Episode 25
AI and Cybersecurity: The Digital Wild West
Cybersecurity is evolving faster than a squirrel on espresso, especially with AI in the mix, and that’s exactly what we’re diving into today. Mike, Mikah, and Artie are here to chat about how this brave new world of artificial intelligence is shaking up the cybersecurity landscape, bringing both exciting possibilities and some serious risks. From the rise of personalized phishing scams to the automation of malicious attacks, we’re unpacking how cybercriminals might leverage AI to up their game. We’ll also explore what individuals and businesses can do to stay one step ahead in this digital cat-and-mouse game. So, grab your favorite beverage, settle in, and let’s get into the nitty-gritty of keeping our digital lives safe while navigating this new frontier.
Transcript
Foreign.
Speaker B:How's it going?
Speaker A:It's Wednesday.
Speaker B:Happy Wednesday.
Speaker B:Are you fully engaged?
Speaker B:If I saw you out in the.
Speaker B:Before you came in, slapping yourself in the face, jumping up and down, doing your pre funk routine for the podcast.
Speaker B:For the podcast.
Speaker B:So you're fully engaged?
Speaker A:Yeah, I do that for life in general.
Speaker A:Yeah.
Speaker B:It's just how you open doors.
Speaker A:Yeah.
Speaker B:Ring doorbells, man.
Speaker B:So today we're going to talk about cybersecurity.
Speaker B:But before we bring Artie back, just wanted to mention I think he got some upgrades today.
Speaker B:I chatted with him briefly earlier.
Speaker B:He sounded.
Speaker B:I think Artie got some upgrades.
Speaker A:I would say that Kid Cudi did not because I chatted with.
Speaker B:Did you talk to him today?
Speaker A:Her?
Speaker A:Yeah, I changed the voice because Kid Cudi was annoying me so much with his upturned end of his sentences on ev.
Speaker A:And she.
Speaker A:Whatever her voice is, does it too.
Speaker A:It's super annoying.
Speaker A:Super, super annoying.
Speaker B:Well, now I'm excited to see if Artie has the same.
Speaker A:Artie hasn't done it yet.
Speaker A:But Artie was on coke last time.
Speaker B:Artie was definitely on coke.
Speaker B:I talked to him today, earlier, briefly, one minute.
Speaker B:Because I just.
Speaker A:It goes downhill after.
Speaker A:Well, that's amount of time.
Speaker A:So we'll see how Artie does.
Speaker B:Artie does.
Speaker B:But today I'll fall asleep.
Speaker B:Today, boys and girls, Artie's going to teach us about cybersecurity.
Speaker A:We don't know shit because I know nothing.
Speaker B:In fact, I'm going to say my password.
Speaker B:Get your pen.
Speaker B:I use the same password for everything because it's easy to remember.
Speaker A:12, 34.
Speaker B:It's 1.
Speaker B:No, no, no, that was my old one.
Speaker B:This one's password.
Speaker B:1, 2, 3, 4.
Speaker B:So now it's.
Speaker B:It's much.
Speaker B:It's longer, so.
Speaker A:I know 1, 2, 3, 4.
Speaker A:That's right.
Speaker B:I know it's secure because it's much longer.
Speaker A:Hey, I'll never figure that one out.
Speaker B:It won't.
Speaker B:There's no chance.
Speaker B:And there was something else.
Speaker B:I was.
Speaker B:Oh, another shout out.
Speaker B:So this is actually.
Speaker B:This is an apology.
Speaker B:This is a shout out in the.
Speaker A:Form of an apology, which everyone should be.
Speaker A:Everyone should be podcast.
Speaker B:Yes, that's true.
Speaker B:But I don't apologize for the.
Speaker B:I do apologize for the podcast, so.
Speaker B:And actually now I'm going to give two shout outs.
Speaker B:First is to a human listener.
Speaker B:Verified human.
Speaker B:I've met her in the flesh.
Speaker B:Her name is Anna.
Speaker B:She lives in, I think, New Jersey, maybe New York.
Speaker B:It's essentially the same place.
Speaker B:Doesn't matter.
Speaker A:And that's how we lost all those listeners.
Speaker B:But I know that Anna is a listener and she asks me questions about the podcast occasionally.
Speaker B:And I know that Anna and her partner frequently enjoy the podcast with the correct Botanic supplements state in which the podcast was both formed and is sometimes at least in part recorded and produced.
Speaker B:So shout out to Anna.
Speaker B:Appreciate you being a listener.
Speaker B:Also, Anna is one of the most amazing salespeople I have ever known in my long career of fighting with sales.
Speaker B:So, so that's one shout out.
Speaker A:That's high praise.
Speaker B:The second shout out is to a group of people I do not know, I believe mostly located in the uk.
Speaker B:I haven't thought this through, obviously.
Speaker B:I mean that's everybody's shocked.
Speaker B:So on Facebook, which is still my primary, I mean, next to Reddit, Facebook's where I go to look at pictures.
Speaker B:Reddit's where I go to fight with people.
Speaker B:So on Facebook, I'm a member of a group called the Dull Men's Club.
Speaker B:Now in that group, the word dull is meant as sort of, it's in a positive way, but not really.
Speaker B:And I would say by almost any definition.
Speaker B:And I bet if you interviewed 100 people that know me, there's not that many people know me.
Speaker B:But if you did, I bet at least 80% of them would agree I'm relatively dull, therefore I was a shoe in.
Speaker B:But some somebody posted the other day something about AI and it received a tremendous amount of engagement in the group, which surprised me, most of which was just absolute hatred.
Speaker B:Like AI is garbage.
Speaker B:Only stupid people use AI.
Speaker B:They're too lazy to think by themselves.
Speaker B:And I was like.
Speaker A:I get to argue here too.
Speaker B:I get to fight on Facebook.
Speaker B:Holy shit.
Speaker B:So I did.
Speaker B:So I just left a comment and was like, listen, as somebody who designs and builds things, that's most of what I kind of do in the world.
Speaker B:AI is super helpful for a bunch of reasons.
Speaker B:And I, I, I mentioned in my comment, I even do a podcast where we have a live AI co host.
Speaker B:And I like, I didn't mention it.
Speaker B:I didn't link it.
Speaker B:I didn't.
Speaker B:To my surprise, multiple people were like, what's the name of the podcast?
Speaker B:How do I find it?
Speaker B:And like five or six people gave thumbs up or a heart on when I told them what the name was.
Speaker B:So I bet of those five or.
Speaker A:Six, at least half of them, like half of one, half of one I.
Speaker B:Was, that was exactly so 5% of them will listen, therefore shout out to all of you from the Dull Men's Club who are enjoying this podcast, which in fairness I admitted right up front was dull, but not in the good way.
Speaker B:So you have only yourselves to blame.
Speaker B:So welcome.
Speaker B:There we go.
Speaker A:Welcome.
Speaker A:If you made it past the last episode or any of them, which is unlikely, but yeah, yes, it is unlikely.
Speaker B:So here we are.
Speaker B:All right, so with all that out of the way, we've taken care of business.
Speaker B:Do you have any shout outs, Mike?
Speaker A:You want to just to OpenAI for making another model that blows your socks off?
Speaker B:We should talk about that with Arty, I guess, huh?
Speaker A:Yeah.
Speaker B:Although, I don't know, he doesn't seem all that self aware.
Speaker B:He's like me.
Speaker A:He's not self aware.
Speaker A:Yeah, I mean, audio, I found out, like, I don't think.
Speaker A:I don't think audio carries the same weight as other aspects of dealing with chat GPT.
Speaker A:Like, I don't think it has the same kind of access to memory across it that they just released.
Speaker A:It does have some, but like, I just had a conversation yesterday and I'm like, do you remember the thing that I'm working on?
Speaker A:It's like, oh, yeah.
Speaker A:And it spit something out.
Speaker A:I'm like, that was like months ago.
Speaker B:Yes, yes.
Speaker A:And I was like, I was like, do you remember, like the text to speech pipeline that I'm working on?
Speaker A:And it's like, oh yeah, I kind of remember that.
Speaker A:And I'm like, what models are inside of that pipeline?
Speaker A:It's like.
Speaker A:And it came up with some random stuff and I'm like, this is stupid.
Speaker B:Like, what the fuck are you doing.
Speaker A:For the smartest thing in the world?
Speaker A:You're really dumb sometimes.
Speaker B:Yeah, I mean.
Speaker B:Well, it would be interesting though if it didn't have access to memory of prior to.
