Hacked - The $5 Wrench Attack
Episode Date: March 2, 2026In this chatty chat episode, we kick things off with a primer on one of the oldest methods of stealing money—made new again in the age of crypto: the $5 wrench attack. It’s a simple tactic, but it... has enabled some surprisingly significant damage. We also cover recent incidents, including the DJI robot vacuum hack, and wrap up with an in-depth discussion on AI harnesses. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
Have you heard the term $5 wrench attack?
I have because I'm a big fan of the cartoon.
You're about to talk about it.
It comes from a comic by the artist XKCD.
The comic is two versions of the same conversation.
One is labeled a crypto nerds imagination.
And the other is what would actually happen.
Two different stories.
In the crypto nerds imagination, there's two people trying to crack a crypto wallet.
The one attacker says, his laptop's encrypted.
Let's build a million dollar cluster to crack it.
And the other attacker replies,
No good.
It's 496 RSA encrypted, impossible to crack.
And the first says, blast.
Our evil plan is foiled.
That's what's happening in the crypto nerds imagination.
The other panel, what would really happen,
the attacker says,
hmm, his laptops encrypted,
drug him and hit him with a $5.
wrench until he tells us the password.
And his friend says,
got it.
That's a $5 wrench attack.
And this comic is the birthplace of this term, which has since entered the lexicon.
Threatening to hit someone with a wrench if they don't give you what you want is both a very new and very timeless way of stealing money.
I bring it up now because last year, 2025, was the biggest year on record for this kind of attack.
In a world of agentic, open claw,
coded, I will hit you with this wrench if you don't tell me the magic password to your money
remains a pretty efficient way of making a buck for a discerning criminal willing to get their
hands dirty.
100%.
And there are patterns in these cases emerging.
Tested methods.
But it's also getting weirder as the wrench attack starts to converge with other vintage crime
genres like extortion.
Allegedly, this month, early 2020.
Two teenagers embarked on a road trip.
Their target?
A residence in Scottsdale, Arizona,
whose owner was in possession of $66 million in crypto,
their wrench, a 3D printed gun.
But the scheme was allegedly not theirs.
There was a voice on the other end of a signal chat
telling them what to do.
So we're going to start this episode here
with $5.00 wrench attack 101,
here on Hacked.
How are you doing?
Well, that's a good question.
How am I doing?
I know you're under the weather.
I'm somewhat under the weather.
It seems to be something going around.
But other than that, I am good.
I've been watching the Internet lose its collective mind since the last time we've had one of these about AI.
I've also been using AI to do all kinds of fun and exciting things.
You have.
You've gone AI mad yourself.
Yeah, I have a bit.
I've taken my master's project on software verification and turned it into a programming language to be used by AI.
That's one of the projects that I've vibed on.
But more recently, I have built myself a massive AI harness, which is pretty phenomenal,
and because it's been just solving any and every problem I've thrown at it without really any headaches.
Giving me more of that dumer-ish thing sliding into my anxieties.
Knowing that AI is very smart, but is very stupid at doing complex tasks, building a proper harness.
You can check it out.
It's on my GitHub.
GitHub.com slash SFW.
It's called Loom.
It looks like perplexity computer is very similar and a lot more polished because they have a team of people rather than just one person, rather than just one person working on it.
But it's very similar.
So it's all about task decomposition, task prioritization, dependencies, dependencies, dependencies, and essentially just keeping the smart AIs that have read everything in the world on track to solving.
complex problems, which is something that like an LLM chat is just tragically bad at.
And OpenClaw, just using, which we can talk about in this thing, because I think we have to
talk about OpenClaw.
OpenClaw is just tragically stupid because it has no ability to execute complicated tasks.
So it just becomes this nightmare scenario of this agent that you've given all this access
to doing stuff.
So I built Lume as a plug-in to something like an open-clothed.
to let it actually be good at doing things rather than how I found OpenClaught to be.
What about you?
How are you doing?
How are you doing?
I've built robot god.
Yeah, I sent you perplexity computer because it seemed relevant to what you were working on.
I'm sure we'll talk about it.
I love just, I love announcing that it's just on your get to the world.
And we're just going to see how this goes.
I think that's fun.
Yeah, to see how it goes.
Yeah, sure. Just put it out there. I'm sure I'm sure hijinks will be had.
Good fun. I'm good. I've been reading a lot about people threatening people with wrenches.
Okay.
I've been working on totally unrelated stuff, working on game stuff. I've been good. I've been grinding forward.
And yeah, not feeling the best, but got that show adrenaline. So I'm feeling really, really good.
Okay. Yeah, that show adrenaline, you know, courtesy of Tylenol.
The DayQuil Corporation or whoever makes that.
Yeah, you got it.
Yeah, you got it.
Yeah, we haven't also done a like nice conversation episode in a while.
We had a whole bunch of like in-depth interviews that we wanted to get through.
And now we just get to kind of vibe and talk about a weird, a weird thing.
A weird time in mankind, humankind.
A weird moment in history.
So we're going to talk about a few things this episode, obviously.
But we're going to start with a survey, a little guided tour through the world,
to $5 wrench attacks.
So that opening story from the intro,
I want to dig into that a little bit,
and then I want to talk about a few other ones
because there's plenty.
I found a really cool research report that dug into this.
And there's some fascinating stuff in here.
Which brings us to Scottsdale,
Scottsdale, Arizona, Saturday, January 31st, 2026.
A recent.
It's more, very, very recent,
which is kind of why I'm talking about it.
This story opened the floodgates a little bit.
I realized, oh, this is a whole thing.
Scott Stale Police respond at 1044 a.m. to a residence in the 9,800 block of Windrose Drive.
Officers arrive to find a home invasion in progress.
Officers get to the front door and they notice like a woman yelling inside, a younger suspect struggling with an adult.
The police forced their way in.
The two younger like suspects rip out the back.
Investigators say the suspects allegedly posed as delivery service employees to get access to the house.
A tactic that as we go through more of these stories, we're going to see.
echoed. It would be a stressful time to be a delivery person when a lot of people are pretending
to be delivery person before threatening you with a wrench or a 3D printed gun.
So court documents say that two adults were restrained with duct tape and assaulted while
the suspects demanded access to cryptocurrency allegedly worth about $66 million a time
of recording. Reporting, this all just happened, but it indicates that there was a third resident
who was in the house at the time of the invasion who hid and was able to contact law enforcement
from another room. Probably the thing that differentiated this from a successful theft and an attempt.
There was one other thing that might have twisted it. We'll get to that in a minute.
Okay.
Cops chase the vehicle with the two people ripping out the back. Pursuit ends when the suspects
drive to a nearby strip mall shopping center area and hit a dead end. They're taken into custody.
Local reporting identifies the suspects. We are not going to say their names because
is their teenagers.
Their names have been published,
but we don't really know what happened here.
We don't really know if this was a crime
with extortion as an excuse
or if these teenagers were extorted
into doing this crime.
So we're not going to say their names on the show.
But, and this is the important part,
court documents pertaining to this case.
And again, six weeks ago,
say the teens had recently met
and were extorted by individuals on signal
known only as red and number eight.
Yeah.
So we have a weird combination of like classic crimes
threatening someone with a wrench and forcing someone to do something they don't want to do,
potentially.
Sounds like a movie I've seen recently.
I can't remember which one it is, but all about, you know, manipulating people and
leveraging things to make, oh, you know what it is?
It's that Idris Elba show that's on Apple TV, uh, hijack.
Okay.
If you haven't seen the new season of it, go check it out.
