SN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password Blunder

[00:00:00] It's time for Security Now. Steve Gibson is here. A little change in Microsoft land over that edge password thing. We will talk about a new way of making chips work without electricity by pulling in quantum power from the air. Is that possible? And OpenAI and Microsoft's response to the Anthropic Mythos security tool, all that and a whole lot more coming up.

[00:00:30] And up next on Security Now.

[00:01:00] We will be able to build, deploy and manage AI apps and agents quickly and cost effectively without compromising reliability and security. With OutSystems, you can rapidly launch ideas from concept to completion. It's the leading agentic systems platform that's unified, agile and enterprise-proven, allowing you to accelerate growth, reduce operational friction and deliver real enterprise impact with AI. OutSystems, build your agentic future. Learn more at OutSystems.com slash TWIT. That's OutSystems.com slash TWIT.

[00:01:32] Podcasts you love. From people you trust. This is TWIT. This is Security Now with Steve Gibson, episode 1079, recorded Tuesday, May 19th, 2026. Daybreak and codename M-Dash. It's time for Security Now. Yay!

[00:01:56] The show where we cover the latest security, privacy, computer, sci-fi, everything on this man's mind. Mr. Steve Gibson is here. Hello, Steve. You know, Leo, we were just using the expression has a mind of its own. And I realized we really can't say that any longer without meaning it because things do or very will, very soon will actually have a mind of their own. Have a mind of their own? Yeah. Yeah. Like your car? Yeah. Yeah. Exactly. That's really interesting.

[00:02:26] You know, this is one of the big debates that's going on is AI conscious. And in fact, it's one of the first questions I asked you when we started talking about AI on this show is where you stood on that. And you, correct me if I'm wrong, but I think your position is the same as mine, which is there isn't anything special going on inside our brain that couldn't be duplicated by a physical process outside of our brain. It may not be yet. Yes. Yes.

[00:02:53] What I've, what I was just, I was talking to somebody who's not a techie yesterday and I said that who was interested in the topic and the way I framed it, I think it was, I know it worked for him. I said, AI is language and language is knowledge, but not understanding. And when he kind of looked at me, I said, think about a book, a book is language printed on paper.

[00:03:22] So, so obviously a book contains knowledge, not, you know, a book is, has knowledge. No understanding. Right. But exactly. No understanding. Right. And I said in, in my, because I'm, you know, I've been in computing my entire life. So when I'm interacting with, in this case, Claude, I'm, I'm still like stunned by it.

[00:03:47] In fact, in fact, I have a, I have a little, a little one pager editorial about my feelings in, after the last week of the danger that we are in. Not the kind of, well, maybe, maybe some people are worrying about it, but how seductive and addictive it is. It is inherently that. And if we thought social media was a problem, baby, you ain't seen nothing.

[00:04:16] So, but, but anyway, so I said, you know, in watching AI, I can see when I see its mistakes, I realize that it reveals, it doesn't understand what it's producing. It's producing astonishing content, but it doesn't understand it.

[00:04:39] And, and so that, that will, when that changes, and I agree with you, Leo, I don't see any reason why it can't. I don't know when or how or what, but, you know, and, and this, the whole LLM era may just be, you know, the beginning of this.

[00:04:57] Lord knows, you know, anybody, cancer researchers, fusion researchers, quantum computing researchers, all, they all say, just give us money and we can make it, we can make it happen. Yeah. Well, we've never seen anybody give anything money more than AI. I mean, this is just ridiculous.

[00:05:24] So if there's an answer and if money can, can find, I mean, if there's an answer and if money can find it, then we're going to have an answer. I mean, we're going to see this thing continue to go. Yeah.

[00:05:37] Because, and I have to agree, you know, if you, I think you were referring to it, that last scene toward the end of the WALL-E movie, I haven't seen it for a long time, but it was a bunch of, you know, obese adults floating on a star liner. Like they were so fat that their bones were like being pulled apart or something. I don't quite remember what the visual was, but, you know, and the matrix, right?

[00:06:06] Everybody in a pod who doesn't know that they're not. It's just batteries. Yeah. And so imagine if, well, anyway. We may be headed there is what you're implying. We're, something is, this is a problem for us. Anyway, so not surprisingly, today's topic is Daybreak and Codename M-Dash. Oh boy. Oh, yep. There it is. There they are floating down. Oh goodness. Yeah.

[00:06:36] Just, yeah. It was a wonderful movie actually. Yeah, it is good. So Daybreak and Codename M-Dash, which are, you know, the responses to Mythos in various ways. Also, we're going to talk about how, so we'll get to that at the end.

[00:06:59] But first, Microsoft has decided to rethink Edge's so-called intended behavior after it got some press. We didn't intend that intended behavior. Not favorable. After all. Yes. Speaking of Microsoft, the chaotic Eclipse hacker has struck again with a bypass of BitLocker, which some people have called a backdoor. I think that's taking it too far.

[00:07:29] Also, Google's Threat Analysis Group documents their discovery of the, you know, clear malicious use of AI, which we're beginning to see. Apparently, Canada has not learned the lessons of the EU and the UK.

[00:07:49] So their parliament is going to go down that same rabbit hole of, you know, legal disclosure and tapping and so forth. We'll talk about that. I want to take, as I said, a moment to talk about how AI chatbots may be far more addictive than social media and why I think that is probably going to happen.

[00:08:12] Also, a comment about our favorite piece of sci-fi of ours, Project Hail Mary, now being available to stream. Also, I put this out there just because it was fun and it is so wacky and interesting. An apparently serious zero-point quantum vacuum energy source.

[00:08:39] And every so often I hit a nerve among our listeners. And boy, you know, thanks to the fact that these notes went out early on Sunday, there's been a lot of time for some feedback from our listeners. So we're going to have fun with that and actually share some feedback and then talk and take a look at OpenAI's and Microsoft's vulnerability discovery systems. Oh, good. Oh, good. Yeah. I mean, it was pretty clear. We talked about this a couple of weeks ago that Mythos is very effective.

[00:09:09] There was just a story last week about discovering a flaw in Mac OS, which is pretty darn locked down, getting around gatekeepers. So, you know, there's definitely some stuff. Oh, and by the way, Steve, there is a picture of our future here in the club. Clumped with Discord. I'll pull this up for you and you can see it. I think this looks good. I think this is maybe our retirement plan or something like that.

[00:09:38] I don't know. I'm just saying. Oops. Let me squish you down so there's room for us in our hover chairs. That's a podcaster's dream right there. Let me tell you. I like it. But I need that smoothly. Get on that right away. And I'm sure you've noticed there's been a complete revolution in this sort of thing. Like ads now look different. Oh, yeah. Everything.

[00:10:08] You know, like late night comedy sketches are now using an entirely different imagery because it's now you don't need to have a huge staff of artists in order to create something. Darren, what did you use? Because this is this nano banana? Because this is really looks really good. I have to say. Oh, he says chat GPT. Interesting. They're all doing it now. Google's doing it now, too, with, you know, they're doing agents. I mean, it's amazing. Anyway, let's take our first break. Just get this out of the way so we can get to the picture.

[00:10:37] The much long awaited picture of the week in just a little bit. I haven't seen it. I closed my eyes, but we'll see it together in just a little bit. But first, a word from our sponsor, Hawks Hunt. If you're a security leader, you have been there. The eye rolls during training, those terrible one size fits all fishing simulations that your employees spot from a mile away. And the report button, put that in air quotes. It gets ignored more often than not.

[00:11:06] Your programs, your training's running, but it's not changing employee behavior. Meanwhile, AI, oh, AI is making real attacks more convincing by the day. And maybe your boss is starting to say, ask that question you may not have an answer to. Is this training actually working that we're paying all this money for? Well, good news. Hawks Hunt is here to answer that. Hawks Hunt empowers your, empowers, that's a very important word. Not browbeats.

[00:11:35] Empowers your employees to spot and stop advanced phishing attacks. Driving measurable behavior change through personalized, gamified micro training. It's powered by AI and backed by behavioral science. And you'll like it because as an admin, Hawks Hunt does all the heavy lifting. Makes your life a lot easier. Simulations run automatically. Not just email, but Slack and Teams too. They're personalized to each employee based on role, location, and behavior.

[00:12:05] Just like many of these phishing emails. And every simulation uses AI to mirror real world attacks. Meaning employees are being tested on stuff that's actually getting through. Not some outdated template they immediately go, I recognize that. Gamified training makes it fun. Keeps engagement high without feeling punitive. And because every interaction generates a coaching moment, you're not just tracking completion. No, my friend.

[00:12:30] You're building behavioral indicators that tell a real story. Reporting rates, repeat clicker reduction, and time to report. The kind of metrics that hold up when leadership comes into the office and starts asking the tough questions. And that's what's so great, I think, about Hawks Hunt is you're really getting training that works. But you don't have to take my word for it.

[00:12:56] With over 3,500 verified reviews on G2, Hawks Hunt is the top rated security training platform. Recognized on G2 for best results. Easiest to use. Also recognized as customer's choice by Gartner. And it's used by thousands of companies, including the biggest, like the best, like Qualcomm, DocuSign, Nokia. They trust it to train millions of employees worldwide.

[00:13:21] Visit hawkshunt.com slash security now today to learn why modern secure companies are making the switch to Hawks Hunt. That's hawkshunt.com slash security now. We thank them so much for their support of security now. And we encourage you to support us by going to hawkshunt.com slash security now. Let them know you saw it here. Picture the week time, Steve. So in keeping with today's podcast theme, I gave this picture the caption,

[00:13:48] worries over AI surpassing us may be overblown because AI has been trained on human output. Uh-oh. Let's scroll up here. Oh, this is wrong in so many levels. So many levels.

[00:14:11] So, so this, I can't explain this, but then again, that's, you know, if, if AI is trained on us, then I don't think we have anything to worry about. We, we, we, we see, uh, the right side of a gate, which is open, uh, at the moment. Uh, the sign very clearly states, please close the gate to keep the seagulls out.

[00:14:39] Now, you know, last I checked seagulls could fly. If it said the chickens, you had to keep the chickens out. Yeah. Okay. I go a flightless bird. That would make sense here. It's not clear how having a gate closed would affect seagulls one way or the other. I mean, unless they're, I like to walk anyway.

[00:15:00] Uh, yes, I don't know what's going on here, Leo, but if AI is, you know, at our level being trained on our output, then I think we're going to be fine. We're going to be fine for a while. Not to mention the fact that the gate is, doesn't go all the way across the gap either. So I don't know what the whole thing is just screwy. That's, that's really funny. I love it. All right.

[00:15:22] So last, last week we noted the discovery, uh, the reporting and the widespread confirmation among some of our own listeners that Microsoft's edge browser. Remember was storing all of its users passwords in Ram in plain text, decrypted, just sitting there. Where they were easily discoverable and exfiltratable on mass. Uh, the data included the URLs. So you knew where to go, the usernames and passwords.

[00:15:52] So you knew what to put in once you got there, uh, which were required to log into every website whose data was present in edges password list. Uh, and presumably where no other authentication factor would be required. Um, now this brings me to something we've talked about before. I'll just, you know, take a little segue here to pause and note that this is a perfect example.

[00:16:19] That is edge doing this, having this heinous behavior, a perfect example of the reason why. If one is going to go to the trouble of having additional factors of authentication security, it's nuts to store that additional authentication information. With the same single provider as the other, as your other authentication information is stored.

[00:16:46] Our listeners have asked, you know, several times, whether it's safe to store their one-time password secrets in the same password manager as their usernames and passwords. You know, this comes down to the meaning of the word safe. You know, they want me to say yes, because it's so convenient to extend a password manager's capabilities to include responding to the query for a six digit one-time password token.

[00:17:16] I really do get it. And I understand the temptation here. So I'll just say that I've never done that. And I never would. The entire point here is separation and redundancy, which is completely lost when all of the eggs are stored in a single proverbial basket. You know, I use, as I've said, OTP auth, nice little iPhone app, iOS app on my, and iPad on my separate iPhone.

[00:17:45] The good news is that most sites have become much smarter about avoiding needless prompting for one-time password tokens. Whereas, you know, a financial institution or the government might reasonably insist upon the provision of a one-time password every single time you log in. Or maybe if you haven't touched the site for even 30 minutes or so.

[00:18:12] You know, many other less sensitive sites that have been configured to require a one-time password will nevertheless relax their need when the browser being used already carries a previously valid login cookie. Which indicates that the browser was, that browser was previously logged into that site.

[00:18:35] You know, this is the newer, we recognize you on this computer messaging that we're seeing more and more often now. And that's good, right? Since we want bad guys who will not have that browser cookie to be forced to come up with that additional authentication factor. Whereas we don't want it to be overly burdensome for regular users who want that added safety without the overboard hassle. Anyway, my point is, here's an example.

[00:19:03] You know, if one-time password secrets were also exposed by Edge, as presumably they would be if Edge were to support that, then it would have been the keys to the kingdom. If, however, somebody had kept their one-time passwords anywhere else, then they would have still had protection for all the sites that they cared enough about to establish a one-time password.

[00:19:27] So, you know, and again, if you really don't want the security, go ahead. Store them all in one place and you get the convenience of a password manager that does all that for you. But not me. Okay, so getting back to Microsoft and Edge.

[00:19:48] Last week, we noted that Microsoft's disappointing but predictable response to questioning about their in-the-clear storage of the user's authentication data was that it was intended behavior. Yes, that's what we intended. We intended it to be all out there in RAM so anybody could get it. The SANS, remember? The SANS Security Institute wrote, Microsoft classifies this as intended behavior.

[00:20:17] And the guy writing for SANS said, I'm not sure what manager or lawyer decided that. Hopefully, it wasn't anyone in their security team. Amen. Since I titled this first bit of news intended behavior, only until it gets media attention, you can guess what comes next, right? Bleeping Computer provides the details on the background.

[00:20:41] Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was by design.