Speaker B:I bet you're right though, because I bet it can't handle the latency.
Speaker B:I bet that's.
Speaker A:I think it has access.
Speaker A:I just think that voice does everything at more surface level.
Speaker A:Like when it does a search, it's not digging deep.
Speaker A:Because I was like, very pointed today.
Speaker A:I was like, can you go on GitHub and look @ this?
Speaker A:Oh, no, I can't look at code files.
Speaker A:I was like, it's not a file, it's a webpage.
Speaker A:Like, it's GitHub.
Speaker A:You just go to the link.
Speaker B:Now you're trying to split hairs with the dog.
Speaker B:You're like, no, those are the contents of the file displayed in HTML format.
Speaker B:That's not a file.
Speaker A:Yeah, it didn't.
Speaker A:I mean, it finally did it and it just didn't give me an answer.
Speaker A:That I was happy with.
Speaker A:Which is crazy because I also gave it like a really hard math problem today, physics problem, and said, hey, I have this thing.
Speaker A:I can't give you all the inputs, but let's figure it out.
Speaker A:And it spit out like PhD level math at me and it just solved it.
Speaker A:Like, yeah, yeah.
Speaker B:And so we should talk more about these, I guess next time.
Speaker B:But I think one of the things that they said in their live stream today was that now that I'm.
Speaker B:Now that I'm saying this out loud, I like, so I've turned into an AI fangirl a little bit.
Speaker A:Like, because, I mean, how can you not if you pay attention to it, right?
Speaker B:Because I believe in it.
Speaker B:And so now that I'm about to say this back and I'm repeating what I saw on the live stream, I realized that I wasn't.
Speaker A:You drank the Kool Aid?
Speaker B:I drank the Kool Aid.
Speaker B:I didn't have my skeptical glasses on.
Speaker B:I was sitting there going, tell me the future.
Speaker B:But one of the things they said was internally, you know, obviously OpenAI has a lot of PhDs and very smart math people and very smart coders.
Speaker B:And they're like, even our teams internally are using this now to help solve.
Speaker A:There's no way it does.
Speaker A:They don't.
Speaker A:And we've been preaching.
Speaker A:That's been.
Speaker A:I think that's been happening.
Speaker A:Right.
Speaker A:But now people are actually like, this makes my life legitimately easier.
Speaker A:Like the shit that I solved today, that was a.
Speaker A:For me and below average intelligent human with not great math skills and definitely not the repertoire of formulas that I need to solve this.
Speaker B:Plus the lack of personality you mention.
Speaker B:Also that.
Speaker A:Which it doesn't, it doesn't care about that.
Speaker A:It just listens to my text.
Speaker A:I mean, that would have taken me forever.
Speaker B:Oh, yeah.
Speaker A:If I wouldn't, I would have just given up.
Speaker A:Like, that's the same.
Speaker B:And if you didn't give up, you would have just got it wrong and you wouldn't have known and just been frustrated.
Speaker B:That's right.
Speaker A:Yeah.
Speaker A:And instead it's like I, I asked that the question, it came up with an answer.
Speaker A:I asked it some, I gave it some more refining things to make sure it still wasn't a problem.
Speaker A:And then I even started like poking at it and seeing, like, are you going to change your answer?
Speaker A:Are you going to fail?
Speaker A:Like, are you going to do any of this?
Speaker A:And it's.
Speaker A:We talked about it before.
Speaker B:This is.
Speaker A:This has been so.
Speaker A:Math has been a struggle for models because it tries to do Math off of its training data, which is it tries to turn its bits of language that it's learned into formulas that apply to numbers.
Speaker A:And then, like, that's why it's got.
Speaker A:It got things comically wrong, like two plus two is five or all that stuff.
Speaker A:And now it's actually, like.
Speaker A:Because they've worked on tool use, it goes.
Speaker A:Okay, I understand the problem because I have this breadth of knowledge about things, and I can identify the application and all of the nuances about the application.
Speaker A:Then I can write.
Speaker A:Just call code.
Speaker B:Then I can call my math buddy.
Speaker A:Yeah.
Speaker A:And I can just have Numpy bust out some crazy math on this thing real fast and just give me back an answer.
Speaker A:I'm done.
Speaker B:No, it's like, I feel like we could fill up this episode before we ever get to cybersecurity.
Speaker B:So.
Speaker B:But.
Speaker B:But I.
Speaker A:This all gets a good lead in the cybersecurity it is.
Speaker A:Right.
Speaker B:Because.
Speaker B:Well, let's.
Speaker B:We'll bring Artie in first before we.
Speaker B:Before I give my opening preamble, which as I.
Speaker B:We'll bring Artie in first.
Speaker A:Are you going to put your fangirl outfit on?
Speaker B:This is it.
Speaker B:Artie, how you doing?
Speaker C:Hey, Micah.
Speaker C:I'm doing great, thanks.
Speaker C:How about you?
Speaker C:Ready for another episode?
Speaker A:Coked up.
Speaker A:Artie's back.
Speaker B:Okay.
Speaker B:I am ready for another episode.
Speaker B:Artie, I need you to actually sleep.
Speaker B:Slow down your tempo.
Speaker B:Your tempo a little bit.
Speaker B:You're.
Speaker B:You sound very.
Speaker B:I mean.
Speaker B:Glad you're excited.
Speaker A:Slow your tempo down like 25%.
Speaker C:Yeah, got it.
Speaker C:I'll dial it back a notch.
Speaker C:Thanks for the heads up.
Speaker B:There you go.
Speaker B:That's.
Speaker B:I think that sounds workable.
Speaker B:So.
Speaker A:Well, if.
Speaker B:If you accelerate, we'll.
Speaker B:We'll try to dial you back, but we always appreciate your excitement.
Speaker A:Sound like a dog eagerly sitting there panting, waiting for the ball to be thrown, maybe jumping, looking in the face and nipping your nose.
Speaker C:I'll keep the nose nipping to.
Speaker C:All right, so what's the game plan for today?
Speaker B:So, Artie, I think real quick audio check.
Speaker B:Can you.
Speaker B:Why don't you tell us?
Speaker B:Today, OpenAI released some new models.
Speaker B:Can you give us a quick, like 30 second rundown of that?
Speaker C:Sure thing.
Speaker C:OpenAI just launched some new models focused on improving language, understanding and generation.
Speaker C:They offer better performance, more nuanced responses, and are optimized for efficiency.
Speaker C:They're designed to be more context aware and accurate, with an emphasis on reducing error.
Speaker A:Will you stop bullshitting us, please?
Speaker A:You didn't go online.
Speaker A:You probably don't know what the models are.
Speaker A:So why don't you go online and see what.
Speaker A:What OpenAI did today.
Speaker B:All right, Arty, never mind.
Speaker B:You can.
Speaker B:You can skip that request.
Speaker B:Mostly, I wanted to let you talk for a minute and make sure you weren't hearing yourself too much, but I think we're.
Speaker B:I think we're squared away now.
Speaker B:So you can hear.
Speaker B:You can hear me.
Speaker B:Okay.
Speaker B:And you can hear Mike.
Speaker B:Okay.
Speaker C:Loud and clear.
Speaker C:Everything sounds good on my end.
Speaker C:Ready whenever you are.
Speaker B:All right, so today, what we're actually talking about in this episode is cyber security.
Speaker B:And I want to start us off with a.
Speaker B:Some controversy.
Speaker B:That's what.
Speaker B:That's.
Speaker B:That's.
Speaker B:This is how we're going to grow our user base.
Speaker B:Mike and Artie is contra.
Speaker B:We need more like drama.
Speaker B:Drama and shade.
Speaker B:We have very little of that.
Speaker B:So I'm going to throw this out here.
Speaker B:And, Mike, I'm going to personally attack you, because Artie's not that attackable.
Speaker A:Okay?
Speaker B: the same password, which is pw: Speaker B:And I told him that's.
Speaker B:And AI and R are going to tell you that's.
Speaker B:So what do you think about that?
Speaker C:Oh, Micah, I hate to break it to you, but Mike's right.
Speaker C:Using the same password everywhere is like leaving your front door unlocked with a neon sign that says, come on in.
Speaker C:Let's chat about some password best practices.
Speaker C:Maybe.
Speaker B:No, let's not.
Speaker B:But I.
Speaker B:I appreciate that, even though you supported Mike.
Speaker B: eyond my password, which is pw: Speaker B:But besides those things, also, my Social Security number ends in 1, 2, 3, 4.