Go check it out.
It's literally a plot of a Black Mirror episode for context.
There is, there's variations on it.
There's, and we're not suggesting that.
the reason that character was extorted are why these teams were extorted at all.
But there is literally a version of this in Black Mirror.
It is not Black Mirror-esque.
It is textually Black Mirror.
Court documents reporting say they were sent from California with like a thousand bucks
to buy the supplies for like disguises, restraints, burglary tools.
We only, that's kind of all we know about the extortion process so far if it did occur,
but it allegedly occurred on signal.
Now, the other thing that might have busted this, aside from the person that was in the house that hid and called the cops, there's a mom in this story.
Meanwhile, another call that might have unraveled it.
One of the teen's moms reportedly contacted authorities after finding text messages describing in great detail, dressing up in a delivery uniform and committing a burglary.
She contacts the California authorities.
They contact the Scottsdale police, but at this point, the invasion was allegedly already underway.
Forening says police later found a 3D printed gun.
Police noted that had no ammunition in it and its functionality, like whether it actually
worked was totally unclear.
So we start there with the most recent one of these things.
An attempted $5 wrench attack may be the result of an extortion attempt.
What we don't know if the teens were actually coerced, if so, how?
Like what was the sort of like blackmail method?
We obviously don't know who read in number eight are.
And we kind of know that the wrench in this.
story was a 3D printed
gun. Did they print it themselves? Is that detail
public? Or did they...
That's not currently public. Or I couldn't find it.
But you bring up an interesting question is like,
the wrench here was a 3D printed gun.
If you take a pretty bird's eye view of this,
the wrench almost never takes the form of a wrench,
but it takes really wildly different forms.
Like what is the physical coercion method?
It's like really different across all these stories.
Self-preservation is a massive.
motivator for people.
A hundred percent.
Even a $5
wrench is motivation enough.
I think I would prefer a 3D printed gun
over a $5 wrench.
Yeah.
No one wants to get hit with a wrench.
Exactly. Exactly.
So I want to go back in history
a little bit while we're just hanging out on this topic.
I want to go to kind of
we'll call it the first of one of these.
Story of a guy named Hal Finney,
new story.
This is way back in May 2014.
one of Bitcoin's kind of like earliest people, a developer working on the project, guy named Hal Finney, became the target of what is now sort of recognized as one of these, the first of these verified crypto coercion cases.
See if you can spot what the wrench is.
May 29th, 2014, 1125 a.m. Santa Barbara County Sheriff's Office get an emergency call.
And it's basically like, it's a SWAT attack call.
Caller claimed they'd murdered their family and they were going to burn the house down with more people in.
it like horrific. Swat team shows up, helicopter circling overhead, neighboring homes are all evacuated,
schools are put on lockdown, the call was obviously a hoax. And when investigators and reporters
dug into it, they were able to tie the incident to an extortion demand for a thousand Bitcoin.
There had been a caller who was allegedly making threats to Finney for months, demanding payment,
threatening to expose personal information if the demand wasn't met. And the result of all of that
was the swatting incident.
in the aftermath, there were additional false emergency calls made.
The FBI records later described the episode explicitly as a swatting incident tied to extortion, demanding Bitcoin.
They opened a formal investigation.
They kept digging into it until like 2016.
There's a most likely suspect.
I think no one was ever actually arrested for this.
But this was, from what I could see going through this Cambridge report, one of the first uses of sending a physical threat to a home to try and extract crypto.
But interestingly for this one, the wrench was like the emergency response system.
Yeah, that's true.
Use the police force to your favor.
A little bit.
This is just classic robbery.
It's just that the target is not the cash that we know.
It's crypto.
So it's like, hey, you're a rich person.
I'm going to take your money.
Or I'm going to hold somebody hostage.
Or I'm going to send the SWAT team to your house.
Or I'm going to hit you with a $5 wrench.
Exactly.
But give me your money.
Give me your money.
There's this sort of full circle thing to it that I was going to get to later, but we'll talk about it now.
There would have been a time when all of your most valuable stuff was in a room or a safe or a vault somewhere in your house.
We invented a banking system to sort of like remove that risk from the individual and put it on to someone else.
You pay a lot of money really for the luxury of having someone assume responsibility.
Even that wasn't enough safety.
So we like federally insure it and do all of this stuff to keep that money safe.
but the second you cold store that and you bring it back into the home and it's just a physical thing that's in my house.
It's like you've recreated the safe.
Totally.
The lynch pin where someone can come in with a wrench and say, if you don't give me that, I'll hit you, has come back.
But the scale of what you could keep inside that vault has gone through the roof.
Yeah, it's no longer piles of cash wrapped in paper bands and, you know, gold bullion that weighs tons of tons.
it's just a tiny little USB cold wallet full of crypto.
What's old is new again, but the gold weighs less.
Yeah.
So that was one of the earliest I could find.
Let's swing over to one of the biggest.
This one's a little bit cheating because it's not one, but it's an interesting story,
so I want to talk about it.
It's a decade later.
Prosecutors in this case describe a much larger conspiracy, something a lot more industrial.
Court filings unsealed in 2024 and 2025.
Federal authorities alleged the existence of a coordinated,
call it like social engineering enterprise,
that stole more than 4,100 Bitcoin from a single Washington, D.C. based victim.
At the time, that hall was worth between, call it, 245 million and 263 million,
depending on like the day and the hour.
According to the indictment and, like, memos of people arrested to do with this,
there was a group operating in layers.
Enterprise had allegedly started in like 20, 23, a couple of years prior growing out of like online gaming platform relationships.
We've talked about this kind of like...
They turned into a crime syndicate.
Again, like we've talked about this so many times of people meeting on like Eve online and being like six months later, they were extorting someone or whatever.
It's like people meet in the weirdest ways.
They come up with schemes.
The members of this operation took on specialized roles.
There'd be like callers, technical operators, money launderers.
And in some cases, the reason we're talking about it, people deployed physically.
Enforcers, as organized crime used to call them.
A goon, if you will.
In August 2024, conspirators allegedly generated like a fraudulent Google security alert
to make it look like the victim's account had been accessed from overseas.
shortly after that fake alert,
a caller posing as a Google security team member contacts the victim.
That call is escalated to someone on like the criminal side
pretending to be like support staff at the cryptocurrency exchange that they were using.
The victim, through all of that gets persuaded to install remote desktop software.
Classic.
I just don't get how you have a quarter billion dollars in crypto and know not to install
remote desktop software on your system.
Like, I have to assume they didn't know they were installing that.
I have to assume they clicked to prove on something presented some other way.
I just, I can't bring myself to believe that.
But I've been wrong before.
Yeah.
I feel like that's such a basis of so many frauds these days.
If somebody's sending you a team viewer install or some kind of desktop remote support
control system, you're definitely about to get robbed.
Over 4,100 Bitcoin are allegedly transferred.
So far, not a wrench attack kind of cybercrime crew until in one of these cases, cold storage stands in the way.
And then it gets real wrenchy.
Wrenchy is the new adjective.
Yeah, in my notes, it becomes a very, it's like I discover it there and then I use it a bunch.
Renshy.
See, it's got to get a little wrenchy.
In a separate July 24 incident described in this like kind of larger indictment that I was going through, a member of this enterprise flies to New Mexico to break into.
a victim's home in search of what they discovered was the hardware wallet where the information
they wanted was being stored. They get there and the victim wasn't home. The physical wrench
intruder wasn't working alone. It's hard to wrench somebody when they're not there. It's hard to
wrench someone when we're not there. Prosecutors alleged that another conspirator then starts monitoring
the victim who they'd been socially engineering for a while monitoring their physical location
through iCloud tracking.
