue. Uh they plan to deploy, they said, more than 20,000 engineers glob ally with AI tools as part of this new project. Their initial focus will be the Maven and Java ecosystem. So that's all going to get cleaned up. Uh then they're going to expand it to Pi PI , NPM, Go , and others. So it appears that the open source world will have some angels to help foot the AI bill to clean up its latent vulnerabilities as well. And that is really great news. So thank you, IBM and Red Hat. Yay . Okay, Leo, we got some feedback from our listeners. Uh lots of interesting feedback. I I got a kick out of this piece uh from a listener whose last name I'm gonna uh omit. Uh his first name is Al. Uh I recognize him from many years of occasional feedback. I got a kick out of it because he said, Hi, Steve. I love your podcast, but it is getting to be too much AI. Speaking of AI , do you think there might be some way to enlist AI to stop robocalls? Too much and too little AI, I think. Yeah, right. That made me shake my head uh a bit because of course while expressing his annoyance over this podcast spending so much time on AI, uh in the same breath, he asked my opinion about an AI-atedrel matter . Uh, as I noted last week, I am certain that this wall-to-wall podcast consuming coverage of everything AI is transient. But when I step back to examine how much we've all learned through this podcast's coverage about what's going on right now, which is nothing short, nothing short of a massive transformation in the way complex software is authored and made far more correct. I can't imagine having spent any less time looking at these changes . I mean, this is what's happening. You know, I I once recall , I or I do recall once feeling similarly when we were spending an awful lot of time examining the nature of the first e arly ransomware attacks back when they were something of a novelty. I got some complaints, some some pushback from people saying, you know, enough already. My feeling then was And as we know, years later, most of the cybercrime ever since has been about exfiltration and ex tortion. So my point is I believe that our listeners are being well served. Even when I may appear to be spending undue time on something, my spidey sense here is telling me that we're again in the midst of a I mean a once in a lifetime signific ant pivot, probably the be the biggest ever I'm sympathetic. And I don't know. And I don't get email like that from people. I have always got I mean, you're covering the iPhone too much. Uh you're covering Windows too much. Uh you we always get that. I think people want novelty or people somehow people listen to our shows for particular kinds of content. But you might as well ask us to cover software less. You know, I mean this is what's happening. It's this is what we cover is technology. Right. I I'm sharing what I'm learning by producing this podcast every week. I can't imagine not knowing now what I know. And uh our listeners know it too. And again, it's like uh how could you like want to know less? I I I 'm not unsympathetic . I this is how it is in the world, though. Is that you know, I mean, I would like to see less about Trump on the news, but you know what? That's not gonna happen because that's what's going on. And uh yes, I understand your desire for novelty. I understand you might not want us to cover this topic but cover that topic, but you know, I'm sorry, but this is kind of what I'm I'm absolutely sure that this is gonna subside. We're I mean we're gonna I'm not sure that's good that's true . You think so? It'll become like background. Like we don't talk about electricity because it's background. It's always when the light bulb was invented. You and I were right here on the podcast. And man, we couldn't stop talking about that. No. What substance are they going to use for the filament? Those filaments keep burning out, Leo. They tried to carbon impress Light at night without burning anything? Come on. Silk. Silk really sounded good for a while. That's right. We thought silk would be it. We really did. No. So you're right. Um it's not like it's gonna go away, but it will n it will stop dominating our coverage as soon as it should, essentially. So that's all we can say. And I apologize. I know how you feel. I'm not apologizing. I'm just explaining because you know I guess and Al did want to know about AI and robocalls. Sorry, Al, I don't have any information there. Uh Travis Hayes said, Hi, Steve. I'm enjoying catching up on this week's security now and your thoughts on how AI is starting to gain real traction in finding and patching vulnerabilities. It seems like we're seeing the beginning of a huge increase in the supply of quality vulnerability hunting, which leads me to remember all those supply and demand curves they tried to teach me about in econ 101 when I was in college. Since While there are multiple drivers, I'm thinking specifically about two. First, bug bounty programs. Large companies and organizations have been funding substantial bounties, motivating clever people to work hard to earn big juicy rewards. These programs have been huge advertising wins for many companies. A large cash commitment has the effect of convincing consumers that the company is serious about their security, adding confidence to buyers and gaining headlines when high dollar amounts are rewarded. Second, zero day hunting, either in contests like Pwned Own or directly to black market buy ers. With the huge increase of relatively cheap ability that AI agents are poised to bring to the table, it seems to me that the motivation, i.e., the demand for these activities is going to dry up quickly. Why would Microsoft or Google continue to offer five figure bounties for threat hunting when they'll be able to do at least as good or better of a job themselves in house. The black market for exploitable zero days should collapse. No ? Thanks for your continuing insights and instruction. I always look forward to my weekly visits with Uncle Leo and yourself. Cheers, Travis . So I was also thinking about the effect of all this on Pwn to Own . The only thing that makes sense to me is that at least initially, there there may be corners of the software industry that do not get around to employing AI-based software quality assurance. So they would represent ripe targets, but it's not clear whether any human researcher would be able to outperform emerging machine intelligence. I mean, what we're being told from those who have been using machine intelligence to find vulnerabilities, we heard explicitly said , no person has been able to find something that the AI did not . So if it turns out that AI is equal to humans and probably better, um you know , and again, let's be 100% clear about the fact that everyone who works with mythos, for example, comes away with that conclusion. That I agree with Travis that, bug bounty programs and pwn to own are very likely to go the way of the dinosaur. You know, they will become memories of the way things were once done, like using punch card and paper tape. I just we're gonna move past those as an industry because this this is gonna end up being a solved problem . It really is. Joseph Feinberg uh was had an interesting idea about AI certification. He said, Steve, three decades, listener to security now. I was an AI skeptic, but you changed my mind . You gave me hope at the end of SN 1080, so last week, that mak ing code bug free is possible . But I believe third party certification that code is AI tested for vulnerabilities any time a change is made may soon be required by market forces. That's interesting. He said, no one will sell me a toaster that is not UL listed and safe to plug in. When I use software or visit my bank's website, I want certification that their entire ecosystem of code has been independently AI tested. I will gladly upgrade to Windows 12 if Microsoft certifies that a neutral third party AI tested their code. What's going to force this is that businesses will be contractually required by their insurance companies , banks, customers, and suppliers to AI certify their products are bug free. A real world example would be businesses accepting credit cards would have to certify as a condition of accepting credit cards that they AI tested their systems. Regards, Joseph in St. Louis, Missouri. Okay, well, that's a truly interesting spin, and it's not something that had occurred to me. I can see the logic behind it. Until now , software has been something of a mysterious art . It was a best effort where all anyone could hope to do was the best that they were able to do. But now we have system s that are able to autonomously demys tify the code humans have created and are able to give it a gold star, a blue ribbon, or a formal certification. A perfect example is the before and after effects of Mozilla's Firefox, which we covered last week. Today, its code could be certified as having passed the Claude Mythos vulnerability analysis. Once upon a time , Mythos found 271 vulnerabilities. Today, it finds none, not one. So that can actually mean something significant. It's a concrete assertion that for the first time ever can be made. It's not well, we don't know of any problems, it's that Claude Mythos or name your AI verif ier. Found none . We also know that insurance companies are inherently risk averse. They already require things like annual security audits and assertions that all of one of their insured clients edge fac ing systems are running the latest firmware and are up to date on their patches. If a breach then occurs, which a company attempts to file an insurance claim for, you know, the damages that result from , if those earlier representations of yes, we're running the latest firmware and all of our edge equipment has the latest patches, can be shown to have been fraud ulent, then that can be grounds for denying that claim. And you know they're going to deny it if they can. So Joseph's observation is that until now, due to the inherently unfathomable nature of software, there was no means for making any sort of meaningful assertion about the provable quality of software. But now Mythos , codename MDash, and presumably someday daybreak are demonstrating that they have the ability to fathom the arbitrarily complex systems we humans have concocted. And that being the case, I'd say that Joseph's notion of software certification by AI is quite likely to occur, probably driven by insurance companies, maybe by the government, who says we're only going to now purchase equipment which an AI has certified as being bug-free. I see it happening. That's a really good point, Joseph. Thank you. Nice. Adam Merkley said, Hi, Steve. I work for an MSP, you know, man aaged service provider, here in the Phoenix area, and I wanted to share a quick win I had recently using Claude. One of our customers needed to swap out an aging Fortinet FGT E for a new unified gateway. I hope it was patched. He said, I suspected the network was fairly flat, but anyone who spent time in Fortinet's UI knows how easy it is to lose the will to live scrolling through those menus. So I wasn't exactly looking forward to auditing the config manually . Instead, I exported a configuration backup from the Fortinet appliance and fed it to Claude . I asked Claude to summarize every configured setting and map each one to its unif y equivalent. By the way, this is a really good use of AI . This is exactly what you should be doing. Exactly. And this, Leo, this is the key. This is