The Claude Fable Saga

Episode 375 –

Go to 

This week on the podcast, we unpack the Claude Fable 5 release and subsequent revocation following an export control directive from the US federal government. After that, we cover the recent FortiBleed credential dump, discussing its likely origins, before reviewing the most recent Windows 0day disclosed by Nightmare Eclipse.

View Transcript

Marc Laliberte  0:00  
Everyone, welcome back to the 443 Security Simplified. I'm your host, Mark Laliberte, and joining me today is

Corey Nachreiner  0:07  
Corey "Wobbly Desk" Nachreiner. How are you doing, Mark? Uh-oh I hope I didn't make people sick with that wobble.

Marc Laliberte  0:15  
I am Mark "Super Congested" Laliberte, so I guess we're both struggling a little bit today,

Corey Nachreiner  0:21  
by the way - Welcome back, man. This is the first time you and I have had a news podcast. We've been releasing a lot of cool partner ones on events. We're both back home now, so nice to see.

Marc Laliberte  0:34  
It is good to be back. And, as you're suggesting it, we've got a couple of interesting stories to touch on that happened while we were out, first we will dive into Anthropics Fable five, and Mythos five, and the whole damn saga that happened there.

Corey Nachreiner  0:47  
Sounds like new games. There's a new Fable coming. Is this just Anthropic is going into Microsoft games?

Marc Laliberte  0:53  
Possibly. I guess we'll see. Then we will discuss Ford a bleed, the collection of nearly 75,000 compromised Portugade devices, or I guess credentials 75

Corey Nachreiner  1:07  
or to get Fortinet does for to everything, so Ford to bleed is some sort of blood donation device,

Marc Laliberte  1:14  
which is an accurate guess too, and then we will end with the latest zero day from Nightmare Eclipse, which is Microsoft's, I don't know, worst enemy at this point.

Corey Nachreiner  1:25  
We've heard from him before. What would our podcast be without an end of the world zero day?

Marc Laliberte  1:31  
Yep, so with that, I don't know. Let's go ahead and bleed our way in

Marc Laliberte  1:42  
I but to start with Corey, when I was out on vacation, quite a bit happened in the world of artificial intelligence, and I think it's worth taking a look back over the last two weeks and just kind of recapping what went on, and maybe some hot takes on why we think the US government has finally stepped in and straight up blocked an AI model through export control, but to set the foundation, I guess on june 9, Anthropic announced Claude Fable five as a mythos class model, which they made available for general use after adding some safety features to it. They described it as their most powerful model they've ever made, generally available, saying it was scoring exceptional performance and metrics around software engineering, knowledge work, vision, and even some scientific research areas too. That it was designed for longer and more complex tasks, and the longer and more complex the task is, the better that Fable Five is compared to other models, but they noted that as a Mythos class model, so in the same realm as the Mythos Preview in Project Glassween, it was also really good at cybersecurity related tasks.

Corey Nachreiner  2:58  
Can I just do a simple, like, like, like, to me, if we cut through all the blah blah blah business speak, this is mythos with better, more guardrails, like my CISO, my Mark thinks I'm a four dummies book kind of guy, reads this as, hey, Fable is mythos for the public, and we have additional guardrails on it that we don't have in our Mythos preview. It's still good at everything Mythos is good at cybersecurity, creating biohazard viruses, and whatever else, but we have a lot of guardrails on it that make it drop down to other models when you start getting into those topics. Is that, is that fair to say, Mark?