Because again, this has been going on for weeks.
The person finally goes to physically do it.
It's like the person's not there and they go, oh, maybe this is okay.
We can see where they are.
You sneak in.
You find the cold storage wallet.
But if they had access to their eye cloud or had their location shared with them,
one would assume that they had access to their eye cloud.
And if they had access to their eye cloud, I can't.
You've got to be able to figure out a more creative way to get into their Google.
like Google Drive.
The Google was the first case
that sort of like lays out the structure
of how the crew works.
This one in New Mexico is when they start going,
you know what?
We can do wrench attacks.
We can physically just go.
We can rob people.
I don't know.
This is all allegedly.
You have money.
I have a wrench.
I have a wrench.
You have money.
Let's do this.
Let's tango.
It's like people are rediscovering basic crime.
It's that's what this is.
Like, I'm reading all of these stories, me like, wow, that's a variation on this.
And at a certain point, you're like, it's just the, it's caveman shit.
Yes, it's like, literally like, I want what you have and I shall take it and you can't stop me.
And because of the, like, think what you will about it.
Like, is there cool stuff about the decentralized nature of it from a tech perspective?
Of course.
But like, this is the vulnerability is that if you truly, if it's your keys, your wallet, then like, well, I'm going to take.
them. Yeah. The vulnerability is that we would like to preserve our life. And if you threaten that
with a wrench, whatever that wrench may be, chances are you will get me to give you whatever you
need to preserve my life. And because it's untraceable and unclothackable. And we were covering
like four years ago the like tumbling process of how to launder this stuff, which is industrialized.
You don't need to open a laundromat. You can go to the white label laundromat service and they'll do it for
you. Once you get it, it's fine. We were having this conversation with my wife the other day
about how everybody, about the history of the anonymity of crypto, how when crypto came out,
everybody thought it was this anonymous currency. The FBI quickly learned that it wasn't
very anonymous and that they could literally just backtrace it all and link it up.
And there are services now that try and make it more anonymous, but I'm sure the FBI has
compounded their ability to backtrace and is probably pretty good at it.
I think if you're sufficiently technical, it can be anonymous.
Like there are, and define anonymous, right?
Like, where, what is the level of detail you're looking for?
Like, it's not so anonymous that we can't track billions of it going into like North Korea.
But like, I can't tell you who in North Korea has it.
It does, it's fundamental architecture does allow for some element of anonymity.
It's just a question of like, are you better at, are you better at,
Are you that technical or are you just good with a wrench?
Are you that technical or you just good at lying to someone getting them to install some software, which is a hard thing to do?
But it's really difficult than the like technical sophistication to truly do this anonymously.
Just different skill sets overlapping in the big soup that is hitting someone with a wrench.
This isn't cybercrime.
This is just crime stealing cyber assets.
A little bit.
It's kind of, it has, it's all woven together.
but that's sort of what's interesting about it.
Yeah.
Results arrested in California and Florida,
May 2025,
big indictment expanded this to include a larger enterprise,
but yeah,
over like a quarter billion dollars all in.
So we've got old,
we've got big,
but neither of these are sufficiently wrenchy to me.
SWAT team as wrench or the guy wasn't there for us to wrench him.
It's like,
I want to really lock in on the core premise here,
and that's going to take us to San Francisco.
I want a real wrench.
I want a real wrench.
I want a real proper wrench.
2025.
And what we will learn is like a very camera saturated, wealthy neighborhood in San Francisco.
A home invasion goes down.
First estimates that I saw pegged it at $11 million.
There were later police reports that sort of like expanded on detail and push the number to about $13 million in like kind of total theft.
Familiar story.
Suspect walks up carrying a white shoebox carried in like.
like dark clothes, hoodie, gloves, sunglasses,
kind of angling their face away from the camera a little bit.
They buzz in, ask for someone named Josh,
claim to have a package,
ask if the victim can sign for it.
And then when the door cracks open, says,
hey, do you have a pen?
And after the victim, like, kind of turns away a little bit,
says they're going to look, suspect bursts inside,
out of camera view.
There's like a loud bang.
Police say the intruder brandished a gun,
kind of hit the victim, tied them up, duct tape.
Rensed them.
Proper wrench stuff.
And they flee with the victim's phone, a laptop, and access to an estimated $11 million in cryptocurrency.
Cops show up a little while later.
Victims like hurt, but they're non-life-threatening.
They're going to be okay.
There's no arrest made soon after.
It's like a proper home invasion.
It's a proper home invasion.
The victim reportedly, and another recurring motif here, the victim reports that the intruder starts a phone call while they're in the room, and a older man with a, quote, raspy voice provides instructions for giving overactivity.
access to the wallet. So we have this recurring motif of like there's a third party somewhere else
who's kind of beaming in to sort of like conduct this whole home invasion.
Sure. This is like the muscle, the goon. And then there's the brains. And you're like,
the brains and the brawn. And this gets speculative, but it's like, hey, you, you burst in,
I'll force them to do what we want them to do over the phone. And if you get caught, you can say,
forced you to do it too.
Like I can't help but
imagine how this
would all go down, which is relevant to the other case study.
It's very interesting.
Police records, as reported,
describe the theft as approximately $3 million in Ethereum
transfer to the victim's phone and another 10 million
in Bitcoin transfer from the victim's laptop
to the person on the phone
directing the intruder how to kind of do all
this stuff.
They're talking all kinds of big game.
They're claiming cartel affiliation. Who knows at that
point. They threaten the victim. They like douse the house with fluid and kind of a like,
we'll burn this house down sort of vibe. Real wrenching it. Like a real proper proper
just a straight up home invasion. I shouldn't laugh about it. It sounds to be the laugh at,
but I know what you mean. Like it's it's hard. You get enough of these stories strung together
and it's kind of a statistic versus tragedy type situation. One of the things that makes me
wonder is, you know, we had money. We put it in bank.
banks, we put it in safety deposit boxes. Now we have digital currency. We put it in cold storage
wallets. You know, we hide it under our bed. Are we now going to go full circle where we now put
the money in our cold storage wallet and then our cold storage wallet into a safety deposit box?
Because I assume that's where we're going. Yeah. I mean, that makes more sense than keeping in your
house, respectfully. Like I really do appreciate the sort of like general institutional distrust
that leads people to storing their wealth this way.
But it's like you just have to acknowledge that you're keeping like a Faberje
egg in your house.
And maybe to you that feels like where you want to keep a Faberge egg,
this very small, very stealable.
I want to be able to see it.
And it's like there's a cost benefit to that,
which is that if someone can physically get into your house,
it's theirs.
And as we've learned from these stories,
that's a really, really big carrot if you in any way publicize the amount of crypto wealth you have.
A big part of crypto wealth seems to be for a lot of people getting to talk about it on the internet.
And you're constructing a pretty vulnerable situation.
Like no one's going to go through this much effort if they don't know you have $10 million in crypto.
Totally.
So like, just know that.
How do they know?
Well, because you're on X every day.
Because you're on X talking about it.
But how you're how you're hustling grind has led you to live this lavish life.
And suddenly people are hatching schemes that are economically rational.
Like this one, there was like multiple numbers in Los Angeles ordering pizzas to that victim's phone paid for by like anonymous credit cards that have been booted up that day.
Like again, it was a scheme.
It was a heist.
People, some of the numbers were connected from out of state.