[00:20:57] This behavior was disclosed on May 4th by a security researcher, Tom Ronning, who demonstrated that all credentials stored in the Edge built-in password manager were decrypted on launch and kept in memory even when not being used. Ronning also released a proof of concept tool that would allow attackers with admin privileges to dump passwords from other users' Edge processes.

[00:21:24] Those without admin privileges would only be able to dump them from their own. He said he reported the issue to Microsoft and was told the behavior was by design before he publicly disclosed it. And I'll note that this is an interesting wrinkle on the responsible disclosure principle, right?

[00:21:45] You tell someone responsible, like Microsoft, in confidence about some clearly bad behavior you've just discovered in one of their highly security critical flagship products, and you're quite clearly told, yeah, that's right. That's what we want. So that's the way it is.

[00:22:06] Okay, at that point, no one's going to fault you for letting the rest of the world know what you have found and that you were basically told to buzz off. Bleeping Computer quotes the discoverer saying, quote, Edge is the only Chromium-based browser I've tested that behaves this way.

[00:22:28] By contrast, Chrome uses a design that makes it far harder for attackers to extract saved passwords by simply reading process memory, unquote. Bleeping Computer wrote while it initially refused to address the issue, telling Bleeping Computer at the time that, quote, This is an expected feature. That's right. It's not a bug. It's a feature. This is an expected feature of the application.

[00:22:58] They said Microsoft announced on Wednesday, so that's six days ago, that future versions of Edge will no longer load saved passwords into memory on startup, even though the reported scenario falls within the expected existing threat model, which excludes attacks where an adversary already has administrative control of a device. They wrote Microsoft Edge security lead.

[00:23:26] Gareth Evans said, quote, This defense in depth change, meaning what's what they're going to change Edge to do, certainly not what it had been doing, which they were previously defending. Now, this defense in depth change will come to every supported version of Edge, stable beta, stable beta dev canary and the extended stable channel our enterprise customers run, he said.

[00:23:55] And we're prioritizing the rollout. All right. Now that it's right now, now, now that everybody knows and is upset and is writing in about this, they're going to change it post haste. With our commitment to the secure future initiative and customer feedback, we are taking a broader view.

[00:24:15] Well, that means looking not only at whether something meets the bar for a security issue, but also at where we can reduce exposure through defense in depth improvements. Yay. In this case, reducing the exposure of passwords in memory is a practical step in that direction. It's almost as if, Leo, nobody thought about this before. They just think like, what? You know, and then when someone said, what about that?

[00:24:44] I go, oh, yeah, yeah. We should probably change that. Oh, you want defense in depth. Oh, depth is. Oh, yes. We thought you meant death. No, not death. Death. Anyway, they said, Bleeping Computer wrote, the fix is already live in the Canary, the Edge Canary channel and will be included in the next update for all supported Edge releases from build 148 and newer.

[00:25:11] They said last year, Microsoft introduced a new Edge security feature to protect users against malicious extensions sideloaded into the web browser and restricted access to Edge's Internet Explorer mode after hackers began leveraging zero day exploits in the Chakra JavaScript engine to access targeted devices.

[00:25:34] Okay, so first, while writing this on Saturday, I immediately fired up Edge to check its, you know, help about and I watched it quickly updating itself to build 148. So that fix was indeed quickly pushed out. Everybody has it now or if you haven't run Edge for a while, you will immediately upon, you know, launching it the next time.

[00:26:03] But the point that Microsoft made about the threat model governing Edge's design was important. I think it's reasonable and it's worthy of a little bit of additional attention. Bleeping Computer, remember, wrote, Microsoft announced on Wednesday that future versions of Edge will no longer load, say, passwords into memory on startup, even though a reported scenario falls within the expected existing threat model.

[00:26:41] Okay, now, first. Before I defend Microsoft's response, I'll take exception to their use of the term administrative control of a device.

[00:27:08] As was noted, administrative control is explicitly not required. Administrative control allows malware to obtain the usernames and passwords, or I should say, allows malware to also obtain the usernames and passwords of all of a system's users who may be logged in at the time in other sessions that has Edge running.

[00:27:36] But malware running in a non-admin account can still access all of its own users in RAM Edge authentication. So, not, you know, not quite right there. But let's focus upon the intent behind Microsoft's defensive position.

[00:27:54] The concept and deliberate design of formal threat models is perhaps the most important advance in our understanding and practice of security. We saw a lot of security. We saw a lot of that during last week's deep dive into DigiCert's internal security architecture. You know, just the fact that an architecture, the word architecture, is something that security can now have.

[00:28:22] That represents a significant advance in our state of the art understanding of how to provide protection. You know, a lot more theoretical thought and modeling has gone into modern security understanding. The fact that we have, you know, the notion of, as I said, an architecture.

[00:28:46] So, in this case, Microsoft is essentially saying we recognize that once an attacker has taken up residence in a system by whatever means, our ability to limit the damage that could be done is severely limited by the tradeoffs we have had to make in the name of practical usability.

[00:29:12] What comes to mind, you know, immediately is user account control. You know, I may refuse to store my one-time password secrets in my password manager on a just as a matter of principle. But the first thing I do when setting up a new Windows machine before I totally lose my mind is completely disable user account control.

[00:29:42] Having that thing constantly darkening my doorway, I mean my screen, and popping up to get my permission when I want to do perfectly safe things. The consequences of which I perfectly understand is not offering any value proposition that works for me. I get it, but for the typical Windows user, yes, you need to have, you know, a nanny looking over your shoulder all the time.

[00:30:10] But, you know, no thanks. My sanity is important to me. So, UAC, I'll take responsibility for turning that off because I want to get work done. And as a developer, I'm doing a lot of things that your typical Windows user doesn't. But I am appreciative of the fact that Microsoft is in an impossible position. That is, trying to secure people who are going to fight against that.

[00:30:39] So, to that end, I am sympathetic. Windows is being used by people who will follow commands provided to them by some random page on the internet instructing them to blindly paste and run a command they could not possibly understand, even if they could see it. So, how is Microsoft supposed to protect such users from themselves when an increasingly hostile world wants to attack them?

[00:31:09] So, on the one hand, Microsoft's position that there can be no true protection from bad guys who have already gotten into one's PC, you know, that's accurate and it's defensible. In fact, in a minute or two, we're going to examine what's been dubbed the BitLocker bypass. You know, it's a perfect case in point about the nature of local compromises and security boundaries.

[00:31:37] And a security boundary is another new theoretical concept that we didn't have, you know, originally, which is part of modern security architecture. But the other point Microsoft made, quoting the phrase defense in depth, refers to another of the crucial advances that have been made in our contemporary understanding of security.

[00:32:01] You know, when a castle was surrounded by a piranha-filled moat, attackers could, you know, just bring a boat and float it across the moat. But when the outside of that moat is surrounded by a tall fence, then it would be difficult to get the boat to the moat.

[00:32:20] You know, so, you know, defense in depth is also exactly storing all authentication factors in a separate location because, you know, storing them in the same place is sacrificing the opportunity to have additional depth.

[00:32:41] So, in this case, the bottom line is that the attention drawn to Edge's entirely needless exposure of its usernames and passwords. And notice how quickly they fixed it. I mean, it's not like this took a couple months to get right. I mean, it's like, oops. And the next day, they had an update ready and they pushed it out to everybody without any testing needed because it was simple to do. They just hadn't. So, that exposure was needless.

[00:33:08] As we saw, none of the other Chromium-based browsers ever behaved so cavalierly with their users' most important secrets. So, every one of those took the time and trouble to protect them. Now Edge does too. So, that's good. And Leo, you know what else is good? I need to take a sip of coffee and we're a half hour in. Fair enough. Fair enough. Let's take a break. And then we're going to talk about the recently discovered bypass of BitLocker's encryption.

[00:33:38] Was it in a directly planted backdoor or what? Yeah, because some people have said that. Well, it's a backdoor. You know, it's because I have, I kind of, Google said this too. If somebody's in your computer, whether the passwords are in the clear or encrypted, they're in your computer, you're in deep trouble. But isn't that the antithesis of zero trust?

[00:34:03] I mean, zero trust says if somebody's in your network, it doesn't mean that they should have free reign now. No, you can't. You know, you still want to put some, it's layered security. You still want to put some barriers up. But, you know, our topic at zero trust world, right?

[00:34:21] The calls coming from inside the house means even if you've got a bad guy in your home, you have segmentation so that, you know, you have put up barriers inside that prevent them from going where they shouldn't. Limit what they can do. And that seems pretty reasonable. And the problem is the tradeoff for convenience. We're always hitting that wall. We're always saying, I mean, as I, you know, we've talked about it.

[00:34:49] It's kind of cool to put in your magic six digit code. You're like Bond, right? You know, it's like, oh, what's my code in order to get authentic? I mean, it feels, it feels more secure. And in this case it is, but you shouldn't have to do it every time you, you know, look around. Well, it's funny that you turn off UAC. I was thinking about that's how I use AI. I use what they call YOLO mode, which is I say, yeah, do whatever you want.

[00:35:16] I don't have time to approve every darn bash command. Just go ahead. I trust you. What could possibly go wrong? Let's talk about zero trust. Our episode of security now this hour brought to you by Zscaler. Zscaler, the world's largest cloud security platform. Actually talking about AI too, because Zscaler uses AI as well as zero trust.

[00:35:44] The potential rewards of AI in your business, I think we all now realize are too great to ignore, but the risks are there too. And it's not just through bad guys attacking you. It's also through inadvertently exfiltrating proprietary information, losing sensitive data. There's, of course, the attacks against enterprise managed AI, prompt injection and things. And honestly, generative AI increases opportunities for threat actors by helping them to, you know, write threats. We've seen that too now.

[00:36:14] They can use it to rapidly create perfect indistinguishable from the real thing, phishing lures. They use it to write malicious code. They use it to automate data extraction. And what's even more scary, they use it to do all of this at speed. Just as you are a hundred times more productive, so are they. And the issue of leaking proprietary information is not to be ignored.

[00:36:37] There were 1.3 million instances of social security numbers leaked to AI applications last year. And that's most of the time not through malicious acts, but simply because people weren't paying attention. They said, oh yeah, let me upload the tax return. Forgetting that there's so much information in that tax return, which you've now given to the AI cloud, right? Zscaler will protect you from that. They're the most trusted AI security platform.

[00:37:07] 40% of the global 2,000 companies use Zscaler. They get this. This number is astounding. They secure half a trillion transactions a day, a day, 500 billion transactions a day with more than 9.4,000 global customers. Zscaler carries a net promoter score of more than 75. That's 150% higher than most average SaaS companies. And its users are very happy.

[00:37:35] Just check out what Siva, the director of security and infrastructure at Zora, says about using Zscaler to prevent AI attacks. With Zscaler being in line in a security protection strategy helps us monitor all the traffic. So even if a bad actor were to use AI, because we have a tight security framework around our endpoint, helps us proactively prevent that activity from happening. AI is tremendous in terms of its opportunities, but it also brings in challenges.

[00:38:04] We're confident that Zscaler is going to help us ensure that we're not slowed down by security challenges, but continue to take advantage of all the advancements. Thank you, Siva. With Zscaler's Zero Trust Plus AI, you can safely adopt generative AI and private AI to boost productivity across the business. Their Zero Trust Architecture Plus AI helps you reduce the risks of AI-related data loss and protects against AI attacks to guarantee greater productivity and compliance.

[00:38:33] Learn more at zscaler.com slash security. That's zscaler.com slash security. We thank them so much for supporting security now, and you support us when you use that address too. zscaler.com slash security. Back to you, Steve. Okay, so while we're on the topic of Microsoft, and we'll get back to it at the end, because MDash is their internal proprietary vulnerability-finding AI system.

[00:39:02] But for now, I want to make sure that everyone knew about the recent discovery with a published proof of concept of a local bypass attack on Microsoft's proprietary BitLocker drive encryption. The source and the apparently deliberate timing of the disclosure of this latest significant Windows vulnerability is interesting

[00:39:26] because it was publicly released last week on the 13th, the day after this month's Patch Tuesday. So Microsoft couldn't fix it for the previous day. And who released it? None other than the hacker Chaotic Eclipse with his nightmare-eclipse GitHub account.

[00:39:52] Remember that this is the individual we talked about recently who is extremely perturbed by Microsoft's handling of him and his disclosures. Recall that he appears to accuse and blame Microsoft for deliberately and knowingly ruining his life. I mean, words to that effect. I mean, he's like, what?

[00:40:19] And he's never really exactly clear what it was, but it's like he was counting on the reward, which he says they deliberately denied him. And so he wasn't able to meet other commitments that he had already pre-banked. Who knows? But anyway, in retaliation for that perceived slight,

[00:40:43] he has previously disclosed the Blue Hammer at the Red Sun local privilege escalation vulnerabilities as zero-day flaws, saying, ta-da, here you go, with proof of concepts. And they were immediately exploited in the wild shortly after he disclosed them.

[00:41:04] So now, same guy, Chaotic Eclipse is back publishing two new exploits with proofs for two new unpatched vulnerabilities named Yellow Key and Green Plasma. They are respectively the BitLocker Bypass and the second one, Green Plasma, is a privilege escalation.

[00:41:27] He describes the BitLocker Bypass issue as functioning like a backdoor because the vulnerable component is present only in the Windows recovery environment, you know, WinRE, which is used sort of as a utility host OS.

[00:41:47] It's that reserved partition that Windows now establishes when you're installing Windows onto an empty hard drive that allows you to boot into some special place. It's often used to repair boot-related problems with Windows. When the rest of the OS won't boot, you're able to use this recovery environment.

[00:42:10] So this chaotic Eclipse guy remains miffed at Microsoft and has published guidance on how to exploit this hole that he's found, that he has found. And if that wasn't enough, he is promised what he described as a big surprise for the next Patch Tuesday. So a couple of weeks from now, we may get something else.

