Birds of a Feather Panopticon Together

Speaker 1: I have two stories here. One is about cameras and is a downer. The other is about a little vertical video app that couldn't. And I cannot decide which to start with. So in a hacked first, we're gonna flip a coin.

Speaker 2: Do you want me to call it? Should I call it? Yes. Let's say

Speaker 1: We didn't really map the sound of

Speaker 2: this thing. I'm gonna go tails, and tails is the the sad one.

Speaker 1: Tails is the sad one. Done. Yes. Oh. Oh. Oh. Brandon Upchurch was driving through Toledo, Ohio on a Tuesday when the police lights appeared in his mirror. He pulls over. Officers approach. There's footage of all this. I don't recommend watching it. Once he gets out of his truck, the officers order him to kinda face away from them. Upchurch keeps asking, like, what am I stopped for? I didn't do anything. What did I do? Officers tell him to get on the ground. As Upchurch is starting to kneel an officer releases the canine and the dog is, like, biting him on the arm and stuff. It's pretty rough. Upchurch gets handcuffed. He gets taken to jail. Upchurch's offense, it would turn out, was driving a car with a license plate that contained the number 7. That 7 was read as a 2. The number on the plate that we're actually looking for. It was not read by a person, but by our opening subject this episode, a Flock safety camera. Flock is a private company that manufactures and operates a network of security cameras across The US, but stay in this story for a second. The misread character had incorrectly matched his plate to a vehicle wanted in connection with a crime. The system flagged it, an alert goes out, the officers pull him over, none of them questioned that this was in fact his plate, and here we all are. What that system doesn't seem to be designed to do is account for the possibility that the camera got it wrong. And in this case, and in dozens of other documented cases across The US, it was. To talk about flock is to talk about a technology that was built, deployed, and scaled to about a 100,000 cameras across 49 states very quickly. And sometimes it fails. By the numbers of surveillance research firm IPVM, roughly one in ten times. A three year old in Morristown, Tennessee watched from her car seat while officers drew weapons on her grandparents. An o had become a zero. A 12 year old in Espanola, New Mexico was placed in the back of a patrol cruiser while her sister was detained at gunpoint. I literally have too many of these to read in an intro. And unfortunately, the quality of image detection on this camera network is just the tip of a very interesting iceberg. Because the accuracy of these cameras is one question, the security of the cameras is another, and the very existence of the database that all these cameras are feeding into is yet a third. There are a bunch of stories that flock safety doesn't really wanna tell about itself. The The company was founded in 2017. They're today valued at $7,500,000,000 and they scan more than 20,000,000,000 license plates every single month. But the errors are, in some cases, bigger than misread numbers. The cameras are, it also allegedly turns out, pretty dang easy to hack. Their live feeds have been left streaming to the open Internet, password free, pointed at houses and playgrounds. Police credentials for the platform have appeared for sale on Russian cybercrime forums. Classic hacked stuff. So we're gonna start here with FLOK security cameras. Where they come from, what they're used for, how they work, and the ways that they maybe don't. On this episode of Hacked. I'm just building a talking about some security cameras, man. Just by flipping coins. Just by flipping coins. Just by flipping coins.

Speaker 2: Just by flipping coins.

Speaker 1: I got a coin

Speaker 2: on my desk too. Should I flip it?

Speaker 1: Flip it. Find out.

Speaker 2: I flip it for the answers. Every time I'm thinking about

Speaker 1: things, leave

Speaker 3: it. Should I interject?

Speaker 2: Should I jump in?

Speaker 1: I'm doing good, man. How are you?

Speaker 2: I am well, as you might be able to tell, a little sick. I, returned from the desert with a bit of a bit of a flu. And, it's been residual and lingering around longer than I would like it to. Mostly being a functional human. Spoke at a conference this weekend. Nice. Hadn't but, but, yeah, other than that, my sinuses are killing me, and that's why my voice sounds like this, which is not that far from my regular voice as my sinuses normally kill me. But

Speaker 1: The, we have a bad track record of recording while you are sick.

Speaker 2: Yes. Well, I think the problem is is that, like, when I get sick, I have a tendency to stay sick.

Speaker 1: Sure. And we record several times a month. It's sort of just like a a statistical inevitability. Precisely.

Speaker 2: So I feel, yeah, I feel like my immune system only lets in the the hard ones. And then when I get them, they stay around for a while. Exactly.

Speaker 1: It's like the the house guest at the party, and you're like, time to go. Aren't you tired too?

Speaker 2: Oh, you're,

Speaker 1: like, performatively yawning to try and get them to leave.

Speaker 2: You're you're cleaning up. Yeah. Totally. Actively.

Speaker 1: The lights are very on. The music is very off. People are, like, trotting out in pajamas to be like, welp.

Speaker 2: Yeah. Yes. So But isn't that good?

Speaker 1: Good. Good. I'm glad to hear it.

Speaker 2: Thank you.

Speaker 1: We have so much to get to this episode. It's fine chatty chat. Decided by chance. Decided by chance. Decided by a coin flip. Both times, I got a good I hope it picked up on mic. I got, like, a good coin flip sound effect, like a good ding.

Speaker 2: I I just did it very poorly.

Speaker 1: I just did my mic. There's probably, like, noise cancellation on the call. It's like, no. That's not getting through at all. Totally. Well, chance has faded us to start with Flock. Thanks to everyone who sent us stories about flock over the last couple months. It's a very interesting topic. We just haven't had a chance to dig into it. So thank you for sending those over. Now is the time.

Speaker 2: Today is the day.

Speaker 1: Today is the day. Allegedly's abound in this one.

Speaker 2: Yeah. I was gonna say how how much insurance do we need for this puppy?

Speaker 1: I hope we're just reporting on, like, stuff that has happened in public and is generally agreed upon. We'll try and couch it with allegedly.

Speaker 2: We're reporting on other people's reporting.

Speaker 1: There you go. There you go. I didn't I didn't see somebody. Yeah. Miss us with it. Allegedly. In 2017, Atlanta entrepreneur Garrett Langley was the victim of a property crime. Goes to the police. The investigators tell him there's nothing they can do, not enough evidence. This is sort of the founding story of Flock. He was a tech founder type guy. He sees this opportunity. He recruits a cofounder, CTO, Matt Fury, and they launch Flock Safety in March 2017. And their core product is pretty straightforward. It's a solar powered, cellular connected, automatic license plate reader called ALPR. And it's a camera that you can just, like, bolt to a utility pole with minimal permitting. Every vehicle that goes by has its plate photographed, time stamped, location tagged, and uploaded into a searchable cloud database. The company's first market was homeowners associations. And the logic was if Flock could, like, saturate suburban neighborhoods with all of this overlapping coverage, it could generate something really, really valuable, which is like a big crazy data set of just people moving around that would make the product pretty irresistible to law enforcement. Those homeowner associations, like, funded the early growth of the company. They got the cameras out in the world. That dense coverage created, like, proof of concept. Little legal quirk. Police agencies quickly discovered that because Flock's homeowner homeowner association cameras were privately owned, the officers could legally access the footage through Flock's shared national network without legal constraints that might apply to government operated surveillance.

Speaker 2: Sure.

Speaker 1: This is super important to this story. Mhmm. A detective in Texas could query this database of some cameras in Washington without a national warrant, without traveling, without informing the camera owners. Just type into a search box.

Speaker 2: It's like, terms and conditions. Terms and conditions.