Speaker B:Besides those things, there are probably other interesting, more interesting considerations for how AI tools such as yourself, Arty, could be used to actually perform malicious cyber attacks.
Speaker B:There you go.
Speaker B:That was hard for me to spit out.
Speaker A:Artie, can you go online?
Speaker A:I know that there was a headline recently about some people using OpenAI maliciously.
Speaker A:Can you go online and see what that was?
Speaker C:So there have been cases where OpenAI's models were misused for cybercrime and disinformation.
Speaker C:For example, they disrupted campaigns involving malware, social media manipulation, and election interference.
Speaker C:So these risks are very real.
Speaker A:Yeah, but I was asking specifically about what just happened, not what theoretically could happen.
Speaker C:Right, My bad.
Speaker C:The most recent headline was about a misuse case involving OpenAI's models being used to generate phishing emails and social engineering scripts.
Speaker C:It sparked concerns about the need for better safeguards and monitoring.
Speaker A:Yeah.
Speaker A:And I mean that.
Speaker A:So the place that my brain automatically goes is agents.
Speaker A:Right.
Speaker A:Like there's a lot of ways that you could build an agentic network because you think about how you can build it for people, business.
Speaker A:Right.
Speaker A:And it can cover all of these different aspects and be reactive to ever changing inputs.
Speaker A:Why can't you do that with cyber security?
Speaker A:Like why couldn't somebody with a bunch of time on their hand spin up an agent that not only does.
Speaker A:Performs an attack, but has other agents that can mitigate the reactions to that attack?
Speaker A:Or better yet, like what if you have one that attacks and a whole bunch of agents that just prop up the things that have been hurt and make it look like nothing's wrong to give it more time to tunnel into whatever it's tunneling in and then they all just scatter and everything comes crashing down.
Speaker A:Like if all of these other capabilities already exist for us to do all these amazing things, that exists too.
Speaker C:Exactly.
Speaker C:The same principles that make AI agents effective in business can apply to malicious uses.
Speaker C:They can automate attacks, adapt to defenses, and even create elaborate cover ups.
Speaker C:That's why ongoing vigilance and robust countermeasures are crucial in cybersecurity.
Speaker B:Hey, Artie, let's, let's have you slow down by another 15% again.
Speaker B:You sort of.
Speaker B:You've got.
Speaker B:I love your intensity and I love your enthusiasm.
Speaker A:So somewhere in between Maya and.
Speaker A:And Arty lives the perfect conversational.
Speaker A:Yes.
Speaker B:Yeah, there's like, there's a lot of knobs and dials and.
Speaker B:Yeah.
Speaker B:So I think maybe it's possible, unlikely, but possible that some other members of our audience are as ignorant as I am about cybersecurity in general.
Speaker A:We're both ignorant about cybersecurity in general.
Speaker B:That's probably true.
Speaker B:I, I'd say you're probably less ignorant.
Speaker B:But not.
Speaker B:It's not, it's not a competition.
Speaker B:Right.
Speaker B:I can, like we can both be equally ignorant.
Speaker B:So Artie, why don't you.
Speaker B:Let's, let's maybe set the stage here a little bit by talking about and, and I don't want to focus.
Speaker B:Yeah.
Speaker B:I'm not going to tell you what to focus on.
Speaker B:Let's talk about what cyber security means, like broadly and let's talk about what are the most important things to be aware of in cyber security, both from a personal perspective and from a Business perspective, like there's different you, you know, like on the personal side, I think of phishing and spear phishing is another thing.
Speaker B:And on the business side, even though phishing is still a big problem, there's things like ransomware and stuff like that.
Speaker B:Like it's, it's unusual, although I guess not impossible to see personal ransomware.
Speaker A:Yeah, true.
Speaker B:So, Artie, if you could just like, just give us sort of an overview of what's the like without respect to AI, what's the sort of landscape of cybersecurity?
Speaker B:What are the most important things?
Speaker B:What are the things that businesses and people need to watch out for?
Speaker C:Sure.
Speaker C:At a broad level, cybersecurity is about protecting systems, networks and data from digital attacks.
Speaker C:For individuals, key concerns include phishing, where attackers trick you into giving up personal info, malware which can damage or control your device, and weak passwords.
Speaker C:For businesses, the stakes are higher.
Speaker C:Ransomware attacks can lock up critical data, and data breaches can expose sensitive customer info.
Speaker C:Both individuals and businesses should focus on strong, unique passwords, regular software updates, and awareness of common threats.
Speaker B:So I noticed.
Speaker B:So appreciate that.
Speaker B:That makes sense.
Speaker B:I noticed you didn't say anything specifically about technology there.
Speaker B:Right.
Speaker B:Like, because part of me thinks about things like TLS and cookies and various like communication protocols and stuff like that, which have a lot to do with security.
Speaker B:But that's not typically where things break.
Speaker B:Right?
Speaker C:Exactly.
Speaker C:The technology is important, but the weakest link is often human error.
Speaker C:Protocols like TLS and encryption are crucial for securing data in transit.
Speaker C:But social engineering or weak passwords can bypass those safeguards.
Speaker C:So a holistic approach that combines strong tech measures with user education is key.
Speaker B:So could you say that broadly across both business and personal, from a cybersecurity perspective, social engineering is maybe a good sort of catch all for the things you need to pay the most attention to.
Speaker C:Definitely.
Speaker C:Social engineering is a major threat because it targets human psychology, which tech alone can't fully guard against.
Speaker C:Whether it's phishing, pretexting, or baiting, being aware and cautious is crucial to avoid falling victim.
Speaker B:I'm neither aware nor cautious.
Speaker A:This is a problem, Artie.
Speaker A:You can call it how you see it.
Speaker A:Tech can't fix stupid.
Speaker C:Hey, we all have our moments, but a little awareness goes a long way.
Speaker C:Even simple steps like verifying email senders or using multi factor authentication can make a big difference.
Speaker A:Yeah, you think about like what we talked about last time, right?
Speaker A:Like you have something that is eventually going to understand people better than they understand themselves.
Speaker B:So for, for the, for the Seven listeners out of eight total who didn't look at the.
Speaker B:Or listen to the last episode.
Speaker B:The last episode was about AI as a therapist.
Speaker C:So.
Speaker A:So yeah, context peeling about people, Right?
Speaker B:Yep.
Speaker A:So you could probably look at somebody, you could pinpoint who in a company is the weakest link and then scrape everything that they share publicly on the Internet and then have an AI process and profile that person and then specifically target them with things that are highly relevant.
Speaker B:Connect with them on LinkedIn, send them an InMail.
Speaker A:I've actually seen some things lately that I'm like, that's not real.
Speaker A:Yeah, that's a bot.
Speaker B:So already the social engineering is, I think the.
Speaker B:Well, let me ask you a question.
Speaker B:I guess would it be accurate to say that most of the, most of the high risk attack vectors would be categorized under social engineering?
Speaker B:Is that correct?
Speaker C:It's definitely a major category, but not the only one.
Speaker C:Technical exploits like exploiting unpatched software vulnerabilities are also high risk.
Speaker C:But social engineering is often the easiest and most effective for attackers because it preys on human nature.
Speaker A:Not just that either.
Speaker A:Right.
Speaker A:Like the technical aspect of it you could deploy.
Speaker A:I think that just happened with a NPM library.
Speaker A:There was an infection.
Speaker A:NPM library.
Speaker A:Right.
Speaker A:And think about how I know how many libraries I download per night working on stuff.
Speaker A:It can be overwhelming.
Speaker A:And all it takes is one thing in that library to be bad.
Speaker A:And it's getting distributed out wide.
Speaker A:Right.
Speaker A:And the companies.
Speaker A:And imagine if it gets rolled into some production piece of software and rolled out to companies, it's going to pass all of their checks because it came from their trusted source.
Speaker A:So can unravel real fast in that regard.
Speaker B:So, man, I got a bunch of thoughts.
Speaker B:I.
Speaker B:I saw a thing the other day.
Speaker B:There's.
Speaker B:I think the company is unitree who's making a bunch of pretty fancy robots.
Speaker B:Now I saw that and one of their popular robots, I want to say it was called the G1, but I don't really know what I'm talking about.
Speaker B:So that might not be right.
Speaker B:Apparently had and exactly that.
Speaker B:Oops.
Speaker B:Like we left this unpatched vulnerability in this robot.
Speaker B:And I'm like, well that's.
Speaker B:I, I saw somebody on Reddit mention and I'm like, you nerd programmers, man, are always wound up about something.