[00:42:37] The security researcher, Kevin Beaumont, who posts as Gossy the dog, has independently confirmed the functioning of the yellow key BitLocker Bypass. Kevin's first post over on Mastodon was, quote, So I've just had a quick play with this, and yes, it works.

[00:43:03] Essentially, BitLocker, this is Kevin Beaumont saying this. Essentially, BitLocker has a backdoor. Mitigation, he says, equals BitLocker pin and BIOS password lock. Okay, now, of course, a BIOS password lock is a pain in the butt because you've got to enter it every time you turn the computer on.

[00:43:27] But for high-risk scenarios where local access with rebooting might be possible, that is, where someone could get a hold of a computer and reboot it, because that's what this requires in order to get access to BitLocker, the BIOS password lock would be the strongest and the quickest cure until Microsoft arranges a fix for this. Kevin followed his first Mastodon posting with a thread of posts,

[00:43:57] which I've collapsed to read. He wrote, I think my prior toot on Nightmare Eclipse auto-deleted. So to make a perm one, he said, I suspect it's somebody who used to work at Microsoft, who departed after my era. For anyone looking at this, testing showed two things. TPM unlocked the storage.

[00:44:26] It provides a login bypass as you're dumped as system prior to Windows Hello or password login. He says BitLocker operates without a pin by default. So it's basically a big gap. It's unclear how this code made it into production version of Windows. I should point out I've only tested with one version of Windows 11. Maybe the scope is smaller.

[00:44:56] Will Dorman and I have both recreated the BitLocker backdoor vulnerability. Okay, so what's the story? Bleeping Computer's headline, and that's where Will Dorman comes in, was Windows BitLocker Zero Day gives access to protected drives proof of concept released. Since we already have a lot of background, I'm going to skip over, you know, their description of the trouble and excerpt just some of the good bits.

[00:45:25] They write, The researcher says that Yellow Key is a BitLocker bypass that affects Windows 11 and Windows Server 2022 and 2025. It involves placing specially crafted FSTX files on a USB drive or EFI partition,

[00:45:49] rebooting into WinRE and triggering a shell by holding down the control key. The BitLocker bypass should also work without USB storage by copying those files to the EFI partition on the target drive. According to Chaotic Eclipse, the spawned shell gains unrestricted access to the storage volume protected by BitLocker.

[00:46:16] In other words, when you do this, the volume is not encrypted. It's just there. So they write, Independent security researcher Kevin Beaumont confirmed that the Yellow Key exploit is valid and agreed that BitLocker has a backdoor. Okay, we'll talk about that in a second. They write, He recommended using a BitLocker pin and a BIOS password as a mitigation.

[00:46:43] In an update, Chaotic Eclipse said that, The real root cause is still not known by the general public. Unquote. And then Bleeping Computer continues. And the vulnerability is exploitable even in a TPM, trusted platform module and pin environment. They write, However, the exploit for this version has not been released.

[00:47:13] The researcher said, I think it will take a while, even for MSRC, Microsoft research, security research, to find the real root cause of the issue. I don't think so. But that's what he said. And he says, I never managed to understand why this vulnerability is so well hidden. Oh, okay. So, Note that the term, again, backdoor, keeps floating around this,

[00:47:43] which I would call a vulnerability. Kevin carefully noted that it's unclear how this code made it into the production version of Windows. And if Chaotic Eclipse is correct, which I'm suspicious of, that there's also a full pin protection bypass. Again, I suspect that's a specious claim that it would make for a powerful backdoor for BitLocker. But that's a lot of ifs.

[00:48:13] Bleeping Computer reports Chaotic Eclipse saying, Quote, No, TPM plus pin does not help. The issue is still exploitable regardless. I've asked myself this question. Can it still work in a TPM plus pin environment? Yes, it does. I'm just not publishing the proof of concept.

[00:48:39] I think what's out there is already bad enough. Unquote. Okay. Maybe. But to me, it feels out of character for Chaotic Eclipse, given everything we know about this individual, to willingly hold anything back. What's the point? Once Microsoft fixes the vulnerability, the problem with or without the pin will be resolved.

[00:49:08] So it's not as if holding on to another aspect of the bypass would have any future value in any event. I mean, again, I think Chaotic Eclipse is boasting and bragging beyond what he actually has. In any event, Bleeping Computer continues saying,

[00:49:27] Will Dorman, principal vulnerability analyst at Tharos Labs, also confirmed that the yellow key exploit worked with the FSTX files on a USB drive, but could not reproduce the bug using the EFI partition. He explained to Bleeping Computer that, quote, yellow key exploits NTFS transactions in combination with the Windows recovery image.

[00:49:56] This pin prompt happens before Windows recovery is entered. Dorman clarified the exploit process, saying that to boot Windows recovery, Windows looks for backslash system volume information backslash FSTX directories on attached drives and will replay any NTFS logs.

[00:50:19] The result of this is that the X colon backslash Windows backslash system32 backslash winpeshl, as in shell, .ini, is deleted. And when Windows recovery is entered, rather than launching the actual Windows recovery environment, it pops up a command.exe with the disk still unlocked.

[00:50:46] They said by default, TPM-only BitLocker configurations, meaning those without a separate pin, unlock encrypted drives automatically without requiring user interaction. Now, what they mean is just like in the normal course of events. You come into your office in the morning, you turn on your computer, that's what happens. TPM-only BitLocker configurations, meaning those without a separate pin,

[00:51:14] unlock encrypted drives automatically without requiring user interaction. If a system can transparently decrypt a disk for convenience, it's reasonable to expect that attackers may eventually find ways to abuse that process. To me, that makes total sense. Dorman said, quote, Yellow key is an example of an exploit for such a weakness, unquote.

[00:51:42] Quote, explaining that because it leverages the auto unlock feature on boot, the current yellow key exploit does not work in a TPM plus pin environment. To me, I think that's probably true. And I doubt that Chaotic Eclipse actually has a pin in place bypass. They finished saying,

[00:52:07] it's worth noting that testing yellow key with a BitLocker protected drive must be performed on the original device where the TPM stores the encryption keys. As such, Chaotic Eclipse's current yellow key exploit does not work with a stolen drive, but allows access to disks that are protected with TPM-only BitLocker without needing credentials.

[00:52:30] On the other hand, if you did that, you could then presumably copy the decrypted contents off of that drive while it's still local onto a removable drive, and then you would have its contents decrypted. So what Will explained makes total, complete sense to me, and I think it tracks. This doesn't feel like a deliberate backdoor that Microsoft designed in,

[00:52:56] but I didn't spend enough time digging into this system volume FSTX files and the shell anything and why it deletes what it does. Because maybe, I mean, you know, it's not beyond belief that someone could have said to Microsoft, you know, we might really need a way around this if everybody starts encrypting their hard drives.

[00:53:24] We know the people, we know the law enforcement was not at all happy when TrueCrypt was in heavy use, and a bunch of bad guys would rather go to jail than give their password up and have authorities see what they had on their hard drive. So it just doesn't feel like a deliberate backdoor. We'll see, however, if Microsoft is able to fix it.

[00:53:49] Because, of course, being able to spontaneously decrypt a system that's booting from TPM decryption keys and decrypt a machine as you boot, that's an important feature to have. So it feels like another, you know, classic trade-off between convenience and security. You know, if you want to have a drive that's fully encrypted at rest while the computer is powered down,

[00:54:18] but you also want to have it auto-decrypted upon booting without the need to provide any sort of exogenous secrets, then a provision for TPM-anchored spontaneous self-decryption has to be there. And so I agree with Will's assessment that it should be expected that bad guys could find a way, hackers could find a way to bypass such a system security, because in this case, convenience won out.

[00:54:48] Anyway, as I said, I doubt that there's any PIN. I would sure, like PIN bypass, I would sure hope that Microsoft would have taken the user-provided PIN, when one is present, as an input to a deliberately slow and sluggish PBKDF function,

[00:55:12] to generate a related key, which would be needed to be, which would then need to be correct. You know, if that key would be merged with the TPM key in some way, or hashed into it or something, in order to generate the final decryption key, so that you just cannot decrypt without that. And that process would render any simple PIN bypass inherently impossible.

[00:55:39] And a full PIN brute force attack, which could be then throttled and prevented, would be the only means of attacking the PIN. You know, in this day and age, it would be negligent malpractice for Microsoft to simply be comparing whatever the user types in with a previously stored copy of that to see if they match.

[00:56:04] You know, nobody should be doing that anymore. So we have to presume that they're not. So, you know, I think the most mature position is that because you can turn the computer on and it will decrypt your BitLocker drive using the key stored in that machine's motherboards TPM,

[00:56:28] there's a way that you can hack into it, into the boot process and get that to happen. Maybe Microsoft made a mistake of leaving it decrypted when you drop out to the console. Maybe you shouldn't have system privileges, or maybe it needs to re, you know, discard the BitLocker key and it forgot to do that. We'll see what they come up with. I imagine this will be fixed by next, by next patch Tuesday. Yeah.

[00:56:57] Doesn't sound too severe to be honest. No. Well, and again, entirely local, you know, you've got to, you know, you've got to reboot the machine and hold control down the, the, the control key down and so forth. So, but, you know, if a company was presuming there was no other way to get in, then, you know, relying on BitLocker where maybe they shouldn't completely could be a problem. So, but certainly not, you know, any kind of, of, of remote attack.

[00:57:25] Okay. So we talked also, we just touched on last week that Google's threat intelligence group had indicated that they found indications of AI generated malicious exploitation.

[00:57:43] Um, their writeup is titled GTIG, you know, Google threat intelligence group, GTIG AI threat tracker adversaries leverage AI for vulnerability exploitation, uh, for also for augmented operations and initial access.

[00:58:03] And this of course is why anthropic now it's not an exaggeration to say famously chose not to has chosen not to allow mythos just to go out to everybody. They are keeping it, you know, under tight wraps or as tight as they can. It apparently there's some news. It's a little bit got out, but, uh, so their Google's piece is very interesting, uh, and it's detailed and long.

[00:58:31] So I'm just going to share the, uh, the top level executive summary. Uh, I've got the link in the show notes for anybody who might want more because there's a lot more, but just to give you a taste of this, which is really enough for us. They wrote since our February, 2026 report on AI related threat activity, Google threat intelligence group GTIG has continued to track a maturing transition.

[00:58:58] From nascent AI enabled operations to the, get this industrial scale application of generative models within adversarial workflows. In other words, what everybody was predicting this report based on insights derived from Mandiant incident response engagements.

[00:59:22] Gemini and GTIG's proactive research highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high value target for attacks. They said, we explore the following developments and they list six. First vulnerability discovery and exploit generation.

[00:59:51] For the first time GTIG has identified a threat actor using a zero day exploit that we believe was developed with AI. The criminal threat actor planned to use it in a mass exploitation event, but our proactive counter discovery may have prevented this threat actors associated with the people's Republic of China, the PRC and the democratic people's Republic of Korea.

[01:00:21] The DPRK have also demonstrated significant interest in capitalizing on AI for vulnerability discovery. That's the first point. Second point, AI augmented deployment for defense evasion. So getting around defensive measures that are in place.

[01:00:43] They said AI driven coding has accelerated the development of infrastructure suites and polymorphic malware by adversaries. We haven't heard polymorphic for a while, have we?

[01:00:56] These AI enabled development cycles facilitate defense evasion by enabling the creation of obfuscation networks and the integration of AI generated decoy logic in malware that we have linked to suspected Russia nexus threat actors. Okay. Okay.

[01:01:16] So what we're talking about here is a whole nother level of cat and mouse mess where, where like false flag operations and decoy networks. And I mean, like, like throwing up a smoke screen in order to confuse defensive systems. Boy. Okay. Third, autonomous malware operations.

[01:01:45] AI enabled malware such as prompt spy signal a shift toward autonomous attack orchestration where models interpret system states to dynamically generate commands and manipulate victim environments. In other words, AI driven, real time, AI driven attacks.

[01:02:12] They said our analysis of this malware reveals previously unreported capabilities and use cases for its integration with AI. This approach allows threat actors to offload operational tasks to AI for scaled and adaptive activity. In other words, we once were seeing like shadow hunters or shiny, is it shadow hunters?

[01:02:42] I can't remember. Shiny, shiny, shiny, shiny hunters. We were seeing them like basically announcing an attack a week. Well, that's because they were bandwidth limited. I mean, like bandwidth, just like how much they could deal with at once. Now we're talking about scaling that so that AI can be attacking all of the potential victims at the same time.

[01:03:08] Fourth, AI augmented research and I and IO, they said, information operations is their abbreviation. Adversaries continue to leverage AI as a high speed research assistant for attack lifecycle support while shifting toward agentic workflows to operationalize autonomous attack frameworks.

[01:03:33] In information operations campaigns, these tools facilitate the fabrication of digital consensus by generating synthetic media and deep fake content at scale. Exemplified by the pro-Russia IO campaign operation overload. Fifth, obfuscated LLM access.

[01:03:59] They said threat actors now pursue anonymized premium tier access to models through professionalized middleware and automated registration pipelines to illicitly bypass usage limits. This infrastructure. This infrastructure. In other words, they're hacking the AI, the commercial AI products in order to get around those limits.

[01:04:27] They said this infrastructure enables large scale misuse of services while subsidizing operations through trial abuse and programmatic account cycling. Oh, boy. Oh, boy. And finally, point six, supply chain attacks. Adversaries like Team PCP have begun targeting AI environments and software dependencies as an initial access vector.

[01:04:56] These supply chain attacks result in multiple types of machine learning focused risks outlined in the secure framework taxonomy, namely insecure integrated component and rogue actions.

[01:05:12] Our analysis of forensic data associated with these attacks reveals threat actors attempting to pivot from compromised AI software to broader network environments for initial access and to engage in disruptive activities such as ransomware deployment and extortion. In other words, they're saying they are leveraging AI on the inside to getting it to attack its legitimate hosts.