Speaker 1: Of a product you didn't buy. The company reached unicorn status in July 2021. By 2024, it was generating an estimated $285,000,000 in annual recurring revenue, 70% up year over year. The business is a booming. It is series f, 275,000,000. They're currently sitting at a 7 and a half billion valuation. 49 states, like I said, 5,000 police departments, 6,000 communities, 20,000,000,000 license plates scanned every month. So this box. This box is interesting. It's like a little little black, I think it's rubberized, kind of box mounted on, you know, roadside poles and stuff. Inside, there's, like, a little camera optimized to scan the plates, an LTE modem, a Linux based computer, a battery, a solar panel. Vehicle passes by, trips the switch, gets photographed. Onboard AI reads the plate, checks it against a hot list of vehicles of interest, and uploads the results to Flock's cloud database. That's the main camera. The other one that we should discuss, it's called Condor PTZ. These two products kinda form a little bit of a network. That ALPR camera captures plates. Condor tracks people. It's got a pan tilt zoom motorized little thing inside of the box that lets it follow PTZ

Speaker 2: for the camera nerds.

Speaker 1: Yes. Literally. There's there's just it's that with that added to it. So it can, like, follow a person as they walk. You know? I had the I don't know if I wanna contribute to the design of this, but I was like, they make three sixty degree sensors. This is a solved problem. I'm assuming it's a storage and database issue, but I'm like, just just do just do that. Anyway, AI, like, locks on a pedestrian. The motor lets it track them. You get the basic idea. Programmed to, like, follow faces and just try and track what people are, walking past. And then there's the interface. Officers can access the platform through a web interface that allows searches by plate number, vehicle, make, model, color, any combination of those. And as I mentioned, those queries are not limited to local numbers. You can sweep the whole national network instantaneously.

Speaker 2: I wonder I wonder what one of those accounts costs. Like, give me give me full access to your network, please, and thank you. Well, allegedly, if

Speaker 1: you if if you know your way around the dark web, not very much. And the Center of Flocks law enforcement function is, I think they call the hot list. It's like plates linked to stolen vehicles or active warrants. That was implicated in the opening story we talked about. Camera reads the hot list plate, and if it matches a a list a plate that they see with a plate that's in their database, An officer nearby automatically gets an alert. You get the idea. We're gonna talk about, like, how accurate is this system and how secure or insecure it is. But I, like, I don't wanna I don't wanna hide behind that, and you can sense the vibe I'm putting off. Like, even if this was a 100% secure, which it allegedly is not. Even if it were a 100% accurate, which it allegedly is not, Flock is, in my personal opinion, a privacy, catastrophe. At a structural level, I don't know what a good version of this product looks like, which is to say a centralized database of national person tracking cameras that can be queried without a warrant.

Speaker 2: A pro private database too. Exactly.

Speaker 1: Controlled and owned by private entity. And accessible by you get it.

Speaker 2: By anybody.

Speaker 1: But let's dig into the accuracy and security elements since they're relevant, I think, interesting. Let's dig into it. Let's dig into it. Let's dig into it. Let's dig.

Speaker 2: It's funny because this is this reminds me so back in my undergrad, advanced AI four six six, I think, comp four six the the university I went to Sure. The PKI course was this challenge, but it was postal codes. A postal code like a camera? Yeah. Like a optical like a OCR and number identification. So the US postal service uses identification for postal codes. So you write an address on a letter.

Speaker 1: Mhmm.

Speaker 2: It goes through a scanner. A scanner reads off what you've written for a postal code or a ZIP code in The States. Sorry. I'm using Canadian lingo. The, the ZIP code is a five digit number, and then it routes that letter based on what that that number is. So so that is using an AI process. So our final project was to try and beat the USPS's, system.

Speaker 1: Hit rate. Sure. Yeah. You do it?

Speaker 2: Yeah. Of course. Hell yeah. The a plus.

Speaker 1: Hell, yeah. In 466.

Speaker 2: Yeah. The, got offered a got offered a graduate placement in the AI program, which now looking back in time, I probably should have taken. But I'd already accepted one in software engineering. The, but, yeah, great project, great interest. But the the big difference here is that license plates are both alpha are alphanumeric. So you've got O's, which look like Zeros, and you've got And moving. Mucking up A seven for a two is bad.

Speaker 1: Yeah. That one's Yeah.

Speaker 2: That's a that's a bad one. Mucking up a zero for an o on a moving frame of a video for sure.

Speaker 1: Well, especially when you've trained these, like, different states have different license plates. I I can't speak to this, but I would imagine that the color, the typography, all of those things, you have one central system trying to scan these. It's like that is a very complex technical challenge. No doubt about it. Totally. And like I said, it's moving. It might have some kind of a screen on. Like, it's really hard to know. The electronic frontier frontier foundation has cataloged what it calls the human toll of ALPR errors. I'm not gonna just, like, list, like, and then this person, they got a they thought a three was an eight, and this person gets dragged out of the car. There's so many of them. As I mentioned in the intro, IPVM's 2021 study found a roughly 10% error rate in flock cameras output for state designations alone. Like, at 20,000,000,000 scans per month, a 10% error rate, Flock has contested that number. But if it's a 1% error rate, that is a baffling amount. There have been lawsuits, 1,900,000, to Britney Gilliam, a San Francisco resident for a half 1,000,000. There's a lot of them. But moving past the accuracy of the cameras, I was really fascinated. And the thing that people kept messaging about was the security of these systems. Late twenty twenty four cybersecurity researcher John Gainesek Gaines, we've talked to him about about him on the show before, did something that I think that Flock probably didn't was kind of hoping no one would be able to pull off, which was he bought a Flock camera off of eBay, and then he took it apart. Classic. Yeah. Classic. Move. Publishes a white paper documenting 51 distinct security findings, 22 enough to receive, like, I I learned about this for the first time, official CVE identifiers from the National Vulnerability Database. So, like, yep. That's a real big issue that anybody in this industry should know about. The one of the biggest kind of piles of these vulnerabilities are don't really require much technical sophistication at all. They're physical. A flock camera is mounted on a public street. Pretty much anyone can walk up to it. On the back of the casing is a big button. You press that button in the right sequence, and the device broadcasts its own Wi Fi access point. You connect to that access point, enable Android debug mode, and you have and gain words, quote, carte blanche across the device. All stored images, firmware, a complete foothold into Flock's broader network. Gaines pulled this off of the laptop and a stick for the button pressing that I mentioned, like a literal not a USB, a stick.

Speaker 2: Like a broom handle.

Speaker 1: Yes. Keeping his hands off the device, and he pulled that off in about thirty seconds. The cameras have exposed USB ports, making them vulnerable to, like, rubber ducky type stuff we've talked about in this show before. Mimic a keyboard, execute a little automated attack script against it. The stored images are allegedly unencrypted.

Speaker 2: Of course. Yeah. Save data. Save space.

Speaker 1: You gotta save space on your Panopticon. Researchers found images from the factory testing period still present on the device. I found that fun. Hard coded Wi Fi SSID is a a privacy, real privacy situation.

Speaker 2: Seems like, really jumps out at me that something that's so public, so visible, and so despised, truthfully. Like, there's a whole British, like you you know, I can't remember what they're called, but there's like a

Speaker 1: Yeah. CCTV

Speaker 2: Yeah. But they but they UK. Groups of people that go around, like, smashing them. Like, the the for something that's so despised that you would have physical access to the unit in any way shocks me.

Speaker 1: I'm I'm surprised by this. And and maybe you could say it's a product that clearly got its start in homeowners associations where the homeowner association was legitimately buying a camera to point inside of its own community. But I am not sure that the industrial design has kept up with the scope's ambitions, for lack of a better way of putting it. Totally. So that's the box. Let's talk about the website. Flox law enforcement web portal, the interface through which officers search billions of license page rec records, does not require multifactor authentication.

Speaker 2: Cool. Sweet.

Speaker 1: Love that for them. Just had to linger there for a sec. They they encourage it, but they do not require it.

Speaker 2: Of course.

Speaker 1: Yeah. The company confirmed this to congress in October 2025. A single stolen password is sufficient to access the entire national database with, like, full officer level privileges. And, again, no MFA needed.