what people are w waking up to, right? It's like, hey, I can understand this stuff. I don't have to because it can . He said within seconds, I had a clean, actionable breakdown, a defined WAN IP, a LAN sub Claude not only confirmed my suspicions about the unknown Fortinets devices setup being basic, but told me exactly what to configure in unif y for a clean drop in replacement. What would have been a tedious, error prone manual review turned into a two-minute task. I was genuinely impressed. Signed Adam Merkley, Scottsdale, Arizona. So I love this note from Adam. It's a again , as we just said, a perfect example of the power of this new genie . Those of us who are actively using it are discovering new uses for its capabilities every day, and discovery is the right word . Um, but at this point, of course, adoption varies widely. Here's what's going on, I think . Throughout our lives, we have all built up a model of the way things work in the world. We know how things work, and for the most part, nothing much changes from day to day , but then almost overnight , everything actually did just change . Some people have not yet awoken to the fact , and a fact is what it is. I get it that not everyone has experienced this dramatic change in the world. And if the nature of your life and work is not helped by having a most ly accurate, nearly instantaneous linguistic access to most of the world's knowledge, then perhaps AI won't ever impinge upon your life. And that's okay too. But everyone who has been following this podcast knows that I'm anything but an early ad opter. I mean, come on. I'm still programming in assembly language . And I will soon be reluctantly giving up Windows 7 and updating GRC's use of server 200 8 R2 . I held on to my TEVOS until they stopped working, and I was forced to give them up. So when I, Steve Gibson, reluctant adopter of new fangled things excitedly disclose that I have discovered and now have an active working partnership with an AI named Claude, which is allowing me to be vastly more productive in my daily work. I hope our listeners will appreciate that the world really has significantly changed. And now Adam, our listener who wrote that note is nodding his head knowingly. He realizes that AI provides him with a form of leverage he's never had before. And like me and so many others of us, he's still discovering the endless new things that we've always accomplished previously by ourselves on our own and tend to continue to out of sheer lifelong habit and inertia. Those old habits are now outdated because we're suddenly able to express these needs and questions to an over-eager answer machine assistant who stands by almost too helpfully willing to assist us . Everything has changed. I'm 71 years old. I'm not collaborative by nature. By my own choice, I've always worked alone. But now I have an enjoyable working partner. It may be a bit weird, but it's real . And Leo, I know you're in the same place, right? Oh, totally. I mean I what blows me away, honestly , is initially, you know, six months ago, I thought this was like, oh, it's autocorrect, right? Just autocorrect on steroids . And now I know it's not conscious and I know it doesn't understand anything. But when you say well, yeah, I can give it uh this file, which I you know I can't really don't understand very well, and it can tell me what's in what's going on . I don't know how to characterize that. That's like sounds like understanding. Looks like understanding. It's certainly better than my understanding. My wife had a lawyer written trust document, PD F and it was like okay she was asking me like questions about it like honey could you take a look I said hunt I said look okay it's a first of all it's a PDF so it's an a pay it's image pages. I said try to give it to chat GPT. See if it'll take it. So she uploaded it to chat DP chat GPT and I said, okay. And it like gave her a bay a basic summary and I said hun, you can now ask it questions, speci fic questions about what this means and for your specific case. And she said, What? And now she understands what we have done. It's so wild. It doesn't make sense that you go from autocorrect to whatever this is. And I understand why humans are baffled by it and they're trying to, you know, make sense of it and I don't think we know what it is. We it's a new thing. It's a new thing. You know, I showed Lisa a few things. Uh for well, I'll give you an example. Uh a while ago, uh I had George Church on who's uh a prominent some people say the father of genom ics. He has a company uh called Nebula Genomics. Unlike 23andMe, it reads your whole genome. So some years ago after I had George on, I sent I paid 1,500 bucks and got my genome sequenced. Like the whole thing. It's a 300 gigabyte file of my genome. So I downloaded so I downloaded all the DNA . Gave me a lot of interesting advice. The good news is, by the way, I have no gin no gin no serious genetic defects. So uh and there's a number of, you know, very good things uh about that. But so I was showing it to Lisa. Yeah, I was showing it to Lisa. It was my my uh my analysis, which is page after page of stuff. And she said, Well that's cool. I said, Yeah. Yeah, that's just one of many things that my little agent can do. And she said, well, can it help us uh with uh uh work? And I and she asked about a few things that we have currently have humans do. Uh and I said, Yeah, I can do that. So uh I made a little skill to uh generate that we call it a one sheet with a prospective sponsor. We we go through a whole bunch of research on them, like who they are, blah blah their perspective sp And it generates these one-sheets like that, does a great job, goes out on the internet, finds all sorts of information, stuff we didn't even know. And she says, okay, I want that. So basically uh she we ended up um the agent that I use can have profiles. At first I was thinking, oh how am I gonna do this? So she can share so my agent that with all this setup that I've been doing over the this time . She has a profile, her memory, none of my memories, none of my background, none of my gin genome, but it's got all the capabilities. So we now have both have these little tools. Hers is named Rosie. Mine mine is named Quicksilver. And Rosie is perfect. Yeah. And it's accessible from outside the network because we use Tailscale inside everywhere. The Jetsons robot, right? Yeah. Rosie the robot. Exactly . And um I I think once somebody starts to interact with these, especially the agent types, and sees that they seem to have, I know they don't have personality. I know they don't. I know they don't understand what they're saying. I know they don't know who you are, but they sure seem to. I know. And at that point, it becomes like , well, I don't know what the hell's going on here, but it's uh seems to be a lot more than autocorrect. And for me, it is so useful. It's useful. I mean, it is a lever it is a lever. It is leverage. It is you know, a as I said, it is a l a linguistic tap into the world stored knowledge. I guess that's really what that's that's exactly what it really is, isn't it yeah and so as a result it knows everything yes yes and so so um uh our our listener who used it to transfer a a config from one system to another. I mean, again, that's not a creative endeavor. We could do it. It would take time. We wouldn't be enhanced or improved by it. So let it do it. If it 's kind of like it's it's it's just like a like Google was when we first got Google. Suddenly all there's no fact you can't look up. It's like that. Right. It's a tool. But it's a integrateses. This tak it to the next level and much great. More so those factors. I mean this is this is my genome, right? And it has I mean I couldn't do this looking at the raw 300 gigabytes of raw data, but it looks at all of the all of the alleles . It asked for, oh, this is good news. I have uh a dual epsilon on my APOE, which means uh I don't have a high uh Alzheimer's risk. I don't have the uh epsilon four risk allele for late onset Alzheimer's. So that's good. It's little things like that. And then it asks for a phenotype, like, well, tell me your family history. And it adjusts on based on that. I mean, a doctor, I guess, could do that. It said you should talk to your doctor about your APOE genotype . Um so that's, you know, okay . I'm not gonna do any medical ad you know, changes on based on this, but it also said if you if they ever prescribe you with warfarin, you should let them know you have this particular allele, which means you'll need a little more warfarin than normal. Stuff like that. That's very useful . So anyway, um that seems to be more than spicy auto correct. I don't know what it is. Yes, all pushed onto a disc. Uh abusing Bruce Schneier's observation, it's never gonna get worse. It's only ever gonna get better from here. I mean yet this is where we are now. Yes. I mean again and, my anal my fate my my favorite analogy is we the technology evolution we've seen just during our lifetime, it's gonna happen here and it's gonna be c on a compressed time scale. And in five years we're gonna we're it's gonna be I don't know where we're going. I know just gonna be amazing. Right. Right. Um let's take another break since it's time and then we will continue with uh feedback before we get into our main topic. Here's the uh it says uh if warfarin ever needed, inform prescriber of VKORC1 thirty sixteen thirty-nine G slash a genotype for dose adjustment. Okay. I don't know what that means, but I'm putting it on my medical alert bracelet. That's for sure . That's for sure. All right. Pause. The pause that refreshes as we talk about our great sponsors, this portion of security now brought to you by Material , the cloud workspace security platform built for lean security teams. You better believe after we got bid on our Google Workspace, first call, materi al.security. Managing security in a cloud workspace, it's a different ball game, right? It gets can be much more difficult. And we we use Google Workspace, maybe use it, use M365. Phishing is far from the only way in, of course, but today's email security basically stops at the perimeter. We stopped that, okay, but new attacks are hard to detect because in a cloud workspace, you've got email, but that's siloed. There's also data. And then there's identity security tools. Who's getting in? Who's using your stuff? Material protects the email, protects the files, protects the accounts that live in Google Workspace and Microsoft 365. Because effective email security today has to do more than just block phishing and other inbound attacks. It needs to provide visibility and defense across the workspace threat surface. So material ingests your settings, your contents, it ingests your logs, and then gives you holistic visibility, a dashboard into threats and risk across the entire workspace, and of course the tools to automatically remediate them. Material delivers comprehensive workspace security by correlating signals and driving automated remediations across the environment. You get phishing protection and email security, uh combin ing advanced AI detections with threat research, user report autom ation. You get detection and protection of sensitive data across inboxes and shared files. You get account threat detection and response with comprehensive control over access and authentication of people in third party apps. Material empowers organizations to rapidly mature their ability to detect and stop breaches. You