Hacked - Birds of a Feather Panopticon Together
Episode Date: April 2, 2026Heads up, the guy in the opening story survives — realized in editing it's kind of stressful if you don't know where that's going. In this chat episode we start with a coin toss on which story to s...tart with, which leads us on an adventure into the world of America's favourite private security camera network, Flock, searchable by law enforcement without a warrant. Cool stuff. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
I have two stories here.
One is about cameras and is a downer.
The other is about a little vertical video app that couldn't.
And I cannot decide which to start with.
So when a hacked first, we're going to flip a coin.
Do you want me to call it?
Should I call it?
Yes.
Let's say we didn't really map the sound in advance.
I'm going to go tails and tails is the sad one.
Tails is the sad one.
Done.
Yes.
Oh, oh, oh, oh.
Brandon Uptchurch was driving through Toledo, Ohio on a Tuesday.
When the police lights appeared in his mirror, pulls over, officers approach.
There's footage of all this.
I don't recommend watching it.
Once he gets out of his truck, the officers order him to kind of face away from them.
Upturch keeps asking, like, what am I stopped for?
I didn't do anything.
What did I do?
Officers tell him to get on the ground.
As Upturch is starting to kneel, an officer releases the canine,
and the dog is like biting him on the arm and stuff.
It's pretty rough.
Upturch gets handcuffed.
He gets taken to jail.
Upchurch's offense, it would turn out,
was driving a car with a license plate
that contained the number seven.
That seven was read as a two.
The number on the plate they were actually looking for.
It was not read by a person,
but by our opening subject this episode,
a flock safety camera.
Flock is a private company that manufactures and operates a network of security cameras across the U.S.,
but to stay in this story for a second.
The misread character had incorrectly matched his plate to a vehicle wanted in connection with a crime.
The system flagged it, an alert goes out, the officers pull him over,
none of them questioned that this was in fact his plate, and here we all are.
What that system doesn't seem to be designed to do is account for the possibility that the camera got it wrong.
And in this case, and in dozens of other documented cases across the U.S., it was.
To talk about flock is to talk about a technology that was built deployed in scale to about 100,000 cameras across 49 states very quickly.
And sometimes it fails.
By the numbers of surveillance research firm IPVM, roughly one in 10 times.
A three-year-old in Morristown, Tennessee, watched from her carsey while officers drew weapons on her grandparents,
An O, it'd become a zero.
A 12-year-old in Espignola, New Mexico was placed in the back of a patrol cruiser while her sister was detained at gunpoint.
I literally have too many of these to read in an intro.
And unfortunately, the quality of image detection on this camera network is just the tip of a very interesting iceberg.
Because the accuracy of these cameras is one question.
The security of the cameras is another, and the very existence of the database.
that all these cameras are feeding into is yet a third.
There are a bunch of stories that flock safety doesn't really want to tell about itself.
The company was found in 2017.
They're today valued at $7.5 billion,
and they scan more than 20 billion license plates every single month.
But the errors are in some cases bigger than misread numbers.
The cameras are, it also allegedly turns out, pretty dang easy to hack.
Their live feeds have been left streaming to the open internet, password-free, pointed at houses and playgrounds.
Police credentials for the platform have appeared for sale on Russian cybercrime forums.
Classic hacked stuff.
So we're going to start here with flock security cameras, where they come from, what they're used for, how they work, and the ways that they maybe don't.
On this episode, of Hacked.
I'm just Bill Nett talking about some security cameras, man.
Just buy flipping coins.
What we do here.
I got a coin on my desk, too.
Should I flip it?
Flip it.
Find out.
Should I flip it for the answer?
So every time I'm thinking about things.
Yes.
There you go.
Should I interject?
Should I jump in?
I'm doing good, man.
How are you?
I am, well, as you might be able to tell, a little sick.
I return from the desert with a bit of a flu.
And it's been residual and lingering around longer than I would like it to.
Mostly being a functional human, spoke at a conference this weekend.
Nice.
But, but yeah, other than that, my sinuses are killing me.
And that's why my voice sounds like this, which is not that far from my regular voice
as my sinuses normally kill me.
But we have a bad track record of recording while you are sick.
Yes.
Well, I think the problem is that like when I get sick, I have a tendency to stay sick.
Sure.
And we record several times a month.
It's sort of just like a statistical inevitability.
Precisely.
So I feel, yeah, I feel like my immune system only lets in the hard ones.
And then when I get them, they stay around for a while.
Exactly.
It's like the house guest at the party and you're like,
it's time to go.
Aren't you tired too?
Oh, you're all like performatively yawning to try and get them to leave.
You're cleaning up.
Yeah, totally.
The lights are very on.
The music is very off.
People are like trotting out in pajamas to be like,
Wilp.
Yeah.
Yes.
So.
Isn't that good?
Good.
Good.
I'm glad to hear it.
Thank you.
We have so much to get to this episode.
This fine chatty chat.
Decided by chance.
Decided by chance.
Decided by a coin flip.
Both times I got a good.
I hope it picked up on mic.
I got like a good coin flip sound effect.
Like a good ding.
I just did it very poorly in front of my mic.
There's probably like noise cancellation on the call.
It's like, no, that's not getting through it.
Totally.
Well, chance has faded us to start with Flock.
Thanks to everyone who's sent us stories about Flock over the last couple months.
It's a very interesting topic.
We just haven't had a chance to dig into it.
So thank you for sending those over.
Now is the time.
Today is the day.
Today is the day.
Allegedly is abound in this one.
Yeah, I was going to say, how much insurance do we need for this public?
me. I hope we're just reporting on like stuff that has happened in public and has generally agreed upon.
We'll try and couch it with allegedly. We're reporting on other people's reporting.
There you go. There you go. I didn't. I didn't speak. Yeah. Niss us with it.
Allegedly. In 2017, Atlanta entrepreneur Garrett Langley was the victim of a property crime.
Goes to the police. The investigators tell them there's nothing they can do, not enough evidence.
This is sort of the founding story of flock. He was a tech family.
founder type of guy. He sees this opportunity. He recruits a co-founder, CTO Matt Fury, and they
launch flock safety in March 2017. And their core product is pretty straightforward. It's a solar
powered, cellular connected, automatic license plate reader called ALPR. It's a camera that you can just
like bolt to a utility pole with minimal permitting. Every vehicle that goes by has its plate
photographed, timestamped location tagged and uploaded into a searchable cloud database.
The company's first market was homeowners associations.
And the logic was if flock could like saturate suburban neighborhoods with all of this
overlapping coverage, they could generate something really, really valuable, which is like
a big crazy data set of just people moving around that would make the product pretty
irresistible to law enforcement.
Those homeowner associations like funded the early growth of the company.
They got the cameras out in the world.
That dense coverage created like proof of concept.
A little legal quirk.