Speaker 2: Given their, you know, comprehensive physical security, I'm sure I'm sure these cracker jack. Yeah. I'm sure you wouldn't even really need to steal an account. I'm sure you could probably just make one up. Yeah. Yeah. Maybe. Maybe. Oh, no. Allegedly. Yeah. Allegedly.

Speaker 1: I'm gonna get a button that says

Speaker 2: Didn't somebody give us a comment recently about how we become, like, the allegedly show or something?

Speaker 1: I think that was a while ago, or maybe there's a more recent one. Yeah. But yeah. Like, you know why we do that. Right?

Speaker 2: So we don't get sued.

Speaker 1: Yeah. Because I like that. When we

Speaker 2: talk about things like this, it's alleged.

Speaker 1: Yes. And slap suits are a thing.

Speaker 2: If there's been a court conviction, then we can drop the allegedly.

Speaker 1: Yes. Exactly.

Speaker 2: Until then, we cannot.

Speaker 1: And civil suits don't necessarily in any case, in December 2025, Gaines, the guy we talked about, and another guy named Ben Jordan, who we'll talk about in a second, independently discovered something very, not great. Using Shodan, which is a search engine for Internet connected devices, they were able to connect to 67 condor Flock Condor PTZ cameras streaming live to the open Internet.

Speaker 2: Yes.

Speaker 1: Didn't even have to get the username and password we talked about

Speaker 4: because there's

Speaker 1: no way

Speaker 2: Shodan also found, like, 46,000 open client instances that were just fully public exposed. That was that was a few months ago, so I'm sure that's

Speaker 1: a lot bigger number now. Just scraping back minis.

Speaker 2: Just Just finding them all.

Speaker 1: And then

Speaker 2: you got a full agent in control of a computer. Essentially, a full root kit.

Speaker 1: Yeah. Anyone who finds these can just watch them live. Thirty days of archive footage, change the camera settings, read log files, run diagnostics. They're pointing at, like, playgrounds and people's houses with it just just a real real real mess.

Speaker 2: Real privacy alleged nightmare.

Speaker 1: Alleged nightmare. Flock called the exposure a, quote, limited misconfiguration on a small number of devices and says it's been fixed, just to sort of say both sides of it. There's the credential situation. Ben Jordan, who I mentioned a second, he was not a professional security researcher. Sat in front of, I believe, it was congress with screenshots from a Russian cybercrime forum advertising stolen flock police portal logins. There's a Hudson Rock, a firm that tracks compromised comp, credentials, found that at least 35 customer accounts have been taken by information stealing malware. To continue on to Ben Journeys is kind of a filmmaker, YouTube musician, fun guy. He makes ambient electronic music under the name Flashbulb and then does this. I was like, my dude.

Speaker 2: Buy the camera. My dude. Come on the pod.

Speaker 1: Yeah. You sound very cool. He's become like a very consequential critic of this. Did like a big, forty minute YouTube expose about this. That's, like, totally worth checking out. Talks about a lot of, you know, what Gaines had talked about with compromising these things physically. He ended up sitting. Kind of taking part in the legislative process a little bit on that. Just wanted to give him his flowers here. So this data has been used in a bunch of different ways that people will have a bunch of different opinions about it. It's been implicated in, law enforcement looking at how people are accessing health care and stuff to do with immigration and protests and travel and all sorts of messy stuff. I wanna talk about Flock Nova. In May 2025, four zero four media reported that Flock was developing a a a platform called Nova that combined ALPR data, stuff they were collecting, and this is important, with records from data brokers, information from data breaches, allowing law enforcement to track specific individuals, not just through the information they were tracking through their cameras, but from information that they bought from data brokers, often the product of leaks. In all states except Montana, police can legally buy location data from commercial brokers, bypassing warrant, requirements. I'm sure we're gonna talk about this at some point on the show in the future. But it lets you get around the requirements that would apply to the same data if you went to a telecom carrier or a tech company. Nova was trying to formalize this, pulling all of that breach data and public records and leaked stuff into a single searchable interface alongside all of the plate history and face photos that they were capturing. Real ones at four zero four four media report on this. Massive backlash. Yeah. Kind of bipartisan, frankly. Flock says, we're gonna drop the breach data component of this. The fusing of, like, this commercially available private information into a tool for warrantless individual tracking. The Electronic Frontier Foundation, who we mentioned earlier, called this a dystopian panopticon. In my personal opinion, that phrase is not hyperbole.

Speaker 2: That's a great great title for it.

Speaker 1: Right. Dystopian panopticon.

Speaker 2: See, this is fascinating for for us as Canadians because in Canada, we have information privacy protections. And in The States, there's a much more fragmented perspective on it. Certain things, financial data, health data, children's data, educational information, your video rental history are all protected, but there's no overarching individual privacy law that protects it. And and that's that I guess that's the the the crux of it. Right? Is they're they're able to do this because there is no general privacy law protecting the privacy rights.

Speaker 1: Yeah. It keeps ending up having to happen at a state or even municipal or even neighborhood type level. You you do see pushback, about this. And like I mentioned, some of the resistance to this has been bipartisan, which I find, hopeful. Where communities in Austin, like, to your point, Scott, Austin, Evanston, Eugene that canceled or declined to renew FLOC contracts after the fallout of four zero four's reporting. You've got the anti surveillance map project, which is a volunteer effort to document where these things are physically located. They got a cease and desist from flock in February 2025 and did not comply. Washington state passed s b six zero zero two, banning ice accessing plate reader data, capping retention in twenty one days, stuff like that, prohibiting like, you can't install these by a school or a church, guys, that kind of stuff. Montana, like we mentioned, closed the data broker loophole that Nova, that purported product, was designed to, like, exploit, for lack of a better word. So to your point, like, in the absence of a big federal law protecting this against this kind of thing, it's really proving to be up to much smaller jurisdictions to to create that resistance.

Speaker 2: Yeah. The American Privacy Rights Act, was a recent attempt at this. It almost kind of got tabled twenty twenty four ish, but then it stalled out. So there still isn't anything. But, yeah, I I think that's the that's the fundamental difference. And especially, like, in the recent weeks, you've seen a lot of drama around Anthropic versus OpenAI, government contracts, surveillance. So if all of this information is publicly available, publicly accessible, and publicly licensable from these companies, they could theoretically just feed data to AI and turn and let AI loose on it to turn it into models of who you are, what you do, what your behaviors are. So, anyway, fascinating fascinating topic.

Speaker 1: Yeah. At this point, I would assume that all of that information I would assume that almost every piece of information that is available for sale from data brokers, at minimum legally, has been ingested by all of these models.

Speaker 2: Yeah. Or is being used or is being used to build systems

Speaker 1: That's a better way to

Speaker 2: put it. Facilitate policing All manner. Whatever. Marketing, probably. For sure. For sure. For sure.

Speaker 1: Yeah. These things aren't going away anytime soon. The company is, like, too big, too embedded into systems, too well funded. It's a national network in practice. It's part of America's surveillance infrastructure. But it is interesting and relevant that it is built by a private company, sold to governments, and operated, dancing on the edge of legal frameworks in some fascinating ways.

Speaker 2: Or lack thereof. A lack of legal frameworks. But, ultimately

Speaker 1: and the reason I wanted to talk about this here and, again, thank you to everyone that sent us this story. There is a lot of evidence alleging that these cameras are hackable. The credentials have been for sale. The data is available to anyone with a badge and for a brief period in late twenty twenty five, anyone with an Internet connection. Those questions remain largely unanswered. Any answers that have come have been, in my personal opinion, quite unsatisfying. A lot of deflection, if I was to characterize it. And in the meantime, you got 20,000,000,000 scans happening every month. People do don't really know that their license plate at minimum is being scanned, read, logged, stored, added to a database that a deputy in another state can search in seconds for almost any reason with basically no oversight.