Marc Laliberte  3:41  
That is basically it. They even went on to describe some of their safeguards they put in there, like their safety classifiers, which are a completely separate AI system designed to detect potential misuse, including like jailbreak attempts, and like you said, when it detects abuse, or even like any attempt to do something related to cyber security, biology, chemistry, or model distillation - it automatically drops down to Claude Opus 4.8 instead to handle those types of requests. A couple of those were kind of interesting, like, so it makes sense to block cybersecurity. We've talked a lot about Project Glass Wing already, and how these this class of model can seem pretty capable of autonomously finding and exploiting vulnerabilities, but they also said, like, historically they would only block access to people trying to develop bioweapons using AI, but they said in this post that even that wasn't enough, and so now they just block all biology-related queries. Period, because they didn't think their initial classifiers were strong enough. They also have had issues with people trying to basically extract the training or the capabilities of their models, which is called model distillation, and they have added classifiers to block that as well. To with even more aggression, I guess they even noted, like their classifiers, they're designed for safety, and they're erring on the side of safety, and so they're going to block a lot of things that maybe they didn't need to, but they're going to just on the side of like being overly cautious too. In fact, they said around like 5% of all requests going through Fable five would trigger it and block it and bump it down to Opus format eight.

Corey Nachreiner  5:29  
By the way, there's an update on this release, though, which is kind of weird. Like, they released Mythos to the US government and some entities, and Mythos doesn't have the safeguards and has the same strengths, but I hear we can no longer use Fable,

Marc Laliberte  5:45  
correct? So, just three days after releasing this model on June 12, or these two models on June 12, they announced that they were abruptly disabling access to both Fable Five and Mythos Five, which was that one they released to the government and project Glassweed members, they were disabling access to all customers to comply with an order from the US government, citing national security concerns, where they issued export control directives on top of them. Basically, the directive mandated that Anthropic block access to all foreign nationals, whether inside or outside the United States and Anthropic basically said the only way they can comply with this reliably is to remove access entirely to all these models. Now, in Anthropics Post, they said that their understanding is that the government believes that they became aware of a jailbreak method for Fable Five, basically a way around all those safeguards, Anthropic says that they reviewed the a demonstration of a specific technique being used to identify a small number of previously known minor vulnerabilities. Basically, they reviewed evidence that someone had jailbroken Fable Five, used it to discover vulnerabilities, but Anthropic is saying they were previously known and minor vulnerabilities, and they also noted that their publicly available models think like Opus 4.8 were able to find the exact same vulnerabilities without requiring a jailbreak too, so it's not like it discovered any net new stuff, but it was someone was able to get around the cybersecurity prevention safeguards and use it for vulnerability research. They also went into.. oh, go ahead.

Corey Nachreiner  7:26  
No, no, finish. Go for it.

Marc Laliberte  7:28  
They went through like this big bulleted thing where they talked about like all of the steps they've taken to make sure that Fable Five is safe. They gave the government and other labs or other organizations access to red team it for 1000s of hours. No one found a universal jailbreak, so they threat modeled around just limited jailbreaks and built their protections, which they think are adequate to limit the scope of potential jailbreaks. To they ended it, the whole post was basically, as we've stated publicly, we believe the government should have the ability to block unsafe deployments as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles. We apologize for the disruption to our customers. We believe this is a misunderstanding, and we're working to restore access as soon as possible.

Corey Nachreiner  8:19  
So that feels like a very diplomatic corporate response, but can I put on my conspiracy? Like, we all know this story with the US government when they ripped out anthropic because of safeguards, they didn't like the safeguards, they want to use AI for whatever the heck word they want to do with it, and they were mad about safeguards, and now they're all happy with Open AI, but suddenly they're trying to block a commercial product because it doesn't have safeguards. This feels like a very politically motivated administrative thing. Anthropic doesn't say that, the government's not saying that, but I'm saying that.

Marc Laliberte  8:58  
I also like, I think that is one highly likely scenario, I also think another scenario is anthropics in on this too, and this is another kind of marketing ploy for it too, so they just this last week was like, I guess, the G summit with like world leaders from the US, France, England, few other places, they also invited the heads of all the major AI labs, like Sam Altman and Darius Almadeo, to like talk to them as well, and that CEO of Anthropic, Darius Almadeo, I think I'm pronouncing it right, probably not, made one comment where he says he thinks that some of these models should be treated kind of like firearms, where you need like a gun license to be able to use them, and so he's not exactly like advocating to leaders that it's safe for use, he seems to be advocating the opposite, that it's not safe for use, and that got me thinking like it feels like this might be some form of like regular. Capture, where they're trying to intentionally lower the ceiling of capabilities for some other ulterior motive,