Police agencies quickly discovered that because Flock's homeowner association cameras were privately owned,
the officers could legally access the footage through Flock's shared national network without legal constraints that might apply to government-operated surveillance.
Sure.
This is super important to this story.
A detective in Texas could query this database of some cameras in Washington without a national warrant.
without traveling, without informing the camera owners.
Just type into a search box.
It's like terms and conditions.
Terms and conditions.
Of a product you didn't buy.
The company reached unicorn status in July 2021.
By 2024,
was generating an estimated $285 million in annual recurring revenue,
70% up year over year.
The business is a booming.
They did a series F, $275 million.
They're currently sitting at a seven and a half
Billy valuation.
49 states, like I said,
5,000 police departments,
6,000 communities,
20 billion license plates scanned every month.
So this box.
The box is interesting.
It's like a little black,
I think is rubberized kind of box
mounted on, you know,
roadside poles and stuff.
Inside there's like a little camera optimized
to scan the plates, an LTE modem,
a Linux-based computer, a battery,
a solar panel,
vehicle passes by,
trips a switch,
photographed onboard AI reads the plate, checks it against a hot list of vehicles of interest,
and uploads the results to FLOX cloud database.
That's the main camera.
The other one that we should discuss, it's called Condor PTZ.
These two products kind of form a little bit of a network.
That AOPR camera captures plates.
Condor tracks people.
It's got a pan tilt zoom motorized little thing inside of the box that lets it follow.
For the camera nerds.
Yes, literally.
It's just, it's that with that added to it.
So it can like follow a person as they walk, you know.
I had the, I don't know if I want to contribute to the design of this,
but I was like, they make 360 degree sensors.
This is a solved problem.
I'm assuming it's a storage and database issue, but I'm like, just do, just do that.
Anyway, AI, like locks onto pedestrian the motor, lets it track them.
You get the basic idea program to like follow faces and just try and track what people are walking past.
And then there's the interface.
Officers can access the platform through a web interface that allows searches by plate number,
vehicle, make, model, color, any combination of those.
And as I mentioned, those queries are not limited to local numbers.
You can sweep the whole national network instantaneously.
I wonder what one of those accounts costs.
Like, give me full access to your network, please, and thank you.
Well, allegedly, if you know your way around the dark web, not very much.
At the center of flux law enforcement function is a thing they call the hot list.
It's like plates linked to stolen vehicles or active warrants.
That was implicated in the opening story.
We talked about.
Camera reads the hot list plate.
And if it matches a list, a plate that they see with a plate that's in their database,
an officer nearby automatically gets an alert.
You get the idea.
We're going to talk about like how accurate is this system and how secure or insecure it is.
But I like, I don't want to, I don't want to hide behind that.
And you can sense the vibe I'm putting off.
like even if this was 100% secure, which it allegedly is not.
Even if it were 100% accurate, which it allegedly is not.
Flock is, in my personal opinion, a privacy.
Catastrophe.
At a structural level, I don't know what a good version of this product looks like,
which is to say a centralized database of national person tracking cameras
that can be queried without a warrant.
Well, private database.
to controlled and owned by private entity.
And accessible by, you get it.
But let's dig into the accuracy and security elements since they're relevant, I think,
interesting.
Let's dig into it.
Let's dig into it.
Let's dig into it.
Let's dig.
It's funny because this is, this reminds me.
So back of my undergrad, advanced AI 466, I think, comp forcing, at the university I went to,
The P-K-I course was this challenge, but it was for postal codes.
Oh, like a camera.
Yeah, like an optical, like an OCR and number identification.
So the U.S. Postal Service uses identification for postal code.
So you write an address on a letter.
It goes through a scanner.
A scanner reads off what you've written for a postal code or a zip code in the States.
Sorry, I'm using Canadian lingo.
The zip code is.
a five-digit number, and then it wrote that letter based on what that number is.
So that is using an AI process. So our final project was to try and beat the USPS's system.
Hit rate. Sure. Yeah. You do it? Yeah, of course. I got the A plus. Hell yeah. In 4666.
Yeah. The got offered a graduate placement in the AI program, which is now looking back in time, I probably
should have taken. But I'd already accepted one in software engineering. But yeah, great project,
great interest. But the big difference here is that license plates are both alpha or alpha numeric.
So you've got O's, which look like zeros. And you've got. And moving. Mucking up a seven for a two
is bad. Yeah, that one's, yeah. That's a bad one. Mucking up a zero for an O on a moving frame of a
video for sure. Well, especially when you've trained these, like, different states have different
license plates. I can't speak to this, but I would imagine that the color, the typography,
all of those things, you have one central system trying to scan these. It's like, that is a very
complex technical challenge. No doubt about it. And like I said, it's moving. It might have some
kind of a screen on it. Like, it's really hard to know. The Electronic Frontier Frontier Foundation
has cataloged what it calls the human toll of ALPR errors. Um, I,
I'm not going to just like list like and then this person they got a,
they thought a three was an aide and this person gets dragged out of the car.
There's so many of them.
As I mentioned in the intro, IPVM's 2021 study found a roughly 10% error rate
and flock cameras output for state designations alone.
Like at 20 billion scans per month, a 10% error rate,
clock has contested that number.
But if it's a 1% error rate, that is a baffling amount.
There have been lawsuits 1.9 million.
to Brittany Gilliam, a San Francisco resident for a half a mill.
There's a lot of them.
But moving past the accuracy of the cameras, I was really fascinated.
And the thing that people kept messaging about was the security of these systems.
In late 2024, cybersecurity researcher John Gainesek Gaines.
We've talked to him about him on the show before.
Did something that I think that flock probably didn't, was kind of hoping no one would be able to pull off,
which was he bought a flock camera off of eBay and then he took it apart.
Classic.
Yeah, classic move.
Publishes a white paper documenting 51 distinct security findings,
22 enough to receive like,
I learned about this for the first time.
Official CVE identifiers from the national vulnerability database.
So like, yep, that's a real big issue that anybody in this industry should know about.
One of the biggest kind of piles of these vulnerabilities are don't really require much technical
sophistication at all.
They're physical.
A flock camera is mounted.
on a public street.
Pretty much anyone can walk up to it.
On the back of the casing is a big button.
You press that button in the right sequence
and the device broadcasts its own Wi-Fi access point.
You connect to that access point,
enable Android debug mode,
and you have in Gaines words,
quote, cart blanche across the device.
All stored images.
firmware, a complete foothold into Flock's broader network.
Gaines pulled this off of the laptop
and a stick for the button pressing that I mentioned,
like a literal, not a USB stick.
Like a broom handle.
Yes.
Keeping his hands off the device and he pulled that off in about 30 seconds.
The cameras have exposed USB ports, making them vulnerable to like rubber ducky type stuff we've talked about in the show before.
Mimic a keyboard, execute a little automated attack script against it.
The stored images are allegedly unencrypted.
Of course.
Yeah.
Save data.
Save space.