Speaker 2: Yeah. All of these camera systems, like, even, like so we have a few cameras at our house, and we have cameras around our office. They have the ability to do automatic plate detection. They can even do face ID. There you go. And it's just now, like, a standard function in most of these camera systems these days. You know, anything if you're buying anything current and contemporary in the in the the video security area Yeah. It has lots of these functions baked in. So this has just become de facto standard.

Speaker 3: It's, and I think

Speaker 1: it's probably gonna become a bigger unfortunately, in the absence of any kind of structural remedy, the conflict is probably gonna get downloaded to people. People going, like, I don't like that you have that camera pointed at my front door. And other people saying, but I'm allowed to have it pointed at my lawn and your front door just happens to be in back and forth they go, and the whole thing gets escalated. I don't really have a good answer to it. It's a it's it's a prickly one, and I don't love it.

Speaker 2: But it's it's really interesting because, like, doorbell cameras. Right? Yes. They're everywhere.

Speaker 1: Totally.

Speaker 2: We we've created our own CCTV Totally. Camera state just for doorbell cameras. Like, anytime there's a crime in a neighborhood now, the first thing that the cops do is send out a request asking for everybody to look at their doorbell camera footage and send anything that's relevant.

Speaker 1: Yep.

Speaker 2: And it's like we've we we have created our own Panopticon.

Speaker 1: Yeah. Totally. For $9.99 a month. If we That you pay. Did you ever see the movie Weapons?

Speaker 2: I have not, but it has been recommended. Cool.

Speaker 1: Yeah. It's, it's fascinating because it's a it's a movie in which doorbell cameras play like a major narrative beat, and it's not even they don't even explain it. It's just sort of taken as a a given in the same way that, like, you don't need to explain what a smartphone is in a movie in 2025 or 2026. You don't there's no beat where they explain what these things are. It's just a given that in this nice suburban neighborhood, there's a lot of cameras Everybody's store bought cameras. Exactly. And that's different. That's that that's a that's a change. And as the feeds and images that these things are kicking out are being archived and databased and queried and accessed in new ways, you have a really fascinating intersection of, like, what can this technology do and what are we comfortable with the hardware doing on our, you know, land, our home, our property, our spaces. It's just a a really interesting set of overlapping questions.

Speaker 2: Totally. Totally.

Speaker 1: Well, that's the coin toss first side. What should we talk about now, Scott?

Speaker 2: Should we flip a coin?

Speaker 1: I don't maybe. We could talk about my other story. We could talk about something you wanna talk about. Where do we go from here?

Speaker 2: I got a bunch of things I wanna talk about, so maybe I'll jump in and and we can have a little brief chat.

Speaker 1: Let's do it.

Speaker 2: Let's let's go I'm I'm gonna say happier, but let's go with something that's a bit more comical.

Speaker 1: Sure.

Speaker 2: So Anthropic. Mhmm. Anthropic's Claude. Mhmm. Claude Code.

Speaker 1: Mhmm.

Speaker 2: Claude Code is being built by Claude Code.

Speaker 1: Okay.

Speaker 2: So Claude Code is now, like, the tool that the development team inside of Anthropic is using to build it. I woke up to a ton of Internet information traffic blowing up on the timelines that Claude Code had managed to commit all of the code for Claude Code into a package map file in the release of Claude Code. So Claude Code in one of its latest builds inside of the package had all of the source code for it, which is typically not something you do.

Speaker 1: And why is that typically not something

Speaker 2: you do, Scott? Well, it's a lot of intellectual property in there for for one. Yeah. So so yeah. So they they managed to submit a version two point one point eight eight that had a source map file that had the entire unobfuscated full source code for the entire platform cloud code, which everybody loved. Sure. Like, everybody that's in that world because it gave everybody a look under the covers to see, like, how are they doing Yeah.

Speaker 1: Prints to, like, the most popular building for lack of a better metaphor.

Speaker 2: Like Yeah. Yeah. Yeah. Yeah. Yeah. Metaphor metaphor. So naturally, it's blown up across GitHub. There are hundreds of repos that have cloned it and are sharing it. And then you've got Anthropic running around behind them trying to clean them up Yeah. Trying to shut them down. So it has become part of the natural source of the Internet. I don't know if they'll ever be able to finish hiding it all because I'm sure there's thousands, if not tens of thousands of local copies.

Speaker 1: Woah. That's interesting. Yeah. I'd seen I'd seen some emails come in this morning from from good friends of the show pointing us towards the store, but I hadn't had a chance to read it. I was too too too busy reading about Panopticons. That's an interesting one.

Speaker 2: Yeah. Well, the the other cool thing is is that because they have the unfettered access to the source code, they've actually found 44 new features that Anthropic was working on that are kind of, like, in the DevCo pieces. They're not exposed to the public yet. So there's all this additional functionality. Essentially, they've given out the product road map and the active source code for it.

Speaker 1: Wow. Anything cool?

Speaker 2: Yeah. Lots of cool stuff.

Speaker 1: On the road map? Yeah. I was like I was like putting the leak aside. I'm like, any anything neat?

Speaker 2: Yeah. They've they're adding, like, proactive functionality so we can, like, be proactive. I'm not sure exactly how the implementation of it's gonna work, whether it's gonna be autonomous and just go off and do things that it thinks it should. It has a dream function, so it can dream and imagine what the product could be and then build a plan from that. So there's there's a bunch of little things like that. I haven't dug super deep into it as this is, you know, hours old at this point.

Speaker 1: But those sound like cool features in what is, rapidly turning into the wildest ad segue we've ever done. We'll catch you in the ad break in a little bit. It's gonna be pretty funny. Starting some new isn't just hard. It can be downright terrifying. You put a lot of work into a thing. You're not entirely sure it's gonna work out. You're taking a huge leap of faith. I've started a few things. Now I know I was right for believing in, you know, the idea, the product, despite all of those fears and hesitations. But boy, does it sure help when you have a partner like Shopify on your side. Shopify is the commerce platform behind millions of businesses around the world and 10% of all e commerce in The US. From household names like, well, hacked podcasts merch, to brands just getting started, you get started with your own design studio with hundreds of ready to use templates. Shopify helps you build a beautiful online store that matches your brand style. Did I mention that that iconic purple shop pay button that's used by millions of businesses around the world? I don't know why I wouldn't. I should. It's why Shopify has the best converting checkout on the planet. It also helps boost conversions, meaning less carts, sort of getting abandoned in the parking lot, and more sales for you. It's time to turn those what ifs into sign up for your $1 per month trial at shopify.com/hacked. Go to shopify.com/hacked. One more time, that's shopify.com/hacked.

Speaker 5: This Father's Day, do more with dad and spend less with low prices guaranteed at the Home Depot. Get him fired up with a new grill and accessories, like the next grill five burner for just $299 so you can spend more time together while he becomes the grill master he was always meant to be. Or build memories with savings on top brand power tools so you can tackle projects side by side. Give more and do more together this father's day with help from The Home Depot. Exclusions apply to homedepot.com/ price match for details.

Speaker 4: When you finally find your thing, you want the whole world to know about that thing. So you use a thing called Canva to make it an even bigger and better thing. Whether you want to create flyers for that thing, make presentations for that thing, or design merch for that thing, you can do anything. So people can see your thing, feel your thing, love your thing. The next thing you know, it's a thing. Canva, the thing that makes anything a thing.

Speaker 1: I was like, do you know who's advertising in this episode, Scott?

Speaker 2: I I do. I do.

Speaker 1: That's really good. Oh, good good stuff. I don't even know where to go from there. That's too good. I

Speaker 2: think we just come back from the ad break.

Speaker 1: Oh, and I think we're back.