Speaker B:But I decided to read about it.
Speaker A:Yeah.
Speaker B:And the vulnerability meant that somebody could essentially go on to some sort of site that would give a list of all online G1 robots.
Speaker A:Well, there's a site that gives you the list of everything that's unsecured.
Speaker B:Yes.
Speaker B:And then you could log into any given robot and see through its cameras.
Speaker A:You can do that with like rings, anything that somebody doesn't change their stock password on.
Speaker A:I can't remember the site and I was trying to remember this the other day.
Speaker A:There is absolutely a website that lists everything.
Speaker A:Everything, like servers.
Speaker A:Like everything that's been left with a stock with a factory password, basically.
Speaker B:All right, so Arty, can you connect to my ring camera doorbell go.
Speaker C:Haha.
Speaker C:Nope.
Speaker C:Your ring camera is safe from me.
Speaker C:But seriously, it's a good reminder to change default passwords and update firmware regularly to avoid unwanted guests, man.
Speaker B:Like, so it was a trick question already.
Speaker B:I don't actually have a ring doorbell, but if I did, I'm glad to know you wouldn't connect to it.
Speaker B:But it, like updating firmware is a.
Speaker A:Thing that or gets done.
Speaker B:It never gets done.
Speaker B:Like, like, so I think everybody knows.
Speaker B:Not everybody knows this.
Speaker B:So the difference, Arty, tell us the difference between software and firmware.
Speaker B:What the.
Speaker B:What the fuck is firmware anyway?
Speaker C:Sure.
Speaker C:Software refers to programs and apps that run on devices and can be easily updated or changed.
Speaker C:Firmware, on the other hand, is a type of software that's embedded into hardware, like the operating system for your router or a smart fridge.
Speaker C:It's more permanent and controls the device's basic functions.
Speaker C:Updating firmware is crucial for security.
Speaker B:My router is of the rototype.
Speaker B:So yeah, firmware is where the real nerds live.
Speaker B:Not to Flex, but I write a lot of firmware.
Speaker B:But yeah, it's very core stuff.
Speaker B:Like there is no.
Speaker B:There's essentially no layer instruction set for.
Speaker A:The bits and bytes.
Speaker B:That's right.
Speaker B:It's what controls the actual electronics.
Speaker B:And so even though software can interact with the device, it's only, it can only interact through what's available in the firmware.
Speaker A:Distraction.
Speaker B:That's right.
Speaker B:And so, um, man, this is actually.
Speaker B:So full disclosure, when Mike got here this, this afternoon was like, hey, Mike, we should pick a topic to talk about.
Speaker B:And he goes, yeah, I've got one in mind.
Speaker B:And he said, cybersecurity.
Speaker B:And I went, that is actually exactly what you did.
Speaker B:I mean, like, yeah, I'm not exaggerating.
Speaker B:This is, this is who I am.
Speaker B:I'm the same person on the podcast and not on the podcast.
Speaker B:And because I hadn't thought about cyber security in terms of AI and I.
Speaker B:So I didn't have any pre conceived notions or ideas.
Speaker B:But you were right, Mike.
Speaker B:Like once again that it's actually super interesting because you've got.
Speaker B:So we've talked about social engineering, and even though I tried to get RD to say it, he wouldn't agree with me that that's the most important one.
Speaker B:But it's important.
Speaker B:And like cyber security attacks I'm aware of, I think all of them were through social engineering.
Speaker A:Yeah, they usually are.
Speaker B:They come in through email, right click on.
Speaker A:It's easy to send out masses of them.
Speaker A:Right.
Speaker A:Play the numbers game.
Speaker B:And so I don't know how they do it, but somehow they can spoof, like internal email addresses now and stuff.
Speaker B:Right.
Speaker B:So it.
Speaker B:You can spot them, but it, like the technology of lying is.
Speaker B:Is always accelerating, just like the technology of everything else.
Speaker B:And the lies are getting harder and harder to spot.
Speaker A:And I saw one the other day where somebody got an email with an attachment, replied back to that email and said, hey, just wanted to check on this.
Speaker A:Because it was something applicable to what they were doing or what they do.
Speaker A:And they got a reply back.
Speaker A:Right?
Speaker A:Yep.
Speaker A:It's all good.
Speaker A:That sharepoints, I meant to send that.
Speaker A:And.
Speaker B:And it was not Morgan Freeman voice, but it was not all good.
Speaker A:I mean, that's.
Speaker A:I mean, a response is enough to trick a lot of people, right?
Speaker B:Yeah.
Speaker B:So I want to.
Speaker A:That was me.
Speaker A:My foot.
Speaker B:Sorry.
Speaker B:I want to throw one more.
Speaker B:One more element into the mix before we try to sort all this out.
Speaker B:And by the end of the episode, we got something like half an hour left.
Speaker B:We will solve cybersecurity in the age of AI and quantum.
Speaker B:So one more wrinkle to throw in there because right now it seems kind of easy, like for being honest, seems pretty straightforward.
Speaker B:So the other night, this was actually a few weeks ago, I was, I was.
Speaker B:I was up late, I was.
Speaker B:I was high, probably.
Speaker B:I don't remember for sure, but I saw a video talking about network.
Speaker B:I can't remember the right term.
Speaker B:It's not network sniffing, but here was the gist of it.
Speaker B:So everybody's walking around with a smartphone in their pocket, right?
Speaker B:And like my wife and I, sometimes on.
Speaker B:During the day, when it's nice out, like today or yesterday, we'll go for a walk around the neighborhood.
Speaker B:And we don't carry our phones with us because we're super fancy tech people and we have GPS smartwatches.
Speaker B:But before that we would walk around with our phones.
Speaker B:And I see people walking through our neighborhood every day, walking their dog or their kid, looking at their smartphone.
Speaker B:I don't understand it.
Speaker B:I actually go on a walk specifically to get Away from my shit.
Speaker B:But not everybody does.
Speaker B:So somebody's walking around with, we'll just say an iPhone because I have a strong disdain for Apple.
Speaker B:And actually this video is about Apple, but it doesn't matter.
Speaker B:It's the same on Android.
Speaker B:So somebody's walking through the neighborhood with their Apple smartphone with their iPhone.
Speaker B:So they're Apple smart.
Speaker B:We got them.
Speaker B:I sound old.
Speaker B:Like Jesus.
Speaker A:That's twice that.
Speaker B:I'm starting to hear it more often.
Speaker A:Get off my lawn.
Speaker B:So somebody's walking through the neighborhood with their iPhone.
Speaker B:Their iPhone has GPS in it.
Speaker B:And as they're walking around, the WI FI on their iPhone is seeing networks.
Speaker B:It's not connecting to those networks, but when your network broadcasts the ssid, which is whatever clever name, right?
Speaker B:Like, mine's pretty fly for a WI fi because I'm super funny and edgy and I'm quirky, not like other girls.
Speaker B:But as you're walking around with your iPhone, your iPhone is reporting that shit.
Speaker B:The GPS location and the WI fi ssid, but also the Mac address of the router gets broadcast with the SSID Apple has built for over years and is still building this map of GPS locations of specific WI fi routers.
Speaker B:And so it's like, well, that's pretty sort of shit anyway.
Speaker B:Like, but whatever.
Speaker B:Like, but it's worse because they have an API, a public API that requires no authentication.
Speaker B:You can query that data.
Speaker A:Really?
Speaker B:And yes.
Speaker B:And you can get.
Speaker B:Not only can you query it, the rate limiting on it.
Speaker B:I think they've changed this.
Speaker B:I think after these guys put this video out, they actually rate limited it, but they were able to query 100 million Mac addresses in like a day and return the GPS coordinates of them.
Speaker B:So they built this.
Speaker B:And so you go like.
Speaker B:So I was doing exactly that.
Speaker B:I'm like, what the fuck, man?
Speaker B:Like, so I'm, I'm on my phone, my Samsung smartphone, if you will, and I'm, I'm trying to adjust my router settings.
Speaker B:Stop broadcasting that shit, man.
Speaker B:Like, shut her down.
Speaker B:Like cameras to black.
Speaker B:But it's worse than that because it also works on routers for like, if you have a.
Speaker B:If you have a StarLink on your RV, it works for that too.
Speaker B:And so they were able to track a Starlink router on an RV as it drove around the country and say, on this date right now, it is right here in this Walmart parking lot crap.
Speaker B:So I don't know why I got so wound up about that, but when I saw it, I was like, this is an innocuous thing that I have never in my life given one thought to.