Corey Nachreiner  10:07  
but I maybe I'm too naive, Mark, but I actually, this is why I prefer this is a personal preference only, by the way, and not like a watch guard uses all kinds of commercial things, I prefer Anthropic over the other AI companies, because they actually, they're still profit motivated. I don't disagree that they, they like hype on their models, but they seem to be ones where they're warning about the power of AI rather than just innovating for profit only reasons, and even asking like they're one of the few self-regulating ones that I think as as policies changed recently, at least in the US, where regulation of AI kind of got disappeared for innovation, they they seem to want the world to understand the power of what they're building, and honestly, that was their whole conflict with the US government. The US government wants the unfettered power, is how I interpret it, without blocks. And is could this just be legitimate? Is he like saying this is a powerful thing, and we want to have this powerful thing, because by the way, the power can be good, put to very good use. The cybersecurity risk is also the cybersecurity opportunity. The good guys having this model in hand can fix vulnerabilities way faster, can find much more than their humans have been able to in the past. Is the promise, whether it's hype or not, that's the promise, that's also the danger. So I think he wants to provide a tool that there is actual good societal cybersecurity benefit for, but anything that has great power can be used by the other side too. So, I, I, there could be market like our vulnerability hunting and our model is better than yours. Yes, that could be a profit-motivated thing, but there seems to be tests around it. There seems to be consensus, at least among some of the groups, and some of the vulnerabilities found that it's not just pure hype. And if, for once, if the CEO is actually this is a great, powerful tool, but it's dangerous too. I mean, I think that's kudos, and it's kind of funny that the government is coming off as the one that's now putting safeguards on just this one AI company, who's the one AI company that seems to be trying to ask for some safeguards and ask for some regulation

Marc Laliberte  12:36  
that seems fair, and maybe it's just me being cynical, but

Corey Nachreiner  12:41  
you're not wrong.

Marc Laliberte  12:44  
Exactly,

Corey Nachreiner  12:44  
at the end of the day, there's a board with profit, so things change.

Marc Laliberte  12:49  
Yep, but even the way that even still, it's been a week, and it is still offline. Fable five and mythos five for members of Project Glass Wing are still not available, and so they do seem to be working, still struggling to work through some form of approval from the government. Be

Corey Nachreiner  13:05  
to be honest, internally we were excited about seeing Fable because it was giving us a version of Mythos we could use. So we tried to go through an approval process quickly to start using it, and the same day we were like, yes, we're going to allow this use in this situation. Bam! Oh, guess what? There's no fable anymore.

Marc Laliberte  13:24  
Yep, exactly. But it is. I mean, it's still crazy seeing how fast some of the stuff is moving, and this was like the first case of the US government, at least, stepping in and putting export controls on a model like this. So they're

Corey Nachreiner  13:39  
funny because they've been going to the same global conferences saying we need to stop regulating AI, the world is saying regulate AI, EU is saying check out this EU AI act, and our administration is saying stop that crap, we need to innovate, but oh wait, changed our mind, I wonder why

Marc Laliberte  14:00  
I am, I'm still looking forward to us getting our hands on Mythos Five and being able to use it with our own internal projects as well, but

Corey Nachreiner  14:08  
we'll be cool.

Marc Laliberte  14:09  
Until then, I guess we're stuck with Opus 4.8 Unfortunately,

Corey Nachreiner  14:14  
we're not even talking about the biological threat, man. We're talking about our industry, but I guess the biological threat is one that I just don't want to think about.

Marc Laliberte  14:23  
That one is also interesting. They are starting a separate kind of pre-approval process to grant access to biological resource research using Fable Five once it comes back online, while still trying to heavily monitor for people creating bioweapons.

Corey Nachreiner  14:37  
Huge power here, it's such both ways, I mean, imagine genetically catered to your specific body medications, which AI may help bring humanity to, but then also perfectly catered to your body bioweapons. Fun time, it

Marc Laliberte  14:58  
is. It's pretty awesome, like in their initial announcement posts, they gave some like specifics around like virus research and biology research and its capabilities. Flip side, they also gave some evidence, like they had it play Pokémon Fire Red, and it was able to play it entirely through just a GUI interface and beat the game too. So Fable is pretty good at a lot of things, it seems.