You got to save space.
on your panopticon.
Researchers fed images from the factory testing period still present on the device.
I found that fun.
Hard-coated Wi-Fi SSIDs, a privacy, real privacy situation.
It seems like really jumps out of me that something that's so public, so visible and so despised, truthfully.
Like there's the whole British, like, you know, I can't remember what they're called,
but there's like a.
Yeah, CCTV.
Yeah, but the groups of people that go around like smashing them.
For something that's so despised that you would have physical access to the unit in any way shocks me.
I'm surprised by this.
And maybe you could say it's a product that clearly got its start in homeowners associations
where the homeowner association was legitimately buying a camera to point inside of its own community.
But I am not sure that the industrial design is kept.
up with the scope's ambitions, for lack of a better way, putting it.
Totally.
So that's the box.
Let's talk about the website.
Flock's Law Enforcement Web Portal, the interface through which officers search
billions of license page records, does not require multi-factor authentication.
Cool.
Sweet.
Love that for them.
It had to linger there for a sec.
They encourage it, but they do not require it.
Of course.
Yeah.
The company confirmed this to concentrate.
Congress in October 2025.
A single stolen password is sufficient to access the entire national database with like full
officer level privileges.
And again,
no MFA needed.
Given their,
you know,
comprehensive physical security,
I'm sure,
I'm sure that's just cracker jack.
Yeah,
I'm sure you wouldn't even really need to steal an account.
I'm sure you could probably just make one up.
Yeah.
Yeah.
Maybe.
Maybe.
No,
allegedly.
Yeah.
Allegedly.
I'm going to get a button that says.
Didn't somebody give us a comment recently about how we become like the allegedly show or something?
I think that was a while ago.
Or maybe there's a more recent one.
But yeah, like you know why we do that, right?
So we don't get sued.
Yeah.
Because when we talk about things like this, it's alleged.
Yes.
And slap suits are a thing.
If there's been a court conviction, then we can drop the allegedly.
Yes, exactly.
Until then, we cannot.
And simple suits don't necessarily.
In any case, in late December 2025, uh,
Gaines, the guy we talked about, and another guy named Ben Jordan, who we'll talk about in a second,
independently discovered something very not great.
Using Showdown, which is a search engine for internet-connected devices, they were able to connect to 67 Condor Flock Condor PTCM cameras streaming live to the open internet.
Yes.
Didn't even have to get the username and password to be talked about.
Shodan also found like 46,000 open client instances that were just fully public and exposed.
That was a few months ago, so I'm sure that's a lot bigger number now.
Just scraping Mac minis.
Just finding them all.
And then you got a full agent in control of a computer, essentially a full root kit.
Yeah.
Anyone who finds these can just watch them live.
30 days of archive footage, change the camera settings, read log files, run diagnostics.
They're pointed at like playgrounds and people's houses.
Just a real, real mess.
Real privacy, alleged nightmare.
Alleged nightmare.
Flock called the exposure a, quote,
limited misconfiguration on a small number of devices
and says it's been fixed,
just to sort of say both sides of it.
There's the credential situation.
Ben Jordan, who I mentioned a second,
it was not a professional security researcher.
It sat in front of, I believe it was Congress,
with screenshots from a Russian cybercrown forum
advertising stolen flock police portal logins.
There's a Hudson Rock,
that tracks compromise credentials found that at least 35 customer accounts have been taken
by information stealing malware.
To continue on to Ben Jorne is kind of a filmmaker, YouTube musician, fun guy.
He makes ambient electronic music under the name Flashbulb and then does this.
I was like, my dude.
By his camera, by dude.
Come on the pod.
Yeah.
You sound very cool.
He's become like a very consequential critic of this, did like a big,
a 40 minute YouTube expose about this. That's totally worth checking out.
It talks about what Gaines have talked about with compromising these things physically.
You end up sitting, kind of taking part in the legislative process a little bit on that.
Just wanted to give him his flowers here.
So this data has been used in a bunch of different ways that people will have a bunch of different opinions about it.
It has been implicated in law enforcement looking at how people are accessing health care and stuff to do with
immigration and protests and travel and all sorts of messy stuff.
I want to talk about Flock Nova.
In May 2025,
4-4Media reported that Flock was developing a platform called NOVA
that combined ALPR data, stuff they were collecting,
and this is important, with records from data brokers,
information from data breaches,
allowing law enforcement to track specific individuals,
not just through the information they were tracking through their cameras,
but from information that they bought from data brokers.
Often the product of leaks.
In all states except Montana,
police can legally buy location data from commercial brokers,
bypassing warrant requirements.
I'm sure we're going to talk about this at some point on the show in the future.
But it lets you get around the requirements that would apply to the same data
if you went to a telecom carrier or a tech company.
Nova was trying to formalize this,
pulling all of that breach data and public records and leaked stuff into a single searchable interface
alongside all of the plate history and face photos that they were capturing.
Real ones at 404 media report on this.
Massive backlash.
Yeah.
Kind of bipartisan, frankly.
Flock says, we're going to drop the breach data component of this.
The fusing of like this commercially available.
private information into a tool for warrantless individual tracking.
The Electronic Frontier Foundation, who we mentioned earlier, called this a dystopian
panopticon.
In my personal opinion, that phrase is not hyperbole.
That's a great, great title for it.
Right.
Dystopian panopticon.
See, this is fascinating for us as Canadians because in Canada, we have information
privacy protections. And in the States, is a much more fragmented perspective on it.
Certain things, financial data, health data, children's data, educational information,
your video rental history are all protected. But there's no overarching individual privacy law
that protects it. And I guess that's the crux of it, right? Is they're able to do this
because there is no general privacy law protecting the privacy rights.
Yeah, it keeps ending up having to happen at a state or even municipal or even neighborhood type
level. You do see pushback about this. And like I mentioned, some of the resistance to this has been
bipartisan, which I find hopeful. We're communities in Austin, like to your point, Scott,
Austin, Evanston, Eugene that canceled or declined to renew flock contracts after the fallout
of 4-4's reporting. You've got the anti-surveillance map project, which is a volunteer effort to document
where these things are physically located.
They got a cease-desist from flock in February 2025
and did not comply.
Washington State passed SB 6-002,
banning ice accessing plate reader data,
capping retention in 21 days, stuff like that,
prohibiting, like, you can't install these by a school or a church, guys,
that kind of stuff.
Montana, like we mentioned, closed the data broker loophole
that Nova, that purported product was designed to, like,
exploit, for lack of a better word.
So to your point, like in the absence of a big federal law protecting this kind of against this kind of thing, it's really proving to be up to much smaller jurisdictions to create that resistance.
Yeah, the American Privacy Rights Act was a recent attempt at this.
It almost kind of got tabled 2024-ish, but then it stalled out.
So there still isn't anything.
But yeah, I think that's the fundamental difference.
And especially like in the recent weeks, you've seen a lot of.
drama around anthropic versus open AI, government contracts, surveillance.