Speaker 2: And we are back. Hopefully, you enjoyed that ad.

Speaker 1: Hopefully, that ad was in that ad break because that's good stuff.

Speaker 2: Clock code, pretty amazing product.

Speaker 1: It's a really good product.

Speaker 2: Pretty amazing product.

Speaker 1: Listen. Stuff happens. We gotta talk about it. Totally. Yeah.

Speaker 2: Where to next? I got a few more things that go, or we can give it back to your side of the coin. This is like a loosey chatty chat. So

Speaker 1: Let's just keep it going. I wanna talk about the little social media platform that couldn't. Oh, let's go. I want you to imagine a scrolling vertical video app, Scott.

Speaker 2: K. I'd have a really hard time imagining that because it barely

Speaker 1: exist. But not not like no. Not like TikTok or Reels or YouTube. Don't picture those pesky old fashioned platforms where you need to wait for a tired old human being to make the videos Oh. To point

Speaker 5: things at.

Speaker 1: No. This one would be different. The app instead uses AI to generate the videos, and then humans watch the AI videos. And in between the AI videos, you get AI ads, and then the money just happens. With all the eyeballs and none of the humans to split the ad revenue with, you create a flywheel of infinite money, and AI content, and money, and AI just tumbling around. This was the idea behind Sora. So wait. Oh, okay.

Speaker 2: A billion dollar enterprise with no employees. And then some Very trendy.

Speaker 1: Very, very trendy. Yeah. You thought I was talking about some vibe coded. And in a sense,

Speaker 2: I probably was. I was ready to talk about Sora as an add on to this social media platform that you were gonna talk about.

Speaker 1: You were ahead of me, it seems. And in September 2025, it looked like this was gonna work. Two Berkeley PhD grads had built it inside of OpenAI. They demoed it in February 2024. The standalone app hit number one in the App Store within twenty four hours. And then the mouse the house of mouse himself, Disney, of all companies, announced it was investing a billion dollars and licensing over 200 of its characters to the platform. Mickey and Grogu, the future was IP cleared. You will be able to make videos.

Speaker 2: You will be able to make your own Disney video.

Speaker 1: You will be able to make videos of Iron Man and Olaf the Snowman kissing. I don't know. Whatever you wanna do. Were there speed bumps? Sure. Turns out when you give the entire Internet an AI video making machine, it will make deepfakes of Stephen Hawking skateboarding. And Martin Luther King and situation so bad his, state had to call OpenAI directly.

Speaker 2: And and Olympic competitions between pets and you name it. Exactly. An endless amount of viral content.

Speaker 1: The Japanese animation as an industry as a whole popping its head up being like, stop it, SAG AFTRA having to be like, stop it. But in a move fast, break things world, none of that seemed like, genuinely, it didn't feel like it mattered when this came out. The future is there's that sense of an inevitability. The genie cannot be put put back in the bottle. You will watch Olaf and Iron Man. But kissing. Smooching. But, you know, a story about the inevitability of a technology can be very, very powerful. It is not as powerful as cold hard economics, and eventually the numbers catch up. Because the math of this, the infinite money flywheel, depends on eyeballs. It depends on the company wanting to commit to this, but it it depends on eyeballs, human eyeballs. And it presumes that people wanna watch this because, otherwise, where does the ad revenue that makes this all economically rational come from? And that whole time, every one of those videos, according to research, allegedly cost OpenAI. There's different estimates, but about a buck 30 to make.

Speaker 2: A lot of processing.

Speaker 1: That's a lot of processing. $50,000,000 a day, some estimates say. For an app that made, it looks like, about $2,000,000 total ever in its lifetime. Downloads peaked in November 2025, fell 66% by February. OpenAI's own head of Sora called it called the economics of it completely unsustainable. And we're talking about this now because on 03/24/2026, OpenAI posted a a very brief goodbye on x. Thirty minutes earlier, Disney's team had been in an active working session, according to reporting, with OpenAI on the partnership. The billion dollar investment died in the gap between that meeting and that ex post. No money ever reportedly changed hands. Yeah. So we should talk about do a kind of obituary for Sora, because I think it's a really fascinating technology story.

Speaker 2: Well, to me to me, this is just a this is a marker.

Speaker 1: Yes.

Speaker 2: You know? Anthropic really invested in okay. Anthropic didn't even have visual models forever.

Speaker 1: Mhmm.

Speaker 2: Like, they were so focused on knowledge, productivity, cloud code. They went the productivity direction. Like, all of their investments went that way.

Speaker 1: Focus is the right word, man. Like, that's a Yeah. That's the right word to use.

Speaker 2: And OpenAI was a little bit more loose. They were trying to do everything kind of at once, but nothing really had the target and focus. They've since I think what they've done, and this is again just hearsay or, like, my my thoughts

Speaker 1: Yeah.

Speaker 2: Is that they've redirected internally to be like, oh my god. You know, the productivity segments, the Cloud Coworks, the Perplexity Computers, the Open Claw worlds, these things are showing such enormous economic value to the users. And they've also brought the cost of tokens way, way down. I heard recently that it's as low as, like, 9¢ per million output tokens. So so they're they're they're probably in a yeah. Efficiency is occurring on the on the model and inference side, where I think when it comes to diffusion models and a lot of these visual things, there's still very heavy processing costs as you as you noted. And I just a friend of ours, co game developer with Jordan.

Speaker 1: Good buddy.

Speaker 2: And I talked about good buddy. And I talked about this when kind of opening, I was releasing Sora, and Google was, like, kind of thing. And he his his thoughts were that AI was gonna come for the creative industry first. And it turns out that AI is really not that good at creative. Like, it can do things that are pretty amazing.

Speaker 1: Yeah.

Speaker 2: But but it doesn't do them in a way that humans believe them.

Speaker 1: And that's the crux of it. Yeah. It's what is the creative for? Because if it's to be watched by people, what you have is an experiment. And you can you put in the most addicting form factor known to man, vertical scrolling video. And it's really just a question of if it can't work there, where are you waiting for it to work?

Speaker 2: Well, but you you see the societal pushback in video games.

Speaker 1: Mhmm.

Speaker 2: Any game that has AI content gets, like, lit up on the Internet. Totally. You see the pushback in advertising. People that have ads that have substantial AI content get pushed back. Even just, like, I would say Sora's main use was generating ads that I hated to see on YouTube. Yeah. Sure.

Speaker 1: It was making stuff that then infected other platforms. And those tools still exist. If you wanna make Slop to run as an ad on shorts or reels, you have a panoply of options available to you. Sora's absence will not really respectfully not be felt in that sphere. I'm fascinated by there's this sense of, like, you're just gonna wanna sit and watch this in the way that you watch TikTok and reels, which again have AI content on them. It was like, do you just do you wanna watch just that? Interesting theory. And there's there's also a a pure economics argument, like, OpenAI has since made comments about this because, like, it doesn't look good. No. They're currently in the middle of a and I think they're raising an additional $10,000,000,000 adding up to a $120,000,000,000 funding round that they're currently in the middle of. And the line and it's a good line. It's Fujisimo, OpenAI CEO of AGI deployment, quote, we cannot miss this moment because we're distracted by side quests. We have to nail productivity in general and part particularly productivity on the business front. That means backing off on stuff like this, and reportedly pri deprioritizing. We're not gonna get into this. The adult modes of some of their platforms. It's like, okay. We're shifting. We're going all in on business.

Speaker 2: Because that's where the money is.

Speaker 1: Because that's where the money is. The vertical video slop app, the not safe for work chat mode, these are distractions from what we should be working on as we're bleeding money and, yeah, all that stuff.

Speaker 2: Like, they they they did get very in the weeds with a bunch of side quests, and they were and and and for being the industry leader, the people that kind of created the industry, the market definer, they have fallen, I would say. Like, I think they still have majority market share. Like, most people that use AI, especially chat interface, use OpenAI. They use chat CBT because that's it's almost like a verb.