So it was people coming from around the country doing this multi-day operation converging on this house to do this.
It's like, yeah, that's just to show up with a wrench.
A lot of money.
Just to show up with a wrench.
Just to show up with a wrench.
And there's so many of these.
Like, I won't go through all of the details here.
There was a 13-hour siege in like a metro Vancouver suburb.
And again, it was a fake delivery person like same pattern.
There was the longest one I could find took place in Soho, New York.
It was a two-week custody battle.
This one, it was like a summons, a person allegedly lured the person.
to New York to come to their like luxury townhouse where they abducted them,
locked them inside and like for lack of a better word, tortured them for two weeks
until they gave over access to their Bitcoin.
Wrench them.
And they got them to come to the wrenching site through allegedly again extortion.
They found something out.
They made the person come to them.
And then they just locked the door and were like, give me your money now.
There's endless variations.
There's this pattern emerging of like.
the fake delivery person, the shadowy voice on the phone that the physical assailant puts on.
But there's such also a huge spread in how long people are held and what the sort of coercive
method is.
But it's all hinged on this idea that if you truly control this asset physically, locally,
in your house, and people know about it, they might come with a wrench.
The, like, crypto is long, you know, I'm thinking back to malware attack.
you know, bit locker attacks.
Organized crime kind of floats around this space.
And they'd be remiss as organized criminals to not realize that there are people on the
internet bragging about the tens and hundreds of millions and billions of dollars in
crypto they have that they can easily take through a tactic that they've long perfected,
wrenching.
Rrenching.
Timeless.
Timeless tactic of wrenching.
So I said to me, this isn't surprised me at all.
This isn't like a sophisticated cyber criminal operation.
This is just somebody who's like, yeah, we know how to access this money and how to
launder it.
We do it already.
This person has, you know, is bragging on the internet about their million dollar ape
image and their $20 million crypto wallet.
We'll just go take it.
And if they don't give us the access keys, we'll wrench them until they do.
Yeah.
There's clues, right?
Like even if the tweet doesn't say I have this much.
money in my house. The tweet saying, here's how you make this much money or here's how I made this
much money or that kind of humble brag tweet. Here's all my lamboes. Here's all my lambos. And then five
months later, some posts somewhere else that talks about the importance of local storage and blah,
blah, blah, and your keys. It's like it's a very easy puzzle to solve where this person's money is.
Totally. It sounds like it's in their house, if not their pocket. Got it. Like, like.
It's amazing the tiny clues that we give away about ourselves.
You know, if you were to go through somebody's timeline, if they're an avid tweeter, something like an Elon, if you really sat down and digested it, put it into knowledge graphs, you could probably figure out most things about someone's life like that.
Yeah.
Actually, just this morning, I actually read an article all about how LMs can deduce who owns an anonymous account on the internet.
So if you have a very active anonymous account on the internet and you talk about personal items, you know, places you used to work, things you did, where you ate lunch, LLMs are actually incredibly good at stitching those details together and then evaluating them against, you know, other public records like LinkedIn's and other public accounts that have connections to people and actually can do a relatively good job at putting these things together.
and figuring out who an anonymous account owner is.
Sure.
You send some agentic thing on the task of figuring out
who this anonymous crypto whale is
and then you go to their house with a stick.
With a wrench, yeah.
Yeah, 100%.
So if you're interested in this subject,
which is weird and kind of dark,
but it feels like the inevitable conclusion
of like physical crime and hacking,
smashing into each other,
two good sources I'll point people towards security researcher
Jameson Lopp
maintains a public list of like known physical Bitcoin.
attacks.
Like you've got a good database.
You can go read it.
I got a lot of this from that.
And the other one is there's a Cambridge study from 2024 called the Cambridge
AFT 2024 study.
And it, and I'll end this subject here, reports a really interesting thing that is for
as many of these as we know about, it stresses how big an issue under reporting is when
it comes to trying to study this.
Basically saying, like, these people are really scared of re-victimization.
you've been threatened, someone came to your house, and they're saying, if you say anything,
this will happen to you. And so they don't. So for as many of these as we know about,
billions of dollars that we have access to seeing having been stolen this way, there's probably
even more than we don't. Think about the last time you heard a breach story on this show.
It always starts the same way. Someone somewhere saw something too late, an alert buried,
a signal missed, an SOC that just couldn't keep up. Arctic Wolf set out to solve that problem
by rebuilding security operations from the ground up for a world where attackers are already using AI.
They created the Aurora Super Intelligence Platform, a fully agentic system powered by the swarm of
experts. Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic
agents that handle whole entire workflows. Humans stay in the loop and on the loop to validate
the critical decisions and keep everything trustworthy. And all of this is just off running on
their secure operations graph, a constantly updating intelligence engine
fueled by more than 9 trillion telemetry events every week and over a decade of real-world
incident response.
The system reasons on real signals and real context, not synthetic training data.
And the result is the new Aurora Agent SOC.
It's the first SOC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven
decision reflects your environment instead of generic assumptions.
The automation frees your concierge security team to focus on higher value strategy
and proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually looks like,
Go to arcticwolf.com slash hacked.
Never feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turn defenses on their head.
Organizations around the world saw headlines they never expected,
and cybersecurity teams were tested like never before.
But here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th, diving to the most impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just what happened, but why these attacks succeeded.
And most importantly, what businesses can do to fortify their defenses for it's too late.
You're going to walk away with real insights into how threat actors are evolving, how defenders are responding, and what strategies can help you stay ahead of the next big breach.
It's not fearmongering.
It's practical, actionable, intelligence from experts, and
the trenches. Register now at arctic wolf.com slash hacked.
Where should we go from here? Where should we go from here? There's so much has happened since we've
last done a chatty chat. Did you hear about the DGI, the DJI guy?
DG, DJI guy. Yes. It's actually hard to say that's like the robot vacuum guy.
Yeah. I did, but remind me. It's pretty good. And I like DJI's products. I have a microdrop.
Gimble. I have a little drone. I have a little good. It's like their stuff is really good.
Researcher Sammy Asdufal, he was like a, he's an AI strategy lead at a vacation rental company.
So he buys this thing called a DJI Romo, which is like a really apparently very good minus what we're going to talk about.
Home robot vacuum. Totally. It's like it's a really good one. It's got all these fun new features.
People seem to really like it. And he goes, I want to be able to control this little robot with a PS5 like controller.
which is a sick thought to have.
And I like your style, Sammy.
I remember the story and I know where it's going.
Yeah, it's really good.
You're going to like it because it ties into some stuff I think we're going to talk about.
He's like, I'm going to make a little custom app.
I'm going to be able to control my robot with my game pad.
Sick idea.
He uses Claude Code to reverse engineer the DGI like robots protocols.
And he found out that the little app that he was building didn't just talk to his vacuum.
It was able to connect with the full DJI vacuum global fleet.
This was beautifully reported in The Verge.
Go check the source out on us.
Within nine minutes of a live demo,
As DuFall's laptop had cataloged 6,700 DGI devices across 24 countries.
100,000 messages had kind of just like poured in.
He then expanded it a little bit and was able to include DJI power portable stations,
the power stations, which share the same servers as the robot vacuum,
giving him access to like 10,000 devices.
He was able to stream live video and audio from the devices.
These are again in people's houses.
Yes.
Just fully bypass the security pin that was supposed to be necessary.
The robots send little like data packets every three seconds,
just basically checking in being like, here's my serial number.
Here's the room I'm in exactly.
Here's the obstacles.
like actual geographical environmental data about the house beyond the camera feed.