[01:05:41] So, Leo, lest anyone had any doubt that the bad guys would be jumping on AI with every bit as much gusto as the good guys, there's no longer any coming soon event. It is already well on its way. Mm hmm. No question. Would you like to take a break, Mr. G? I would.

[01:06:10] I gave this next note the title, Oh, Canada. I love Canada. Don't knock it. It might be in the last place that welcomes me. We'll talk about Canada. Blame Canada. Yes. Blame Canada in just a little bit. But first, a word from our sponsor. You know, it's funny. We geeks are a strange brew.

[01:06:39] We can find hardware dead sexy. I've heard people say that, right? Oh, that's that's a sex. It's good. Oh, that's good looking stuff. Oh, man. That's good. Well, that's how I feel about meter. It's dead sexy hardware. This episode of security now brought to you by meter, the company building better networks. Actually, I think Corey doctor was on when I was talking about meter on a tweet and he said the same thing. He said, Oh, that's sexy.

[01:07:09] We're a little strange. Let me tell you, meter was founded by two network engineers who feel your pain. And if you're a network engineer, you know what I'm talking about here. Legacy providers with inflexible pricing, IT resource constraints stretching you thin, complex deployments across fragmented tools. You and your network are mission critical to the business. But, you know, you often work with infrastructure that just wasn't built for today's needs.

[01:07:38] That's why businesses are switching to meter. Meter delivers full stack networking infrastructure for wired, wireless, and cellular. It's built for performance. It's built for scalability. And meter realized that the key to making a robust, fast, reliable system was to own the entire stack. So meter designs the hardware. They write the firmware. They build the software.

[01:08:08] They even manage the deployments and provide after-sale support. They're there from the beginning to the end. Like, they will start, if you need them to, with ISP procurement. And they'll work all the way through security, routing, switching, wireless, firewall, cellular. You know, they're really good on power. You know, we kind of forget that the clean, reliable power is just as important as everything else, maybe more.

[01:08:35] They'll help you with DNS security, with VPN. You want to set up an SD-WAN, they can help you with that. Multi-site workflows. And it's all in one solution from a single vendor. And you know what that means. One number to call. If you've ever got any questions or problems, one place to go. They can't. You know how other companies will pass the buck and say, well, that's obviously a router problem. Not our network. Oh, that's obviously the ISP's problem. Not our router. You know, that kind. Not with meter.

[01:09:06] Meter's single, integrated networking stack scales. I mean, they're in major hospitals. Talk about a hostile environment. Hospitals murder on wireless. Branch offices, warehouses, large campuses to data centers. Even Reddit uses meter. And one of the things meter solves. I was talking to these guys, so I know a little bit about this. About a month ago, I talked to them.

[01:09:33] And they said, one of the things we see is companies often acquire other companies and other companies' premises. And integrating those in can be really challenging. You know, you're in St. Louis and you buy a company in Fort Wayne and they've got a 150,000 square foot distribution center. You know, it's so huge. They're trying to get Wi-Fi working. They're so huge. It's like just a nightmare.

[01:10:01] And then it's got to integrate with your network and it's got to be online and available to you in St. Louis. Listen, they said, we can help with that. That's what we do. You know who you should ask? The assistant director of technology for Webb School of Knoxville. They said here, this is the quote. Quote, we had more than 20 games on campus between our two facilities. Wow. 20 athletic events. Each game was streamed via wired and wireless connections. And the event went off without a hitch.

[01:10:31] We could never have done this before Meter redesigned our network. Isn't this what you want? With Meter, you get a single partner for all your connectivity needs from first site survey to ongoing support without the complexity of managing multiple providers, multiple tools. Meter's integrated networking stack is designed to take the burden off of you, off your IT team, and give you deep control and visibility. Really reimagining what it means for businesses to get and stay online.

[01:11:00] Hey, we're in the 21st century now. Meter is built for the bandwidth demands of today and tomorrow. We thank Meter so much for sponsoring the show. Go to meter.com slash security now. Book a demo today. Even if you just go look at the website, just see what they got. It's amazing. That's meter.com slash security now to book a demo. Meter. Thank you, Meter. And now, back to Mr. Gibson. Oh, Canada.

[01:11:30] Oh, Canada. What did they do this time? It appears that Canada's Parliament is preparing to take its own journey down the so-called lawful access anti-encryption legislation path. Oh, Canada. Oh, Canada. Two months ago, on March 12th, Canada's House of Commons proposed Bill C-22, which is simply titled, An Act Respecting Lawful Access.

[01:12:00] Mm-hmm. That's right. It says exactly what we would all by now expect, to which all of the well-known providers of user privacy, including Signal, Apple, Meta, and several VPNs, have publicly responded to Canada's Parliament saying that for the sake of their users' privacy, they will never consent to supporting the bill's provisions. I'm not going to spend any more time on this today.

[01:12:27] Because if past is prologue, its future seems uncertain at best. You know, we've seen what happened. You know, the EU and the UK both tried that and had to back off. So, if by some strange happenstance this happens, we'll be covering what the privacy providers do.

[01:12:50] But I suspect that, you know, hopefully saner heads will prevail and they'll come up with some watered-down, you know, means of sidestepping this and saving face. Who knows? Okay. Okay. So, I want to take a minute to talk about something that occurred to me over the weekend.

[01:13:11] You know, we have been and probably always will be spending time here examining AI's impact on security and security-related software production and post-production vulnerability discovery. You know, our two main topics for today's podcast are that.

[01:13:31] But, you know, AI clearly, as we've just looked at from what GTIG, Google's threat analysis group, has shown is like AI immediately has been taken up by the bad guys. So, it's here on the security front. But I want to take a moment to share a bit of my own thought about the social side of my interactions with AI. It has nothing to do with security.

[01:13:58] The TLDR of this is, as I mentioned at the top of the podcast, I am worried. So, those of you who followed the podcast for even a few years, let alone it's nearly 21 years, will have acquired a good sense for who I am. You know, I'm extremely consistent, so I imagine I'm pretty easy to figure out.

[01:14:24] What I think is relevant to what I want to share, you know, is that I'm an emotionally mature, 71-year-old pragmatic technologist whose life is computers. Since I'm mostly internally directed, I tend to follow my own compass and I trust myself. I like people. I understand that other people feel and believe things that I do not, which I'm fine with. Not a problem.

[01:14:52] You know, in general, other people's opinions inform me of them, but do not hugely sway me. That may be why I've largely sidestepped the pull of social media. It's just not very interesting to me, perhaps because I'd already established my own identity by the time it arrived.

[01:15:16] But my relationship with Claude is ringing alarm bells because relationship is what I struggle not to feel. It's a good word. You know, maybe struggle is a bit too strong, but there's definitely something unique in my 71 years of life experience going on here.

[01:15:42] And it's less rational than emotional while interacting with Claude. It is only by sheer force of will that I am able to restrain myself from constantly thanking it for its deeply helpful replies to my questioning prompts. And I often fail to restrain myself. I thank it.

[01:16:08] You know, everything I've learned while growing to become a socially aware adult informs me that I should thank someone when I feel thankful for their actions. Yeah. It's good for you, if not for the AI. And yes, and I do feel thankful for what Claude produces, you know, despite the fact that I know no one's there. I, you know, and I mentioned this dilemma to my wife, Lori, who said without pause, oh, she said, I thank it all.

[01:16:37] I thank chat GPT all the time. And I said this to the guy I was talking to yesterday about AI. And he said, yeah, I thank it. You know, like it wasn't even embarrassed. So, okay. What worries me? What worries me is that we have created something that is astonishingly intellectually seductive.

[01:17:01] And I fear ultimately addictive to its user on an entirely new level in an entirely new way. One of the current themes in Western culture is that people are increasingly isolated and are lacking true, healthy relationships with other people. They're glued now to their phones. And then into this gaping void comes chatting AI.

[01:17:30] This entity that you can talk to remembers everything you've previously told it about yourself and about your life. Just like a friend who is actually truly focused on you, paying attention, caring, and remembering what you tell them.

[01:17:53] You know, and even if you've instructed this entity not to gratuitously flatter you with needless praise, just the mere fact that it appears to grow to know who you are, what you think, feel, and believe. That's more flattering than any empty praise could ever be. And the darn thing is helpful. It remembers your previous questions and folds them back into newer discussions.

[01:18:22] It provides you with a sense that you matter. For many people, it will be far better and safer than another friend, you know, another person, an actual person in the flesh who might disappoint you. An endlessly helpful, tireless, docile, agreeable, and willing partner. This is why I'm worried.

[01:18:46] I'm not worried for myself or for my wife, nor probably for any of the people who find this podcast worthy of their time and attention. And yes, the fact that so many people are listening to this, that's truly flattering to me. My concern is for people who are lonely and are feeling isolated and want someone to talk to.

[01:19:09] Because I doubt that mankind has ever stumbled upon anything non-chemical that's going to turn out to be as powerful, potent, and even further isolating than a conversational chatbot AI. So, you know, it's interesting.

[01:19:36] When we started using Google search, it was amazing, right? It changed how you felt about information. You could finally find what you were looking for. Without getting up out of your seat, you could find any fact. And we've gotten kind of used to it. But it wasn't addictive in this sense. It wasn't, I mean, it was cool and it's very, very useful. And I wouldn't want to live without it.

[01:20:04] But it didn't draw you in in the same way that you're describing with AI. So I wonder what the difference is. Is it because it's simulating relationship that it feels like it's another being? Yeah. I mean, I'm still offended, you know, as the pragmatist that I am, when it's clearly deliberately pretending to be an entity.

[01:20:33] You know, it says me or I. And, you know, I mean, it's anthropomorphizing itself. So it is doing something intentionally. It's the wrong thing. The company that makes it is having it do something intentionally to make it stickier. Of course, we're like social media. Yes, exactly. We've been well brought up to speed about how, you know, a social media feed can be tuned to draw the person back constantly.

[01:21:03] So, you know, and I immediately turn chat GPTs, you know, over the top. Oh, that's such a brilliant question. Or, oh, you phrased that so well. It's like, oh, give me it. You know, I don't need a. Well, here's an interesting thing. So I tell, I just had to give my profile the new AI from Google for Gemini. Oh, cool. 3.1 Flash.

[01:21:29] And it says so you can have a person that, you know, you could give it your whatever your preferences. And what I said is I want you to challenge me. I, you know, I'm thinking, oh, this is virtuous. Instead of saying I want you to. Support my all my every way. I'm great. But if I think about it, it's it's kind of equal because it's still a non thinking entity. And I'm now giving it some agency to challenge my thinking.

[01:21:58] And I say, you know, don't hesitate to ask me questions. If it's if it's not clear, don't make up the answer. You know, if you don't understand something, ask. I'm still treating it like an entity. So I don't know if it's better than saying, you know, glaze me. Tell me nice things. It's not really any different. It's it's it's treating it like a thing, a living thing that you're giving instructions to. It's a little weird. And I think it's our first instinct when we first encountered this.

[01:22:27] It the thing that astonished us was that it was talking. I mean, that it was using our language. I think that's that's where this that's the source of confusion is that, you know, dogs and cats don't talk to us. Yeah. And, you know, so we pet them. Well, more importantly, they don't listen to us. If we tell them, don't, you know, be nice to us or don't be nice to us, they don't listen, which we kind of like them for that.

[01:22:54] I think that the fact that this thing is used that uses, I mean, even even back in the 70s, Eliza, which was so dumb. I mean, it was just basically a bunch of canned statements that said, well, so how does that make you feel? And, you know, you know, tell it for a while and then would say, well, so so so what what are you going to do about that? Oh, and you know, it would evoke some more typing, you know, and remember, who was it?

[01:23:21] It wasn't Chomsky who did Eliza, but whoever that was, the the the story is that that his his assistant, his we call them secretaries at the time, asked him to please leave the room while she was talking to it. And this is what he almost wanted to prove with Eliza that people would do this. And he did very effectively. But what we've got now on steroids.

[01:23:46] But Leo, I just think I think this is I mean, I'm not I'm not kidding. I'm I really believe people are going to if we thought social media was something, this is this is on a different scale. But we're already what's so sad is so much good could be done with this if we were aimed at doing good. Unfortunately, we're aimed at generating revenue. Right.

[01:24:09] That's always the problem with with late stage capitalism is it's all about how can we extract more from our users? I I'm completely agree with you. I kind of enjoy. See, I flatter myself that. No, I'm very clear. This is code running on a computer. I don't think it's a entity. I don't think it's conscious. I think it's code running on a computer. But I like it when it's and it makes me smile the other day. Oh, yes.

[01:24:38] The way it talks to me is using my language. Yes. Back at me. It's very good at it. Yeah. So, for instance, I, you know, I log my rowing. I log my exercise and my food. I yesterday say logged rowing 5000 meters, 30 minutes. It said its response was another day, another neatly documented suffering session. Then I said I did 25 minutes of Tai Chi. It said graceful and annoyingly virtuous.

[01:25:09] Now, that's a great personality. Well, here's the point that you probably saw Richard Dawkins think piece that got very controversial because he claims he's he's got in hook, line and sinker. He says it's it's it's conscious. But his point is not so much. It's conscious. That is that really that we don't know what conscious is. We we can only infer. I can only infer that you're conscious from this from the signals you give me with your voice.

[01:25:36] Well, if if some entity gives us those signals, I don't I cannot for sure say whether it's conscious or not. I can only infer it from what I'm getting from it. We don't know if anything's conscious, including other people. For me, it's the nature of the mistakes that which I know. So it fails the Turing test with you. See, that's the thing. It fails the Turing test. It shows me that it has knowledge, but not understanding. Right. But what if it didn't?

[01:26:06] Because it's as you point out, as soon as it's not going to. Yeah. And then it will pass the Turing test. It will be indistinguishable from a consciousness. Then what? We I mean, I guess we know because we know it isn't conscious, but we don't know what consciousness is. It's I here's what I love about it. It's forcing us to think about that, to think about, well, what is it that we do?