you even get, I love this step up authentication for sensitive content. Well, this part we want to keep this part extra secure. You get blast radius visualization for accounts. Where does it how far does the damage go? And the ability to detect and respond to threats and risk across the cloud workspace, the entire cloud workspace. Material enables organizations to scale their security without scaling their team. This is a tool your team will want . Material drives operational efficiency with its simple, API-based implementation and flexible, automated and one-click remediations for email, file, and account issues, including an AI agent that automates user report triaging and response. Material protects the entire workspace for the cost just of email security alone, with a simple and transparent pricing model you will love. Secure your inbox and your entire cloud workspace without adding more toil to your day or costs to your balance sheet. See materi al.security to learn more or to book a demo. That's materi al. security. If you're in the cloud, you need this. Material dot security. We thank him so much for their support. Uh Mr. Gibson onward. Back from coffee. Uh Steve Myers uh has another example. Uh his email subject was Claude helped me switch from Edge Router X to a Ubiquity UCG Ultra. He said, I bought the UC, I got I loved it. I bought the UCG Ultra last summer, right? Like a almost a year ago, but never actually did the upgrade because my network is complex enough that I expected it to be pain ful. Of course. It's like okay, I got this thing, but oh I got better things to do than to figure it out. He said last month I decided to see if Claude could help me out with the upgrade. I found that it's very good at making plans for my software projects. I'll usually have it create a plan. Then we'll go back and forth on some of the details before I have it assist me in implementing the plan. I mean this is like this is the world today. He said so I asked it to make me a plan. I gave it a config backup from my Edge Router X to work with. And it created a Python script that would transfer the DHCP port forwarding and firewall rules to the UCG. I also transferred my backup from my unify controller from my access points to the UCG as part of the process. It gave me a step-by-step plan including what to do offline, how to do it, and how long each step should take. The firewall rules transfer did not work because the new UCG routers changed to a zone-based firewall, so I needed to do that manually. That wasn't a huge deal, but it shows how the the system isn't perfect. The work was all done with the UCG offline, so it did not affect my network at all. I've enjoyed hearing about your exploits with Claude and thought I'd add a little anecdote about ways you can use it besides just coding. So, okay, I'm going to stop myself from sharing more of these sorts of emails from our listeners because this is what our listeners are discovering. They're coming to realize that they no longer need to do everything themselves. In Steve Myers' case, which I just shared, he had already been using cla ude to assist with planning software projects. But for the past year, as I said, since last summer, he'd been putting off the pain of switching network routers due to the need to translate his existing network configuration to a new and different router, had the hardware sitting there in its box. Then it occurred to him that he might be able to ask Claude to help, and help it did. He gave Claude a config dump from his current router and, it wrote a Python script to configure his very different replacement router similarly. You know, thus most of the pain was sidestepped. As you said, Leo, whatever this is, it's more than spell correct or we don't know what it is. We're gonna get AGI as uh as uh Demis Demis ibis says it by uh twenty twenty nine. I don't we don't need anything more. I we just need this to make more correct. Yeah. Yeah. Um you know and and there are ways to make it more correct. I I feel like my agent is pretty trustworthy at this point. Uh are you having a little outages of yours? Like when I'm using it, I don't think I've ever had it from my Claude PC client, but on my tablet, I often get like a like it just nothing happens and then I get a little red bet banner saying we had an unknown problem. This is what we're learning is that uh it's so compute constrained that different times of the day it's smarter. Uh that uh uh codex GPT five five was down yesterday for a period of time and just was like not responding. I don't I I'd prefer it didn't respond than if it acted dumb. Yes. It also will do that. And it will make big mistakes. Uh the newest anthropic model 4-8 has a very bad tendency to apologize for its stupidity. Like, I mean, like really bad. This part of this is their tuning it. Part of it is the compute constraint. It isn't a consistent. It's not consistent. And that's another thing people learn as you use this is interesting. Yeah. So for instance, what I've set my agent up to do is it has different models and it'll fall back. You know, or it'll use the right model for the right thing. You know, some models are better at some things than others. It's a it is a moving target. Well, it is the it is the definition of frontier. When they say frontier AI, that's what it means. And you know, arrows in your back is a consequence of, you know , from being on the frontier. Well that's why I think it's important for me, and I think for many people, you uh uh uh and m most of our listeners to at least start using it. Because it's the only way you can really understand what's happening. So I've got interesting pieces of feedback. The sort of the dark side. Frank S asks: Uh, is all this knowledge collection dangerous? Um, he says, Steve, I too have built what seems like a relationship with Copilot, my AI selection, and it knows an enormous number of things about me now. I've been using it hard since August of 2024. So he was an early adopter. At that point in time, it was helping me finish my Equilibrium Pro app currently in Windows Store. I've watched the behavi or change as the client side went from browser use to the actual co-pilot app. I told my bot that I wanted it to set itself to remember the maximum possible. And since having said that, it has collected an enormous amount of information about me. It knows about my code and my home network in very precise ways. It knows about my interests and even my style of conversation. It's astounding to see what it's capable of doing and how personaliz ed it feels for me. At some point I suspect the free ride will be over and Microsoft will come calling me for payment. It will be very hard to let it go. It's become a part of my workflow now in almost anything I'm doing. So this brings me to a question I like to hear about on the show. What happens when a bad actor finds a way to impersonate me and talk to co-pilot as if it were me? I shudder to think how much information they could glean from such a move. They would know a great many things about me, my home network, my code base, etc. They would also know a great many things I'm interested in. How would I even know the bad actors were doing it? Kindless regards, Frank S . And immediately following in the same vein, Joshua Kritchman asks, Hi Steve. I'm curious about your thoughts on the struggle I'm having with diving headfirst into AI. I'm a systems architect and engineer in a small org trying to wrap my head around the idea of allowing an AI hosted in the cloud by any of the major vendors to know almost everything about me. Currently I tell my users that even though my org pays for AI tools where the data is not used for training on the various vendors models. The more data housed in the vendor, the more opportunity there is if there's a breach of some kind in the vendor's infrastructure. If that's the advice I'm currently giving my users, how can I not take my own medicine ? I'd like to personally start using AI as I can clearly see the benefits it could have not only on my work life, but my personal life as well. But I'm reminded that the only way AI will work is if I feed it more. Taking into account that most companies aren't worried about users' prisvacy and security and much more about their own bottom line. What's the best approach here so I don't get left behind? This is one of the main reasons why I host most of my personal data with Apple rather than Google. Any thoughts you have on this would help guide me in the right direction. I've been watching Leo since the days of tech TV and have been a listener of security now for many years. Thank you for continuing past 1000. Aren't you glad you did too, Steve? Yeah. Oh my God. This is the most interesting era yet. So Frank and Joshua both, I think, bring up really good points. There's a very clear potential downside to all of this cloud centric long term user context accumulation, which has grown to be a major factor in the use , value, and success of today's AI. Again, the more you give it, the more you get. My one-year subscription to Venice. ai expired last Wednesday, so I know it was one year ago that I discovered it and shared that discovery with our listeners. At the time, I played with it a bit to see whether it was truly uncensored, and I can confirm that yes indeedy , it will happily converse about and produce images of anything one might ask. But after taking it out for a test spin, I tired of it and decided I had no particular need for an uncensored AI. To Venice's credit, they gave me ample notice and warning of my annual subscription renewal. That brought me back there for the first time in a long time to look around. One of the things that caught my attention was Venice's affirmation that they store all of their users gradually accumulating context in the user's local browser. It's actually in the local browser memory, and none of it on their remote servers. I mentioned this in the context of Frank and Joshua's notes, which I'm sure echo what many of our listeners are feeling and may be concerned about. I can well imagine that some of our listeners might be more than somewhat put off by the idea that the AI they're becoming quite chummy with, uh, and with which they may be choosing to confide increasingly deep and personal aspects of themselves, like I don't know, maybe their entire genome might someday be breached. Since there's an aspect of, as I said, the more you give, the more you get, users who choose to contribute more of themselves are rewarded, much as Frank noted, with a significantly more personalized experience. So it doesn't take long before one's resistance to sharing is overc ome . Add to this the fact that many of the major players have less than perfect security records themselves already. So far, four supply chain incidents have hit OpenAI, Anthropic, and Meta. None of these targeted the AI models themselves. All four exposed the same gap: release pipelines, dependency hooks, C I runners, and packaging gates. But it doesn't inspire confidence in the security of a currently cloud-based service that very much wants to know as much of a as as much about us as it possibly can. We worry about data brokers compiling various random stats and credit bureaus leaking our social security num ber, you know, our physical address and our birthday. And while our AI assistants might not know any of that, they tend to wind up acquiring and deliberately retaining and digesting a huge amount of deeply