So if all of this information is publicly available, publicly accessible, and publicly
licenseable from these companies, they could theoretically just feed that to AI and turn
and let AI loose on it to turn it into models of who you are, what you do, what your
behaviors are.
So anyway, fascinating, fascinating topic.
Yeah, at this point, I would assume that all,
of that information. I would assume that almost every piece of information that is available for
sale from data brokers at minimum legally has been ingested by all of these models. Yeah. Or is being
used or is being used to build systems. That's a better way to facilitate policing. All manner.
Whatever. Marketing probably. Yes. For sure. For sure. Yeah. These things aren't going away anytime soon.
The company is like too big, too embedded into systems, too well funded.
It's a national network in practice.
It's part of America's surveillance infrastructure.
But it is interesting and relevant that it is built by a private company, sold to governments, and operated dancing on the edge of legal frameworks in some fascinating ways.
A lack there of a lack of legal frameworks.
But ultimately.
And the reason I want to talk about this here, and again, thank you to everyone that sent us this.
story, there is a lot of evidence alleging that these cameras are hackable. The credentials have
been for sale. The data is available to anyone with a badge and for a brief period in late
2025, anyone with an internet connection. Those questions remain largely unanswered.
And the answers that have come have been, in my personal opinion, quite unsatisfying. A lot of deflection
if I was to characterize it. And in the meantime, you got 20 billion scans happening every
months.
People don't really know that their license plate at minimum is being scanned, red, logged, stored,
added to a database that a deputy in another state can search in seconds for almost any reason
with basically no oversight.
Yeah.
All of these camera systems, like even like, so we have a few cameras at our house and we
have cameras around our office, they have the ability to do automatic plate detection.
They can even do face ID.
There you go.
And it's just now like a standard function in most of these camera systems these days.
You know, anything, if you're buying anything current and contemporary in the video security area, it has lots of these functions baked in.
So this has just become de facto standard.
It's, and I think it's probably going to become a bigger, unfortunately, in the absence of any kind of structural remedy, the conflict is probably going to get downloaded to people.
people going like, I don't like that you have that camera pointed at my front door.
And other people saying, but I'm allowed to have it pointed at my lawn.
And your front door just happens to be.
And back and forth, they go.
And the whole thing gets escalated.
I don't really have a good answer to it.
It's a prickly one.
And I don't love it.
I don't love it.
But it's really interesting because like doorbell cameras, right?
Yes.
They're everywhere.
Totally.
We've created our own CC.
TV.
Totally.
Camera state.
Just the doorbell cameras.
Like anytime it's a crime in a neighborhood now,
the first thing that the cops do is send out a request asking for everybody to look
at their doorbell camera footage and send anything that's relevant.
Yep.
And it's like we've,
we have created our own an opticon.
Yeah, totally.
For $9.99.
That you pay.
Did you ever see the movie weapons?
I have not, but it has been recommended to me.
Cool.
Yeah.
It's, um,
it's fascinating because it's a,
it's a movie in which doorbell.
cameras play like a major narrative beat.
And it's not even, they don't even explain it.
It's just sort of taken as a given in the same way that like, you don't need to explain
what a smartphone is in a movie in 2025 or 2026.
You don't, there's no beat where they explain what these things are.
It's just a given that in this nice suburban neighborhood, there's a lot of cameras.
Everybody has a door about cameras.
Exactly.
And that's different.
That's, that's a change.
And as the feeds and images that these things are kicking out.
are being archived and databaseed and queried and accessed in new ways,
you have a really fascinating intersection of like,
what can this technology do and what are we comfortable with the hardware doing on our,
you know, land, our home, our property, our spaces.
It's just a really interesting set of overlapping questions.
Totally. Totally.
Well, that's the coin toss first side.
What should we talk about now, Scott?
Should we flip a coin?
I don't, maybe.
We could talk about my other story.
We can talk about something you want to talk about.
Where do we go from here?
I got a bunch of things I want to talk about.
So maybe I'll jump in and we can have a little brief chat.
Let's do it.
Let's go.
I'm not going to say happier, but let's go something that's a bit more comical.
Sure.
So Anthropic.
Anthropics Claude.
Claude code.
Claude code is being built by Claude code.
Okay.
So Claude code is now like the tool that the development team.
inside of Anthropic is using to build it. I woke up to a ton of internet information traffic
blowing up on the timelines that Claude code had managed to commit all of the code for
cloud code into a package map file in the release of Claude Code. So Claude Code in one of its
latest builds, inside of the package, had all of the source code for it.
it, which is typically not something you do.
And why is that typically not something you do, Scott?
Well, it's a lot of intellectual property in there for one.
Yeah.
So, yeah.
So they managed to submit a version 2.1.88 that had a source map file that had the entire
unobfuscated full source code for the entire platform cloud code, which everybody loved.
like everybody that's in that world
because it gave everybody a look under the covers
to see like how are they doing?
Yeah, blueprints to like the most popular building
for lack of a better metaphor.
Yeah, yeah, yeah, yeah.
Yeah, metaphor.
So naturally it's blown up across GitHub.
There are hundreds of repos that have cloned it
and are sharing it.
And then you've got Anthropic running around behind them
trying to clean them up.
Yeah.
Trying to shut them down.
So it has become part of the natural.
source of the internet. I don't know if they'll ever be able to finish hiding at all,
because I'm sure there's thousands, if not tens of thousands of local copies.
Whoa. That's interesting. Yeah. I'd seen some emails come in this morning from good friends
of the show pointing us towards the store, but I hadn't had a chance to read it. It was too,
too busy reading about Panopticons. That's an interesting one. Yeah, well, the other cool thing is,
is that because they have the unfettered access to the source code, they've actually found 44
features that Anthropic was working on that are kind of like in the dev code pieces.
They're not exposed to the public yet.
So there's all this additional functionality.
Essentially they've given out the product roadmap and the active source code for it.
Wow.
Anything cool?
Yeah.
Lots of cool stuff.
On the roadmap?
Yeah.
I was like putting the leak aside.
I'm like anything neat?
Yeah.
They're adding like proactive functionality so it can like be proactive.
I'm not sure exactly how the implementation of it's going to work, whether it's going to be autonomous and just go off and do things that it thinks it should.
It has a dream function.
So it can dream and imagine what the product could be and then build a plan from that.
So there's a bunch of little things like that.
I haven't dug super deep into it as this is, you know, hours old at this point.
But those sound like cool features in what is rapidly turning into the wildest ad segue we've ever done.
We'll catch in the ad break in a little bit.
It's going to be pretty funny.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone somewhere saw something too late.
An alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for a world where attackers are already using AI.
They created the aurora.
a superintelligence platform, a fully agentic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic agents
that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything
trustworthy, and all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events
every week and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora Agent SOC.
It's the first SOC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven decision reflects your environment instead of generic assumptions.