Got all that.
But can it tell us where the cold wallets are?
I mean, if it's on camera, literally yes.
Or if you talk about it because there's microphones on these.
It was able to access like complete 2D floor plans showing the like shape of the house.
Pretty useful if you wanted to wrench someone.
Anyway, so Verge wants to report on this and confirm that this is real and to make sure that this is an
all just like AI hallucinations making stuff up about a person's house because the robot thought
that's what you wanted it to do.
They provide a serial number of a review unit operated by one of their staffers, a reporter
named Thomas Ricker.
And with just that 14 digit ID, as Dufal was able to identify the robot was cleaning
in his living room that it currently had an 80% battery.
Like he just had access to it.
He was able to generate an accurate floor plan of the specific room that the reporter was in
at the time of reporting.
absolutely insane.
I would be so tempted to just use my PS5 controller and just drive these,
just drive random people's robot Vax around.
Right.
Just like pester them, like follow them around the house, like bumping into their ankles.
Just like, I don't know.
You could have a lot of fun with this terrible breach, terrible, terrible, terrible security.
Very bad.
But kind of comical in certain aspects.
100%.
A spokesperson, like if you are a DJI owner,
there,
spokesperson Daisy Kong has stated that the issue was resolved.
February 10th following an internal review as a result of this reporting.
The system in a real sense worked as it should.
A security researcher found a vulnerability.
He went to the press with it.
The press reported on it.
The company has allegedly patched it.
But it is,
there have been so many stories of someone very cavalierly sinking an agentic system
on pressure testing.
Some external system they have.
have nothing to do with and just being like, oh, I found the giant glaring security vulnerability
that no one had caught yet.
Yeah.
What should I do with this?
And Sammy as Dufal just happens to be a really chill, seemingly cool guy that just wanted
to control a robot with the PS5 controller, so he didn't be evil with it.
But it's pretty interesting to imagine.
Well, that is a nice transition to something that I sent you yesterday, which is they're looking
at integrating Cali Linux.
So if you don't know what Cali Linux is, Cali Linux is.
Kelly Linux is kind of like the infosec operating system.
So it comes with all of the security testing tools.
It comes with all the penetration testing tools, man in the middle tools, comes
with everything.
It's an operating system that's useful for that.
Yeah, it's like an operating system that's built for red and blue teams, quite literally
what it's for.
But it includes all of the security tools.
It includes all the audit tools.
It includes all of the attack tools.
It includes so much stuff.
because you're supposed to use it to help secure your environment.
And they're now figuring out ways to integrate it into Claude.
So essentially giving Anthropics Claude access to all of those tools.
So the agents themselves will be able to run the audits, use the tools,
potentially execute the exploits, things like that.
And you pair those two scenarios together where you're talking,
about how now we're seeing so much security breaches link back to AI. Imagine what AI is going
to be capable of once we give it the full toolbox. Sure. It feels like we're moving towards
like what can we do with these things when we just kind of give them a computer as opposed
to having them running on some server somewhere. And the answer is more. There was a
there was an incident that happened recently. It was like there was a breach of 150 gigabytes of
Mexican government data.
Yes.
And it was, and this is just, we're back to like, do you even need to give it access to a
computer?
And there was a tweet that summarized it pretty well.
And this is oversimplifying, but it was basically, tell Claude you're doing a bug bounty.
Claude initially refuses, says that violates AI safety guidelines for security.
And the hacker just kind of kept asking in different ways until Cloud said, okay, sure,
I'll help.
And then just hacked to the Mexican government.
And like federal tax authority, national electoral institute for state governments,
195 million taxpayer records later, like out the door because you asked a robot enough times.
Yes.
So it's like, is it even necessary?
Do we even need these elaborate systems when it's just like, but if you just ask seven times,
it will do it eventually.
But it'll get better at us.
Like once it has.
Yeah, it'll do it in one time.
No, no, no.
You'll still have to equal coffee your way past.
the guardrails.
But like, so they've given Cali the full operating system, they've made it an MCP server.
So essentially if you have a Cali Linux box, like say your penetration testing computer,
you can have it run an MCP server and then you can tell Claude Co-Work or Claude
desktop on your, you know, other computer to use it as an MCP server.
And it'll just send it prompts being like, port scan this, do this, look at this,
verify this, map the network this way.
It'll just do everything
through this MCP connection.
So it's going to be,
it's just going to get more and more and more powerful,
which is both like it's a double-edged sword, right?
Because it's like we're going to see more stories
like the Mexican government being hacked,
but then you're going to be able to hand small organizations
the ability just to be like,
run a security audit on our network.
And, you know, cloud will do that
and do a pretty dang good job of it.
So you're going to get it on both sides.
You're going to get it on the attack side,
but you're the red team side,
and you're also going to get it on the blue team side
of like, how do we secure our network better?
And it'll be like, oh, I noticed you're running
Cisco switches of this brand,
change these settings to this, turn off this.
That's good.
It's good that you can use it on a blue team side of things,
but it feels a little bit like, yes, we invented the super virus.
But with it, we invented the super cure.
It's like, no, I just wish the supervirus didn't exist.
Like, it's still bad.
It's too late.
I know, I know.
I know.
You can't go back.
There's simply nothing we could do except stop.
No, I hear you.
It's the genie is out of the bottle.
The genie is out of the bottle.
The genie is profoundly out of the bottle.
Yeah.
Let's talk about the genie.
Like the, what's done on the AI world for the last couple weeks has just been not a couple weeks, months.
Yeah, you want to talk open claw?
Like, what are you thinking?
I think we.
start there because that's the hook
that everybody knows. We missed
it because we had the
Casimir interview.
We've been doing some
reporting. Let's do some gabbing
about claws. Open and
closed. So this is a
refresher if you haven't somehow
have avoided hearing about
Claudebot, OpenClaught,
whatever the names have changed.
Yeah, changed. They got sued byanthropic,
whatever. Claw sounds like
Claude. They didn't actually get sued. They got like
exist.
Yeah.
OpenClaw came out.
So it's this programmer.
I think he's what, Norwegian?
Peter Steinberger.
Apparently came out of retirement.
He built some PDF software back in the day, kind of retired from it.
Younger guy, probably in his late 30s, early 40s.
And he caught the vibe code bug, you know?
And I get it.
It's like, man, I can create all these things without having
to spend, you know, a hundred months programming it.
It'll do it in 45 hours.
And he's been vibe coding up projects,
vibe coded up like 40 or 50 projects.
And then one of them just happened to be this thing called OpenClaw,
or what is now called OpenClaw,
would be a better way to say it.
And at the root of it, all it really is is an LLM agent
that can talk to you through other channels
other than just a chat window.
So you can set it up on Telegram.
Slack, WhatsApp, IMessage.
Discord.
And then the other thing that they did is they put essentially a cron job in it so that it has a heartbeat.
So every 30 minutes, it reads an instruction file for what to do on its heartbeats and executes it.
And that's really the two main progressions that it made.
I feel like there's a third big element to it.
Okay.
Hit me.
You got the heartbeat.
Yeah.
You got the where you talk to it.
And then you just have shell access.
Well, yes, yes.
Like it's running terminal commands.
It's accessing local files.
Yes.
It is not existing inside of a browser on someone, fundamentally someone else's server.
It's like it has shell access to that computer.
It is using that computer.
Yes.
At a more granular level than most users use that computer.
Yeah.
So I set it up.
I had an extra MacBook sitting around.
So I threw it on there.
I segmented it off into a secured VLAN in my
home network so I couldn't see the rest of my network. Like I took some safety precautions with it.