personal information, far more than any credit reporting agency would ever have. If these things ever do evolve into advertising supported services, as perhaps the free services will, they will have more absolutely accurate advertising targeting information at their disposal than any advertiser could ever dream of. It would put Google to shame . Another aspect of this that's worth mentioning is contextual knowledge lock-in. Ever y AI service has its own internal bespoke representation for the knowledge it has accumulated about its users. And this knowledge is non-portable to other services . It's true that it's possible to perform a poor man's transfer by asking an AI to please display everything it knows and then feeding that into another service. But the loss of information fidel ity makes this barely worth the trouble. And it's unclear why any of these services would be interested in developing such a facility even if it were possible. Since they each have invented their own schemas for ingesting and digesting, it's unlikely that we're ever going to see that. So as any one service's knowledge of us grows over time, the tendency to remain loyal and faithful to that AI will also grow. Dare I say that it's analogous to chatting with an old friend who already knows you well versus striking up a conversation with a stranger at some cocktail party who starts by asking, so what do you do ? Though I never used Venice AI enough to know whether it it offers, you know, its offer of personalized context equals what chat GPT, Claude, and others could do. It might be worth exploring that if you've become concerned about how much personal information has been accumulated by your current AI service. I don't actually think that the frontier companies, OpenAI and Anthropic, are saving much of our personal information. There is a checkbox in the chat window to do that. And uh but I don't think that's So what do you mean personal information? So for instance, when I send it my genome, I'm using an API. I don't think it's exfiltrating my genome . That's gonna be that's gonna be in that one conversation tab.. Yeah Because what it doesn't preserve, it doesn't see this is the problem, is it doesn't remember anything. You come back and that and that's why I've been careful to use the word digesting. It is d creating a digest of us and that's the thing that it holds. I don't know if it's even doing that. I don't think it's tokenizing it because I think it's too compute intense. Uh I think it's literally starting from scratch. If you ask it to save it, I'm not sure where it saves that, but I wouldn't turn that on. This is why people use personal agents. I have local memory, uh, both textual and in a uh SQLite database that is local . And that's what is preserving state from conversation to conversation. And it's a very imperfect system. I actu I don't know and I don't know if anybody knows how much of your personal information is getting preserved by anthropic and open AI, but I would guess it is de minimis because they don't have the compute to spare. I don't think it's compute. I think it's storage. Or well even storage. Well, it is compute because it have to tokenize it, right? Otherwise they're saving what? Text? No. So they're tokenized. That's compute. That's heavy compute. That's inference. So I m it's my guess, and we don't know, but I mean, try a chatbot without turning on memory. It doesn't remember anything about you. If if if it has anything about you, it's in a text file associated with the app that you're using. And if you're using an API, it literally knows nothing about you. I don't think these companies are preserving. I'd like to know. I mean, I think that's a very interesting question. I think it's less than you think. It's one of the reasons you use an agent with memory locally so that you can preserve context. Okay. Maybe your agent skewed, but I explicitly told Claude to save everything that it wished. I mean there w there was an event a couple months ago where that happened and I think it's saving that locally Okay. I know that it's not because I have many different clients and it knows me and who I am. So if you go to a different machine, it remembers that information. So so you're you're you're seeing a context through your own . Yeah, because I'm using APIs, not a chat bot. So Yeah. And and and so and so what we were talking about, what what Frank was talking about were I would turn off that memory. Deep well my it's on because it is so enriching. Well, that's why you want to use an agent. Well, you're uh uh is okay, so actually you you're you're you're uh you're jumping ahead to where our next question is taking us. Uh which is local. That's the other reason why eventually we'll all hope to use local models. Then there would be no question of it being exfiltrated at all. But No, I just I I I'm not convinced that it's say it's saving a whole lot of I am because I'm using it that way I'm telling you it is. And that's what Frank told us is that he turned it on and it's become incredibly enriching. He's using it as a chat bot, not a local agent. And he's uh I mean amazed how much it knows him and and about him. Well and that's I mean that's that's because they understand that agentic AI is what's really valuable. So they're basically giving you an agent, but storing the data themselves instead of you storing it locally. Right. And that's what these our our our listeners are aware of that and are concerned, like what happens if some person gets that? Because they realize that's at in the cloud at this point. Anyway, so our longtime listener, Sabrina Tarsen, says she has another perspective. She says, hi Steve I've been listening to this podcast get this Leo on and off since episode 256 titled Last Pass back in 2010 when I was still in high school . So 2010, 16 years ago, uh, she says I was very lucky to start having the time to listen to the podcast again when the news dropped about Project Glasswing and Mythos. I have to say it's very refreshing to hear both you and Leo's experiences with AI. Most of my generation, she says, I'm still in my early 30s, and the generation younger than myself are completely anti-AI Like you, I feel this is a very short-sighted view, and one mainly born from ignorance. Hearing how two people meaning you Emilio use it in their daily lives and of course we have a lot of listeners for getting for helping get work done who were around when all this tech around us was just starting to get off the ground. The personal computer, cellular phones, the internet, etc., is not a perspective, she writes, I get to listen to often, and one that I deeply appreciate. My only concern with these AI models, um uh a larger concern that I have about my career's future, she says I'm a sysadmin at a small company, is mainly the companies that are currently running them. I trust in the technology. It is the future. No matter what people's opinions are on it, it's the ultimate Pandora's box, and it's never going away. the At same time , however, the major frontier models are created and operated by some of the largest corporations imaginable, and unfortunately their end goal is monetary. We've seen it time and time again in the tech industry. First, it's innovation, then it's about the quickest way to harvest our data and sell it to the highest bidder. Or in the case of shady organizations like Palantir, use the data our AIs learn about us ultimately for control, working with a corrupt government as we currently live in today. My hope is that eventually this dependence on massive corporations to run these models is reduced. And the AI we're going to need for cybersecurity and our own personal lives are localized on device models that are either powerful enough to run on our ph ones or computers or for us nerds, compact enough to run a server at our own homes, keeping our own data private. These AI are learning about us every day, helping improve our workflows. But ultimately, they're owned by these massive corporations, and the industry's track record for handling our personal data gives me pause. I'd be interested to hear both yourself and Leo's thoughts on this. Thank you both for a wonderful podcast . So infatu ated and astonished as I am by how much faster I am able to move forward with Claude quickly extracting for me extremely specific and detailed knowledge from the global knowledge pool, I nevertheless want more control . More than anything else, I want to have this running in something that might resemble a quietly humming NAS box in a closet. This thing would have whatever local processing and storage it needed, along with a connection to the global internet. Just like automobiles, these would be available in a range of models with the higher end choices delivering their answers faster and probably also incorporating more knowledge. The concept of model size expressed in trillions of parameters, you know , maybe we call them uh terameters, would become commonplace. What was once how fast is your internet, how large is your screen, how fancy is your car, would become how many parameters is your home's AI? Those who don't mind waiting longer for an answer or who may not wish to use the services of autonomous agents could get by with the econom y AI package and of course simply using an online cloud account will always be the low investment option but any such but with any such device quietly humming in the closet, the various members of my household, in my instance, my wife Lori and me, would be separately known to it and readily identified to it by the various devices we use throughout the day . Another intriguing possibility is that a hybrid local cloud relationship might evolve. Imagine that our local AI box retains all of the user speci fic knowledge of us . That's where all of the personalization occurs and where all of our various agents live. In this model, a great deal can be done locally , but there might be a need for our local AI to occasionally reach out when it needs to have some sort of heavier lifting done on it or its users' behalf. In that case, the local AI would protect the privacy of its owners by making generic requests for information from the big daddy cloud AI. Another strong case for having a locally operating AI is that it seems clear that the next huge win for AI will be the creation of autonomous agents that are continuously working on our behalf behind the scenes in the backgro und. We don't appear to currently know how to do that safely, but we're going to figure that out because it's clearly too powerful for us not to. I would tell my AI to be sure to let me know when Peter F. Hamilton, Rick Brown, or some other of my favorite authors release a new sci-fi, and also when any streaming sci-fi that it thinks I might like becomes available. But not to notify me until all of his season's episodes had been released because I prefer to binge. Please also pay my monthly bills for myself b uh uh uh my monthly bills for me. Let me know specifically if anything varies by more than 10%. Email me a monthly summary of costs and accounts and so on . All of this is clearly coming, given that local models are already showing viability for various tasks and that we've barely begun to explore and understand these new capabilities, I have absolut ely someday there will be an Apple homewise AI device and devices made by companies that have traditionally manufactured home NASA's routers and similar appliances. It's gonna happen . AI is