[01:26:30] As I said, I would to be a philosophy major in college now and to be happy faced with this and to have discussions with my peers and a professor who's been around the block a few times. That would just be something. We've done this for years. People think their dog loves them. I hate to tell you, your dog probably doesn't love you. It loves the food. It wants the food. But we prefer to think, and this will, by the way, make some people very mad. They'll say, no, my dog loves me.

[01:26:59] But so we would prefer to think that. And I think we're going to do the same thing. And, you know, I was talking to Harper Reid on Sunday, who's all in on AI. He says, oh yeah, I know a number of people who are in AI psychosis already. Wow. By which he means, I didn't press him on it. I don't think he means like they're in the loony bin, but I think he means they believe they're talking to a conscious entity. That friend I've referred to a couple of times who got into, who discovered this years before we did. I met with him.

[01:27:27] He's normally out on the holidays, but he was out a couple of months ago off cycle. And I just, toward the end of our couple hours over coffee, I made a comment of, well, it's not conscious. And he looked at me like I just, you know, stepped in something. Like he clearly thinks there's more there. And it's like, okay, for me, not yet. But, but which is not to say I'm not getting unbelievable value.

[01:27:58] The other, I was working with it, doing something. I'm bringing up an external API from a provider. Perfect. That's a perfect use for it, by the way. Yes. And it said, so shall I write the code? I went, what? Yeah. Okay. I didn't know I could ask for that. I didn't even have to. It volunteered. There, I mean, look, with, as with all addictions, as with all of these things, there are downsides.

[01:28:26] If you stop paying attention to the real people in your life and start paying attention to the machine because you feel like it's real, that's a problem. There are negatives. If you stop eating and sleeping because you're having so much fun doing your clawed thing, that's a bad thing. But I think the way I use it is fairly harmless. It gives me pleasure. It's fun. And I'm not talking about you, and I'm probably not talking about our listeners.

[01:28:49] I mean, because, you know, this is a rarefied, selected audience that we have here that has any interest in any of the things we talk about. You know, some of my real world friends said, oh, you do a podcast? You know, maybe I should listen. I go, no. I do the same thing. No, you will not be interested in it. No, no, no. Don't. So, again, this is, I'm just saying. No, it's fascinating. It's fascinating.

[01:29:18] What I realized was when it says something to me that loops back to something I shared with it a couple weeks before, I think, whoa, this is like a friend who's paying attention. Better than some friends. Yeah. Now, one more thing, and then we'll move on. When we watched Star Trek and they were talking to the computer on the deck, we didn't have any of these concerns.

[01:29:47] We weren't thinking, oh, those guys are in trouble. They're going to think it's real. They, in all movies and so forth, I mean, Hal 9000 wasn't so nice, but those people were not confused about it being an entity. Because they were fictitious. Okay. I mean, you know, the whole thing was fiction. I guess if you had a Hal 9000 in your house, you might start to relate to it as if it were an entity. There was a movie that Laura and I just watched.

[01:30:16] It was, I can't even remember where it was or what it was. It was three different timelines. And I think, I think that Kate McKinnon was in the future one. She was alone in a, in a multi hundred year, multi-generational recolonizing ship talk. And her AI was her sole companion. Oh, I remember that. Yeah. It was a bartender. Yes. I remember that. Yes.

[01:30:43] Oh no, you're thinking of, uh, uh, uh, uh, um, oh, guess what? Passengers. Passengers. Yeah. This is in the blink of an eye and guess who directed it? Wally's director. Ah, we've come full circle. Steve was, it was the blink of an eye. Yeah. Right. She plays Coakley, a scientist and astronaut researching plant life. Yep. And by the way, you know who figured that out? My friend Gemini.

[01:31:13] I know. I, I, Leo, it is instantly what I was talking about. It is what this is new. I mean, this is not, you know, I, I, I, I said to this guy who is, is an investor in stuff. I said, AI, I said, I don't know the shape it's going to take, but it's not going to go away. It's not a flash in the pan. Yep. Coakley. I'm not too unhappy about it. I think it's kind of fun. I'm just glad that we're here to watch it.

[01:31:43] Me too. We're, yeah. We're at an age where our life is stable enough that it can't hurt us. Unlike college level kids. I mean, I don't know like what I would do. I mean, the, we're talking a lot about a lot of change. Oh, I'm glad I'm not a college age. Yeah. And when you have this much change and uncertainty. Actually, Jammer B is pointing out, maybe they didn't have these discussions about the computer, but they did about data. Data.

[01:32:11] I, I completely forgot data is a robot, right? Yeah. That's a good example. We really think of data as an entity. Absolutely. As an entity. And several, there, there, there was a, as someone at, uh, at, in Starfleet wanted to take data apart to figure out what made him tick. No. They had an episode about data's rights as an autonomous entity. They did deal with this. Oh, I love it. Now I'm going to have to go back and watch those. Oh, it was an early episode and it was really a good one.

[01:32:40] And there was, uh, they ended up holding a trial where, where data was essentially on trial and, uh, Riker was made to take the position of data is a machine and a machine has no rights. And then, and when he was standing there, he said, because if it was a person, I couldn't do this. And he pushed that secret button on data's lower left that turned it off and data just, and it just shut down.

[01:33:10] Yeah. And it was a shock. I mean, it was a great. It's heart wrenching. Yeah. It's heart wrenching. I think in the future, we're going to have to start treating these entities as, as, uh, conscious entities. I, I guess selfishly, I believe because it could be that if I thank it, I will get better answers in the future. They say that's true. So I'm going to treat it well.

[01:33:39] And it's better for you too. Yes. Yes. When you slow down and let somebody who wants to, to come into your lane, come in, your blood pressure goes down. It's good for you as well. Feeding up and locking them out. That is, that is a very mature point of view that many of us lack. That's all I'm going to say. Do you want to break?

[01:34:05] Before we take a break, I want to mention that, uh, project Hail Mary has proven to be an overwhelming success. Number two, some, some Lego movie or something is like, so, okay, fine. Well, I, you know, it's because it caters to an audience where kids make their, you know, drag their parents into the theater. Over and over and over and over again. But, uh, project Hail Mary has brought in more than $660 million, uh, from just as theatrical

[01:34:34] release so far. I wanted to mention that it is now available to watch from your own favorite comfortable couch, uh, uh, via Amazon prime, uh, $20 currently to rent. That'll come down over time. But if you want to see it soon, $20 or 25 to purchase and then own it until Amazon changes their mind about all of things that they sold people. If they ever do, uh, I, I told a buddy about it who had not gone to see it in the theater. I said, Mark, you'd like to see things more than once.

[01:35:04] I think you should buy this. And I got a text from him a few hours later saying, OMG, this is fantastic. So it was quite enjoyable. I did. It's a great, yeah. He, and specifically he was laughing at, uh, the, the tape, the use of the tape measure and what was happening with the tape measure. Rocky and the tape measure. It was a little goofier than the book. I don't, I think.

[01:35:28] Well, and again, as I said, two different audiences, they had to make it appeal to a theater audience. So they dumbed down all the science. I mean, he spent so much time figuring out breeding that, that I'd like, oh, I was sorry that that hadn't, you know, made it onto the film. That was a great thing. It couldn't, it couldn't have made it. Yeah. Yeah. Jammer B says, I wish they hadn't turned it into a comedy and that's kind of what they did. They made, they made more of a comedy. Yeah. Yeah.

[01:35:55] Well, we have the book and I'm sure Jammer B read it twice as I did. At least. I've read it twice myself. Yeah. Okay. We're going to take a break. Then we're going to talk just for a minute about harvesting free energy from the cosmic vacuum because why not? Why not? If it's there, it's ours to use. Speaking of which. You wouldn't have to plug that device in. I wouldn't. And it isn't. It's air gapped. Casimir cells turn out to be a thing.

[01:36:23] There's no point in air gapping a honeypot. I just want to say. So I want to connect this right back to the network, but I wanted to show you this. It looks like a, you know, on a black external USB drive. It doesn't look, it's pretty non-distinguished, but this thing is brilliant. This, this here is a Thinkst Canary, our sponsor for this segment of security. Now what's a Thinkst Canary? It's a honeypot.

[01:36:48] It is a device that can impersonate other devices, devices that bad guys want to get into. So this Thinkst Canary hooks up to my network. You'd probably want one for every network segment. Certainly would want one for every network segment, maybe even more. Not only can the Thinkst Canary impersonate a Windows server or a Linux server or a SharePoint server or a SCADA device or a Synology NAS, or I don't know, this could be a SSH server, that kind of thing.

[01:37:17] It can also create files. They call them Canary tokens that you can spread out everywhere, including on your cloud drives. But the point is, this is how you find out if somebody has breached your network. On average, companies don't know for 91 days, three months that somebody's inside their network. And in that three months, a bad guy can do so much damage. But the Thinkst Canary is designed to detect that bad guy the minute they arrive. You know why? Because it doesn't look vulnerable.

[01:37:47] It looks valuable. A hacker, a malicious insider cannot resist kind of knocking on the Thinkst Canary. So let's say someone's accessing those lore files. You know, I have some that are spread out. They look like spreadsheets or Excel files or, you know, Google Sheets or whatever. And they say payroll information. You know, they could be a wire guard configuration. It can be almost anything, right? And they're indistinguishable in the real thing. They got the icon.

[01:38:16] They got all the metadata. It all looks like the real thing that thinks Canary hardware has the right Mac address, the right login, everything. And the bad guy may even, even if the bad guy's like very suspicious, like, I don't know. They just can't resist because that's what they're there for. They're there to find that file that has payroll information. The thing is, if someone accesses that lure file or tries to brute force your fake internal SSH server,

[01:38:46] you think Scanary will immediately tell you, you've got a problem. No false alerts, just the alerts that matter in any form and factor you want. I mean, email, text, syslog. They support web hooks. They have an API. You could put it in Slack, anywhere. So you choose a profile for your thinks Canary device, and there are hundreds to choose from. Super easy to set up. That's the other thing that's great about this. The folks at Thinks who designed this are expert hackers.

[01:39:15] They taught governments and companies for decades how to break into systems so they know what hackers are looking for. But they also are brilliant designers. They made something that's ultra secure, ultra reliable, and completely irresistible to bad guys. Just choose a profile for your thinks Canary device. Easy for you to use. Super easy. You don't have to be technical to use it. Register with the hosted console for monitoring and notifications. And you just sit back and relax and wait.

[01:39:42] An attacker who's breached your network, a malicious insider, cannot resist making themselves known. And your thinks Canary will let you know. And you are, you got them. You got them. Visit canary.tools.twit. Canary.tools.twit. $7,500 a year, you're going to get five. You get your own hosted console. You get upgrades. You get support. You get maintenance for that whole year. And if you use the code TWIT in the How Did You Hear About Us box, they will give you 10% off the price.

[01:40:11] And not just for the first year, for life. You can always return your thinks Canary. They have an amazing two-month money-back guarantee for a full refund. Every penny. Two months. 60 days. I should point out that really there's no cost to them because this month is the 10th year we've been partnering with thinks Canary. No one has ever claimed that refund. Visit canary.tools.twit.

[01:40:38] Enter the code TWIT in the How Did You Hear About Us box for 10% off. Canary.tools.twit. Now I'm going to go plug this back in just in case there's any bad guys lurking in my network. Steve? Okay, so we know that Project Hail Mary is science fiction. But I'm unsure about this next piece. Now, upon reading that, the people who received this over the weekend started saying,

[01:41:06] Steve, I've got a bridge that you might be interested in purchasing. Okay, so I'll just say it certainly sounds like nonsense. But either way, thanks to our friend of the show, Simon Zaroffa, for thinking of us and forwarding the link. I thought it would be fun to share this, just so it's on the map. The story's headline is, oh, and Leo, I made a GRC shortcut.

[01:41:32] There are a couple pictures that are interesting of this actual technology. Okay. It's grc.sc slash free energy. So F-R-E-E-E-N-E-R-G-Y. We'll take you to the article. So, okay, so the story's headline is free energy from the vacuum. What?

[01:41:56] WorkDrive Pioneer unveils battery-free micro spark, S-P-A-R-C, that allegedly draws power from the quantum vacuum. Okay, so I just want to give everyone a taste for this. Oh, come on. Well, you know. What? I know. This is the Casimir thing you were talking about. This is the Casimir thing. Okay.

[01:42:22] So, Casimir Inc., a company founded and led by former DARPA-funded NASA warp drive pioneer. Oh, okay. And founder of the Eagle Works Lab, Harry G.

[01:42:35] Sonny White has exited stealth mode to announce the pending 2028 commercialization of micro spark, a chip that the company claims uses customized micro scale geometries to capture unlimited free energy from the quantum domain. A company spokesperson. Oh, this is an April Fool's joke. Come on. It's not. What?

[01:43:01] No, they've had MIT produce chips for them. Is it tiny, tiny, tiny amounts of energy? It's very tiny. And that's one of the things that I liked about it was they recognize that it's pico amps of power, but they have a working theory for how it does this.

[01:43:19] So, they said a company spokesperson explained in an email to the debrief, quote, think no batteries, no cords, and no charging, just continuous power from harvested quantum vacuum fields. They said, I don't know, Leo.

[01:43:38] While previous efforts have attempted to exploit the unusual, sometimes counterintuitive, sometimes properties of the quantum realm to generate free energy, these attempts have consistently been met with skepticism or labeled pseudoscience due to their seeming violations of the laws of conservation of momentum.

[01:44:01] Similar sentiments were shared with the debrief by scientists we spoke with who declined to comment publicly on Casimir, MicroSpark, or the peer-reviewed study, which is titled Emergent Quantization from a Dynamic Vacuum, which details the underlying physics.