Corey Nachreiner  15:24  
Hopefully, they'll release Fable, so I can set up Fable to play the new upcoming Microsoft Fable game and see if Fable can beat its own named game.

Marc Laliberte  15:33  
Sounds like it might be able to by the time we get that one released too. I guess we'll see. Anyways, moving on to the second story, though. So last week, researchers at Hudson Rock published a blog post describing what they called Fortableed, which is a collection of credentials that they claimed were from nearly 75,000 Fortinet firewall devices. The collection was originally discovered by a different security researcher who claims he found them just on a server, didn't give any description of what he was doing on said server, but says it includes nearly 75,000 unique firewall URLs over from over 194 countries in 21,000 affected domains, and it represented roughly 50% of all firewall Fortinet firewall devices currently facing the internet. The original researcher made some, honestly, kind of confusing claims. If you look at their ex post or LinkedIn post, they said that, like, the attackers executed 1.6 billion credential attempts over 320,000 Fortigate targets, as well as 2.1 billion attempts for 160,000 SQL servers. He also claimed, which I thought was a bit dubious, and maybe we can talk about it, that they, the attackers, were actively intercepting SSL VPN authentication hashes and cracking them using a dedicated 45 gpu cluster that wasn't like when I saw that bit I thought my first thought was evidence please on that because making claims that people are intercepting sslvpn authentication attempts at this kind of scale is kind of insane, that's a lot of man in the potential man in the middle stuff to be going on more realistically. So, Kevin Beaumont, former Microsoft employee and pretty prolific security researcher, he made a blog post with his own analysis, and he thinks that all these came from just stolen configuration files exported from vulnerable fire Fordinet devices over the last couple of years because some of them included like admin credentials as well too, which you can also

Corey Nachreiner  17:50  
something that happened before, even I think two years ago there was a story of a bunch of Ford gate VPN attacks that were they were getting popped with credentials, and it turned out it was from a VPN vulnerability, but a VPN vulnerability that was patched a year ago. But the problem is, you know, first of all, if people didn't patch when the people were exploiting this, they would have gathered credentials. Then, if they didn't patch when the patch came out, they could continue to create, gather credentials, and if they didn't change credentials after the patch, it doesn't matter that you have it. So, like, I think Kevin Beaumont is correct, and I mean, obviously this is a big threat to Fortinet, but to some extent it feels very much like at some point there's a customer, and for our customer managed service provider responsibility to pay attention to updates and to consider types of vulnerabilities on updates, like there's some updates where, if you're patching the flaw that was even partially zero day for a period of time, changing credentials could be necessary because you don't know if you know if someone popped it and may not be lurking on the device right now, or even anytime soon, but they downloaded a config file, like you said, or a credential file, or whatever, and this could, if all obviously Fortnite is a big target, and this guy has very specific information about a campaign that's affecting a lot of boxes. I mean, we've seen ourselves that credential stealing and brute force attacks are affecting every edge device right now.

Marc Laliberte  19:33  
Yeah, and I saw actually a Reddit post on this where someone commented that their account rep claimed that the configuration files were stolen from a 2022 CVE and Fortigate devices. There was a off bypass vulnerability that let attackers just run arbitrary admin commands by setting the proxying headers to localhost 127001 back in 2022 and that makes sense that. They would dump these credential databases, and then crack them offline, or and then build up a collection of valid credentials, and then turn around and try and sell them on the underground, which is what it looks like they're preparing to do with this one by packaging them up with information about the the organization that they belong to, including like vertical and size and stuff like that. This looks like a, like, initial access broker kind of collection that they were building up,

Corey Nachreiner  20:27  
and I got to tell the.. I mean, people listening probably know this, but anytime public underground boards, you start to see bulk sales of credentials, they're probably a year old, like they've been out there for a long time, and they've probably leveraged all the good ones, and they're just so, yeah, to me this, the 2020 thing, the Reddit post, I believe it, I like, I, it seems like a likely possibility.