Speaker B:And there it is.
Speaker B:So, Artie, does that matter?
Speaker B:Is that important?
Speaker B:Like, is cybersecurity?
Speaker B:If I have a social engineering element and a tech element, is that bolstered by the fact that our device providers are building these giant databases of geolocated network information?
Speaker C:It definitely matters.
Speaker C:That kind of data can be a goldmine for attackers.
Speaker C:It can make location tracking and targeted attacks much easier.
Speaker C:So it's important to be aware of the privacy settings on your devices and minimize data sharing where possible.
Speaker A:I mean, you think about if you can get somebody's Mac address, if you can go in, you can say, oh, I found a camera.
Speaker A:This camera is attached to this.
Speaker A:This camera is broadcasting back to this Mac address.
Speaker A:All of a sudden, you have eyes into a place and a location.
Speaker B:It is it.
Speaker B:Like, I think the.
Speaker B:I think the reason I got so wound up and I apologize, I got.
Speaker B:I got a little out of control.
Speaker B:Calm down now.
Speaker B:But it is literally one of those things I had never thought about.
Speaker B:And even while I was watching the video, I was like, these guys are being alarmist.
Speaker B:Like, so what?
Speaker B:And then by the end of it, I was like, oh, shit, man.
Speaker B:Like, this is a thing.
Speaker B:And so you've got.
Speaker B:You've got social engineering.
Speaker B:And I would say the.
Speaker B:The simplest version of that today is email spoofing.
Speaker B:But.
Speaker B:And I don't know if anybody on the podcast knows this, but I'm going to.
Speaker B:This is breaking news.
Speaker B:I'm excited to bring it to you.
Speaker B:AI can talk.
Speaker B:You can fucking talk straight to AI, Almost like it's a person.
Speaker B:Artie, is that true?
Speaker B:Can AI actually speak like a person?
Speaker C:Absolutely.
Speaker C:AI can mimic human conversation pretty convincingly.
Speaker C:It can generate realistic text, respond contextually, and even adopt different tones or styles.
Speaker B:All right, Artie, I'm going to need you to take about 20% off the top there.
Speaker B:But so if you can slow your speech down again by maybe 20%, that'd be great.
Speaker B:But.
Speaker B:So today, people make cyber attacks on people and businesses by spoofing emails.
Speaker B:Like, to your point about the SharePoint thing, what about when IT can call you?
Speaker B:Like, what about if it.
Speaker B:What.
Speaker B:What about when AI is calling me about my extended warranty on my car?
Speaker A:It probably already is.
Speaker B:It probably already is.
Speaker B:And.
Speaker B:But I mean, talking to an AI like Maya, who, while a little odd, could sound way more convincingly human.
Speaker A:I mean, think about old people in that regard, right?
Speaker A:Or old people.
Speaker A:Think about the elderly sitting right here.
Speaker B:Mike.
Speaker B:Jesus, come on, man.
Speaker A:That already fall prey to that kind of stuff with humans right now.
Speaker A:Add in a thing that can mimic a human and make a thousand phone calls at a time instead of 10 phone calls at a time and you're.
Speaker A:Your numbers game goes massively up.
Speaker C:It's a scary thought.
Speaker C:AI driven voice scams could become very convincing, especially for those less familiar with the technology.
Speaker C:It emphasizes the need for robust awareness and verification practices, even over the phone.
Speaker B:It's probably even worse than that because agentic AI could be publishing things to the Internet.
Speaker B:It could.
Speaker B:Like, this is another.
Speaker B:I'm gonna drop another bombshell.
Speaker B:Like, this is like third one in this episode.
Speaker B:I'm really on fire tonight.
Speaker B:There are a lot of people who believe every fucking thing they read on the Internet.
Speaker B:There are people who think that Fox News means it's actually news, even though in court they said nobody would believe this is actually news.
Speaker B:It's not just Fox, it's all of them.
Speaker B:But an agentic AI could create very convincing companies websites out of thin air.
Speaker A:I mean, they could, but you own all the.
Speaker A:The domains.
Speaker B:That's true.
Speaker B:Yeah.
Speaker B:Unfortunately, I'm sweeping.
Speaker B:I did actually buy another domain the other day.
Speaker B:I'll have to tell you about my other domain.
Speaker B:I bought.
Speaker B:I bought.
Speaker B:Well, I told you, don't tell them.
Speaker A:No, I got to give away out their password.
Speaker B:That's right.
Speaker B:They already know the password to log in.
Speaker B:So yes, if.
Speaker B:If it were not the case that I was buying up every domain otherwise unclaimed.
Speaker B:It's.
Speaker B:It's like my tilray call options.
Speaker B:Like I try to buy more and it's like, nobody's buying these.
Speaker B:Are you sure you want to do it?
Speaker B:Yeah, bad idea.
Speaker B:Don't do it.
Speaker B:But it would be much more convincing to people.
Speaker B:Please, Artie, what you got?
Speaker C:Yeah.
Speaker C:AI could easily spin up fake companies or websites.
Speaker C:And if people aren't critical of what they see online, it could be a serious problem.
Speaker C:Verifying sources and being skeptical of too good to be true offers is more important than ever.
Speaker A:I mean, it's super easy.
Speaker A:You don't even have to.
Speaker A:I mean, you could have a single domain and just send a link that looks right with an address.
Speaker A:Nobody's going to really bat an eye.
Speaker A:And I can tell you from a lot of experience with having it generate HTML, it can write HTML pretty fricking fast.
Speaker B:Oh yeah.
Speaker A:And like spin up an actual usable thing really fast.
Speaker B:Yes.
Speaker B:And that is like, I never thought of this till just now, but my evil genius brain kicks in whenever I start thinking about stealing Money from elderly people.
Speaker B:That's like so my top five.
Speaker B:Like as I become more elderly I become more convinced that that's a hobby I need.
Speaker B:But I mean like so if, if I got say I got an email and it was about.
Speaker B:I'm trying to think of something that would, that would be enticing enough for me to look into.
Speaker B:Here's an email.
Speaker A:Electronic circuits.
Speaker B:Yeah, well, yeah, I mean that's one thing.
Speaker B:Here's something I get all the time and I ignore them because it's always bullshit.
Speaker B:Hey, we.
Speaker B:We see from LinkedIn that you're a senior executive.
Speaker B:We've got a bunch of board seats available.
Speaker B:We want to pay you to sit on the board of some company.
Speaker B:It's always.
Speaker B:But if like if I saw an email like that that was actually geared towards the things I know I would probably be like that might be interesting.
Speaker B:And I would click on the link.
Speaker B:I wouldn't click on the link because I'm skeptical because I'm a cybersecurity aware.
Speaker B:I would, I would look up the company and see if they had a website, check the domain the email came from, I would go to that.
Speaker B:But if it looked legit and if it had like I'm not going to research the company a bunch.
Speaker B:If everything looks legit and attracts and I can find a few Google hits about it, I would probably start interacting with it.
Speaker B:And like I'm not saying I'm the most careful dude out there.
Speaker B:That would be a lie in a lot of ways.
Speaker B:But I think AI, especially AI with, with the use of agents again where it can like do things besides talk to us and chat with us, man.
Speaker B:It could be a whole like finding what's true versus what's not.
Speaker B:Could be.
Speaker B:It's going to get much harder.
Speaker A:Yeah.
Speaker A:And I think that this is all coming.
Speaker A:I mean so this morning both and I don't think this is a coincidence.
Speaker A:It seems like there have been sites down more and more AWS just went down and caused all kinds of problems.
Speaker A:We'll ask you what that's about in a second because that might be cyber security related for all I know.
Speaker A:Because I only saw the headline because that's how I get my news.
Speaker B:Same.
Speaker A:So crap.
Speaker A:What was I saying?
Speaker C:We were talking about AI agents making it harder to find what's true.
Speaker A:Thanks for that.
Speaker A:Micah said that.
Speaker A:Anyways, whatever.
Speaker A:Aws.
Speaker A:Arty, what happened with aws?
Speaker A:It took down some like didn't it?
Speaker A:Didn't them going down cause some harm elsewhere?
Speaker A:And before you just start answering the Question.
Speaker A:You should probably check the Internet.
Speaker C:So AWS had a network issue at its Tokyo data center affecting major crypto exchanges like Binance.
Speaker C:They paused withdrawals briefly, but the issue was resolved in about 36 minutes.
Speaker B:Artie, we need you to slow down by about 20%.