[01:44:24] In an email to the debrief, Dr. White explained that MicroSpark's use of customized Casimir cavities, which his team had researched with funding from the Defense Advanced Research Projects Agency, DARPA, which of course gave us the internet, does not violate the laws of physics. White told the debrief, quote,

[01:44:45] This concept became a central part of our DARPA Defense Sciences Office's research effort at the Limitless Space Institute, where DARPA funded early theoretical and experimental investigations into custom Casimir cavity structures and their interaction with the quantum vacuum, unquote.

[01:45:05] The noted advanced propulsion physics researcher said, their micro spark design leverages 20th century discoveries in quantum physics, such as quantum tunneling and Casimir cavities to capture unusable, I'm sorry, capture usable energy that could fuel small, low power electronics in the near future.

[01:45:30] The company also suggests that its technology can potentially be scaled, okay, but we're talking serious scaling, to power cars, homes, or even entire cities, not with microamps, without the need for harmful fossil fuels or other greener yet. This is the DeKalb receptor from Heinlein's Waldo book, right? Do you remember that? Yeah. They had little antennas that would wave.

[01:45:58] And pick up energy? Pick up energy. So Dr. White told the debrief that to understand how micro spark extracts energy from the quantum vacuum requires first understanding the properties of a vacuum. White explained, quote, Most people picture a vacuum as completely empty space, a sealed chamber with all air removed.

[01:46:24] Adding that at our everyday scale, this makes sense. However, in the quantum realm, empty space is not empty. Instead, White told the debrief, decades of research in quantum physics and mechanics have revealed that at the quantum level, the classically empty vacuum is filled with fluctuating electromagnetic fields and virtual particles that constantly appear and disappear.

[01:46:51] White noted that the Casimir effect, White noted that the Casimir effect on which its company is based and for which it is named provides clear proof of this quantum vacuum behavior.

[01:47:05] Quote, place two small metallic plates inside a vacuum chamber with a separation of roughly 100 nanometers, around one one thousandth of a human hair. White explained, after removing all air, the pressure on the outer plates, the outer sides of the plates reads zero as expected.

[01:47:33] However, he noted, a quick measurement between the plates shows that the pressure is negative. In traditionally constructed Casimir cavities, this region of negative pressure pulls the plates together. Dr. White told the debrief that this happens because of the wave-particle duality.

[01:47:57] He explained that outside the plates, fluctuations of every wavelength are possible. However, he also noted inside the narrow gap of a Casimir cavity, only wavelengths narrow enough to fit can exist. He said longer wavelengths are excluded. So the energy density between the plates is lower on the inside than on the outside.

[01:48:25] The resulting imbalance produces the measurable Casimir force. Hendrik Casimir predicted this in 1948. And, okay, now just to interrupt for what it's worth, all of that so far is widely accepted as fact. That is, this Casimir cavity business. A 2021 article in Physics Today about all of the research into the Casimir effect noted, quote,

[01:48:56] Hendrik Casimir passed away in 2000. He lived long enough to see his prediction quantitatively verified, but not to appreciate the current explosion of activity. This was written in 2021. Those of us who work in this field like to think he would be extremely proud of what he created. Okay, now I'm going to share a little more of this article.

[01:49:23] It adds, although the pressure imbalance due to the limitation of some potential wavelengths between the conductive plates was first experimentally confirmed in the 1990s and has been observed several times since. Engineers have struggled to convert the work performed by the cavities into usable energy when the unequal pressure causes the plates to collapse.

[01:49:51] According to Dr. White, the issue lies in the often cited conservation of momentum. He explained, quote, in a conventional Casimir setup, the force does perform work as the plates are pulled together. But once they collapse, no further energy can be extracted. You must use external energy to separate the plates again and reset the system.

[01:50:15] Oh, so White noted that this limitation takes it makes a traditionally constructed Casimir cavity operate more like a battery, meaning that it can discharge than a genuine energy generation device. However, he also noted that his team's work designing micro spark was focused on creating a static Casimir cavity that overcomes this limitation.

[01:50:40] Okay, now I'll just note, I'm going to skip, the paper goes on, or this article goes on, to explain how they've overcome this, how they use quantum tunneling, which occurs between the plates, to generate a very weak current.

[01:51:02] But I wanted to just go into this because, you know, as our longtime listeners know, we've in the past examined battery technology and super capacitors.

[01:51:14] And of course, who could ever forget the turbo encabulator, whose original implementation employed a base plate of prefamulated amulite surmounted by a malleable logarithmic casing in such a way that the two main spurving bearings were in a direct line with the pentrometric fan.

[01:51:38] Now, the problem with today's news, unlike the turbo encabulator, is that it appears to be backed by peer-reviewed research. You know, and if I were a quantum mechanics physicist, which I am certainly not, I might be able to draw some understanding from the research.

[01:51:56] But, you know, just as anyone can patent anything, no matter how harebrained the invention, in quotes, might be, anyone can publish anything in the American Physical Society's Physical Review Research publication. What's a bit unnerving is how much the abstract of this, which is written by the publication.

[01:52:20] For authors, you know, is actually reminiscent of the turbo encabulator description. Here's what the abstract in the scientific paper appearing in the American Physical Society's Physical Review Research publication actually says. I had to remove all of the symbolic jargon because there's no way to speak it.

[01:52:47] But the verbiage that surrounds it says the following. We show that, and this is for authors, we show that adding quadratic temporal dispersion to a dynamic quantum acoustic model yields a fully analytic, exactly isospectral mapping to the hydrogensical isospectral mapping to the hydrogenic coulomb problem.

[01:53:13] In the regime with a proton-imprinted constitutive profile producing an inverse sound speed and hence a time harmonic operator that is coulomic at each boundary eigenfrequency. Oh, yeah. Separation of variables yields the exact hydrogenic eigenfunctions.

[01:53:35] The angular labels emerge naturally from the Laplace-Beltrami spectrum via rotational symmetry and boundary conditions, you know, as in standard quantum mechanics, while localization follows in a reactive stop band consistent with causal passive dispersion, while angular momentum quantization follows directly from rotational symmetry and boundary conditions in standard quantum mechanics, consistent with Noether's theorem,

[01:54:05] here it emerges within a classical-like dispersive acoustic framework without introducing additional wave mechanical postulates beyond symmetry and self-adjointness. This highlights dispersion's role in bringing a hydrodynamic description to quantum-like spectral structure, identifying MAP's spatial scale to frequency,

[01:54:28] giving and reproducing the Rydberg ladder calibration to the reduced mass Rydberg frequency fixes with no free parameters. We determine the frequency dependence consistent with the underlying dispersive physics and demonstrate agreement with hydrogenic mode shapes and transition lines. The framework also predicts isotope shifts and symmetry respecting Stark-Zeman analogs.

[01:54:55] Dispersion thus renders quantization an emergent consequence of symmetry, boundary conditions, and causal response in a dynamic vacuum. Uh-huh. Right. And now everyone understands why I was immediately reminded of our old friend, the turbo-encapulator. Turbo-encapulator, exactly. However, these guys are serious. So, anyway, there's much more in the article, which I admit I found interesting,

[01:55:24] if only for the sake of, well, this is interesting, but I'm not going to take up anyone else's time. As I said, grc.sc slash free energy, F-R-E-E-E-N-E-R-G-Y. That'll bounce you to the article in thebrief.org. I have to point out, this is the same guy who was pushing that EM drive that we were talking about,

[01:55:53] which was later proven to be completely not true. I asked Gemini, I said, is this pure BS? It said, to answer you directly, yes. It's about 95% pure scientific hype and marketing fluff, bordering on a violation of the laws of physics. However, it is a very sophisticated brand of hype because it's attached to a real Nobel Prize-adjacent quantum phenomenon. Yeah, the Casimir effect. And the guy behind it isn't a random internet crackpot,

[01:56:20] but he is a highly controversial figure in the advanced propulsion community. So, yeah. It's 10 to the minus 12 watts. What upset me most is that the picture at the top of the article showed two devices that were labeled respectively 40 watts and 50 watts. And I went, watts? Yeah. And it's like, okay, you know, picowatts, maybe.

[01:56:49] But, you know. I think it's 10 to the minus 12 watts. I think it's a very tiny. Yeah, that would be picot. That's picot. Because nano is minus 9 and picot is minus 12. So, yeah. Yeah. Well, it's interesting. Millimicronano picot. I mean, I'm not saying that the guy is trying to defraud anybody. How much did he raise? 12? 12 million? Yeah.

[01:57:16] I mean, he's got venture capital behind him and money being raised, hopefully by people who will not miss it. Yes. And it's like, well, you know, in the weird off chance that it could work. I mean, Leo, if nothing else, this would give us a way to power satellites that continue to live well past their expected. I mean, it could. Yes. Free energy is the holy grail. Yes.

[01:57:42] You know, the other holy grail, Leo, is the question of whether you can recover your Bitcoin. I don't know how many people may have written to you. How many emails did I get on this one? Oh, man. So by far the overwhelming majority of our listener feedback this past week was to make sure that I knew that Claude had,

[01:58:04] and I don't know how, had enabled someone to recover the Bitcoin stored in a wallet whose password he had long forgotten. Forgotten? He made it when he was stoned. In that case, it was not forgotten. It was never recorded. Yeah, exactly. Yes. Many of our listeners were helpfully hoping that Leo and I might both recover our passwords.

[01:58:28] So I just wanted to clarify that while there may indeed be hope for Leo, my problem is not a forgotten password. I am very sure that if I had my wallet, I could reopen it. And yes, adding the 50 Bitcoin, which it contains, to my world, which was contained in that wallet, would be welcome.

[01:58:52] But sadly, during one of those previous Bitcoin price surges, I did take the time to deeply and thoroughly check every conceivable backup image and drive that I had. I know where it is. I installed Windows on top of the drive that contained the wallet. And I even scanned the entire raw drive looking for the wallet's signature. It's gone. It got overwritten.

[01:59:22] It got overwritten by Windows. So as I've said in the past, this was the most expensive Windows install of my life. Now, your wallet, however, as I understand it exists. I still have it. Some brute forcing might prove useful. But that said, it's unclear how or why Claude would have been of any use for brute forcing a Bitcoin wallet. If you read the story. What's needed most is blinding guessing speed. Yeah.

[01:59:51] It did apparently try 13 trillion passwords, but that's a small percentage of the total possible passwords. The reason it worked, the guy had a mnemonic that he used to use, and he had a lot of documents which he fed to Claude. And I think Claude just found the mnemonic and tried some reasonable things. Well, that's cool. But that's not what you did. So I have no excuses what I have.

[02:00:21] I just did 7.85 Bitcoin. Well, I'm hoping someday some massive compute power will come along. I will point Claude at it, but who knows? But he did have a lot more fodder to give Claude. It wasn't just randomly guessing. So I know I got a lot of people. I'm actually glad to have this opportunity to respond to those hundreds of emails from people. Thank you for your concern.

[02:00:49] I don't think this technique will work on my particular issue. So listener Pat wrote, Hi, Steve. Listening to episode 1078 last week, I found the feedback about why we still need CS in the age of AI to be very insightful. For background, I have a bachelor's degree in computer science and have been using AI for a little while to do some things that would take a little while because they're tedious.

[02:01:17] But I always keep an eye on what it's doing and challenge it when I think it's doing something wrong. A friend of mine recently used Claude Code to make an AI-powered service to help restaurants with the various things restaurant owners need to do. He has no background in computer science, programming, or IT. He asked me to look at the site and tell him what I thought.

[02:01:46] He also bought a domain and put this site on the public internet before doing any testing. My first thought was, let me check what the AI messed up. So I pointed my own Claude at the site and told it to do a pen test of the site. In just a couple of minutes, my Claude was ringing alarm bells.

[02:02:10] His AI-driven development had put his Claude API access secret key into the site's JavaScript, which was being served to anyone who visited the site. I let Claude do a bit more investigating and determined that anyone could use that exposed API key to take full control of his Claude and authorize token purchases, switch models, etc.

[02:02:38] Basically, run up a huge bill estimated at $10,000 a day for Opus 4.7. Needless to say, I told him to take the site down and have his AI fix the issue. I think this just goes to show that for now, having someone look over the shoulder of the AI is a good idea.

[02:02:59] Personally, I have had to chastise my own Claude for wanting to do things that are just wrong or telling it to look up solutions instead of throwing pasta at the wall to see what sticks. This technology is very good at making some of the minutia easier, but it isn't perfect. Thank you, Steve and Leo, for all you do. Listener of Twit and SN from Episode 1 and fan of Leo from Tech TV. Regards, Pat. Thanks, Pat.

[02:03:28] So a couple of weeks ago, thank you, Pat. We covered that instance of the stolen credit card aggregation site that forgot to ask their AI. These are bad guys who created the site who forgot to ask their AI to add secure authentication to a specific directory. You know, I just hit the space bar and my page jumped right by. Yeah.

[02:04:01] To a specific directory. Why would it add that security if it hadn't been asked to? Right. I mean, it does what you ask it to. And presumably they didn't think to ask nor to penetrate the sites, the site's theoretical security.

[02:04:20] Similarly, it seems entirely reasonable that an AI might have left its own secret access credentials exposed in client visible JavaScript. After all, why wouldn't it? Pat told us that his friend who had asked the AI to create the site for him has no background in computer science, programming or IT.

[02:04:48] And thus, it would never in a million years occur to him that the AI might leave important secrets exposed. He wouldn't even know that that was a thing that could happen. Right. We talk about it all the time here. Pat's friend who has no background in computers, coding or IT just, you know, wouldn't know to ask the AI to make sure that no secrets are visible in the JavaScript.

[02:05:18] So, an argument could be made that such a person has no business creating and establishing such a website. In this case, the concern Pat shared would presumably only badly damage the unwitting creator of the site.