Marc Laliberte  20:54  
One thing that was kind of an interesting bit of info on this is that some of the passwords were really complex, like 20 character random strings. It looked like, and in my head, that means, like, how that sounds difficult. That sounds difficult to brute force a random 20 character string like that. You

Corey Nachreiner  21:15  
stole them in an unhashed form, because I feel like even a weaker hash, other than a completely broken hash, 20 characters is, I, we've gotten 14, maybe 1516, but it takes exponentially longer for 20,

Marc Laliberte  21:31  
so it makes me wonder if this is like a collection of credentials stolen from a bunch of different means, like some of them could be configuration files they cracked off line, some could be like info stealing malware on someone's machine.

Corey Nachreiner  21:43  
They got the what Ryan, our analyst, wrote about, which is where people are just, you know, we found people pretending to have Watch Guard SSL infrastructure, but once we poked into that, we found out it was Cisco, Ford, and Netpac, it was every vendor's infrastructure, and they would just steal a credential through a fake SSL or VPN app, so it could just be a stolen credential through a phishing, and maybe some of them are from a vulnerability, but they're mix them all together in some bulk scale.

Marc Laliberte  22:15  
Yeah, that's my assumption that this is like multiple sources for these credentials, and both, like Hudson Rock and Kevin Beaumont, did like independently verify a bunch of them were still valid too, and so even if they're old, it's unrotated stuff, but

Corey Nachreiner  22:32  
we have plenty of practical tips to talk about after this. Then,

Marc Laliberte  22:36  
yeah, like what? Enable multifactor authentication,

Corey Nachreiner  22:39  
yeah, that's the first, that to me, that's a primary one. All of these devices, ours for sure, support it. I still think there are cases where you can't have multifactor factor on system or non-human accounts, so you still need to have good, strong practices, and when you can't have multi factor, I do think rotation is a bigger deal, but I think the biggest deal, and it's something vendors have to help with. We have had vulnerabilities before where we know changing passwords on a hardware device is hard, like when you have to change secrets, when you have a hardware device that's handling insecurity, it's not just your users changing passwords, it's perhaps certificate or digital key based authentication. There's a lot of secrets you may have to change on the device that is hard. I do think we have to think about vulnerabilities, even old ones, and not just I patched, but if I don't know if I was affected by this two years later, even after I patch, things can happen. So,

Marc Laliberte  23:47  
as

Corey Nachreiner  23:48  
you're looking at hardware and you're seeing things that are remote and give access to credentials or full RCE, it might be the time type of thing where you not only have to patch, but you do have to rotate all your secrets, and we recently had a flaw where we would at least give you the indicators of attack, like it's a pain in the butt to do that if you don't think you've been hacked, but if the vendors can share, here's what you can look for to see if anyone exploited this, the second you see signs of it change those passwords, because otherwise it will come and bite you again five years later.

Marc Laliberte  24:25  
Yep, I agree entirely. And then, like, just in general, like harden your endpoints too, like it seems like at least some of these were probably stolen from configuration files using a vulnerability on the management management

Corey Nachreiner  24:40  
interface. Yeah,

Marc Laliberte  24:42  
and And there is no need for that to be exposed to the internet. Period.

Corey Nachreiner  24:46  
Listen to us more than two years, you've heard us harp on how to secure management interfaces. No more direct remote access to anything that has a public IP. Use ZTNA, use ZTNA with MFA. And then access the private side of a management interface.

Marc Laliberte  25:04  
Yep, heck yeah. But so, if you are listening and you are a Fortinet customer or an MSP that deploys Fortinets, Hudson Rock has a pretty good utility on their website if you search for affordably, where you can look up a domain and see if it was included in this breach, kind of like, have I been pwned, kind of tool,

Corey Nachreiner  25:25  
for affordably

Marc Laliberte  25:27  
exactly, but get

Corey Nachreiner  25:31  
the test products we have for comparison, and see if any of those.. I'm sure we used email addresses that were a different domain,

Marc Laliberte  25:42  
not a bad idea, but still yet another reason to move off of traditional mobile VPNs and onto ZTNA style tools. Anyways, moving on to the last story for today, Microsoft's nightmare continued this month when the security researcher, known as my Nightmare Eclipse, dropped yet another zero day, this time immediately following a Patch Tuesday update that resolved two other zero days that they had dropped just before. Think they're up to what, like six seven now.