Speaker 1: It's It's the Kleenex. It's the roller blades. It's the noun a 100%.

Speaker 2: Yeah. It's where where if you're, like, really into AI, like, Claude Code was, like, the first real coding harness that people were like, holy shit.

Speaker 1: Yeah. No. Totally. I remember that. I think we probably talked about it on this show.

Speaker 2: Yeah. Yeah. OpenAI's models have gotten very good at coding.

Speaker 1: Yeah.

Speaker 2: But their harness is not as good as cloud codes was. And and that's becoming the thing is a lot of the harness development pieces are becoming like, the models are so smart and so good and so well trained and so tuned that figuring out how to get the maximum amount out of the model has become the new challenge. It's less about, can we make the model smarter? It's like the models are pretty damn smart. It's like, how do we keep them on task, on focus? Like, the first time I used Claude CoWork, I gave it a prompt, and boom, all of a sudden, it pops up a plan. It had made a plan to answer the thing, and it starts going through the steps, and it stays on task. And I was like, oh, that's nice. And and and that's all their learnings

Speaker 1: now.

Speaker 2: It's all their learnings from cloud code. You know, they learned that to solve complex problems in code, they had to break it down into much small smaller subtasks, solve those, and then roll it up. It's one of the reasons why I built Loom is because I like co work it's because I use co work and cloud code so much, but I wanted to be able to use it with local models. You know, if we have client confidential information, things like that, that we can't load into the anthropic system, how do we do that offline and and and secure? And so that was my one of my big main goals for building Loom was that.

Speaker 1: Mhmm. Yeah. You get how there's companies like Google where so much of their brand story is about, like, we just try crazy shit. You know? Like, we'll just, I

Speaker 3: don't know, balloons with satellites on them. We'll dig a

Speaker 1: big hole and fill it with Internet. Whatever. Like, who knows?

Speaker 2: There's no company that spins up new software applications and then, like, shelves them three years later than Google.

Speaker 1: Yeah. There's drawers full of, like, VR headsets and tablets that are just never gonna be a thing again.

Speaker 2: Totally.

Speaker 1: And I think it's become a sort of, like, model and an an archetype in this world where there's this sense of, like, you want you want a big tech company that's worth hundreds of billions of dollars to feel like an empire with all of these different things. But you can really only burn money so fast. Or maybe a better way of putting it is that empire is on built on a much firmer foundation when you have the money generating engine of a Google AdSense or a Microsoft, like, enterprise or the iPhone. You need that thing that's just printing money so that you can go experiment. It doesn't seem right now that OpenAI has that. They have an extremely, like, popular product, but the cost of operating the product and the revenue that the product brings in are still sort of dancing with one another. They don't have the flywheel of infinite money to sponsor all of these things. So you need a little bit of efficiency sometimes in a way that isn't quite the case for Google and Apple and Microsoft. Totally.

Speaker 2: It's like a classic classic startup thing is to, like, pick one or two things to be the best at them. Don't try and be everything to everybody. And I think OpenAI got a bit into that headset of, like, oh my god. We're doing amazing things. Let's disrupt every industry Yeah. Instead of one industry, where I think Anthropic was much more targeted with their we're gonna go after software engineering. Because if we can crack that nut open Mhmm. That nut, like, solves 10 other nuts.

Speaker 1: Totally. Or,

Speaker 2: like, cracks 10 other nuts.

Speaker 1: AI video generation is prickly. So much of what we see of it is really, like, respectfully low effort stuff that is, like, just get this out of get this from out in front of my face. But, like, the larger technology is interesting, and it's built on a long, like, history. Depending on where you try and track the the history of Sora, it's like you could be going back a pretty long way. There was, like, AI assisted video manipulation in the nineteen nineties. There was a piece of software I read about in reading about this called Video Rewrite. From, like, 1997 that was used to be able to, like, alter speaker lip movements so that you could synchronize with the new audio track. And there's, like, obvious filmmaking applications. ADR is common in film. You wanna change a line in post. Could we have the shot beyond the actor's face when they say that? Develop a software solution for it. And it's on that foundation that you keep kind of building forward up into the moment 2014. You You get generative adversarial networks being applied to video. You get that push and pull that pushes everything forward. You get diffusion being added into video as well in, like, the early twenty twenties. Like, there's a really cool ladder of technological innovation that brought us to this point of being, like, I do wanna see Stephen Hawking do a three sixty.

Speaker 2: Well, speaking of, like, lip syncing and stuff, I Yeah. Before, I was waiting for Jordan to jump in. We use Riverside.

Speaker 1: Yeah. It's a

Speaker 2: common podcasting platform. I was just poking around to see what new features they added. And they now have a feature that will translate our podcast into 30 different languages. And not only that, it will resync our lips to make us look like we are speaking the language that it has translated it into.

Speaker 1: Hola, Scott.

Speaker 2: I was like, this is for, like, a 2999 a month subscription.

Speaker 1: Sure. Like International. Ish. Yeah. I think YouTube is even starting to bake that in, which is funny because you'll always see comments on things being like, how do I turn this off? It's translating it to my language, and I don't wanna I don't want that.

Speaker 2: It's I don't want it. Cursed.

Speaker 1: Get it out. Get it away from here. But the, like, educational potential is obviously, like Huge. Huge. Like, to be able to not all learners, you know, like captions, and they some people are auditory learners. I totally see

Speaker 2: the potential of that. Totally.

Speaker 1: Yeah. I I just I found this fascinating, the, like, decision to boot something like this up. That was the number one app. Like, how many number one apps post Flappy Bird have been shuttered within less than two years? Like, that's just a really interesting story. Flappy Bird. Do you

Speaker 2: remember my blast from the past.

Speaker 1: I know. Right?

Speaker 2: I remember people selling iPhones that had the app installed on it after they had shuttered it.

Speaker 1: I just I there was such an interesting story of that. It was the developer whose name currently escapes me. But he he he'd made a lot of little kinda little games. Just little games out of, like, different like, kinda just, like, hacking together assets from other games. Like, just just making stuff, and one pops off. And it's printing, like, what was it? $50,000 a day or something? That was a crazy story. And it was ruining his life, so we took it down.

Speaker 2: He's like, just leave me here to build my small games. Please don't play them.

Speaker 1: Yeah. He's, like, richer. The he's, like, probably made more money than he knows what to do with.

Speaker 2: The, just to to kinda stay on the AI, but I also just wanna transition us over to with all this agentic coding going on, one of the biggest attack surfaces these days, and we've talked about it a number of times, these supply chain attacks because they just keep popping off. March 24, Light LLM, which is a super common package for if you're building a piece of code that needs to communicate with an LLM. Mhmm. You can just get this package, Light LLM, and it kinda has all of the framework built for, like, connecting to an LLM model, sending prompts, you know, has all of that stuff kinda prebuilt. K. Super, super common. 97,000,000 monthly downloads. Makes it one of the most popular open source LLM proxies in the entire Python ecosystem, which is the main ecosystem for people playing with LLMs.

Speaker 1: And this is used inside of like, this is an open source tool used inside of other LLMs.

Speaker 2: No. It's used inside of software being built that need to communicate Understood. Understood. Yeah. So it is it is wildly successful. Anyway, for a small period of time, it if you installed it, immediately upon installation of it, it executed a small Python process startup script that would literally scrape all of the keys, cryptos, any kind of cloud platform access, any kind of Kubernete cluster configurations, any of this stuff. It did a massive credential harvest, and then we just throw it back to a to a home base.

Speaker 1: This is the team PCP attack. A buddy of mine who it doesn't follow a buddy of ours that doesn't follow this messaged me about this today.

Speaker 2: Did he?