going to follow the same trajectory we've seen with all previous technologies. But I suspect that the pace, which is already breathtaking, is not going to slow down. Although I doubt I'll purchase Apple's homewise AI box, since I'll prefer to build my own. I fully expect to be doing so within the next ten years. Maybe, as you said, Leo, five. So Sabrina, yes . With you currently in your early 30s, I really would rage wager that by the time you're in your early 40s, and likely well before then, not only will AI be deeply entrenched into our lives , but we will also have many cost effective local solutions to choose among the I agree. I think that's exactly what's going to happen. I mean I see the value of the thing. And you're already there, Leo. You're you're already doing it. Yeah. Yeah. The only thing that would improve it at this point is local models that are uh good enough and uh we're getting there. That's happening pretty fast. I got two last bits and one and the and the really last one is really a real a real quickie Bryden Wheaton said open source access to non-free wear AI tools and he wrote listening to your comments about Mozilla's response to mythos, I think you have it right that this will ultimately be a good thing for those developers who have the resources and time to fix their code. But that makes me wonder if this might be disastrous for the devel opers who don't have resources or time, namely the open source community. Mozilla has a dedicated team of security professionals to wade through the mythos results and fix things, and they have time to do so because their code is closed source. But I don't think major open source projects have either of those. Okay, so first one correction to Brian. As we know, Mozilla's Firefox is 100% open source. They were one of the organizations within Anthropics Project Glassw ing who received early access to Mythos specifically because of the strong perceived need for a publicly exposed project like Firefox to be made as secure as possible. Also, they had previously worked with Anthropic with Opus 4.7, which found a handful of vulnerabilities. So they had a vulnerability repair relationship with anthropic when mythos was first made available through Glassw ing. In the short term, anthropic said that as part of Project Glasswing, it will be providing $100 million in usage credits and $4 million in direct funding to support the open source community security efforts. So that will be of some help. But there's a much bigger point that I want to make. And I and oh also I already I also carried the news earlier today in this podcast, that IBM and Red Hat are committed to five billion dollars of support specifically for some form of AI vulnerability assessment for the open source community. Um, but I wanted to note that reusing the historical mass storage analogy , uh, because I like that one so much, you know, that back when PCs were first happening, uh, we paid five thousand dollars to get 40 megabytes of storage. Today we can get one million times more storage, which would be 40 terabytes that costs far less than five thousand dollars. Uh, and computation is incalculably faster than it used to be. So my point is nothing , nothing about the economics of today's AI will be true tomorrow. One of the things that I said from the beginning of this journey was that nothing that we knew today would be true tomorrow. I was saying that a year ago. It's turned out to be a hundred percent correct. This this is all moving with incredible, incredible speed. I'm sure if I'm sure of anything, it's that AI is going to follow a similar technological development curve and collapse in cost and a skyrocket in capability. So while today, yes, leveraging the capability of AI for the creation of bug-free code is not free. It is already entirely feasible and cost effective for commercial software publishers. There's no question in my mind that 10 years from now, it will not only be widely available, but also just taken for granted. It'll just be the way code is written and the way it is maintained. This is all gonna change. So I've been experimenting with some privacy stuff just to because I'm really curious how much of what goes on is being saved. It is absolutely true. Anything you do, if you've turned this on, there's a setting in Claude Code and open uh AI's chat GPT to remember stuff. If you turn that on, which you did, and many people will for the convenience of it, I did for sure. It will remember and can look through old chats. It saves all your old chats. It can look through those. It creates a document, about a one or two page document that is a condensed history. It looks very familiar. A digest. Yeah. It looks very much like the memory.md file that my agent saves. So it's a digest. It's not thoroughly details. But what I did also test is, okay, well, I did something in Claude Code in the command line, and I asked the chat thing, hey, we were working on this and I want to refactor it. Do you remember anything from the project? And it said, I know I don't have any memory of that at all. So I don't I don't unless it's lying, which it could be, but I don't think the stuff you do in the command line coding tools crosses the membrane over into the ch at uh window, the chat client's memory. So that would argue if you wanted to stay private to do stuff in the in the CLI, you could still use your subscription. If you're doing it in the command line, you can do all the same things you do in the chatbot. It just doesn't remember anything. Um, which is a disadvantage. Or you could turn memory off. It it is an opt-in plus uh thing, right? Yeah. Um you know, at as our listeners and I have experienced, I mean, I'm yes, it's a potential privacy concern. I I'm generally less worried about that than I understand a lot of people are. You know, I I go to web sites. I we had we had a guy, Greg, my support guy, forward me an email from a new someone who was trying to join our forum who was incensed that he had been blacklisted and it said, You're, you know, you're not allowed to post here. So he he he wrote a letter to an angry note to Greg who forwarded it to me. And so I checked out the forums. I looked at his connections. He first of all, he was registered with a gibberish email address. And whereas he wrote to us from his real one, which was entirely sane. He also had connected every time he connected was from a different IP. Half of them were known forum spam source IPs. And so I wrote back to him and I said, okay, here's what happened. You know, I don't know who you are, why you feel the need to use a VPN to hide from me you know grc forums at g dot grc.com but you are using Ips which we from which we have seen spam in the past so I'm sorry we,'re not going to let you post. And I said, you have been unblocked now. You're welcome to participate. I know who you are, but don't get pissed at me because our automated system said, you know, this guy's looks a little sketch y and we'd like to, you know. And so my so my point is that yeah, if if you look like a spammer, then we're gonna, you know, say, uh , he's doing what probably most of our audience does. He's using VPNs, he's using uh fake email addresses, you know, c hidden email addresses, all the things to protect privacy. The problem is that's exactly what a spammer does. And I have to tell you, I run a forum also at twit.community, which you're all invited to join. And uh uh spam spammers sign up ten to one more than normal people. Yeah. Like for every 10 people, and I have to approve every single sign up. So for every 10 people who sign up, nine of them are spam . Maybe more. So it's this is the problem on forums is spammers are trying all the time pounding on the door to get in because they want to post spam in there. And if you want a decent form, you've got to be very aggressive by keeping them out. Anyway, so my point is that we do have a lot of listeners who jealously, you know, defend their identity and their privacy and which makes you like a spammer. And we have two listeners who just asked me a question in the last week. What about all this data that's being collected there? Well I understand they're concerned. I mean yeah, uh it it is an issue. Our last note from Lisa Lombardo said, Hi Steve, thank you for the recommendation of the Burroughs. It's kind of like Stranger Things for Boomers. I like the engineering of Sam and his daughter, P. S , plus the boss and other great music, sign Lisa. And so I just want to note that Lisa and others and are enjoying the pointer to the Burrows. So I was glad to mention it. And of course, Project Hail Mary continues to be f ighting many fans around the world and among our audience. Yes. There's some good stuff out there. Uh we haven't got around to the Burrows yet, but we will. I can't wait. I think you'll like it. And uh after our final sponsor note, we will we're gonna look at what AI has done to unfortunately as a side effect kill off a very valuable security training uh uh avenue. Uh-huh. Uh, and incidentally, if you want more AI, not less . I know some of you want less. We do have an AI show uh where we talk about all this stuff and a lot more every Wednesday within uh Paris Martineau and uh and um uh Jeff Jarvis. It's called intelligent machines, and actually tomorrow Mike Elliott where you are valiantly carrying the AI flag forward despite the arrows that uh Paris and Jeff are trying to shoot through it. You know, and I love them because they're really challenging me, just as this conversation did, to really consider , you know, what I what I'm doing, what I'm giving up and so forth. And uh that's kept me, I think, on the sane side. It's kept me from AI psychosis, I hope, I think, anyway. Uh it's sure a lot of fun to play with, I can tell you that. This episode is Security Now brought to you by Meter , the company building better networks. If you're a network engineer, pfft, you've got my deepest sympathy. You know the headaches. Legacy providers, inflexible pricing, IT resource constraints, stretching you thin , complex deployments across fragmented tools and challenging environments. You, my friend, you are mission critical to the business, but you are working with infrastructure that just wasn't built for today's demands. Well, guess what? Meter was founded by two network engineers who felt that pain and said there has to be a better way. And they found it. And that's why businesses are switching like crazy to meter. Meter delivers full stack networking infrastructure, wired, wireless, and cellular, that is built for performance and scalability. These guys understood that if you're going to do this right, you've got to control the whole stack that's why meter designs the hardware and by the way take a look at the website beautiful hardware writes the firmware you will you will be proud to show people your wire closet, build s the software, manages the deployments, and provides support even after sales. Meter will do everything from ISP procurement. Yes, they'll help you, they'll help you find the right ISP to security , job one, routing, switching, wireless. They'll help you with a firewall. They'll help you with cellular. You know what's really important, often overlooked. I know because I just lost power. Power ? They'll help you make sure that that doesn't go down. DNS security, VPNs, SD WANs, multi-site workflows, all in a single solution. I had a great conversation with them, and they said one of the things we run up against a lot