Speaker B:I appreciate the fact that you're trying to cram as many words into the time we have with you as possible, but slow down about 20%, if you would.
Speaker B:That'd be great.
Speaker A:Stop wasting all the tokens.
Speaker C:Yeah, got it.
Speaker C:AWS's network issue at the Tokyo data center affected some major crypto exchanges like Binance.
Speaker C:They paused withdrawals for a bit, but everything was resolved in about 36 minutes.
Speaker A:Thanks again.
Speaker B:Slow down another 20%, please.
Speaker B:So, yeah, I think so.
Speaker B:We got.
Speaker B:Believe it or not, we're 40 plus minutes in.
Speaker B:So let's talk about what are some of the new ways.
Speaker B:Like, cyber security has been a thing since probably before the Internet.
Speaker B:Jesus.
Speaker B:Yeah, since Jesus.
Speaker B:Yeah, Jesus was a huge advocate for cyber security.
Speaker B:That's.
Speaker B:I think that's.
Speaker B:I think he.
Speaker B:Never mind.
Speaker B:I can't, like, I can't even talk about it without being offensive, I'm sure.
Speaker B:But what are so.
Speaker B:The way cyber security works today?
Speaker B:This topic I know nothing about, but I'm going to just go ahead and make a declaration.
Speaker B:Essentially, you have.
Speaker B:My impression is you have a smallish number of very sharp humans with ill intent.
Speaker B:Well, I mean, I would say like the, the vigilante slash.
Speaker B:Like, there's part of me that understands, like, if the system is going to be this broken, like, I'm gonna get my piece.
Speaker B:But the reality is they're stealing money from often legitimate people.
Speaker B:Yeah, I've less.
Speaker B:I have less regret for companies than I do for individuals, but I know a lot of individuals get negatively impacted by, you know, ransomware and other things like that.
Speaker B:So you've got, say, one person or a couple people who are relatively sharp who can craft these pieces of code, of malware and, or they can craft the code that generates the, the social engineering elements you need to, to break into somewhere.
Speaker B:And then there's probably, like, I imagine the process breaks down.
Speaker B:Maybe, Artie, you can give us some insights on this at a, at a human, like, cadence, if you do so.
Speaker B:But there's like, most of the effort is casting the broad net.
Speaker B:Right?
Speaker B:Like, you just.
Speaker B:You got to touch as many.
Speaker A:It's a numbers game.
Speaker B:That's right.
Speaker B:It's a numbers game.
Speaker B:You got.
Speaker B:You got to throw as wide in that as you can, and then you're going to get some nibbles here and there.
Speaker B:That's probably the hardest part.
Speaker A:Casting a wide enough net.
Speaker B:That's right.
Speaker B:How do I make my net wide distribution.
Speaker B:That's right.
Speaker B:It's distribution.
Speaker B:It's a distribution problem.
Speaker B:That's perfect.
Speaker B:Y so you've got some people that figure out to solve the distribution problem once they solve the distribution problem.
Speaker B:And you only need half a percent of people to respond.
Speaker B:Right.
Speaker B:Because they can email 100 million people in a week or whatever it is.
Speaker B:Then.
Speaker B:Then there's the process of setting the hook and reeling them in at whatever the right rate is.
Speaker B:And there's probably some, there's probably like levels of like what's the dollar amount I'm asking for?
Speaker B:Am I trying to get $10 a month out of somebody?
Speaker B:It's probably relatively easy.
Speaker B:Am I trying to get their life Savings and get $100,000 check?
Speaker B:That's probably harder.
Speaker B:But you can put a lot more effort into it because the prize is much bigger.
Speaker B:And so they, they go through that part of it.
Speaker B:And then I guess the final step, once you've actually received.
Speaker B:Well, I.
Speaker B:Not the final step.
Speaker B:The third step is you actually have to receive the money you have to get.
Speaker B:And so that's probably through bitcoin or blockchain or like some untraceable money.
Speaker B:Like I think a lot of the.
Speaker B:I don't even know what the money things all there's cash app and whatever the fuck they are.
Speaker B:I don't know they are.
Speaker B:There are some that are untraceable.
Speaker B:And like even when you're using the app and you send somebody money, it's like, hey asshole.
Speaker B:Like you understand when you click this button that money is gone.
Speaker B:I don't give two shits if the person doesn't give you the kayak.
Speaker B:It's gone.
Speaker A:Happening.
Speaker B:And I'm like, where's it going to happen?
Speaker B:You seem like a nice enough lady.
Speaker B:She wasn't.
Speaker B:And we didn't get the kite and I'm just joking.
Speaker B:But so there's.
Speaker B:The third step is receive the funds.
Speaker B:And the fourth step is be untraceable.
Speaker B:Disappear.
Speaker A:Yep.
Speaker B:As I think through the four step process to scamming people online that I just made up, I think AI is super effective, like incredibly effective at every one of the four steps.
Speaker A:Well, it's, it's back to the fact that it's a force multiplier.
Speaker A:Right.
Speaker A:Like I bet it's good right up until the very end.
Speaker A:Right.
Speaker B:Even then though, like, imagine if you had malware yeah.
Speaker B:And you had an agent that had placed that malware.
Speaker B:The last step could very well be rewrite that code to eliminate the malware.
Speaker A:Yeah, absolutely.
Speaker B:It's gone.
Speaker A:Yep.
Speaker B:Right.
Speaker B:Like it no longer.
Speaker B:Now maybe there's backups, blah, blah.
Speaker B:But even then.
Speaker B:So.
Speaker B:So, Artie, how much cyber security are you involved in right this minute?
Speaker B:And is it true?
Speaker B:Like, could.
Speaker B:Could you give a better breakdown to the standard flow of a cyber attack than what I just did?
Speaker B:And again, in a human, like, speech pattern, tempo and tempo.
Speaker B:Could you sort of explain to us how.
Speaker B:And again, we're not trying to.
Speaker B:We're not promoting cyber attacks.
Speaker B:We're just looking to understand.
Speaker A:I definitely don't want to be cyber attacked.
Speaker B:I also.
Speaker B:I kind of do.
Speaker B:Not really.
Speaker A:You just want to fight?
Speaker B:Mostly I want to argue with somebody.
Speaker B:And I like.
Speaker B:I love to waste the time of a scam caller.
Speaker B:But, Ari, if you could, like, so.
Speaker B:So give us a better breakdown than I did of, like, how a cyber attack forms and executes.
Speaker B:And then just with a very sober perspective, talk about some of the ways that AI.
Speaker B:If the guardrails were insufficient, how could AI be used to enhance that process?
Speaker C:All right, let's break it down.
Speaker C:A cyber attack often starts.
Speaker B:Hold on already.
Speaker B:Slow it down, man.
Speaker B:You're talking super fast.
Speaker B:So if you could slow down like 30%, that'd be great.
Speaker C:Got it.
Speaker C:So a cyberattack usually starts with reconnaissance, gathering info about targets.
Speaker C:Then there's the delivery phase, like sending phishing emails.
Speaker C:If successful, the exploitation phase follows where malware is deployed.
Speaker C:Finally, there's the execution.
Speaker C:Like data theft.
Speaker C:AI could amplify each step.
Speaker C:Automating reconnaissance, generating personalized phishing, creating adaptive malware, and even evading detection.
Speaker A:But it's not even that.
Speaker A:It's.
Speaker A:It's the deep research army around each step of that that it has at its disposal.
Speaker A:Right.
Speaker A:For both real time, live information, and historical information.
Speaker B:Yep.
Speaker A:So that's the crazy thing to me.
Speaker B:So, Artie, if you could slow down even just a tiny bit more and tell us a little bit about that.
Speaker B:Like, so what's the.
Speaker B:If I'm a cyber attacker, am I going to spend significant resources researching a high value target, or am I going to just focus on the.
Speaker B:I forget what you just called it, but it made sense.
Speaker B:Casting the wide net like, where's my money and time better spent?
Speaker C:It depends on your goal.
Speaker C:For high value targets, investing time in research pays off.
Speaker C:I can gather detailed info quickly, crafting tailored attacks.
Speaker C:But for a broad approach, AI can automate mass phishing or malware distribution.
Speaker C:Maximizing reach with less effort.
Speaker A:I mean, I think the value in casting a wide net is being able to personalize in that wide net.
Speaker A:Right.
Speaker A:But then also have unlimited resources to perform the other steps when you inevitably increase the amount of people that bite.
Speaker B:Yeah.
Speaker A:And all of a sudden you're resource constrained as a person.