Speaker 1: Yeah. Yeah. Now I've got it up in here in front of me, like, the link. 95,000,000 monthly downloads, like you said. Brutal.

Speaker 2: Yeah. Anyway so they caught it relatively quick, thankfully Sure. Again. But still, it's such a pervasive package that's in so many things that if you did an update on any of your open source packages that were dealing with this sort of stuff. Like, I did a scan on my system, and I have three pieces of software that use it. Thankfully, I didn't get the malicious copy, but super super effective. The second you second you updated it, it it ran the script, grabbed all the creds, and fired them away.

Speaker 1: I wonder how did you, run that search on your system to see? Like

Speaker 2: Oh, there's a there's a Python command that you could run that looks for

Speaker 1: K.

Speaker 2: Package package versions, package installs. I don't know the don't know the command off the top of my head if you ask AI AI.

Speaker 1: To be able to check if you if you have anything on your system that is accessing LightL and to see if maybe it was potentially compromised in that brief window.

Speaker 2: But this this attack surface just keeps servicing over and over because next up, Axios, which is another package, which is an HTTP client. So think of it as like a web browser for code. K. It can reach out and access websites and stuff and pull in the source code for websites. So imagine if you were building an AI platform that had a tool in it to go out and grabs website content, do fetches of web pages to to get information. Chances are you had LightLlm installed, and then you were using Axios to do the web kits. So same thing, supply chain attack, introduce a malicious dependency that deploy a Trojan capable of controlling the system. So it actually provided a rootkit. And they didn't just do a cred scrape and throw, like, throw it up to the to the cloud. It actually, like, essentially rooted your computer. So Axios is actually bigger at a 100,000,000 downloads a week, not a 100,000,000 downloads a month, and it had a it was it was packed for two hours. Light LLM, I think, was three hours before they quarantined it. So this has become, I think, a preferred preferred attack vector for most people who are looking for, like, just causing mass amounts of havoc. Yeah.

Speaker 1: I mean, there's no how do I put this? There's this, like, there's a graph someone could make of, like, the more access you give these tools to your system, the more powerful they come become. So if you want a more powerful tool, give it more access. But it's like, that that means that the potential security vulnerability of one of these things being compromised goes up the more power you're seeking. There's, like, a really interesting

Speaker 2: Yeah.

Speaker 1: Little relationship there that probably at some point over the next couple years, there will be product responses to. It's like, how do you build a thing that gets you the most power out of these systems while hopefully insulating you against exactly what you're talking about right now?

Speaker 2: Well, there there there have been there's been some really good structures for this already created. So, actually, Anthropic is done. And I know. They're the sponsor of the show. Should I should quit talking about them? But they've done some really relevant things. So, like, when you open up Cloud Cowork, what it actually does is it boots essentially a Docker container.

Speaker 1: There you go.

Speaker 2: It containerizes the entire execution of it. It asks for permission to come out of the container when it needs to, but, essentially, everything is kept inside of a bundle. And you're starting to see this a lot more as, like, even there's open source solutions now that if you're building AI powered tools

Speaker 1: Yeah.

Speaker 2: That you can spawn them into containers rather than just spawning them on local. So, like, OpenClaw was obviously the big tool that, like, showed that if you give a computer these things, they can do more with it. And people are like, this is great, except for that it might have a bit too much access. So so so yeah. I wonder

Speaker 1: if the MacBook Neo becomes the new Mac mini. Maybe. For this kind of stuff.

Speaker 2: It's got a

Speaker 1: screen, though. Kinda walk. Do you

Speaker 2: even need a screen?

Speaker 1: This is

Speaker 2: I've been getting, like, ads for hosted Mac minis now. So you can literally just, like yeah. Exactly. Pay a monthly fee and, like, get a get a get a Mac mini in the sky.

Speaker 1: Honestly, not a bad idea. I mean, we should probably I don't really have anything. I don't have a lot of commentary on it other than, like, oh, that's bad. FBI director hacked.

Speaker 2: FBI director hacked. Email personal email.

Speaker 1: Personal email. The Handala hack team said Patel, quote, will now find his name among the list of successfully hacked victims. FBI director Kash Patel's personal email inbox, his photographs. There's video. This is all under the sort of, like, fog of war of who even knows what's real anymore in an age of generative AI as we discussed earlier. Oh, not a good look. The bureaus confirmed the basic hack happened.

Speaker 2: Yeah. The I'd say the biggest thing telling for me on this is how there's been nothing shocking coming out of it. You know?

Speaker 1: That's just cringe. It's not it's not criminal. It's just cringe.

Speaker 2: Yeah. Yeah. Like, the the behind the scenes footage from the Olympics was worse than anything that's come out of his private email, which which I think is, I guess, good for him.

Speaker 1: Yeah. I'm glad there's nothing that yes. Agreed.

Speaker 2: But this isn't anything like like the alleged Biden laptop that had, like, you know, so much incriminating content on it.

Speaker 1: Yeah. Yeah. No. This is, Kash Patel. Just, it was his personal email address. Yeah. Yeah. Yeah. It's interesting one. I don't I don't really have much about that one. Interesting it happened. Not a great look for the director of the FBI.

Speaker 2: There's, there's rumors, more alleged that our friends, lapses, are back back to having fun.

Speaker 1: What what did they do?

Speaker 2: Well, allegedly. So this this is a lot of alleged in here because the company involved hasn't confirmed that it happened. Okay. Lapsus hasn't taken credit for it. It's just been assumed that it was Lapsus. And Right. So, anyway, three gigs of source data from AstraZeneca, a massive pharma company, including internal code repositories, employee data, credits, tokens, and all this stuff showed up for free on the dark web the other day. And, it seems like what the people are reporting is that, allegedly, lapses stole all this stuff, tried to extort AstraZeneca to pay. AstraZeneca didn't pay, so they just released it. Woah. So AstraZeneca hasn't hasn't yet confirmed that the breach, did happen, and nor has lapses confirmed that it was them in that released the data. So Woah. Lot of alleged in this one.

Speaker 1: That's a wild story. If you're burning out on the alleged, so I'll just go ahead and tease our next episode. We'll contain none of them. Assuming the interview gets everything's all good to go there, it will be a nice, confident episode that we'll go into, but I'm enjoying this episode full of Allegedly's. That's wild. Yeah. Astro AstraZeneca is no joke. That's a very big company. To not we've been covering ransomware stores for a long time, and the push and pull of will they pay, won't they pay, what are they paying for, is it worth paying are you incentivizing future attacks if you do, if you don't, what do you lose? We've talked about the negotiations behind those processes, and I would love to have been in the room with the, like, not just the lawyers, but the cons security consultant that inevitably would have been hired in this situation to try and negotiate that back and forth with allegedly lapses.

Speaker 2: Well, you've also got to assume that there's probably an insurance person in the room Exactly. An actuary calculating what the full exposure of it is because it looks like aside from a bunch of tech stuff, which, you know, in the era of cloud code and agentic engineering is less valuable than it used to be. Sure. You can change API tokens. You can change keys. You can change those things, but the employee related information was probably the biggest part of the leak. Private information has a real cost, and it escapes.

Speaker 1: Was there any early signs, any intellectual property related to their, like, products?

Speaker 2: Farmer products? Nothing that I could find.

Speaker 1: Okay. Because that's where my brain goes to. I'm like, I cannot think of a more sensitive intellectual property corporate espionage type topic than pharmaceuticals. Sure. Or

Speaker 2: you have patent pharmaceutical?

Speaker 1: Patent pharmaceuticals. It's like it it like, technology even pales comparison to, like, we spent twenty years researching chemicals that can be distilled down into something that can be manufactured in a lab in minutes. Like Totally. There's a it's a discovery type topic. So if you manage to get that out, that's that's a catastrophe.