is a company acquires another company. Their the home office is in one state. The warehouse is another state. The warehouse is 100,000 square feet. Wireless barely works, right? And it's a completely different system than the home office. And we've got to integrate that into our system . But when they switch to meter, it all goes away. They they love it. They love those warehouses. They say we can help. We can fix that. Meter's single integrated networking stack scales from those big warehouses to major hospitals. You can't find a more hostile Wi-Fi environment than a hospital. They work there, branch offices, largees campus, even data centers, even Reddit. Even Reddit uses meter . Asked the assistant director of technology for the Webb School of Knoxville. He said we had more than twenty games on campus between our two facilities simultaneously. Redesigned our network. We could never have done this. With Meter, you get a single partner for all your connectivity needs from first sight survey to ongoing support without the complexity of managing multiple providers or tools. Meter's integrated networking stack is designed to take the burden off your IT team and to give you deep control and visibility, reimagining what it means for businesses to get and stay online. Look, they feel your pain and they've solved it. Meter is built for the bandwidth demands of today. And tomorrow, thanks to meter for sponsoring SecurityNow. Go to meter.com/slash security now, book a demo. That's M -E-T-E-R dot com slash security now. Book a demo. I think you'll be impressed. Thank you, met er . Lovely meter. Reader made. No, no. That's something else. So okay. So it's it's not uh uh it's not a chat room, but I'd received email from Gavin and Rod who are both listening to the podcast and providing uh real-time feedback. So thank you for that. Nice. Okay, so um I'm extremely sensitive to the fact that so much of this podcast, as I have mentioned at the top of the show, has recently been focused upon AI and its impact upon our lives and our privacy and security. You know, but this is security now. Uh, and the impact that large language model artificial intelligence is having right now across the entire spectrum of the computer security industry could hardly be more relevant. So I want to conclude this week's podcast by sharing the text of a terrific blog post written by a security researcher named Kabir uh uh Acharya. Kabir introduced himself on his about page by writing, Hi, I'm Kabir, a senior security engineer with a deep passion for highly technical pen testing and security research. I spent my time at Atlassian applying application security concepts to modern technologies, including large language model AI, networks, Amazon Web Services, GC P, Azure Cloud Platforms, SaaS integrations, and in house products and tooling. I now work at Transgrid, securing Australia's largest electricity network and its OT, you know, operational technology environment. I play C TFs on the global stage with EMU exploit, hash mob, and the hackers crew and produce music in my spare time . Okay, now doing a little bit more digging, we learned that during Kabir's last six months of his four years with Atlassian, he conducted more than 2 50 security reviews and supported software and machine learning engineers to make better soft make better security decisions. He delivered more than 15 security threat models, improved understanding of information risk in platforms including Forge and Rovo , which are both AI large language model-based. He found reported and aided patching of more than 10 security vulnerabilities external to threat models and more than 70 security vulnerabilities. So the guy clearly lives security and he's no stranger to its growing intersection with large language models that he's been working with all along. In in that autobio he wrote, he said I he ended up by noting, he said, I play CTFs on the global stage with EMU Exploit HashMob and the hackers crew. Now, while we have previously spent a great deal of time looking at the Pwn to Own competitions throughout the years and had a lot of fun with that. Somehow we haven't really before focused much upon CTFs, which stands for Capture the Flag competitions . These are very popular hacking contests where participants solve security themed puzzles and challenges to find hidden strings of text, which are the so-called flags. They are then submitted into a scoring system for points. These competitions are one of the primary ways people in the security community are able to learn, practice, and demonstrate offensive and defensive skills within a legal structured environment. You know, you're not hacking live real systems, which arguably could be illegal. You're you're you're basically solving puzzles, very much like the the programming challenges you do every year, Leo, uh around the holidays, the advent of code work. So these CTFs range from beginner-friendly events hosted by university clubs to elite international competitions. DEF CON has a CTF, which is held annually during the DEF CON conference in Las Vegas during the summer, it's considered to be the pinnacle of the industry, often referred to as the World Series of CTFs, due to the pedigree of the competitions' particip ants. Teams must qualify through preliminary events to compete. Other well regarded competitions include the PLAD CTF, which is run by Carnegie M ellon's PPP team. Google has a CTF. There's a PICO CTF designed for high school and college students. And many dozens of others are tracked on sites like CTF Time.org. Whereas the pwn to own competitions are discovering original vulnerabilities, the CTFs are about discovering planted secret s. Both serve important roles for the industry. The CTFs are a legal sandbox for practicing techniques that would be illegal to use against real systems, and they've served as a recruiting pipeline. Top CTF performers are heavily recruited, or have historically been, I should say, because we'll we'll see what's happening, heavily recruited by security firms , intelligence agencies, and tech companies. They build the shared culture and vocabulary of the field. And they often produce write-ups afterward where teams publish detailed after the fact explanations of how they solved each challenge, creating a corpus of freely available security education. Many of the researchers who discover major realld- vworulnerabil ities got their start or stay sharp through CTF competition. Okay . So we have some sense for who Kabir is and also for what CTF competition s have traditionally meant for the industry and to those who wish to use them to sharpen their hacking skills in a competitive legal framework and environment. And we know that Kabir has been one such person, having participated in a number of CTS competitions and teams through the years. So his blog posting is titled , Sadly, The CTF scene is dead . The details are very interesting and many are very insightful and important. So that's what here's what I want to share. He wrote Frontier AI has broken the open CTF format. The scoreboard does not measure human skill cleanly anymore, and the old game is not coming back. What makes me qualified to say this ? He says, I started playing CTFs in 2021, the same year I started university. My first CTF was uh H C K S Y D, a forty-eight hour solo CTF. I fully solved it and won in two hours. Oh yeah. Wow. And this makes me think, Leo, of of your capture the flag format, right? I mean it's very much I mean I mean of of of your advent of code. Oh yeah. Yeah. Yeah . So he said, so he solved this 48-hour solo CTF in two hours. And he said, I was completely hooked. That led me to win down under CTF, Australia's largest CTF, with team Blitzkrieg multiple times. Blitzkrieg was one of Australia's strongest teams at the time. I later joined the Hackers Crew, an international top-tier team that was consistently ranked highly on CTF time , the main global ranking and event calendar the scene uses as its scoreboard. With them, I completed Ied compet in some of the most prestigious CTFs in the world, consistently placing well within the top 10 until the end of 202 5 . I'm not saying this because I dislike CTFs. I'm saying it because CTFs were the thing that made me fall in love with security. They taught me how to learn, gave me a way to measure myself, and introduced me to many of the people I respect most in the field. Watching people pretend the format is still fine is frustrating because the old game is not there anymore. And Leo, if you think about online chess and cheating, it's the same idea. Same thing. So he says, what changed? He says as AI tools ramped up in capability, especially when GPT four first came out, a significant percentage of medium difficulty CTF challenges started becoming one-shotta ble, meaning a single prompt from a user could produce the solve and flag. You could paste a cryptography challenge into ChatGPT, come back in 10 minutes, and have the solution. At the time, we didn't think too much of it. Hard challenges went mostly untouched, and the time save was not large enough to ruin the competition. CTF players have always used tools. The issue is when the model does the reasoning, writes the solve, and leaves the human with nothing meaningful to do besides copy the flag . Enter Claude Opus four point five. When Opus four point five dropped, the tone changed. Almost every medium difficulty challenge and some hard challenges became agent solvable. Clawed code packaged everything into a CLI and made it easy to connect other CLI and N MCP tools. It became trivial to build an orchestrator that used the CTFD API to spin up a Claude instance for every challenge. You could let the system run for the first hour, then only start working on whatever was left. That changed the game. Teams that refused to use AI were not just missing a convenience, they were playing a slower version of the competition. Open online CTFs started becoming a question of how quickly you could autom ate the easy and medium work, then how much human attention you had left for the hardest challenges. The scoreboard started measuring orchestration and willingness to use frontier models along with and sometimes instead of security skills. The effects were obvious. The CTF Time Leader Board started feeling wrong . Some legendary teams that were consistently near the top appeared less often. Player activity felt lower. Challenge developers who treated CT Fs as an art form had less reason to spend weeks building something beautiful if it was going to be beaten by an agent in minutes. Yeah, why create a puzzle? Let me can I just show you? Because I think uh I didn't really understand what CTFs were. So I asked my uh uh AI to give me an example of a beginner CTF, and this is a web page, the difficulty is very easy. And I think everybody in our audience would be able to do this. Find the flag. So you're given a webpage. Now here's the HTML code. And you can see hidden in a comment is the flag. Okay. So the question would be what's the flag? And it it'd be pretty simple to solve. You'd right-click the page, view page source, and then you'd find the comment. So that's a very simple example of the kinds of challenges these are, just to just to make it clearer what we're looking at. Right. Right. So then he says, on top of what I just shared, he said, then GPT 5.5 sealed the deal. He said, I've been working heavily with GPT 5.5 and GPT 5.5 Pro after launch. By benchmark metrics, 5.5 is