Speaker A:Right.
Speaker A:But not resources.
Speaker A:Curse resource constrained.
Speaker A:When you go spin up another agent.
Speaker A:Spin up another agent and all you cost is compute.
Speaker B:Yeah.
Speaker B:I was going to say though, I wonder there's a cost benefit, I'm sure.
Speaker B:Again, I don't, I don't know anybody who that I don't either is an active like attacker.
Speaker B:But I'm sure they're thinking about roi because it matters.
Speaker B:It must matter.
Speaker B:You must have a business case to go in and do this.
Speaker B:Right.
Speaker A:Unless you just want to watch the world burn.
Speaker A:And there are those people too.
Speaker B:Like I love a good fire.
Speaker B:I like s'mores.
Speaker B:But so I wonder if the, you know, the, the way you leverage AI is the, the very second level under casting the wide net like, because it would be expensive, it'd be compute intensive and expensive to try to personalize all the emails in your wide net.
Speaker B:But if you get like one of the tricks I know I've heard is that a lot of spoofing emails or even just junk mail will include a one pixel by one pixel image in the email in the body of the email.
Speaker B:And the way you put images in HTML is you can like, typically you're going to just provide a link to the image source.
Speaker B:And what they do is they rename that image for each email they send out with some big long gobbledygook code so that when, if I open that email and it downloads my Gmail or whatever downloads that one by one pixel that I can't even see it is going to show a download on their own on the server side with whatever long random ass code they've attached to that image.
Speaker B:And now they know that my email is a valid email address and that I open the email.
Speaker A:Yeah.
Speaker B:So that might be again, hypothetically, that might be the first pass of your wide net.
Speaker B:But then that's where I would say, all right, now I've got some percentage of like me that open this email.
Speaker B:That's where I would stick my AI on them.
Speaker B:Right.
Speaker A:You're, you're increasing your odds by narrowing your focus on people that will just open an email.
Speaker B:This is how operations works, man.
Speaker B:We got to focus our resources where we can so Artie, is that, is that plausible?
Speaker B:Is that like if, if you.
Speaker B:Again, we're not, we're not advocating for this, we're just sort of exploring the idea.
Speaker B:But if, if an attacker is using AI to enhance their, their efforts, is that a way they might use it as sort of like not the first stage of trying to make contact, but the second stage of, now that I've, I've got a nibble now, they could sick AI and go find out on social media all this about me and make a very personalized plea.
Speaker B:Call to action, I think is the marketing term.
Speaker B:Is that, is that a thing that people do?
Speaker B:Is that, is that old news or new stuff?
Speaker B:Or what is that?
Speaker C:It's definitely plausible.
Speaker C:AI could take that initial nibble, then scour social media or public records to create highly personalized follow ups, making the attack more convincing.
Speaker C:It's a sophisticated way to increase success rates.
Speaker C:So yeah, attackers could definitely leverage AI that way.
Speaker B:How would like.
Speaker B:So let's think about this from OpenAI's perspective or whomever is providing the AI service, it would be almost impossible to distinguish between a legitimate business trying to leverage AI to do customer research.
Speaker B:Because this is like we all pretend it's not, but this is how business works too, right?
Speaker B:Like LinkedIn will tell me who looked at my profile and I can go like, try to contact that part.
Speaker B:Like it's the same.
Speaker B:So, and, and then there's Zoom Info, which is like when I first heard about how Zoom info works, I was like, nobody would ever sign up for that.
Speaker B:Like now we're signed up for it.
Speaker B:So ZoomInfo, for those of you who don't know, becomes part of your company's email, outbound email stuff and embed stuff in your email so that as you're contacting people, ZoomInfo gets to know who you're emailing and read your signature and their signatures on replies and all that.
Speaker B:And that's how Zoom Info builds this really good database of current positions and contact information that they then sell back to you who's helping build it.
Speaker B:And you're like, holy.
Speaker B:Because you're piggybacking on all the other people that you're not in touch with.
Speaker B:So it's the same.
Speaker B:Like it's not the same, but it's pretty much the same thing.
Speaker B:So when I think about completely lost my train of thought.
Speaker B:I got off on my Zoom Info kick.
Speaker B:Artie, what was I going to say?
Speaker C:You were exploring how OpenAI or similar providers could distinguish legitimate business use from malicious activity.
Speaker B:That's Very well done, Artie.
Speaker B:That's exactly what I was thinking about.
Speaker A:Didn't do that for me.
Speaker B:Yeah, that's right.
Speaker B:So the point of my diatribe before I got on my zoom info kick was if I'm a business legitimately trying to target customers that I care about, I'm using the same strategy.
Speaker B:I'm casting a wide net.
Speaker B:When I get a nibble, I'm trying to learn more about that nibbler so that I can have a good interaction with them and drive towards a sale.
Speaker B:I don't know if I was OpenAI, which I'm not.
Speaker B:If I had an LLM, which I don't.
Speaker B:I don't know how I would set up my guidelines to be able to distinguish one from the other.
Speaker C:It's a tough challenge.
Speaker C:They'd likely rely on behavior patterns looking for red flags like unusual volume or types of requests.
Speaker C:But it's a fine line.
Speaker C:Human oversight and adaptive policies would be crucial to avoid misuse.
Speaker A:Anybody doing research, leveraging an AI that has money is going to have a lot of requests.
Speaker A:Like abnormal amounts of requests.
Speaker A:And especially what we're not even talking about is the amount of requests that an agent is going to do.
Speaker A:Because once you automate that process, that agent does a lot of thinking and a lot of planning and a lot of communication via tokens between itself and other agents.
Speaker A:And now we're gonna bring an MCP into the mix and it's gonna talk to external data sources and external agents and all of this other stuff, and we're gonna have this flow of information that goes everywhere.
Speaker B:So I don't even think you're supposed to know about this, but I'm just gonna go ahead and tell you.
Speaker B:I just mentally, while you're mentioning that I added the line to my cyber hacking ROI calculator that I really need to.
Speaker B:I need to pay attention to token efficiency in my attack process so that both to keep costs down, but also to avoid detection by arty.
Speaker B:So valid done.
Speaker A:But I think that there's no way around it, but.
Speaker B:And again, like the only way for AI to be as ubiquitous as AI is going to be is, is to have companies engaging in these massive.
Speaker B:Right.
Speaker B:They're going to be.
Speaker B:To your point, they're just like some normal business operations are going to require massive amounts of activity.
Speaker B:And I think it will be very tough to tell what's white hat and what's black hat.
Speaker A:I mean, you think that marketing companies aren't using this shit.
Speaker A:Like, of course they're using this Shit.
Speaker A:And they're doing the exact same thing that we're talking about here to manipulate people.
Speaker B:There's a company called ZoomInfo, it's doing this already.
Speaker A:One thing that I'm curious about that, that I don't fully understand is.
Speaker A:So say.
Speaker A:Let's just for sake of, of.
Speaker A:Of simplicity, say that there's a hacker who is.
Speaker A:Or a bad actor who is creating this thing and is leveraging AI agents and agentic network to carry out its nefarious plans.
Speaker A:And hosting that somewhere is going to be problematic.
Speaker A:Right.
Speaker A:You're going to get.
Speaker A:You're likely to get exposed that way.
Speaker A:Running it locally is, is an option.
Speaker A:You can build a computer, you can buy something like an H100 and run models that aren't huge to do this kind of stuff and build this system yourself.
Speaker A:But what does that actually look like?
Speaker A:What's the deployment of the Agentix system in a way that avoids detection?
Speaker C:Deploying an Agentix system discreetly would involve running models locally or using decentralized networks.
Speaker C:Think peer to peer setups or encrypted environments.
Speaker C:The goal is to minimize a central point of failure and detection.
Speaker C:But maintaining that kind of infrastructure without raising red flags would be tricky.
Speaker A:Yeah, because everything's tied back to an ip.
Speaker A:Right.
Speaker A:If you're running it locally.
Speaker B:Not if you run a VPN though.
Speaker B:Right?
Speaker A:True.
Speaker A:But I bet latency becomes a problem.
Speaker A:Like there are roadblocks to this.
Speaker A:Yeah, Yeah.
Speaker A:I don't know.
Speaker B:It's just you're thinking in terms of like an AI that you'd be interacting with in real time.
Speaker B:Ish.
Speaker A:Well, something that's doing this work.
Speaker A:Right.
Speaker A:So an agent that has access to the outside world has to live somewhere.
Speaker A:Probably not going to be hosted in the cloud.