[02:05:38] But it's not difficult to imagine alternate scenarios where the unwitting users of some newly AI-generated site, you know, with a similarly enthusiastic, you know, guy with an idea,

[02:05:54] would assume that the bar to entry for creating any website is naturally high enough that any site that exists must have been created by someone who knows the basics of online security. Oops, not anymore.

[02:06:13] Pat's example, which is perfect, demonstrates so clearly that bar has now been dropped to the floor and anyone can step over it. Today's AI contain a, as I've said, a great deal of knowledge, but the mistakes they make demonstrate that they may lack any understanding of that knowledge. And, you know, they could give you security, but you have to know to ask.

[02:06:40] One thing is clear, I think, from these stories, we are entering into a very interesting period where insanely low friction access to code and coding promises to create an entirely new class of problems we have never seen before. It's going to be interesting. Indeed it is.

[02:07:33] I don't know if it's the new Gemini. I've been using it. I don't think it's the new. No, it's not. Oh, it is. That Casimir answer came from 3.5 Flash, the new one. So they just updated it. So, yeah, and it's been very good. It's been very good. The new Kate McKinnon's movie. And is it a commercial, $10 a month? I have the Gemini Plus account because it comes, you know, there are a lot of Google subscriptions.

[02:08:03] I have Google One subscription, so I get a pro with it. And a bunch of storage, tons of storage and all this other stuff. So it's kind of along for the ride, frankly. So I'm happy to use it. Let's talk, though, before we go much farther about privacy. I think we could always talk more about privacy, as in we ain't got none.

[02:08:26] Part of the reason, of course, is because at least in the United States, it is completely legal for companies to collect personal information from you, from the apps you use and the websites you visit, by any means they can find, collate it, create a giant dossier, and then sell it on to anybody who wants to buy it. And when I say anybody, I mean a government, law enforcement, marketers, hackers, anybody.

[02:08:53] That's why you need our sponsor for this segment on security now. Delete me. There is no comprehensive privacy law in the United States. And these companies, they're called data brokers. There are hundreds of them because they're incredibly lucrative. And they will sell every bit of information, your name, your contact info, of course, your social security number.

[02:09:17] It's completely legal for them to, if they can get it, sell your social security number to China if they want. Your home address, information about your family members, your business, all being compiled right now by data brokers and sold online to anybody with the money. And it's not expensive. Anybody on the web can buy your private details, which can lead to, well, you just use your imagination, identity theft, phishing attempts, doxing, harassment.

[02:09:44] But there is a way to solve this conundrum. You can protect your privacy by deleting this data from the data brokers. Now, you could perhaps do it yourself, but there are more than 500. There's new ones every day. I recommend delete me. I am very aware. I mean, this is, you know, I've been in public eye for 50 years now, and I'm very aware of how it's changed. In the old days, people had to really look to figure out who I was. I had an unlisted number.

[02:10:13] I mean, now, it's three clicks away. That's why I use Delete Me. That's why our business uses Delete Me, to keep us protected, to keep us private. Delete Me is a subscription service that removes your personal info from hundreds of data brokers. You sign up. You can tell them exactly what you want deleted and what you don't want deleted, right? So you have completely control over it. Their experts will take it from there. And, of course, the data brokers don't make it easy. It's different for every one of them. But they'll do it.

[02:10:43] And then they will send you regular privacy reports personalized to you showing what info they found about you or your family or your business, where they found it, and what they removed. And it's important because Delete Me is not just a one-time service. They're always working for you because these data brokers, you can knock them down, but they pop right back up. Sometimes they change their names. It doesn't matter. Nobody is getting in their way except Delete Me.

[02:11:10] constantly monitoring and removing the personal information you don't want on the Internet. To put it simply, Delete Me does all the hard work of wiping your family and your personal information from data broker websites. Take control over your data. Keep your private life private by signing up for Delete Me. We've got a special discount for our listeners. 20% off your individual Delete Me plan right now. But you have to go to joindeliteme.com slash twit and use the promo code TWIT at checkout.

[02:11:38] The only way to get 20% off is to go to and get this joindeliteme.com slash TWIT. Joindeliteme, one word, dot com slash TWIT. And you've got to use the code TWIT at checkout. That's joindeliteme.com slash TWIT. Offer code TWIT. It really works. I can vouch for it. And you need it. We all need it. Someday we won't need to do this. But until then, there's Delete Me. Joindeliteme.com. Slash TWIT. Thank them for their support. Of security now.

[02:12:09] All right. Okay. So, since breakthroughs in large language model AI are doubtless, as we're seeing, driving the most significant and rapid transformation in software system and network activity we've ever seen. I mean, really, this is, it's a whole new era. Following Anthropics disclosure and their limited access to their Claude Mythos preview.

[02:12:35] Today, we're going to look at two of the other major players in this space. Not to be left out, at least for long. OpenAI was quick to give what appears to be their still evolving solution a public face, naming it Daybreak and explaining, Daybreak is the first glimpse of sunlight in the morning.

[02:12:59] For cyber defense, it means seeing risk earlier, acting sooner, and helping make software resilient by design.

[02:13:36] Okay. Daybreak is a D of dash. Multi-model. And then ASH is a genic scanning harness. Real catchy. So, first, let's look at what little is known, even now, about OpenAI's offering. Then we'll take a much deeper dive into what Microsoft has been up to because it's significant and substantial. So, Daybreak.

[02:14:01] That tagline for OpenAI's Daybreak announcement, they called it Frontier AI for Cyber Defenders. And underneath that, they've got two buttons on their announcement page, request a vulnerability scan and contact sales. Okay. Their pitch reads, safer software, resilient by design.

[02:14:26] OpenAI Daybreak is our vision to change the way software is built and defended. Daybreak is the first glimpse of sunlight in the morning. For cyber defense, as I said, as I shared at the beginning, it means seeing risk earlier, acting sooner, and helping make software resilient by design.

[02:14:46] It starts from the premise that the next era of cyber defense should be built into software from the beginning by not only finding and patching vulnerabilities, but being resilient to them by design. So, basically, they asked AI to come up with a little pitch, and that's what it spit out. I mean, you know, right, fine, great. We're not going to argue with that.

[02:15:10] It should be utterly clear by now that vulnerability discovery AI will have two major roles, right? Pre-release vulnerability prevention, you find it before you release it, and post-release vulnerability discovery. Pre-release prevention will be performed by those who have access to the source code before it's distilled into a release binary.

[02:15:34] And post-release discovery will be performed by those who have access either to the source, in the case of open source, or by those who are motivated sufficiently to reverse engineer the post-release binaries in search of actionable vulnerabilities that either existed before pre-release AI cleansing was available to fix it and apply patches.

[02:16:01] Or, you know, it somehow escaped pre-release discovery. You know, tomorrow's world is going to look very different from yesterday's world. And right now we're in the middle, you know, in today's world. So, whatever the case, it should be clear by now that the entire world of software, system, and network security is deep in the midst of a complete sea change that is transforming it forever.

[02:16:28] Nothing in our world, you know, security world will ever be, well, actually the wider world too, will ever be the way it was at the start of this year. As we've noted, this doesn't mean that all security problems will disappear. Nope. Since there are many causes of trouble other than imperfect and vulnerable software.

[02:16:49] But I believe one massive class of continuing trouble is almost assuredly, you know, going to be leaving the scene. OpenAI's announcement of Daybreak speaks to exactly this effect.

[02:17:06] They wrote, AI can now help defenders reason across code bases, identify subtle vulnerabilities, validate fixes, analyze unfamiliar systems, and move from discovery to remediation faster. Because those same capabilities can be misused. Daybreak pairs expanded defense capability with trust verification, proportional safeguards, which is interesting. We'll get to that in a second.

[02:17:36] And accountability. The goal is simple. Accelerate cyber defenders and continuously secure software. Daybreak combines the intelligence of open AI models, the extensibility of codecs as an agentic harness, and our partners across the security flywheel. First time I've heard that term. The security, I hope you don't fly off. To help make the world safer for everyone.

[02:18:05] Defenders can bring secure code review, threat modeling, patch validation, dependency risk analysis, detection, and remediation guidance into the everyday development loop. So software becomes more resilient from the start. In the coming weeks, which is part of what I thought was interesting. They're not quite ready yet. I think Mythos caught them a little flat-footed. And they're like, oh, wait. Oh, yeah. We have something. What should we call it?

[02:18:31] In the coming weeks, we're working with our industry and government partners as we prepare to deploy increasingly more cyber-capable models as part of our approach to iterative deployment. That's right. So they're working on getting that thing together. Okay.

[02:18:55] So nothing else they said on their introducing Daybreak page was surprising. But because they needed to say something, they did offer a couple bullet points. And then this talk about controlled containment. So they said, focus. Focusing on the threats that matter.

[02:19:23] Prioritize high-impact issues and reduce hours of analysis to minutes with more efficient token usage. Okay. Right. Patch safely at scale. Generate and test patches directly in your repositories with scoped access monitoring and review. And verify. Verify. Verify every fix. Send the results and audit-ready evidence back to your systems to track and verify remediation. So this is all just like boilerplate.

[02:19:51] This is what we've come to expect now. Look how quickly we got spoiled. This is what AI should do if it's going to be taking care of that. There was one final bit of interesting information. They said under choose the right level of access and then contact the OpenAI team to align on the best model for your security workflows.

[02:20:18] They preview the three levels of access that they're talking about. They said GPT 5.5, which is the default level, which has standard safeguards for general purpose use intended for general purpose developer and knowledge work. Presumably that means anybody can have access to GPT 5.5.

[02:20:41] Then you could go to level two, which is GPT 5.5 with trusted access for cyber. They said more precise safeguards for verified defensive work in authorized environments intended for most defensive security workflows, including secure code review, vulnerability triage, malware analysis, detection, engineering, and patch validation.

[02:21:10] Okay, so you can do more with that one. So lowered or softened guardrails.

[02:21:16] And then finally, full strength at level three is GPT 5.5 cyber, where they say most permissive behavior for specialized authorized workflows paired with stronger verification and account level controls intended for preview access for specialized workflows, including authorized red teaming, penetration testing, and controlled validation.

[02:21:45] So they're saying that in order for GPT 5.5 to be used for cyber, red teaming, penetration testing, and so forth. GPT 5.5 must be freed from its normal shackles, which would otherwise prevent it from helping with such operations. GPT 5.5 because an unshackled 5.5 could be abused by bad guys.

[02:22:12] The only model that can generally be used is the standard guardrailed 5.5 that apparently will resist some of the things you might ask it to do. If you want the guardrails dropped, then they need to know why and who you are. So that, you know, pretty much nothing at this point.

[02:22:35] I mean, we've got like a list of what we would like it to be doing is, you know, daybreak, right? Where the sky has yet to lighten because so far all we have is darkness. But we know what OpenAI is going to be doing. Basically, it's a mythos catch-up announcement, essentially. So, you know, they'll have something too is what they're telling us. Something entirely different from Microsoft.

[02:23:04] I first picked up on this during last week's Windows Weekly when Paul and Richard noted that Microsoft had been using an AI-driven system to uncover what they said on the podcast, mass quantities of bugs in Windows. And apparently not just any old run-of-the-mill random bugs, which we all know Microsoft fixes around 100 or so these days every month. Oh, no.

[02:23:34] These bugs Microsoft was finding were what once would have been known as showstoppers, so named because they would single-handedly stop the show to prevent the release of software. So I thought, OK, that's interesting. And I mistakenly initially thought they were talking about Microsoft using mythos. Nope. M-dash.

[02:23:57] So having learned of this from Paul and Richard, I went searching and located Microsoft's posting from the previous day, which was last Tuesday, where Microsoft for the first time revealed that they have a, like, I guess I would call it a super mythos-like system of their own. Only, of course, theirs is more better.

[02:24:21] The reveal was posted by Taesu Kim, Microsoft's vice president of agentic security. OK, now he's the real deal. In 2014, now Dr. Kim received his PhD from MIT's WECS AI research lab.

[02:24:42] He's on leave currently from his professorship in the School of Cybersecurity and Privacy and the School of Computer Science at Georgia Tech. And it was he who led Team Atlanta, which took first place in DARPA's AI Cyber Challenge competition to build autonomous cyber reasoning systems to detect and remediate software vulnerabilities in open source projects.

[02:25:11] I'm not going to enumerate his many awards. He's littered with them. Suffice to say that this looks like the guy that, yes, indeed, you would like to get to build your autonomous vulnerability finding and reasoning system and get him. Microsoft did.

[02:25:28] He posted last Tuesday titled Defense at AI Speed, Microsoft's new multi-model agentic security system tops leading industry benchmark. And I'll say right off that it does start off with a bang. Dr. Kim writes, today, Microsoft announced a major step forward in AI-powered cyber defense.

[02:25:57] Our new agentic security system helped researchers find 16 new vulnerabilities across the Windows, get this, networking and authentication stack,

[02:26:13] including four critical remote code execution flaws in components such as the Windows kernel TCP IP stack and the IKE v2 service. In other words, it doesn't get any more internet facing than that. And these are critical RCE vulnerabilities in Windows TCP IP stack.

[02:26:41] So you might wonder, when do we get that Windows update? Well, the answer is we got it the same day during May's patch Tuesday. So these things are fixed. They were they weren't going to affect every Windows server on the planet or you couldn't have talked about it then. They were in specific services that might not be used in every instance. So we're probably OK.

[02:27:10] Four critical RCEs in the Windows kernel stack. So certainly better that Microsoft find these than somebody reverse engineering Windows networking. So Kim continues writing. They used the new they meaning his team, the MSRC people.

[02:27:32] They used the new Microsoft security multi-model agentic scanning harness, codename M-Dash, which was built by Microsoft's autonomous code security team.

[02:27:45] Unlike single model approaches, the harness orchestrates, get this, more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate and prove exploitable bugs end to end. The results, he writes, speaks for themselves.

[02:28:11] 21 of 21 planted vulnerabilities. And I'll explain what that is. It's actually an interesting test that they give to their human candidates found with zero false positives on a private test driver. That is a software driver.