The automation frees your concierge security team to focus on higher value strategy and proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually looks like, go to arcticwolf.com slash hacked.
Never feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turned defenses on their head.
Organizations around the world saw headlines they never expected,
and cybersecurity teams were tested like never before.
But here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th,
diving to the most impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just,
what happened, but why these attacks succeeded,
and most importantly, what businesses can do
to fortify their defenses for it's too late.
You're going to walk away with real insights
and how threat actors are evolving,
how defenders are responding,
and what strategies can help you stay ahead
of the next big breach.
It's not fear-mongering.
It's practical, actionable, intelligence
from experts in the trenches.
Register now at arcticwolf.com slash hacked.
I was like, do you know who's advertising in this episode, Scott?
I do. I do.
That's really good.
Oh, good stuff.
I don't even know where to go from there.
That's too good.
I think we just come back from the ad break.
Oh, and I think we're back.
And we are back.
Hopefully you enjoyed that ad.
Hopefully that ad was in that ad break,
because that's good stuff.
Clock code, pretty amazing product.
It's a really good product.
Pretty amazing product.
Listen, stuff happens.
We got to talk about it.
Totally.
Yeah.
Where to next?
I got a few more things that go where we can give it back to your side of the coin.
This is like a loosey chatty chat.
Let's just keep it going.
I want to talk about the little social media platform that couldn't.
Oh, let's go.
I want you to imagine a scrolling vertical video app, Scott.
Okay.
I'd have a really hard time imagining that because it barely exists.
But not like, no, not like TikTok or Reels or YouTube.
Don't picture those pesky old-fashioned platforms where you need to wait for a tired old human being to make the videos.
Oh, okay.
No, this one would be different.
The app instead uses AI to generate the videos and then humans watch the AI videos.
And in between the AI videos, you get AI ads and then the money just happens.
with all the eyeballs and none of the humans to split the ad revenue with, you create a flywheel
of infinite money and AI content and money and AI just tumbling around.
This was the idea behind Sora.
So wait.
Oh, okay.
A billion dollar enterprise with no employees.
And it's very trendy.
Very, very trendy.
Yeah, you thought I was talking about something vibe coded.
And in a sense, I probably was.
I was ready to talk about SORA as an add-on to this social media platform that you were going to talk about.
You were ahead of me, it seems.
And in September 2025, it looked like this was going to work.
Two Berkeley PhD grads had built it inside of Open AI.
They demoed it in February 2024.
The standalone app hit number one in the app store within 24 hours.
And then the house of mouse itself, Disney, of all companies.
announced it was investing a billion dollars in licensing over 200 of its characters to the platform.
Mickey and Grogu, the future was IP cleared.
You will be able to make videos.
You will be able to make your own Disney video.
You will be able to make videos of Iron Man and Olaf the Snowman kissing.
I don't know.
Whatever you want to do.
Were there speed bumps?
Sure.
Turns out when you give the entire internet an AI video making machine, it will make deepfakes of
Stephen Hawking skateboarding.
And Martin Luther King in situation so bad, his estate had to call open A-Hy directly.
And Olympic competitions between pets and you name it.
Exactly.
An endless amount of viral content.
The Japanese animation as an industry as a whole popping its head up being like,
stop it, SAG, AFTRA, having to be like, stop it.
But in a move fast, break things world, none of that seemed like genuinely.
it didn't feel like it mattered when this came out.
The future is that sense of an inevitability.
The genie cannot be put back in the bottle.
You will watch Olaf and Iron Man.
But kissing, smooching.
But, you know, a story about the inevitability of a technology can be very, very powerful.
It is not as powerful as cold hard economics.
And eventually the numbers catch up.
Because the math of this, the infinite money flywheel,
depends on eyeballs.
It depends on the company wanting to commit to this,
but it depends on eyeballs, human eyeballs.
And it presumes that people want to watch this
because otherwise where does the ad revenue
that makes this all economically rational come from?
And that whole time, every one of those videos,
according to research, allegedly cost OpenAI.
There's different estimates, but about a buck 30 to make.
A lot of processing.
That's a lot of processing.
50 million bucks a day, some estimates, say?
For an app that made, it looks like about $2 million total ever in its lifetime.
Downloads peak to November 2025 fell 66% by February. OpenAI's own head of SORA called it,
called the economics of it completely unsustainable.
And we're talking about this now because on March 24th, 2026, OpenAI posted a very brief goodbye on X.
30 minutes earlier, Disney's team had been in an active working session, according to reporting.
with open air on the partnership.
The billion dollar investment died in the gap between that meeting and that ex post.
No money ever reportedly changed hands.
Yeah.
So we should talk about, do a kind of obituary for SORA because I think it's a really fascinating technology story.
Well, to me, to me, this is just a marker.
Yes.
You know, Anthropic really invested in, I.
Anthropic didn't even have visual models forever.
Like they were so focused on knowledge, productivity,
Claudecode.
They went the productivity direction.
Like all of their investments went that way.
Focus is the right word, man.
Like that's the right word to use.
And Open AI was a little bit more loose.
They were trying to do everything kind of at once,
but nothing really had the target and focus.
They've sense, I think what they've done,
and this is again just hearsay or like my my thoughts is that they've redirected internally to be like oh my god
you know the productivity segments the cloud co-works the perplexity computers the open claw worlds these things
are showing such enormous economic value to the users and they've also brought the costs of tokens
way way down i heard recently that it's as low as like nine cents per million output tokens so
So they're probably in a, yeah, efficiency is occurring on the, on the model inference side,
where I think when it comes to diffusion models and a lot of these visual things,
there's still very heavy processing costs, as you noted.
And I just, a friend of ours, co-game developer with Jordan.
And I talked about, good buddy.
And I talked about this when kind of opening, I was releasing Sora and Google was like kind of thing.
And his thoughts were that AI was going to come for the creative industry first.
And it turns out that AI is really not that good at creative.
Like it can do things that are pretty amazing.
But it doesn't do them in a way that humans believe them.
And that's the crux of it.
Yeah.
It's what is the creative for?
Because if it's to be watched by people, what you have is an experiment.
And you can put in the most addicting form factor known to man, vertical scrolling video.
And it's really just a question of if it can't work there, where are you waiting for it to work?
But you see the societal pushback in video games.
Any game that has AI content gets like lit up on the internet.
You see the pushback in advertising, people that have ads that have substantial AI content get pushback.
even just like I would say SORA's main use was generating ads that I hated to see on YouTube.
Yeah, sure.
It was making stuff that then infected other platforms.
And those tools still exist.
If you want to make slop to run as an ad on shorts or reels, you have a panoply of options available to you.
Sora's absence will not really respectfully not be felt in that sphere.
I'm fascinated by there's this sense of like you're just going to want to sit and watch this in the way that you.
you watch TikTok and Reels, which, again, have AI content on them.