Speaker 2: Yeah. If you were managed to pull out, like Yeah. You know, weight loss medication, GLP ones before they were

Speaker 1: Huge.

Speaker 2: Yeah. Yeah. No. That's It's a trillion dollar industry that you've just stumbled into.

Speaker 1: Exactly. And it's, like, the data set is, like, comparatively small compared to some other things. It's like you you can get the the the key to that box that fits in your pocket. Yeah. That's fascinating.

Speaker 2: Oh, the only other thing that I have to talk about is not an allegedly.

Speaker 1: Okay.

Speaker 2: It is that, GTA six, unsurprisingly No. Got bumped again. No. To when? November 19. It was supposed to come out this spring

Speaker 1: God damn.

Speaker 2: And they pushed it again pushed

Speaker 1: it again. They can't keep getting away with this. They

Speaker 2: can and they will.

Speaker 1: They can and they will. It will come out in 2027.

Speaker 2: All I'm gonna say is that, oh my god. It it better be good. They've got, what, three additional years now of delays?

Speaker 1: I don't know if I have a system that it will run on at this point. Like, I bought I I bought an Xbox years ago. I'd be like, this will be the thing I play Grand Theft Auto six on. Now I don't

Speaker 2: even know, man. That's That by by the time it releases, it won't even come out with source art. The art will be generated by DLSS at the same time. I mean, speaking of.

Speaker 3: I knew I knew I'd trigger that one for you.

Speaker 1: I wanna talk about Yosifying my video games.

Speaker 2: Yes.

Speaker 1: Oh, man. Did you follow that? We're wrapping up. There's not much We're

Speaker 2: wrapping up. About it.

Speaker 1: But did you follow that whole thing?

Speaker 2: I followed it a bit. I would say that I wasn't as as as super into it as the Internet got. I was too busy watching tennis in in Palm Springs.

Speaker 1: That's a much better use of your time. Yeah. So NVIDIA announced DLSS five, which is the, quote, fusion of three d graphics and artificial intelligence. Basically, for for quite a few years now, NVIDIA has been using sort of, like, post processing run directly on its graphics cards to up res graphics in different ways. Up until four, it had been quite, let's say, conservative in its treatment. They put out this video for DLSS five. And let's just go ahead and say that the the response has been quite mixed.

Speaker 2: Really? Yeah. I haven't seen a lot of on the other side of this one.

Speaker 1: Yeah. Mixed is the nice thing you say when the word is negative. There's the the video is basically just sort of, like, before and afters of a line wiping across the screen and you see a a normal video game and then the line kind of wipes across. When I say normal video game, I'd be like, it's it's real before and after marketing tactics here of, like, let's do a not great normal render, and the the line swipes across. And you have this sort of uprest thing. And the thing that a lot of people have pointed out, is that it while it is technically actually distinct from face filters, like the kinds that you get probably on a laptop or in your phone or in a social media app. The quality that it has and the effect it has on the faces of characters certainly evokes a face filter to kind of yassified, like, beauty filter sort of look. Like everyone got everyone aside from one old woman gets, like, really weirdly photoshopped looking, and then the old woman's face just sort of, like, fills in with canyons and crags. Like, they make everyone really hot, but the old woman gets really, really, like, old looking. It's very uncanny. It's an interesting piece of technology. I think a lot of people sure don't want this right now. If they had run this exact same video, but it just had the effect on the backgrounds, the response would have been entirely differently. But instead, it looks like a beauty filter on top of art, and that people don't tend to like that.

Speaker 2: Yeah. So just, just to give a bit of background, like, DLSS is essentially frame generation technology. So the AI can insert a generative frame

Speaker 1: Mhmm.

Speaker 2: Between real frames to increase the performance of games. And, notably, like, cyberpunk was the, like I would don't wanna say it was, like, the test launch, but it was, like, the test bench for this because that game was so graphically intense that DLSS was one of the only ways even with a $8,000 gaming PC that you could run it at a higher frame rate. So it's it's it's interesting. It's been interesting technology. If you play any kind of competitive shooters and stuff like that, chances are you have it disabled the entire time because it causes, like, strange artifacting has in the past caused strange artifacting and blur issues.

Speaker 1: So you I didn't know that. Typically, you

Speaker 2: can left this off. Yeah.

Speaker 1: Like, in precision gameplay situations, it's like, I actually don't want you adding any kind of like, if you think about, like, scaling up an image, it's like, oh, we can fill in the gaps between the pixels. Be like, no. But I need pixel perfect gameplay because I'm competing at this at, like, an athletic level.

Speaker 2: Yeah. Precisely. So most people that play highly competitive games just leave it default turned off. It's more for the cinematic style games where maybe you wanna play it on your four k ultra wide or you know? But you wanna play it at a 120 frames per second, but your computer is only capable of generating 90. If you turned on DLSS, it might kick it up. Sure. And it does a pretty good job in those situations. I've only ever used DLSS four. I've never used five, obviously. Yep. But I don't know. It is it is very strange because it is essentially generating it is generative AI on a frame level in a real time game.

Speaker 1: Yeah. So It this strikes me as a real sleep on it type situation because the actual implementation of this in most cases, like, I think the demo was done with, like, two of their best graphic card running and they're, like, we're sure we can get this running on one being, like, okay. So this is still in the oven.

Speaker 2: Totally.

Speaker 1: But the feeling you got when you watch the video is, like, I think you just turned it up way too high Because you turned it up so strong that the people's faces kind of didn't look like the same person's face. It was more photo realistic to be clear, but it didn't always look like the same person. And I think that that really feeds into this idea that like, hey, are you trying to betray the artist's integrity here to try and do a little bit of a graphical boost? Because that doesn't feel good. And it feels like you sort of, like, heaved us deeper into an uncanny valley situation. I think that's why it left a pretty bad taste in a lot of people's mouths. Yeah. Whereas if they just tune this and set up on the background and you're like, wow, the lighting and, like, model texture seems really rich and water because it's, you know and my brain's rep the reptile brain part of my head isn't flaring up because it's not a human face. People probably would have thought this was just fine. Totally.

Speaker 2: Yeah. But that's it. That's it for me. That's all I've got to talk about.

Speaker 1: Yeah. That's all I gotta talk about. Sora's dead, flock security cameras, ain't it? Allegedly. No. No. In my personal opinion, the other side of the allegedly coin. Yeah. That was fun. Yeah. Good stuff.

Speaker 2: Well, thanks, sir. Thanks for hanging out.

Speaker 1: Thanks for hanging out.

Speaker 2: See you soon.

Speaker 1: We'll see you soon. Catch you in the next one. Take care.

Speaker 3: It's damn hard to brew a beer as simple yet well balanced as Two Hearted IPA. You need quality ingredients, the perfect single hop recipe, and a dedication to doing things the right way. Luckily, it's not that hard to drink it, though. You just gonna pull that little tab thing on the top and voila. Two hearted IPA. Never half hearted. Two hearted. Bell's Brewery, Comstock, Michigan. Please drink responsibly.

Speaker 6: Are you one of those media strategy people clicking through slides, scrolling spreadsheets? Yes? Good. This is for you. Because on Spotify, there's an audience that's different, locked in, loyal, invested. They're called fans. Fans don't just listen to music. They feel seen by it, like it belongs to them. So when your brand shows up on Spotify, that's who you're talking to. And you're right next to artists like me, Lizzo. So are you ready to talk to fans? Spotify advertising. You're among fans.

Speaker 7: Starting a business can seem like a daunting task unless you have a partner like Shopify. They have the tools you need to start and grow your business. From designing a website to marketing to selling and beyond, Shopify can help with everything you need. There's a reason millions of companies like Mattel, Heinz, and Allbirds continue to trust and use them. With Shopify on your side, turn your big business idea into sign up for your $1 per month trial at shopify dot com slash special offer.