Corey Nachreiner  26:17  
By the way, this researcher we've talked about his post before. I like that he's trying to secure Defender, but that is kind of a little shady, like dropping some crappy patch. That's come on, you can't even pretend you're working for responsible disclosure anymore if you're doing that. Yep,

Marc Laliberte  26:35  
so the ones that were resolved in June's Patch Tuesday were green plasma, which was a local privilege escalation vulnerability, and Yellow Key, which was a BitLocker bypass vulnerability. Those were patched just a week or so ago, and right after that, he dropped Rogue Planet, which is a local privilege escalation vulnerability that allows an attacker to open a command prompt with system level privileges on the machine, so Nightbrecht Clip said that it's a race condition, and so on some machines it works 100% of the time, while at others they struggled to get it working. He also said it was a full remote code execution vulnerability until Microsoft silently hardened Defender back in mid May, which forced him to rewrite the exploit and only achieve local privilege escalation, and then he ended by saying that this actually was pretty draining, doing all the rewriting, so he's going to take a month off from finding and dropping new vulnerabilities and might return sometime in July or so, but I think it's safe to say that Microsoft is to feed off this researcher, and this is, I think, it's vulnerability number six now that they've released as a zero day since then, but interestingly, so I saw

Corey Nachreiner  27:55  
Microsoft is happy for a summer break if he really does take a month off, but is that like a red Aryan, and he'll release two more while they go on summer break.

Marc Laliberte  28:04  
It's funny, he's not the only one taking a break. I saw the maintainer, the lead maintainer for Curl, the Linux utility for web requests, announced that they're not going to accept any vulnerability reports for the month of July, so that all of their team can have the summer off to either take a vacation or work on their backlog of just bugs, that's kind of weird.

Corey Nachreiner  28:26  
There's a big zero day, we're just not hackers have at it for a month, that is

Marc Laliberte  28:32  
basically what they said, is like if there's something important in there, they'll deal with it when they get back. They did say that, like, they've got paid support contracts, and so they'll continue working with paid support contracts, but basically said we're drowning, and

Corey Nachreiner  28:46  
welcome to open source.

Corey Nachreiner  28:48  
I wonder if the days have changed when we all assumed open source was more secure.

Marc Laliberte  28:53  
It's tough when it's only being maintained by a couple people,

Corey Nachreiner  28:57  
that's why, like, I'm not blaming them there. I guess, on the flip side, these ones that have contracts are getting paid for those support contracts, but if you're not getting paid for it, you don't have the responsibility. So, what made us think we did ever be more secure, other than the fact that theoretically other people could find vulnerabilities easily?

Marc Laliberte  29:18  
But back to Nightmare Eclipse. So, I saw a post from Brian Krebs on the Infosec Exchange social media site, where he gave a bunch of evidence that Nightmare Eclipse is actually a former Microsoft employee that worked for Microsoft from 2022 to 2025 He gave a few pieces of evidence, one of them was there's a CVE that Nightmare Eclipse claimed that Microsoft took a long time to validate. Microsoft credited that CVE to a security researcher based in Germany, who on their LinkedIn account works that they lists that they worked for Microsoft from 2022 to 2025 That same researcher was credited on another vulnerability that Nightmare Eclipse is also claiming credit for, and their Hacker One profile that Krebs dug up has a lot of similar style of vulnerabilities and other vendors' products as well, too. So, this looks like a someone's security researcher got hired by Microsoft, maybe left or got affected by the layoffs back in 2025 or something, and maybe that was part of the straw that broke the camel's back for this personal vendetta against them as well, but that was an interesting mark

Corey Nachreiner  30:34  
spilling the tea. I feel like I need to get some tea for this juicy gossip, but Brian Krebs is a great researcher, man. So,

Marc Laliberte  30:42  
yep. And also gave credit that that very first episode we started talking about nightmare eclipse. They were originally named Chaotic Eclipse, so I was correct at that point too. Either way, it's.. it feels a bit more icky now if they are a former employee that's now going and finding and dropping zero days against Microsoft. That I don't know if one of our security researchers started doing that, I'd be pretty.. I have

Corey Nachreiner  31:10  
to admit, while it's kind of interesting to see all these defender flaws, this guy has never been a responsible disclosure, he's been a.. and I, in a way, I believe a malicious full disclosure, not at least not this year.