But it's like, do you just, do you want to watch just that?
Interesting theory.
And there's there's also a pure economics argument.
Like Open AI has since made comments about this because like it doesn't look good.
No.
They're currently in the middle of a, I think they're raising an additional $10 billion,
adding up to $120 billion funding around that they're currently in the middle of.
And the line, and it's a good line.
It's Fiji Simo Open AISC.
EO of AGI deployment, quote, we cannot miss this moment because we're distracted by side quests.
We have to nail productivity in general and particularly productivity on the business front.
That means backing off on stuff like this and reportedly deprioritizing.
We're not going to get into this.
The adult modes of some of their platforms, it's like, okay, we're shifting, we're going all in on business.
Because that's where the money is.
That's where the money is.
the vertical video slop app, the not safe for work chat mode, these are distractions from
what we should be working on as we're bleeding money and all that stuff.
Like they did get very in the weeds with a bunch of side quests.
And for being the industry leader, the people that kind of created the industry, the market
diviner, they have fallen.
I would say, like I think they still have majority market share.
like most people that use AI, especially chat interface, use open AI.
They use chat CBT because it's almost like a verb.
It's the Kleenex.
It's the rollerblades.
It's the noun 100%.
Yeah.
Where if you're like really into AI, like Claude Code was like the first real coding harness
that people were like, holy shit.
Yeah.
No, totally.
I remember that.
I think we probably talked about it on this show.
Yeah.
Yeah.
OpenAI's models have gotten very good at coding, but their harness is not as good as Cloud Codes was.
And that's becoming the thing is a lot of the harness development pieces are becoming, like, the models are so smart and so good and so well trained and so tuned, that figuring out how to get the maximum amount out of the model is become the new challenge.
It's less about can we make the model smarter?
It's like the models are pretty damn smart.
It's like how do we keep them on task, on focus?
Like the first time I used Claude Co work, I gave it a prompt.
And boom, all of a sudden it pops up a plan.
It had made a plan to answer the thing.
And it starts going through the steps and it stays on task.
And I was like, oh, that's nice.
And that's all their learnings from Cloud Code.
You know, they learned that to solve complex problems in code,
they had to break it down into much smaller subtasks,
solve those and then roll it up.
It's one of the reasons why I built Loom is because I like Co-Work.
It's because I use Co-Work and Cloud Code so much,
but I wanted to be able to use it with local models.
You know, if we have client confidential information,
things like that, that we can't load into the Anthropic system,
how do we do that offline and secure?
And so that was one of my big main goals for building Loom was that.
Yeah, you get how there's companies like Google.
where so much of their brand story is about like,
we just try crazy shit, you know?
Like, we'll just, I don't know, balloons with satellites on them.
We'll dig a big hole and fill it with internet, whatever.
Like, who knows?
There's no company that spins up new software applications and then, like, shelves them three years later than Google.
Yeah.
There's drawers full of like VR headsets and tablets that are just never going to be a thing again.
Totally.
And I think it's become a sort of like model in an archetype.
in this world where there's this sense of like you want you want a big tech company that's worth
hundreds of billions of dollars to feel like an empire with all of these different things but
you can really only burn money so fast or maybe a better way of putting it is that empire is built on a
much firmer foundation when you have the money generating engine of a google ad sense or a Microsoft
like enterprise or the iPhone you need that thing that's just printing money so that you can go
experiment. It doesn't seem right now that Open AI has that. They have an extremely popular
popular product, but the cost of operating the product and the revenue that the product brings in are
still sort of dancing with one another. They don't have the flywheel of infinite money to sponsor
all of these things. So you need a little bit of efficiency sometimes in a way that isn't quite
the case for Google and Apple and Microsoft. Totally. It's like a classic, classic startup thing is to
like pick one or two things to be the best at them. Don't try and be everything to everybody.
And I think Open AI got a bit into that headset of like, oh my God, we're doing amazing things.
Let's disrupt every industry instead of one industry where I think Anthropic was much more
targeted with their, we're going to go after software engineering. Because if we can crack that
nut open, that nut like solves 10 other nuts. Totally. Like cracks 10 other nuts.
AI video generation is prickly.
So much of what we see of it is really like respectfully low effort stuff that is like just get this out of get this from out in front of my face.
But like the larger technology is interesting and it's built on a long like history.
Depending on where you try and track the history of SORA, it's like you could be going back a pretty long way.
There was like AI assisted video manipulation in the 1990s.
There was a piece of software I read about and reading about it's called video rewrite.
from like 1997 that was used to be able to alter speaker lip movements so that you could synchronize
with the new audio track.
And there's like obvious filmmaking applications.
ADR is common in film.
You want to change a line in post.
Could we have the shot beyond the actor's face when they say that?
Develop a software solution for it.
And it's on that foundation that you keep kind of building forward up into the moment 2014.
You get generative adversarial networks being applied to video.
You get that push and pull.
That pushes everything forward.
forward. You get diffusion being added into video as well in like the early 2020s.
Like there's a really cool ladder of technological innovation that brought us to this point of
being like, I do want to see Stephen Hawking do with 360.
Well, speaking of like lip singing and stuff, I, before I was waiting for Jordan to jump in.
We used Riverside. It's a common podcasting platform.
I was just poking around to see what new features they added.
And they now have a feature that will translate.
our podcast into 30 different languages.
And not only that,
it will re-sync our lips to make us look like we are speaking
the language that it has translated it into.
Oh,
I was like,
and this is for like a 2999 a month subscription.
Sure.
Like,
international.
Yeah,
I think YouTube is even starting to bake that in,
which is funny because you'll obviously comments on things being like,
how do I turn this off?
it's translating it to my language and I don't want to I don't want that.
I don't want it.
It's cursed.
Get it out.
But the like educational potential is obviously like huge huge like to be able to not all learners, you know, like captions.
And some people are auditory learners.
I totally see the potential of that.
Totally.
Yeah.
I just, I found this fascinating.
The like decision to boot something like this up that was the number one app.
Like how many number one apps post Flappy Bird have been shuttered with.
within less than two years.
Like that's just a really interesting story.
Flappy Bird.
You remember Flapy Bird?
There's a blast from the past.
I know, right?
I remember people selling iPhones that had the app installed on it after they had
shuttered it?
I just remember it was such an interesting story of that.
It was the developer whose name currently escapes me.
But he made a lot of little kind of little games.
Just little games out of like different like kind of just like hacking together assets
from other games.
Like just just making stuff.
And one pops off.
and it's printing like, what was it, $50,000 a day or something?
That was a crazy story.
And it was ruining his life, so he took it down.
He's like, just leave me here to build by small games.
Please don't play them.
Yeah, he's like richer.
He's like probably made more money than he knows what to do with.
Just to kind of stay on the AI, but I also just want to transition us over to,
with all this agentic coding going on,
One of the biggest attack surfaces these days,
and we've talked about it a number of times,
is these supply chain attacks
because they just keep popping off.