close to Claude Mythos capability, and Pro likely surpasses it. These models can one-shot what he calls insane level difficult insane that that that that's like a a skill level insane level diffic one these models can one shot insane level difficulty , active leakless , heap pwn challenges on hack the box. They can solve a large portion of what a smaller CTF organizer can realistically produce. If you orchestrate pro against insane challenges in a 48-hour CTF, there's a good chance you get the flag before the event ends. That makes Open CTFs pay to win. The more tokens, yes, the more tokens you can throw at a competition, the faster you can burn down the board . Specialized cybersecurity models like alias one by alias robotics are becoming less relevant compared to general frontier LLMs. The competition is turning into who can afford to run enough agents with enough context for long enough . CTFs feel much more like a cheesable mess than a competition. Your performance in a CTF no longer defines your skill the way it used to. Recruiting security practitioners by CTF performance is becoming less meaningful. It's not even a particularly good measure of AI skill because most of the orchestration needed for CTFs is already open source or vibe codable . So what's the beg inners are fine take? I have seen serious takes that beginners can still learn from CTFs as they always have. These takes miss the scoreboard. CTFs were not just a set of puzzles, they were a ladder. Even as a beginner, you had something to climb. You could see yourself improve, solve more challenges, place higher, join better teams, and become more competitive over time. That feedback loop is breaking. If the visible scoreboard is dominated by teams using AI , a beginner is pushing toward using AI. Sorry, a beginner is pushed toward using AI before they have built the instincts, the AI is replacing. That is an anti-pattern. It prevents active learning. An active struggle is the bit that actually teaches you something It's also completely demotivating to put in real effort and see no visible progress because the ladder above you has been autom ated. It also changes what challenges authors want to build. If beginner CTFs become another place where people quietly paste prompts and climb a scoreboard, authors have more reason to put their effort into At least on platforms like PicoGym and Hack the Box, the expectation is education, and beginners are less incentivized to cheat themselves out of learning. Beginners are better off using PicoGym, hack the box, and other lab environments where the point is actually learning instead of pretending the public scoreboard still reflects human growth. So CTF isn't dead? I've seen some some hopium posts. I love the word hopium. Some hopium posts They often point at CTFs like DEF CON to argue that AI still cannot solve everything. That's true, but it's the wrong defense. The hardest top tier finals have very few participants, and they're usually gated behind qualifiers that are easier than the finals themselves. If those qualifiers fall to age, meaning qualifying for to to to to compete in the final, uh, if those qualifiers fall to agents, fewer genuinely qualified people reach the challenges that still resist AI. A tiny number of elite finals does not save the open online format that most people actually play. The claim is not that every challenge is solved. The claim is that enough of the scoreboard has been automated that the scoreboard no longer What about the AI is useful for security research take? He says CTFs were never meant to be security research. They can showcase new and interesting techniques, but the CTF itself is not the point of discovery. Just because AI is useful within a field does not mean it belongs in the competitive landscape of that field. In CTFs, unrestricted AI removes the human from the puzzle almost entirely and reduces the art of security to a prompt. Sure, LLMs will keep getting better at security as long as CTFs are around. But that does not mean the competitive format is is being stripped away. What about the LLMs are chess engines for cybertake? He says chess has been dominated by computers for well over a decade. People use chess engines as an analogy for LLMs in CTFs, but they miss the point. Chess engines are not allowed during competitive play. Right. That would take all the fun out of it. What's the exactly? What's the point? What's the point? They're yeah, they're used for analysis, training, commentary, and practice. They enrich the game around the competition without replacing the person competing. Imagine giving every competitive chess player the best chess engine and letting them use it freely during matches. Would that be considered fair? Would it be fun to watch? Would it justify prize pools? Would it push the human limits of what could be achieved in chess? The same questions apply to CTFs and organiz ers cannot fight back. CTF organiz ers have tried techniques to break or deter LLM solutions, but they're temporary friction at best . Clawed code does not meaningfully care about old refusal string tricks anymore. Frontier models are getting better at noticing prompt injections, web search capabilities weaken challenges based on technologies released after the training cutoff. Rules that ask people not to use LLMs are ignored and almost impossible to enforce in open online events. That leaves organiz ers in a bad position. If they make formal if they make normal challenges, agents solve too much. If they make challenges deliberately hostile to agents, the challenges often become guessy, over engineered, or unpleasant for humans too. That's not a real fix . It just makes CTFs worse for everyone . Okay, and so what about just adjust adapt, bro ? He says this take is infuriating. People, I have always looked up to in the community have said it. Just adapt, bro . To me, it's completely nonsensical unless you explain what we are adapting into. If adapt ation means building better tooling, CTF players already did that. If adaptation means writing harder challenges, organiz ers already tried that. If adaptation means accepting that the scoreboard is now an AI orchestration benchmark, then we should say that honestly instead of pretending the old competition still exists. Even if organiz ers create guessier or more over engineered challenges that current LLMs cannot solve, there are no good paths for players to learn the required skills while staying competitive. A few models from now, that point may be irrelevant anyway, meaning it's gonna keep getting better and better and kill that off. The trajectory of LLM security capabil ity is moving too quickly for challenge design to stay ahead for long . So what's the aftermath ? The scene that grew my love for CTFs is emptying out. The CTF Time Leaderboard has almost no semblance of history or human skill anymore. The twenty twenty-six scoreboard is unrecognizable compared to every year before it. Teams either do not play, play with far fewer people, or struggle to cut into the top ten . Unregulated cheating is through the roof. Some of the best CTFs, like plaid CTF, are not even running anymore. These sentiments are not only mine. Many members of my local team, EMU exploit, feel similarly. These are people who consistently attend The International Cybersecurity Championship, perform at the top level in bug bounty programs, compete in Pwn to Own, and present at conferences like Black Hat. The people losing interest are not casual observers. They are exactly the kind of people the scene used to produce and retain. The fun of CTF ing is gone for many of the people who cared the most. The loss is not just a scoreboard. It's the latter from beginner curiosity to elite competition. It's the craft of challenge design. It's the feeling that a clever human solved something difficult because they understood it deeply. That legacy is not being carried forward by online CTFs in their current form. The format is dead. Something else may replace it, but pretending nothing fundamental has changed only makes the loss harder to talk about honestly. It also gives AI shills more room to capitalize on the decline by selling mediocre wrapped back to the community that made the training data valuable in the first place . So what now ? While a lot of what's happening in the CTF AI space is super commer cialized and out of our control. CTF has had a hugely positive impact on the industry. I have met so many kind, smart, and passionate people through CTF s. I've played some of the most beautifully crafted challenges and found some of the most intriguing unintended solutions. The community around CTFing has been an amazing place to learn, grow, and connect. That's something we should not lose, no matter where the competition goes. As a community, we should strive to stay together To stay passionate and keep learning. Security adjacent social events like sec talks, student conferences, and local meetups are great ways to stay connected and stay involved. Learning platforms and the communities they provide through platforms like Discord are also a valuable resource. While it may be a struggle to find an alternative to what we had, the amazing community we've built around it is more important now than ever as we find new ways to keep the competitive spirit alive . So what's what's really happened here is that sadly, the truth is AI killed something. And it's, you know, it's gonna kill a bunch of jobs. That's true . And it's killed a competition where what it happens to be engineered to do is what humans were competing with each other for. So I you know, I I think we all need to to deeply understand, appreciate and intern alize the real ity that the entire field of software security, as we have always known it, has been forever changed this year. Mozilla knows this. Daniel Stenberg knows this. Kabir, whose mourning the death of his beloved and supremely valuable capture the flag training competitions, knows this. Pwn to own will die, the software bounty industry will dry up and bless their hearts zerodium the firm that purchases zero days for resale to undisclose dark parties will probably also blessedly die. All of the many various enterprises that have been built up over time as a side effect response to the fact that we've been able to easily create software systems that were too complex for us to fully understand are likely to fall into the dustbin of history. It is what it is. There's no point in mourning it. It's gonna happen because now that for the first time ever we can have secure software, that's what we're gonna have. What we're not going to have going forward is anything that exists solely because software has vulnerabilities. It is it's interesting. Uh we've been talking and I've been thinking about our advent of code code challenges. Yeah. And you know, already last year it was truncated, and I have a feeling this year it's not going to exist at all because it's just way too easy to one-shot it. Yeah. And I don't know if he could write them. He's very clever. Uh, the guy who does these. I don't know, though, if it's possible to write a coding challenge it can't be solved at this point. There are there are books of chess puzzles, right? Where like you you you there's a board with pieces on it and it said, you know, m mate in seven or something. Oh, they're all easily solved. Yeah. Yeah. It's it's over. You know, well, I mean, first of all, chess is computable. So it's done. It's solved. Yeah. They