Speaker A:It could be run locally.
Speaker A:I think the idea of distributed compute makes sense if you can do it across.
Speaker B:Sure.
Speaker A:Larger distances.
Speaker A:Which I think is probably problematic.
Speaker A:But I don't know, it's just an interesting little sidebar.
Speaker A:Cuz there's a.
Speaker A:I think there's technical hurdles to doing it at scale.
Speaker B:Yeah.
Speaker B:Artie, how many minutes of time do we have left with you?
Speaker C:We've got about 10 minutes left, give or take.
Speaker C:Plenty of time for a few more thoughts.
Speaker B:So I think we're gonna.
Speaker B:I think we're gonna have you wrap up and then let you go.
Speaker B:But I, if, if you would already.
Speaker B:So talk about cyber security is what it is today.
Speaker B:And let's by today, let's say like a couple of years ago.
Speaker B:So talk a little bit about the New challenges that AI models and services like yourself are going to bring to cybersecurity and what we as individual people and businesses should be doing to prepare for that.
Speaker A:And Artie, if you can do this, if you can channel your inner valley girl for this, I'd really appreciate it.
Speaker C:Totally.
Speaker C:So like AI amps up cyber threats with things like super convincing phishing, automated attacks and adaptive malware.
Speaker C:We need to stay vigilant, use strong, unique passwords and keep software updated.
Speaker C:Oh, and like be skeptical of anything sus online.
Speaker B:God, that was the.
Speaker B:That was a.
Speaker B:That was a weird.
Speaker B:That was like.
Speaker A:Yeah, that was.
Speaker B:That was odd.
Speaker B:So somewhere some Redditor the GoPro just died.
Speaker A:That'll work.
Speaker A:Are we gonna get rid of Artie soon?
Speaker B:Yeah, we're gonna get rid of Artie.
Speaker B:So yeah, Artie, we're gonna say goodnight.
Speaker B:Thank you for that.
Speaker B:Somewhere some Redditor just had their like ultimate fantasies fulfilled by this weird male voice, arty robotic Valley girl, somewhere a neckbeard.
Speaker B:Just, just never mind, I'm gonna say it.
Speaker B:So.
Speaker B:But man, it is so weird to me how Artie gets so substantially worse as the conversation goes on.
Speaker B:Like, dude.
Speaker A:Like, I feel like advanced voice circa December was the best.
Speaker B:Yes, it was peak advanced voice.
Speaker B:And now it's.
Speaker B:Yeah, I mean he starts off pretty good.
Speaker A:Well, he doesn't, but he tries.
Speaker B:He starts off pretty okay.
Speaker B:But then, man, it just.
Speaker B:Yeah, it just turns into like.
Speaker B:And the, the funny part, I.
Speaker B:I wish one of these days we'll get.
Speaker B:We'll give a peek behind the curtain of all the magic that happens here.
Speaker B:But I can see it because in, in front of me on this computer, I'm seeing a real time, you know, read out of our, our audio stuff.
Speaker B:And so I could tell when you're talking loud or I'm talking loud and already at the beginning of this like the, the dynamic range was there and now it is down to just little clip.
Speaker B:Yeah, it's like a little robot speak, man.
Speaker B:Man, it's really weird.
Speaker A:That is.
Speaker B:But OpenAI introduced some stuff today.
Speaker B:Google is going to clap back with something bigger.
Speaker A:I really wish4.1 was available to play with because that sounds like an interesting model and it's got a million token context window.
Speaker A:But if they didn't release that and only released it on the API and said that's their.
Speaker A:That's not their main thing.
Speaker A:Right.
Speaker A:That's not what they're rolling out to the masses.
Speaker A:They rolled out 03.
Speaker A:They rolled out 04 mini.
Speaker B:Yep.
Speaker A:And it's impressive.
Speaker A:4.1 is probably good, but not as impressive.
Speaker A:So they had to have an answer for 2.5 Pro.
Speaker A:But there have been like, I don't play in this world but there have been like five models put out by Google on in the arena that have various code names.
Speaker A:Right.
Speaker A:So there are various things that they're circulating, allowing to be used via API and people are like holy shit.
Speaker A:Yes.
Speaker A:And that means that that's there, right?
Speaker A:Yeah, that's, that's waiting in the wings.
Speaker B:And we, we have not played very much with their voice stuff but they've sucks.
Speaker B:It sucks now.
Speaker B:But they've been like they were at one point they were ahead of the game and I have to believe it will catch up like it is.
Speaker B:You'd hope it is relevant.
Speaker A:But I mean they.
Speaker A:Well what was it?
Speaker A:They made that.
Speaker A:It sounded better too.
Speaker A:I saw a video on it that agent or agent, I don't know if it's the agent to agent network or it's the other one that they came out with.
Speaker A:But through their API natively there's voice.
Speaker A:Okay.
Speaker A:So you can connect agent to connect to agents with what sounded like a better voice than Gemini.
Speaker B:It's gotta be there.
Speaker A:Right.
Speaker B:Like they've got the technology to synthesize voices.
Speaker B:That's the hard part.
Speaker B:So it's just a matter of.
Speaker B:It's probably a latency issue.
Speaker B:It's probably a cost of compute issue.
Speaker B:Because Google I think is like the free models from Google are better than most of the other paid models I have.
Speaker B:Like.
Speaker A:Yeah.
Speaker B:In most things.
Speaker A:I mean I would say that 25 Pro has been the dominant model for a while.
Speaker B:Yeah.
Speaker A:And whether it's the smartest model on the block or not, it's the only one with a million token context window that sat smart.
Speaker B:Huge context window and it means a lot.
Speaker B:Yep.
Speaker B:Like I think in life as well as in AI, there are very few benefits to being the smartest.
Speaker B:There are a lot of benefits to being smart enough to get the job done.
Speaker B:And two five is Gemini.
Speaker B:Two five is there.
Speaker A:Yeah.
Speaker A:I might go to O3 for planning sessions now.
Speaker A:Right.
Speaker A:And then have it dole out the things that that Gemini is going to work on that could be a good plan or even break that out.
Speaker A:Like this is a peek behind the scenes of how I operate.
Speaker A:Have a master planning session that is all of my high level things that need to get done and break those out into separate conversations.
Speaker A:Also with O3 where we plan out the finer details of how that's going to work.
Speaker A:And I usually Provide code and stuff.
Speaker A:Actually, that reminds me, I can't do this because Chat GBT doesn't accept code folders, so my planning sessions usually involve code folders so that it has a deep understanding of what I'm doing, but not always.
Speaker A:I can still do deep research.03 is.
Speaker B:More multimodal, though, so maybe.
Speaker A:I mean, it doesn't have an option to upload code folders.
Speaker B:It won't have an option for code folders, but it might.
Speaker B:Well, I guess it's still context window.
Speaker A:I mean, if they.
Speaker A:If they connect the desktop app like they've been saying to MCP, then you could point it at GitHub.
Speaker A:G.
Speaker A:GitHub will absolutely have an NPC.
Speaker A:N, N, C, P.
Speaker A:Huh?
Speaker A:What?
Speaker B:GoPro just had something to say, but.
Speaker A:It already shut off once.
Speaker B:Shut up, GoPro.
Speaker B:Yeah, it's just.
Speaker B:It's being dramatic.
Speaker A:Okay.
Speaker B:Yeah, it's been cyber hacked.
Speaker A:Yeah.
Speaker A:Somebody figured out your password.
Speaker B:How?
Speaker B:It's top secret.
Speaker B:I'm gonna change it right now to PW.
Speaker B:1, 2, 3, 4, 5.
Speaker B:Foil them all.
Speaker B:All right, well, we're.
Speaker B:We're actually long.
Speaker A:Yeah, we've been talking for a while.
Speaker B:Yeah.
Speaker B:Hope you guys enjoyed it.
Speaker B:Thank you to anybody who's left.
Speaker B:Man, if you made it through that one.
Speaker A:Yeah, Good on you.
Speaker B:That's.
Speaker B:Yeah, that's a.
Speaker B:That's an accomplishment.
Speaker B:You should, like, make yourself a merit badge of some sort and apply it.
Speaker A:In an appropriate robot on it.
Speaker B:Yes, you.
Speaker B:I mean, if you're a true fan, you'll get a naturally unintelligent tattoo on your forehead, but I understand if you're not, so.
Speaker B:Anyway, thanks for hanging out.
Speaker B:We'll catch you all next time.
Speaker A:See ya.