March 24th of this year,
light LLM,
which is a super common package
for if you're building a piece of code
that needs to communicate with an LLM,
you can just get this package,
light LLM,
and it kind of has all of the framework built
for, like, connecting to an LLM model,
sending prompts,
has all of that stuff kind of pre-built.
Okay.
Super, super common.
97 million monthly downloads makes it one of the most popular open source
LLM proxies in the entire Python ecosystem,
which is the main ecosystem for people playing with LLMs.
And this is used inside a, like this is an open source tool used inside of other LLMs.
No, it's used inside of software being built that need to communicate.
Okay.
Understood.
Understood.
So it is wildly successful.
Anyway, for a small period of time,
if you installed it immediately upon installation of it,
it executed a small Python process startup script
that would literally scrape all of the keys,
cryptos, any kind of cloud platform access,
any kind of Kubernetes cluster configurations,
any of this stuff.
It did a massive credential harvest,
and then we just throw it back to a to a home base.
This is the team PCP attack.
A buddy of mine who it doesn't follow,
a buddy of ours that doesn't follow this message to me about this today.
Did he?
Yeah.
Yeah.
I've got it up in here in front of me, like the link.
95 million monthly downloads, like you said.
Brutal.
Yeah.
Anyway.
So they caught it relatively quick, thankfully.
Sure.
again, but still, it's such a pervasive package that's in so many things that if you did an update
on any of your open source packages that were dealing with this sort of stuff, like I did a
scan on my system and I have three pieces of software that use it. Thankfully, I didn't get the malicious
copy, but super, super effective. The second you, second you updated it, it ran the script,
grabbed all the creds and fired them away. I wonder, how did you run that?
search on your system to see like oh there's a there's a python command that you can run that looks
for package package versions package installs I don't know that don't know the command off
top of my head if you ask AI AI sure to be able to check if you if you have anything on your system
that is accessing LM to see if maybe it was potentially compromised in that brief window
but this this attack service just keeps servicing over and over because next up axios which
is another package, which is an HTTP client. So think of it as like a web browser for code.
It can reach out and access websites and stuff and pull in the source code for websites.
So imagine if you were building an AI platform that had a tool in it to go out and grab
website content, do fetches of web pages to get information. Chances are you had light LLLM
installed and then you were using Axios to do the web gets. So same thing. Supply chain attack,
introduced malicious dependency that deployed a Trojan capable of controlling the system.
So it actually provided a root kit.
They didn't just do a cred scrape and throw it up to the cloud.
It actually like essentially rooted your computer.
So Axios is actually bigger at 100 million downloads a week, not 100 million downloads a month.
And it had a, it was it was packed for two hours.
Light LLM, I think was three hours before they quarantined it.
So this has become, I think, a pretty.
preferred, preferred attack vector for most people who were looking for like just causing mass amounts
of havoc. Yeah, I mean, there's no, how do I put this? There's this like, there's a graph someone
could make of like the more access you give these tools to your system, the more powerful they
become. So if you want a more powerful tool, give it more access. But it's like, that means that
the potential security vulnerability of one of these things being compromised goes up the more power
you're seeking. There's like a really interesting little relationship there that probably at some
point over the next couple of years, there will be product responses to. It's like how do you
build a thing that gets you the most power out of these systems while hopefully insulating you
against exactly what you're talking about right now. But there have been, there's been some really
good structures for this already created. So actually Anthropic is done. I know.
sponsor of the show.
I should quit talking about them,
but they've done some really relevant things.
So like when you open up Cloud Co-work,
what it actually does is it boots essentially a Docker container.
So it containerizes the entire execution of it.
It asks for permission to come out of the container when it needs to.
But essentially everything is kept inside of a bundle.
And you're starting to see this a lot more.
Like even there's open source solutions now that if you're building
AI powered tools that,
that you can spawn them into containers rather than just spawning them on local.
So like OpenClaw was obviously the big tool that like showed that if you give a computer to these things, they can do more with it.
And people are like, this is great, except for that it might have a bit too much access.
So, so, yeah.
Yeah.
I wonder if the MacBook Neo becomes the new Mac Mini.
Maybe for this kind of stuff.
It's got a screen though.
Do you even need a screen?
I've been getting like ads for hosted Mac minis now.
So you can just like, yeah, exactly.
Pay a monthly fee and like get a, get a, get a Mac mini in the sky.
Honestly not a bad idea.
I mean, we should probably, I don't really have anything.
I don't have a lot of commentary on it other than like, ooh, that's bad.
FBI director hacked.
FBI director hacked.
Email, personal email.
Personal email.
Personal email.
The Handala hack team said Patel quote,
We'll now find his name among the list of successfully hacked victims, FBI director Cash Patel's personal email inbox, as photographs, there's video.
This is all under the sort of like fog of war of who even knows what's real anymore in an age of generative AI, as we discussed earlier.
Oh, not a good look.
The Bureau's confirmed the basic hack happened.
Yeah.
I'd say the biggest thing telling for me on this is how there's been nothing shocking coming out of it, you know?
That's just cringe.
It's not criminal.
It's just cring.
Yeah, like the behind-the-scenes footage from the Olympics was worse than anything that's come out of his private email, which I think is, I guess, good for him.
Yeah, I'm glad there's nothing that, yes, agreed.
But this isn't anything like the alleged Biden laptop that had like, you know, so much incriminating content on it.
Yeah.
Yeah, no, this is Cash Patel, just, it was his personal email address.
Yeah. Yeah. It's an interesting one. I don't really have much about that one.
Interesting. It happened. Not a great look for the director of the FBI.
There's rumors, more alleges, that our friends Lapsis are back to having fun.
What did they do? Well, allegedly, so this is a lot of alleges in here because the company involved hasn't confirmed that it happened.
Lapsis hasn't taken credit for it.
It's just been assumed that it was Lapsis.
So anyway, three gigs of source data from AstraZeneca,
massive pharma company,
including internal code repositories, employee data,
credits, tokens, and all this stuff showed up for free on the dark web the other day.
And it seems like what the people are reporting is that allegedly Lapsis stole all this stuff
tried to extort
AstraZeneca to pay
Astrosenica didn't pay so they just released it
so AstraZeneca hasn't
yet confirmed that the breach
did happen
and nor has
lapses confirmed that it was them
that released the data.
Whoa. A lot of
all legends in this one. That's a wild story.
If you're burning out on the
legends, I'll just go ahead and tease our next
episode. We'll contain none of them.
Assuming the interview gets everything's all
good to go there.
It will be a nice, confident episode that we'll go into.
But I'm enjoying this episode full of allegedly.
That's wild.
Yeah.
AstraZeneca's no joke.
That's a very big company.
To not, we've been covering ransomware stores for a long time.
And the push and pull of will they pay, won't they pay?
What are they paying for?