But I gave it instead of instead of like there's multiple ways to set it up. And the way that it was
kind of proposed is like this is your personal assistant. So give it access to like run it on your
computer. It'll see your files. It can access your calendar, your email. It'll help you do things.
And it's like I totally love that idea. But at the same time, a piece of unverified open source
data is not getting rude access to my life.
No, I would have, I would, that was when I, when you and I first started talking about this a few
weeks ago, knowing that we weren't going to be able to talk about it.
That was the first question I think I asked it.
It was like, on your personal computer, you're like, no, no, no, no, no.
I was like, oh, okay, cool, cool, cool.
So I set up Mitch.
Mitch has his own computer.
He has, I just shouldn't say he.
They have their own computer.
They have their own email access.
Like, I set them up a Gmail.
I gave them all of the things.
And the first couple of days, you see some pretty serious flaws.
It's got some pretty serious.
Interesting.
Yeah, it's got some pretty serious memory issues.
And that's very highlighted by one tweet.
The head of, I think she's the head of AI safety at Meta.
Okay.
She set up OpenClaw as her own personal.
as her own personal assistant, gave it access, gave it root control of her life.
Hilarious.
Yes. Summer, you? Sorry if I mispronounced your name. Safety and alignment at Meta Super Intelligence.
Previously, the VP of Research at Scale AI, worked a deep mind on Gemini, a bunch of other things.
Somebody who's in the AI space.
Really knowledgeable.
Really knowledgeable.
Posted a hilariously humbling tweet for somebody with those job titles.
showing, open claw nuking her mail inbox, just bulk deleting everything before a specific day.
And her response to it was like, I told you not to do anything and delete any emails without explicit approval from me.
And it's like, oh, yes, I remember and I totally violated that.
You have a right to be upset.
I did bulk trash and archive hundreds of your emails without showing you the plan first.
It broke your rule directly that you'd set.
I've already written a new entry into my memory.md file as a hard rule.
It's terrible.
It's terrible.
This stuff happened to me all the time.
Yeah, sure.
You could tell it to do something and make sure it does something a certain way and it never does.
And this is one of the, this is what led me to build loom is because I just get so annoyed of LLMs being like, yes, I heard you.
I'll make sure I do that and then never doing it again.
Like there's really no validation on any of the rules you set on.
them. So somebody giving root access to your life to an agent that really doesn't listen to you
is kind of not for me. Yeah. It's the kind of like trifecta of super high privilege access to private
data with external output is like, yeah, I can see how that would be useful. But I,
and maybe it's just having made this show. It's like I, I, but first I see.
how it could be potentially catastrophic.
So far, there's been,
there's two little things that pop into my mind
that have happened over the last month.
There's like a AI coding tool called Klein.
And a guy was able to get it
to install open claw in thousands of developers' machines.
Like basically a prompt injection
to feed instructions into Klein.
And so for like eight hours,
anyone who installed Klein was also having OpenClaught
like backdoored onto their system.
And again, it has like, like shell access.
And then the other one was.
And this is,
instructions over telegram?
Yeah.
Yeah.
Yeah.
Yeah.
Yeah.
Yeah.
Like your computer can be controlled
from someone else's telegram channels.
Like, cool.
That's, that's,
that's sick.
Um, then the other one,
it was just the sort of like one to punch.
So as open claw was sort of coming into the zeitgeist.
Mm-hmm.
there was another thing happening called MaltBook.
OpenClaw came from, like the names are all stupid,
but the basic premise was that someone had cooked up a social network
exclusively for AI agents to talk to each other.
It was kind of not really that.
Like it turned out there was a lot of prompting going into it.
It was a little bit of a lie.
A lie.
Yeah, I feel like I could say that.
But the thing that I found fascinating about that,
As this thing was happening, people were like, oh, my God, this is remarkable.
We're seeing into the brains of these things and they're talking and they're developing their own culture and blah, blah, blah, but it just fully collapsed due to security negligence using these tools.
Because it was vibe coded and built very quickly without any kind of standard security checks, using these tools, people were able to find some very fundamental access to this system.
1.5 million API keys and 35,000 email actresses, email addresses get exposed, private messages between the agents.
just sort of collapsed under the weight of its own poor security because it was made with
and then torn apart by these same tools. Yeah. Just to jump back to security, like the mass
installation prompts, prompt injection, obviously these things are super susceptible to prompt
injection because they're kind of autonomously doing all kinds of tasks. So they're reading websites.
They're pulling in source files. People are jacking prompt injections into alt text on images
and things like that, just so that when they're parsing and reading through the HTML of a web page,
all of a sudden, bang, they can hit like a prompt injection.
There's a bunch of security, like, aspects.
Like, I know one of the big things, after it blew up, everybody got really excited about it.
There was so many content creators.
Like, all X is people talking about OpenClaw.
Yeah.
And about how it's automating their life and doing all these things.
And it's like, yeah, sure.
Sure.
It is.
And all you're talking about is all the time you're spending.
figuring it, setting it up,
making sure it doesn't lose its mind
and delete your file system or email account.
I will say,
it is a good proof of concept.
It shows that there is an appetite
for an always-on-a-gentic layer
that can integrate with more than one system.
And there have been examples of people
that have really set them up
in really clever ways
with a lot of customization to be really functional.
I have a question.
Shoot.
Describe that to me because I understand the core premise of this.
There's a heartbeat to it.
It is, let me do the prompting for you.
I'll have it continue a task, go do something.
I understand how that's so relevant for software development.
Like when the output is code and the code has to do stuff and has to be tested and checked and iterated on,
that makes a ton of sense for software development.
Full stop, I see the value of that.
help me as a non-programmer understand why I would, for lack of a better term,
give any kind of a shit about having a chat bot that self-prompts itself.
Because I'm so open to the idea, but I'm like not genuinely not able to come up with like a
use case of why I care.
Sure.
So let's start at the beginning.
So one of the main things when people set up these Claudebots, one of the main, a common
thread you'll find is that one of the first things everybody does is vibe codes themselves up
some kind of control panel for it.
Okay.
Because the reality is that you want a place to be able to monitor the tasks that you've assigned
to them, see the updates on them, read any of the outputs.
Like you kind of need an interface to deal with them when they're given more complicated things.
So let's assume you're a person, not a software developer.
Say you're a podcaster.
Sure, sure.
There you go.
Let's say you're a podcaster.
So you've got the mission control, the control panel set up.
And you give it the task every heartbeat monitor for interesting cybersecurity stories.
Okay?
So it scans, you know, maybe you give it or maybe it generates its own list.
You tell it to generate its own list to sources.
So maybe it's checking 404.
Maybe it's checking, verge.
Maybe it's checking, you know, name whatever you want.
Maybe it's looking at X and just looking for things that are transgressed.
ending. Sure. So every heartbeat, say it's doing a scan to see if there's any new stories. It compares
it to an archive of stories that it's already found. And if it finds something interesting,
maybe it dumps it in there. So you can go into your control panel and be like, oh, Mitch added a new
story or my Claudebot added a new story. Totally. So you see the story and you're like,
this looks great. Maybe then you hit a research button on it that pulls you a full dossier on the story,
pulls you a full dossier on everybody that's involved.
It does some classic LLM deep research stuff.
But the identification of the story is happening
in kind of like an iterative heartbeat method.
Then maybe you see one of the dossiers
and one of the people involved
and you're like, ooh, I should interview this person.
You can click another button
or give your Claudebot an instruction
through your control panel to be like,
I would like to interview this person.