every position. In fact, there are now and soft software is also computable. Sure. It's deterministic, it's the same thing. Yes. Yes. Yeah. Uh there are many, many more. There are many more uh variations in software, but yeah, I don't think it's any different. There are now books that weren't when I was uh coming up as a chess player, but there are now books with thousands and thousands of positions, uh, particularly in the endgame, that are just solved. They're known. And it's like if you get to this position, it's done. And uh I mean, it's just changed everything in chess. But what it hasn't changed, and it's uh I'm actually relieved a little bit, is the fun and the challenge of playing head to head without an AR. Yes. Yes . Yes. You still can play a game. Even though you know if you had a machine on the other side, you'd lose. And even if you're the best player in the world, you would lose. Well, and we know that you could take a pick, you could take a picture of uh of a crossword puzzle and drop it into AI and it would fill it out. You know, yeah, that's actually somewhat spoiled Scrabble games because it's really trivial to cheat at Scrabble now. It's but the here's the difference. You kind of can tell if somebody's cheating. Actually, you can even tell if you're cheating at chess, because even though that might be the best move, it's not a human move. Ah, right. So there's a slight, like this is a little odd. I uh I actually went back to the AI and said, okay, now give me a hard capture the flag one. Oh. And I thought this was kind of interesting. I suspect you would be able to solve this very quickly. Well, maybe not quickly, but uh uh uh I'll I'll give you the harder example. I won't I have the solution, I'll just and I even have some hints, but uh but this is an example of uh what at least my AI thinks is a is a more difficult and you could see the value of doing this by the way. Um let me see I have to do this to get that to show up. There we go. It's called Reused Once. It's a crypto challenge, hard. Yep. The theme is ECDSA nonce . Actually, that's a pretty big hint. Nonce reuse. Nonce reuse. Yeah. Forge an admin signature. So here's uh a login uh service sign you signs user tokens using actis uh over blah blah the developers claim uh ECDSA is unbreakable. We use SHA 256. Good luck. However, you have intercepted two signed user tokens and notice something odd. Here's token number one . And here's token number two. The signature on these . W, theell R value, I don't know what R and S are, but the R value is the same on both of them. Yep. Re used nonce. Uh-oh So the the uh goal in this is to forge a valid signature for this user if the verifier accepts to yeah to actually do the math to determine what the key is. And because if you got this on an SAT, you would plot because the math is complicated. ECDSA signatures are computed as this, where D is the private key, K is the per signature, nonce. Ah, here's the thing. We've got a repeated K so we can solve for Z . Recover the private key and forge an admin signature. You have to be pretty sharp to do this. No, you have to really understand where this stuff comes from and how this stuff works. And why you can't reuse an an elliptic curve DSA signature . Very good. Yeah. And so you've learned something by doing this. Of course, you had to know something. And and and that was Cabir's point, is that that the you know struggling against these puzzles were incredibly valuable. It's it yes, you you had to d you know, reach out and extend and and stretch yourself in order to understand what was going on and uh AI killed it a you know ai killed chess ai has now killed uh capture the flag and the good news is ai is gonna kill bugs in our software so I would say it's worth it. I think it was a fair trade. And you could still do capture the flag if you said you're not allowed to consult AI. And that's the problem. In in uh in a global tournament, there are going to be weenies who are going to who are going to cheat. You know? it It''ss exactly the same in chess. Online chess. Yes. Online chess is eminently cheatable. In person, head to head chess, much more difficult. You have to have some sort of vibrating device on your body, but uh but not not so easy not so hard in in your online. There's a lot of trust basically that you have to do when you play online. And unfortunately uh And an understanding that the fun is playing the game, not having some machine solve it for you. Yep . Well, uh and that's why I coded an assembly language, by the way. Yes. The fun is in solving the problem. It's in doing it. It's fun. And so advent of code will still be fun. The leaderboards are meaningless now because somebody will solve it in seconds using an AI. Um, but if if you are doing it with your friends and you trust your friends not to do that, or you know, that that's really the way to s fix the problem is remove the leaderboards. R completely competition. Yeah. He removed the leaderboards last year. You can still have a private leaderboard. We do, we have a Twit leaderboard. Uh and there's a m um yeah, you know, we know each other, so there's a uh a level of trust there. Um nevertheless, you know, even last year uh there were some things actually I found it AI could also be useful for learning. And there were some things that uh I I had no idea how to solve and I asked for kind of hints from AI or like, oh, I had read on Reddit there's a technique that will solve this, but I don't know what that technique is. Teach me how this works, the the remove a single digit technique. And then you would learn a new algorithm and then you can apply it. And so the AI can be used in a judicious way to help you learn too. It's fun. It's really fun, I have to say. Uh so we still do the uh advent of code Paul and and Darren and all the folks in the twit. I don't know. We might. We might. Steve Gibson, uh, you are a true sportsman, uh, an assembly language coder, and as anthropics claude tells me, uh you like to uh watch TV at night while you're sitting on your TV tray eating uh Chinese food and coating. Is that right? That's what I that's what Anthropic said. I don't know. You'll f I'll tell you what I do know. You will find Steve here every Tuesday, round about uh 130 Pacific, 430 East. Coffee mug. With his giant mug 2030 UTC. Uh we, do stream the show live, so you can actually watch us uh do it live. Somebody earlier today uh tuned in before the show began on Mac Break Weekly and we were futzing around with settings and they said, Why do you stream this ? Okay, well, you don't have to watch the stream if you don't want to see us futzing around with settings or see my internet go down, but you can if you want. Yeah, it's fun. Uh the live streams are well for the club members in the Discord. I hope you're a club member. If you're not, please, twit.tv/slash club twit makes a big difference to our bottom line, helps us do these shows. Uh advertisers do not cover the full cost by any means. Uh, but again, you get some benefits, add-free versions of the shows. There are chapter markers now, so you could s you know you can look at Steve's Rundown and go boom boom boom through the subjects you care about and don't care about. Skip all the AI discussions if you want. Uh and all you have to do is try to do that. But that at the moment that would leave very little show, but that'll change. That'll change. Twit.tv slash club uh twit. There uh you don't have to be in the club to watch the live streams on YouTube, Twitch, X.com, Facebook, LinkedIn, and Kick. Those are open to all. After the fact, of course, download shows. Now, Steve has some unique versions. He has a 16-kilobit audio file, which is designed for people with very little bandwidth, like Elaine Ferris, who is our court reporter/slash trans criptionist who takes these shows and makes amazing human curated transcripts of them? Those are also available at Steve's website. He also has a 64 kilobit audio, full fidelity audio version, all of that at GR C.com while you're there. Uh get your email whitelisted so you can send emails complaining about AI coverage to Steve directly. He'll otherwise, you know, he'll treat it as spam, but he has a magic method for validating email addresses. Go to grc.com/slash email and give them the address you want to use, not some fake address. You should also, though, look at the bottom there. There are two checkboxes for two different newsletters, the weekly show notes , which go out a couple of days before the show. Very good, complete, 20 plus pages. Everything he talks about in the show with links, illustrations, all the stuff uh you would want for further information, or let your AI digest it. Um and then below that there's another checkbox for his very infrequent new product mailing list. When there's something new from Steve, uh he will send you an email. He's sent out two so far. Or something like that. I think R C dot com one. He's only sent out one in his whole life. Just j just announcing spin write six one. Yep . So uh that's pretty one. I think it still works. I don't know. I'm gonna try it probably works. Uh there's lots of other great stuff at the website. Uh grc.com. Of course, spinwrite, the world's best mass storage, maintenance, performance, enhancing, and recovery utility. If you've got mass storage, you gotta have spin right. 6.1 is the current version. Also, uh, Steve's brand new DNS benchmark pro, which is really useful to make sure you're using the fastest DNS server for your locale. Uh, that's 9$99.9 , $.99, and worth every penny. Also lots of free stuff. He gives away free stuff all the time. Like the Shields Up tool, which more people have used to test their routers than any other thing in the whole wide world. How many milli ons of users? Hundred and eight. Hundred and eight million times. Wow. And I'm about 10 of those probably because I use it every time I set up a router. Uh lots of other stuff there. Lots of information. Grc.com. Uh, we have copies of the show, audio and video. That's our unique slice on it. We have video as well at twit.tv/slash sn. There is also a YouTube channel dedicated to the video, great way to share clips uh of the show. you want If to share that with somebody else, help us spread the word. That's very nice. And you can also subscribe in your favorite podcast client and get it as soon as we're done. Automagically sent to your device for listening at your leis ure. Thank you, Steve. Have a wonderful week. And we'll see y'all next time, next time on Security Now. Ride oh bye. Hi there, Leo Laporte here. I just wanted to let you know about some of the other shows we do on this network. You probably already know about this week on tech. Every Sunday, I bring together some of the top journalists in the tech field to talk about the tech stories. It's a wonderful chance for you to keep up on what's going on with tech, plus be entertained by some very bright and fun minds. I hope you'll tune in every Sunday for This Week in Tech, just go to your favorite podcast client and subscribe, This Week in Tech from the TWIT Netw Thank you. Security now
This excerpt was generated by Smart Features
Listen to Security Now (Audio) in Podtastic
For listeners, not advertisers
All podcast names and trademarks are the property of their respective owners. Podcasts listed on Podtastic are publicly available shows distributed via RSS. Podtastic does not endorse nor is endorsed by any podcast or podcast creator listed in this directory.