Is it worth paying to, are you incentivizing future attacks if you do?
If you don't, what do you lose?
We've talked about the negotiations behind those processes.
And I would love to have been in the room with the like, not just the lawyers, but the security consultant that inevitably would have been hired in the situation to try and negotiate that back and forth with allegedly lapses.
Well, you've also got to assume that there's probably an insurance person in the room.
Exactly.
An actuary calculating what the full exposure of it is because it looks like, aside from a bunch of tech stuff, which, you know, in the era of Claude Code.
and agentic engineering is less valuable than it used to be.
You can change API tokens, you can change keys, you can change those things.
But the employee related information was probably the biggest part of the leak.
Private information has a real cost, and it escapes.
Was there any early signs, any intellectual property related to their products?
Farmer products, nothing that I could find.
Okay.
Because that's where my brain goes to them.
I cannot think of a more sensitive intellectual property corporate espionage type topic than
pharmaceuticals.
Sure.
Patent pharmaceuticals.
It's like technology even pales in comparison to like we spent 20 years researching chemicals that can be distilled down into something that can be manufactured in a lab in minutes.
Like it's a discovery type topic.
So if you manage to get that out, that's a catastrophe.
Yeah.
If you were managed to pull out, like, you know, weight loss medication, GLP ones before they were...
Huge.
Yeah.
Yeah, exactly.
It's a trillion-dollar industry that you've just stumbled into.
Exactly.
And it's like the data set is like comparatively small compared to some other things.
It's like you can get the key to that box that fits in your pocket.
Yeah.
That's fascinating.
Oh, the only other thing that I have to talk about is not an allegedly.
Okay.
it is that GTA 6
unsurprisingly
got bumped again
No
to win
November 19th
I was supposed to come out this spring
God damn
they push it again
They can't keep getting away with this
They can and they will
They can and they will
It will come out in 2027
All I'm going to say is that
Oh my God
It better be good
they've got what three additional years now of delays
I don't know if I have a system that it will run on at this point
like I bought I bought an Xbox years ago
I mean like this will be the thing I play Grand Theft Auto 6 on
I don't even know man
but by the time it releases it won't even come out with source art
the art will be generated by DLSS at the same time
I mean speaking of
I knew I'd tricker that one for you
I want to talk about yassifying my video games
yes oh man
did you follow that
we're wrapping up there's not much to say about it
but did you follow that whole thing
I followed it a bit I will say that I wasn't as
as super into it as the internet got
I was too busy watching tennis in Palm Springs
that's a much better use of your time
Yeah, so NVIDIA announced DLSS-5, which is the quote, fusion of 3D graphics and artificial intelligence.
Basically, for quite a few years now, Nvidia has been using sort of like post-processing run directly on its graphics cards to up-res graphics in different ways.
Up until four, it had been quite, I'd say, conservative in its treatment.
They put out this video for DLSS-5.
And let's just go ahead and say that the response has been quite mixed.
Really?
Yeah.
I haven't seen a lot on the other side of this one.
Yeah, mixed is the nice thing you say when the word is negative.
The video is basically just sort of like before and after is a line wiping across the screen and you see a normal video game and then the line kind of wipes across.
When I say normal video game, I'm like it's real before and after marketing tax.
here of like, let's do a not great normal render. And the line swipes across. And you have
the sort of uprest thing. And the thing that a lot of people have pointed out is that it, while it
is technically actually distinct from face filters, like the kinds that you get probably on a laptop
or on your phone or in a social media app, the quality that it has and the effect it has on the
faces of characters certainly evokes a face filter, the kind of yassify.
like beauty filter sort of look like everyone got everyone aside from one old woman gets like
really weirdly Photoshop looking and then the old woman's face just sort of like fills in with
canyons and crags like they make everyone really hot but the old woman gets really really like
old looking it's very uncanny it's an interesting piece of technology I think a lot of people
sure don't want this right now if they had run this exact same video but it just had the
effect on the backgrounds, the response would have been entirely differently. But instead, it looks
like a beauty filter on top of art. And that people don't tend to like that. Yeah. So just to give a bit
of background, like DLSS is essentially frame generation technology. So the AI can insert a generative
frame between real frames to increase the performance of games. And notably, like,
cyberpunk was the like, I don't want to say it was like the test launch, but it was like the test
bench for this because that game was so graphically intense, that DLSS was one of the only ways,
even with a $8,000 gaming PC that you could run it at a higher frame rate.
So it's, it's interesting.
It's been interesting technology.
If you play any kind of competitive shooters and stuff like that, chances are you haven't
disabled the entire time because it causes like, like,
Strange artifacting has in the past caused strange artifacting and blur issues.
So typically you left this off.
Yeah.
Like in a precision gameplay situation.
It's like I actually don't want you adding any kind of, like if you think about like scaling up an image.
And it's like, oh, we can fill in the gaps between the pixels.
Be like, no, but I need pixel perfect gameplay because I'm competing at this at like an athletic level.
Yeah, precisely.
So most people that play highly competitive games, just leave a default turned off.
It's more for the cinematic style games where.
maybe you want to play it on your 4K Ultra Wide or, you know, but you want to play it at 120 frames per second,
but your computer is only capable of generating 90. If you turned on DLSS, it might kick it up.
Sure. And it does a pretty good job in those situations. I've only ever used DLSS4. I've never used
five, obviously. But I don't know, it is, it is very strange because it is essentially generating,
it is generative AI on a frame level in a real-time game.
Yeah.
This strikes me as a real sleep on it type situation
because the actual implementation of this in most cases,
I think the demo was done with like two of their best graphic card running
and they're like, we're sure we can get this running on one.
Being like, okay, so this is still in the oven.
Totally.
But the feeling you got when you watch the video is like,
I think you just turned it up way too high
because you turned it up so strong that the people's faces kind of didn't look like
the same person's face.
It was more photorealistic, to be clear.
But it didn't always look like the same person.
And I think that that really feeds into this idea that like, hey, are you trying to betray
the artist's integrity here to try and do a little bit of a graphical boost because that
doesn't feel good.
And it feels like you sort of like heaved us deeper into an uncanny valley situation.
I think that's why it left a pretty bad taste in a lot of people.
mouth.
Yeah.
Whereas if they just tune this and set up on the background and like, wow, the lighting and like model
texture seems really rich on the water because it's, you know, and my brain's rep, the reptile
brain part of my head isn't flaring up because it's not a human face.
People probably would have thought this was just fine.
Totally.
Yeah.
But that's it.
That's it for me.
That's all I've got to talk about.
That's all I got to talk about.
Sora's dead.
Flock security cameras ain't it.
Allegedly.
No, no.
In my personal opinion, the other side of the allegedly coin.
Yeah.
That was fun.
Yeah.
Good stuff.
Well, thanks for hanging out.
Thanks for hanging out.
We'll see you soon.
We'll see you soon.
Catch you in the next one.
Take care.