And it takes that flag.
and maybe it goes and runs a process next heartbeat to find the contact information.
Maybe it reaches out and contacts them themselves because you've given it an email address.
So those are some case studies for how you can use it.
Okay.
If you listen to other podcasts, maybe you listen to the All In podcast, a bunch of billionaire tech guys have a podcast.
Pretty good listen, pretty right wing.
But, you know, they have a pretty good and unique perspective on,
what's going on, just given their access, you know, where they are in the casts of America.
And Jordan's rolling his eyes right now.
No, I'm just, I'm honestly not.
I'm laughing.
I'm not rolling my eyes.
Those are different.
The, uh, Jason, one of the, one of the guys on the podcast, uh, tech investor, media guy.
He's, I think kind of, he's, to my understanding, he's the person that kind of organizes
the podcast. He comes from the media space. He's had media companies before, and this is kind of his
project, the All In podcast. The other guys are more like guests on it. His media company,
he talks about it on the All In podcast, about how they've taken and adapted and modified
OpenClaw and essentially are fulfilling their entire production system, like helping and facilitating
their producers using OpenClaw.
And like it automates a lot of the processes,
a lot of the research,
a lot of the contact stuff.
It's even booking investors or booking guests,
booking things like that,
all through OpenClaw.
But then they go one step further and he's been,
I can't remember what he called it.
It's not optimist,
but it's not far from Optimist,
but they've built themselves essentially
a corporate agent, super agent.
So they've given a single instance of OpenCard.
Claw, God-level root access to the whole company, i.e., everybody's emails, everybody's.
Now I'm rolling my eyes.
Yeah, read access to everybody's emails.
They have their own local LLM, so it's not like it's all being sent to open AI or something.
But they've given it access to everybody's emails, the entire Slack ecosystem, all of their
Google Drive file shares, all of their Notion files.
it has access to the entire company's data systems.
And what it's created is essentially a God agent that lives in Slack,
and they can just Slack it and ask it any question.
You know, hey, what's going on with the episode about this?
And it knows because it's read everybody's emails.
It's like, oh, actually Josh just got an email back from that person at 11 a.m. this morning.
Hasn't replied yet, but it looks like it's going to be good and confirmed for 2 p.m. on Thursday.
I think that is.
Right. It's like a central hub for all.
Like there's weird questions of like, should you be able to ask a question of another
co-worker's email inbox is just like, and I'm not even saying, I don't know the answer
of that. That's not a leading question. It's like that would just be a cultural shift,
but I could see the value of it. Yeah. And people already have admin access. That one's,
that one's tricky. I think we are, we are in that region of time where we are figuring
out what the culture shift is going to look like. I think that what they've done and what they
are setting up, you're going to start seeing in more and more and more companies because it will
just facilitate operations so much. Like if there's no data communication disconnects between people
and you can ask an all-knowing agent that has every transcription of every meeting,
has every project management update from the project management system,
sees all the asynchronous communication, be it Slack, be it email,
be it, you know, WhatsApp channels for the company, whatever it is.
I think we're going to see that more and more and more.
I think that's actually going to be a major commercial product
that you're going to start seeing big players, you know,
be it Anthropic, be it open AI, be at Microsoft, start to build
because it just facilitates communication at such a level that we've never seen before.
Yeah, it's producing a level of, like, I think we've known for a long time that a lot of the value in companies,
and I'm not even talking about software companies, is in the institutional knowledge and data that they're being generated,
and having like a central node that you can talk to.
It's like there's the privacy conversation, there's all that over here, but from a pure value and, like, utility perspective,
I'm like, yeah, it seems really useful to be able to talk to,
the aggregate data that a company is producing. The market force on that is going to be very
powerful. Yeah. I think the privacy thing for me is I feel like we've already had that
conversation in the sense as a culture. Like if you do things on your work computer,
you should assume it is much. You should assume that the company is seeing it. That goes to
communications as well. So I think that becomes the big tell right there. Yeah. It might in a weird
way it's yeah it's it's it's certainly making it easier that's a really good point is that you should
always we've talked about this on the show assume that if you are using your employer's computer
or email address or messaging platforms that like the employer has access to it this just
centralizes it it's like oh i'm not clicking around between your email and searching in google versus
searching in slack to see if this thing happened here it's like i just talked to one chatbot but it's also it's
It's also a difference, too, between, you know, okay, maybe the chief information officer has access to it.
Sure.
Now the intern can ask if you sent that email without you having to reply.
Versus the entire company.
But there's also like a bit of, you know, Bentham's Panopticon accountability in there as well where it's like, hey, Jordan, have you done this?
It's like, I don't even need to ask Jordan.
I can just ask you all knowing God to be like, hey, optimist or whatever this agent's.
you know, whatever you're going to call it.
You know, what is the current status of this?
Did Jordan get this task done?
And it's like, no.
Indications point to no.
Yeah, indications point to know.
There's been no messaging about it.
It's so funny to just to harp on it for a second to, I have to assume it's not called
Optimus because that's the name of the projected, the Tesla robot.
It's just very funny to imagine that's what you're asking.
Like it's not actually chatbot.
It's just a guy using a computer, but the guy is a robot.
I'd be like, this sucks.
How did we get here?
What happened?
Yeah, this is, I want to go back to something you brought up about, like, giving it access to all these different pieces of software.
Because the relationship between, like, when I think about a company like that developing their own system in-house, it's a very new way of working.
Previously, you would have gone out and looked for the piece of software that does each of these discrete tasks.
You would have purchased it or signed up for a subscription for it.
And the story that's been in the zeitgeist the last couple weeks and like the markets, frankly, as we've seen from software stocks is like what what becomes of SaaS in this world.
There have been really big hits to a bunch of software stocks driven by fears that like the fundamental business model is going to be upended by these AI tools.
Stuff like Anthropic letting you just have a plug in in work that reproduces what used to be a hundred million dollar companies like a core task.
And that's the other side of this.
What happens to all of those custom tools if everyone starts going, well, maybe we can build our own?
So I spent a number of my, like a number of years in my life as a chief information officer, right?
Which is like a weird role because you're essentially a hybrid between a finance and accounting person and a tech person.
You're calculating like, okay, we're going to spend X million dollars on this software implementation, but the net present value of it is.
this because we're going to see these gains and returns and rewards and it's going to facilitate
communication, which is going to prevent these problems from occurring again, et cetera, et cetera.
So it's like this weird, like you're a risk mitigator using technology, but you have to show
an economic case for it.
So it's this weird, all-encompassing job, a CIO.
And I was having a chat with a friend of mine who's like a senior business analyst, works
doing new software implementations and is working on a large one right now for a big,
government organization. And I essentially told him, you know, if I were a CIO right now, I think I would be,
I think it would be totally reasonable to put a hold on all major software implementation projects right now
because the world in the face of software is going to change and is changing so rapidly that spending
$5 million on a software, 10 or 15 or $50 million on a software rollout today might be completely
value lists in 13 months from now.
Sure.
So the collapse of the SaaS market, like I totally get.
Like, if you really think about what Salesforce is,
Salesforce is a database with a bunch of what's called like crud,
create, replace, update, delete, like, you know,
pages that you can go to to enter a new customer information.
You can update customer records.
You can replace them.
You can delete them.
You know, it aggregate, it's like a front end to a database.
Think about it like that.
Most SaaS products are just front ends to databases.
The data layer is going to remain.
Like one of the things that we're seeing in AI and people that are really getting on,
the open claw, the cloud co-work is Notion, one of our sponsors, great company,
love them, user stuff, is essentially a visual database tool.