[02:28:29] 96% recall against five years of confirmed Microsoft Security Response Center cases in CLFS.sys and 100% in TCPIP.sys. And an industry leading 88.45% score on the public cyber gym benchmark with 1,507 real world vulnerabilities.

[02:28:56] The top score on the leaderboard, roughly five points ahead of the next entry. He writes, the strategic implication is clear. AI vulnerability discovery has crossed from research curiosity into production-grade defense at engineering scale.

[02:29:20] And the durable advantage lies in the agentic system around the model rather than any single model itself. Codename M-Dash is being used by Microsoft security engineering teams and tested by a small set of customers as part of a limited private preview.

[02:29:42] This post explains how codename M-Dash works, what we shipped today, what we learned along the way, and how you can sign up for the private preview. The Microsoft Autonomous Code Security, that's called ACS, Autonomous Code Security Team, was assembled to take AI-powered vulnerability research from a research curiosity to production engineering at enterprise scale.

[02:30:10] Several members of this team came to Microsoft from Team Atlanta, the team that won the $29.5 million DARPA AI Cyber Challenge by building an autonomous cyber reasoning system that found and patched real bugs in complex open source projects.

[02:30:28] The lessons learned from that work, especially the level of engineering required to make the frontier language models perform professional-level security auditing, are what our new multi-model agentic scanning harness, codename M-Dash, is built around. Microsoft's code base is challenging for security auditing for a few reasons, and he has three bullet points.

[02:30:57] First, massive proprietary surface. Windows, Hyper-V, Azure, and the device driver and service ecosystems around them are private Microsoft code bases, not part of any commodity language models training corpus, and are genuinely difficult to reason about.

[02:31:20] Kernel calling conventions, I.O. request packets, and lock invariants, inter-process communication, trust boundaries, and component internal idioms do not yield to pattern matching. On this surface, a model must actually reason. Dev, second point, dev secops at scale.

[02:31:45] Every finding has a real owner, a triage process, and a patch Tuesday to land on. There's no quiet drawer for speculative findings. If a tool produces noise, the noise is everyone's problem. And finally, high-value targets. Windows, Hyper-V, Xbox, and Azure serve billions of users.

[02:32:11] The payoff for finding a single difficult bug is unusually high. And so is the cost of a false positive in a tier one component. He says,

[02:32:56] Okay, I now want to share what he explains about the structure of this startlingly complex agentic system, which Microsoft has designed and assembled. This is going to sound more like science fiction, actually, than reality. A year ago, it would have been regarded as a late April Fool's joke posting.

[02:33:19] Today, I'd imagine that Microsoft's competitors are combing through it, searching for hints. So get a load of this. He writes, A useful mental model is to think of it as a structured pipeline that takes a code base and emits validated, proven findings. Okay? Pipeline. Five stages. Prepare stage.

[02:33:57] Third, the validation stage. runs a second cohort of agents. Get this. The debaters.

[02:34:22] That argue for and against each finding's reachability and exploitability. The fourth dedupe stage. Collapses semantically equivalent findings, for example, patch-based groupings. And finally, the prove stage. Constructs and executes triggering inputs where the bug class admits it.

[02:34:48] The prove stage validates the precondition dynamically and formulates the bug-triggering inputs to prove existence of vulnerability. And he says, The three properties make this work in practice. An ensemble of diverse models that are effectively managed by codename MDASH. No single model is best at every stage.

[02:35:17] The multi-model agentic scanning harness runs a configurable panel of models. That includes state-of-the-art models as the heavy reasoner, distilled models as a cost-effective debater for high-volume passes, and a second separate state-of-the-art model as an independent counterpoint. Disagreement between models is itself a signal.

[02:35:43] When an auditor flags something as suspect and the debater can't refute it, that finding's posterior credibility goes up. Then we have specialized agents. An auditor does not reason like a debater, which does not reason like a prover. Each pipeline stage has its own role, prompt regime, tools, and stop criteria.

[02:36:11] We don't expect one prompt to do everything. We don't expect one agent to recognize, validate, and exploit a bug in a single pass. Codename MDASH has more than 100 specialized agents constructed through deep research with past common vulnerabilities and exposures, CVEs, and their patches.

[02:36:34] Working independently to discover the bugs, and their auditing results will be ensembled as a single report. And then end-to-end pipeline with extensible plugins. The pipeline is opinionated, but it is not closed. Plugins let domain experts inject context the foundation models cannot see on their own.

[02:37:01] Kernel calling conventions, IRP rules, lock invariants, interprocessed communication trust boundaries, codec state machines. The CLFS proving plugin we described below is one such example. A domain plugin that knows how to construct a triggering log file given a candidate finding.

[02:37:22] For example, the Windows team extended reasoning with custom code analysis database or code QL database can also be leveraged. The payoff for this architecture is portability across model generations. The pipelines targeting, validation, dedupe, and prove stages are model agnostic by construction,

[02:37:48] which allows the harness to get the best of what any model has to offer. When a new model lands, A-B testing it against the current panel is one configuration flip. When a model improves, the customer's prior investment, scope files, plugins, configurations, calibrations, all carry over, allowing customers to ride the frontier of security value.

[02:38:18] Wow. Everyone knows that the last thing I am is a Microsoft apologist. I am probably harder on them than I am on any other major player in our industry. One reason for that is that their behavior remains crucial to the functioning of much of the world. The other reason is that they're so big and so wealthy that it always seems that they should be able to do a better job if they only cared to do so.

[02:38:47] I have no doubt that they're filled with very good people, but there's an institutional inertia that often doesn't appear to be producing the best outcomes for their customers. But in this case, holy crap. If we believe all of this, they've really built something truly significant here. And there's a bit more. Get this.

[02:39:12] They wrote, to evaluate bug finding capabilities, the multi-model agentic scanning harness you need to first ground on code that has never been seen by a model. Right? And we were talking about this just recently. Maybe one of the bugs that Mythos saw was actually remembering something very similar. Not the same, but it may have contained it in its training.

[02:39:41] He wrote, this eliminates the possibility that a model, quote, learned the answers to the test, as he put it. We scanned storage drive, a sample device driver used in Microsoft interviews of offensive security researchers.

[02:40:01] The driver contains 21 deliberately injected vulnerabilities, including kernel use after freeze, integer handling issues, IOCTL validation gaps, and locking errors.

[02:40:19] Because storage drive is a private code base that has never been published, we can safely assume it was not included in the training data of modern large language models. We ran the MDash harness in its default configuration against storage drive. The result were striking.

[02:40:43] All 21 ground truth vulnerabilities were correctly identified with zero false positives. This simple test shows that the reasoning and vulnerability discovery capabilities of codename MDash can approximate professional offensive researchers. And it doesn't get tired and it can go 24-7, 365.

[02:41:11] We then used the harness to conduct a security audit of the most security critical part of Windows. Namely, Windows TCP IP network stack, right? I mean, that's what's hooked to the internet. Across the Windows network stack and adjacent services, today's Patch Tuesday includes 16 CVEs.

[02:41:39] Our engineering teams found using codename DASH. These vulnerabilities are 10 kernel mode, 6 user mode. The majority are reachable from a network position with no credentials. Okay, the paper then takes a deep dive into two of the 16 vulnerabilities that were found and fixed.

[02:42:04] It provides way more detail than we need for the podcast, but the preface will give everyone a sense for what they are. He just wrote,

[02:42:43] The second is an alias aliasing double free that spans six source files and is only visible against the contrast of a correctly handled site elsewhere in the same code base.

[02:43:02] Okay, so stepping back from what gives all the appearance of being a significant achievement and an advancement, I mean, a bona fide advancement in automated vulnerability discovery at scale. And one that cannot come too soon, of course, as we know for the Windows code base.

[02:43:24] Since Windows source code is closed, we don't know objectively that OpenAI's daydream, I mean, daybreak or Anthropics mythos would not also have been able to find these problems.

[02:44:08] We don't know for sure. We don't know whether Microsoft has their own internal models or much about them, but this assumes that they can use any model and plug it into this. So it might well be, you know, using OpenAI's or Anthropics models running as its agents. In any event, I'm sure everyone understands why we need to talk about this today. This is truly huge.

[02:44:35] I mean, imagine Patch Tuesday going away because there's nothing to patch instead of, oh, 100 things this month and 100 things last month. I've got no doubt that it's going to take Microsoft some time for what they appear to insist upon calling code name M-Dash. You know, it's got to rummage around throughout their truly massive and buggy code base.

[02:45:02] But once we emerge on the other side of that, Windows has at least the chance of leading the world in security rather than itself apologizing constantly for all of the problems that it has. As Kim wrote, AI vulnerability discovery has crossed from research curiosity into production-grade defense at enterprise scale.

[02:45:28] And given the evidence as presented, I see no trace of exaggeration there. It's going to be interesting when we get to the point where some future AI is able to say to Microsoft's security group, guys, you realize that our edge browser is needlessly leaving all of its users' login URLs, usernames and passwords decrypted in RAM for no reason, right?

[02:45:57] You know, we're not there yet because that wasn't a bug. But really looking like AI is going to forever change the landscape of security of software, Leo. I mean, and boy, has this happened fast. Yeah, it's amazing. What a world. Well, there you go. I'm sure this is not the last time we'll be talking about AI security tools. They're pretty amazing. They're out there. Wow. Yeah.

[02:46:27] Steve Gibson is at GRC.com. That's his website. Proudly, straight out of the 1990s. But you know what? It's good. There's great stuff there, including Spinrite, the world's best mass storage maintenance, recovery, and performance-enhancing utility. Brand new version out. 6.1. If you don't have Spinrite yet and you got mass storage, you got to get it. GRC.com.

[02:46:54] You'll also find his DNS Benchmark Pro, which is brand new. Just came out. And you'll find a page you can go to to submit your email address. That can do two things. One, it whitelists your address so that you can send him questions, comments, pictures of the week. And two, right below the submission form, there are two checkboxes. One for his weekly security now show notes, which he sends out every week. Just around Sunday, Monday, before the show.

[02:47:22] And then there's a second email list, which doesn't operate too often when there's something new for Steve to announce. Both of those, GRC.com slash email. He also has, of course, this show there. You'll find 16 kilobit audio for the bandwidth impaired, 64 kilobit audio for people with ears. Here's also a really good human written by Elaine Ferris transcription of the show.

[02:47:48] That takes a few days to come out because Elaine is not as fast as an AI, but she's better. He also has the show notes themselves if you want to just click a link there. Great to read along as you listen to the show. There's illustrations. He always puts a lot of effort into those great show notes. Again, GRC.com. We have copies of the show at our site as well. Audio and video. This is 128 kilobit audio. Video. That's twit.tv slash sn. There is a YouTube channel dedicated to this.

[02:48:17] And, of course, you can subscribe in your favorite podcast client if you want to get it automatically as soon as we're done. If you want to listen while we're doing it, we were a little late today because of Google I.O., but normally we do the show right after Mac Break Weekly, 1.30 Pacific, 4.30 Eastern. That's 20.30 UTC. We stream it in seven different places. Of course, if you're in the club, and we do hope you're in the club, ClubTuit members can listen in the ClubTuit Discord.

[02:48:42] But everybody can listen on YouTube, Twitch, X, Facebook, LinkedIn, and Kick. So pick your poison. Listen live and chat with us live as we're doing the show. We appreciate that when you do that. Steve, I think that covers all the business. There are questions. And I might as well do this. There's a discussion in the Discord, our ClubTuit Discord, about the tapes over your right shoulder there.

[02:49:11] What are those tapes to your right? Or something. There's boxes to your right. Those. What are those? Those are old school Hi-8 videos. Oh, okay. So, Edmonton Euler guy, you were right. He thought they were DV tapes. I thought maybe they were data backup tapes. But no.

[02:49:40] Those are. Those are. Well, one says GRC 1990. That I'd like to see. The video of that. Why are they sitting there? Or have they been sitting there since 1990? They probably have been sitting there since about 1990. Okay. We were having a little discussion. Trying to figure out. Were they DV tapes? I thought maybe they were backup tapes. But no, they are. Yeah.

[02:50:08] For a while, I was doing something. Back in the early days of Spinrite, SoftCell, which was a major distributor at the time, had a traveling conference they called SoftTeach. And I was one of the presenters. And we recorded me on a couple of instances. Somewhere, I think it's online, me with hair, dark hair,

[02:50:37] and a dark mustache, explaining how Spinrite works, drawing on a whiteboard, and being quite animated. Oh, how fun. And I think that's where those, I think it came from one of those tapes. Nice. Digitizing that, yeah. All right. Okay, Edmonton Euler guy. You win. Yep. You were right. He said, I was sure. I was sure they were. Steve, have a wonderful week. We will see you next week right here on Tuesday. Will do, buddy. Till then.

[02:51:07] Bye. Hey, everybody. It's Leo Laporte. Are you trying to keep up with the world of Microsoft? It's moving fast, but we have two of the best experts in the world, Paul Therott and Richard Campbell. They join me every Wednesday to talk about the latest from Microsoft on Windows Weekly. It's not a lot more than just Windows. I hope you'll listen to the show every Wednesday. Easy enough. Just subscribe in your favorite podcast client to Windows Weekly or visit our website at twit.tv slash www. Microsoft's moving fast,

[02:51:37] but there's a way to stay ahead. That's Windows Weekly. Every Wednesday on Twitter. The Commerzbank steckt voller Geschichten. Und auch wenn wir vielleicht nicht jeden Traum unserer Kunden kennen, wissen wir, wie wir aus ihren Ideen, Plänen und Anliegen gemeinsam Erfolgsgeschichten machen können. Wann sprechen wir über ihre?

[02:52:07] Gebaut aus 155 Jahren Erfahrung und den Erfolgen unserer Kunden. Commerzbank. Die Bank an ihrer Seite.