Marc Laliberte  31:27  
So, like looking through their Hacker One reports, like there is a history of them like giving even more than the traditional 90 days working with vendors, but you can see them getting progressively more frustrated over time working with vendors, and now they just seem to flip the switch and turn into a completely unethical researcher,

Corey Nachreiner  31:45  
which I guess, if you think about it, Microsoft was the one that started full disclosure. I mean, Microsoft was where researchers, back this is now 20 years ago, man, before they had trustworthy computing, it was really most of the time researchers sharing Microsoft issues that Microsoft never looked at that eventually started full disclosure, which was purposely meant to be punitive, because there was no way for these security researchers to get attention. It's like it came full circle. Microsoft was one of the first to start doing trustworthy computing and start to maybe react to researchers and treat them seriously, but now it's like people are getting frustrated again.

Marc Laliberte  32:26  
Yeah, it's funny. Time is a flat circle.

Corey Nachreiner  32:31  
How will AI there? Won't be researchers now, there'll be an AI vulnerability submission at Microsoft, and AI vulnerability hunters.

Marc Laliberte  32:41  
If that means I get to go hang out, like on a beach or in the woods somewhere, and you no longer have to work, then I'm on board with that 100% More realistically, I imagine I'll be doing the job that only a meat bag human can do that AI still hasn't figured out to do on do on their own. So I guess we'll see,

Corey Nachreiner  33:01  
we're profit off of AI quick, so you can buy that secluded island somewhere and stay on the beach.

Marc Laliberte  33:07  
There we go. Maybe use AI to launch my own cyber attack. We'll see.

Corey Nachreiner  33:11  
Don't do that, Mark. You're a good guy. You can. You're never gonna catch

Marc Laliberte  33:15  
me

Corey Nachreiner  33:16  
to the fence.

Marc Laliberte  33:19  
Realistically, I think you are hitting the nail on the head, though, that we are moving very quickly towards an AI versus AI, even in the software development and vulnerability discovery era. I mean, crap, it feels like we're already there, but crazy, crazy times, and I'm looking forward to seeing what mr. Nightmare Eclipse comes up with after their summer vacation, they've had a chance to chill.

Corey Nachreiner  33:45  
I hope they got a lot of bug bounties to make it a good vacation.

Marc Laliberte  33:48  
Hopefully

Marc Laliberte  33:52  
Hey everyone. Thanks again for listening, as always. If you enjoyed today's episode, don't forget to rate, review, and subscribe. If you have any questions on today's topics or suggestions for future episode topics, you can reach out to us on BlueSky. I'm at it's mark.me Corey is at SecAdept. The both of us are at WatchGuard underscore technologies. Thanks again for listening, and you will hear from at least me next week as Corey takes his own vacation.

Corey Nachreiner  34:16  
Am I nightmare Eclipse?

Marc Laliberte  34:18  
maybe!

 

The 443 Home

Looking For More?

Secplicity logo

Secplicity - Security Simplified

Secplicity is a leading source of information about IT and business security. Our editorial team simplifies complex cybersecurity concepts, solutions and tools into easily understood and actionable information.

Learn more

red caution symbol standing on a red circuit board

Ransomware Tracker

The Ransomware Tracker is a dynamic, all-in-one hub for IT professionals, researchers, and cybersecurity-minded folks to learn about the entire ransomware landscape. This information-laden resource brings together WatchGuard Threat Labs' research with evidence from all over the Internet into one single convenient location.

Learn more

The 443 Home