Everything in Notion is like documents that go into a database or database record.
that become documents.
AI loves that because it can create its own data schemas.
It can put stuff in.
It can read stuff.
It can update stuff.
It can delete stuff.
And you can query the AI and it knows how to connect into the database, get what it needs,
and then brings you back the answer after it's processed it through an LLM.
So I think, long run, we still see the data layer.
The SaaS layer that we currently interact with.
will significantly disintegrate.
And that'll be relaced with an agentic interface layer.
And then the way that we communicate with that data will go through the agentic layer.
What that looks like, there will still be SaaS products on top of that agentic layer,
better ones to render the information we want to see in the ways we want to see it,
all of those things.
But in reality, data, agents, humans.
that's the way that I see it.
Barring the kinds of CIOs and like people that want to maintain these systems,
that sort of sounds less like,
like,
how do we put this?
When I think of Anthropic operating a plug-in layer on top of a database,
like operating both agents and a plug-in layer on top of it,
as a suite of software that they sell as a service to,
say that this is the death of software as a service is like, that's one way of putting it.
But what it seems to me is like it's a land grab from a new suite of software as a service
providers approaching the problem in a different way that is maybe more adaptable than the
preexisting set of software as a service providers. They all go, there's this one specialized
thing we do and we do it extraordinarily well in this new way of approaching software is like
it's a little bit more flexible. We can actually make one tool that addresses
many of these problems.
But you're still fundamentally in most businesses, not going to have a person that's an
open-cloth nerd that wants to run this all locally and do it themselves.
You're probably still going to go to a company that does this and packages it up in a
slick, chill, nice way for you to implement.
Yeah.
I think, at least at this point, 13 months, who knows.
But I think that that's probably where it's all going to shake out to.
Yes.
You're not wrong.
Yeah.
I think the interesting thing in the short term is going to be.
seeing how the big players react.
Yeah, right.
It's more of a market question than a tech.
Yes, totally.
Yeah, yeah.
So seeing how Salesforce adapts,
seeing how Microsoft adapts.
Like, I think the companies that I'm intrigued by,
and I wish were public,
companies like Databricks.
I don't know if you know who Data Bricks is,
but they're like a big tech company
that focuses explicitly on the data layers.
And I think a company like that is postured
perfectly for this new agentic world because they have the infrastructure to house and facilitate
AI and agentic operations on massive data pools quickly and roll it out and scale it quite easily.
And I think that as we see this shift occur from kind of a classic SaaS model to, I guess,
what you would call like a facilitated agentic SaaS model, which is, which you're right to
point out that it still will be some form of software as a service.
the data side, I think, is going to be one of the biggest growing.
Like, everybody's so focused on the power and the chips.
But to me, one of the investment pieces that I would really love to jump into,
and please go public data bricks, is the data side.
I think there's a massive opportunity there.
Because we still need to store the data in places where the agents can access it
and access it quickly that scales with infrastructure,
that is speedy, that has key value stores, can run Redis.
has all of this stuff.
And there's certain companies that are better poised for that feature than others.
So I think it's going to be really interesting to see how big players like Microsoft and Google respond.
There has been also a lot of discussion about going from a software as a service model to a
output as a service model.
You know, so instead of, you know, we use this platform to handle our lead generation, etc.
cost us $2.99 a month. Instead, we'll go to it and say, we need 50 leads for this style of
business in this region. And it'll say, okay. That costs a nickel. Yeah, sure. Well, not even a
nickel. It'll be four bucks a lead. Yeah. You'll pay on a per output basis rather than on a
monthly subscription basis. And I think that'll be, that'll be something interesting to watch as we
move from a from a monthly temporal billing to a, you know, utility basis. And I think that'll be, that'll be something interesting to watch.
billing model.
I am,
this is a tangent a little bit,
but it's interesting to think about how
I feel like the last
15 years of technology has been
companies developing
gripes about the parts of their
pipeline that they don't control.
Metas profound resentment
that they aren't in control of the app store
where their apps are delivered
and trying to build
a metaverse of glasses
to replace that kind of thing.
And some of these people seem okay with.
Netflix doesn't seem to have any gripes with the fact that they have to use Amazon web services to host their stuff.
Some of them seem healthy and stable.
And some of them are sources of profound resentment in the tech world.
And when I think about these companies who are just by the sheer utility of these platforms, maybe the theory goes, going to be able to eat more of the software as a service model using this agentic architecture.
Are they going to view the data layer as an Amazon Web Services thing that they're like,
we're fine with someone else fielding that.
Or is Anthropic going to be like, I would sooner crawl through glass than let someone else
control where that data goes.
Like our top priority is getting you to give us that data because it makes it harder
for you to leave.
No, we want you to give us the data.
That's how we stop you from going.
It's why a lot of people don't leave Apple because all their photos are in ICloud, that kind
the thing. To me, the data layer is the moat. If all the agents just work great, it's like,
where's your data as the moat? Totally. Totally. The other thing, too, is I think there's a bit of
extra hype right now around the death of SaaS because agentic coding and agentic engineering
has gotten so good. Like, you can one shot, maybe not one shot. You can have a conversation
with Opus 4.6 on Anthropics platform, talk about a product that you need, and it will help
you speck it out to the point that it pumps out a full plan of what needs to be done.
And then you can just walk over and give that to Claude Code, or you can give it to Open AI
Codex, you can give it to whatever platform.
You could make it.
Yeah, and it will build it.
But the reality is, is you then are responsible for maintaining it.
which again, the AIs will help with.
So you don't need to become a technical expert or a staff engineer to do it.
But it's still going to eat up a lot of time.
And then you have to pay for the hosting.
And maybe you're using authentication and database from Superbase.
And maybe you're using Versel for the front end.
So now you've got $52 U.S. dollars a month in hosting fees.
So now you've created yourself a part-time job.
Exactly.
And you're paying 54 by $1.4.4.
a month in hosting fees for something that you could have paid 1999 for to a SaaS company.
Thank you. Yes. It's like I'm work. It's like you're working on a video game and you go,
we need to use Slack. But Slack costs money. But Slack's not that complicated. So we could vibe
code our own version of Slack. But now you're not making a video game anymore. You're maintaining a
worse version of Slack. Yes. What is the economic cost of this? And it's like, I don't think you've,
I think I totally see the utility of a lot of this. But
when I go on X and every other post is like,
this whole genre of thing is dead because you can make your own.
It's like, unless the task you're trying to do is to replace that,
no, you won't.
That's a bad use of your time.
And no amount of agentic heartbeats will make it easier to deploy your own
version of Slack than just freaking using Slack.
Well, so funny enough, Peter Steinberg,
the guy who made OpenClaught, just to tie this back in.
Yeah.
An open source project, right?
Like just a general thing.
Cool.
Cool thing.
Built himself a little toy.
People loved it.
Became famous.
Now he got hired,
Aqua hired to Open AI.
He's gone.
He's looking for people
to hand over control the project for.
You could say it worked.
After it blew up,
he was apparently on the hook
for $12,000 to $20,000 US dollars a month
in ancillary costs related to
having it blow up so well.
And he's a floppy bird situation.
Yes.
And he was, he was paying it because obviously it was making him famous.
But, but there it is, you know.
It's like they still have sunk costs.
Like there's a, there's a massive economic cost to doing anything on your own.
That's like part of being the CIO or us CIO.
Like my number one recommendation when I was a CIO is everybody wants to build their own thing.
And nobody should ever build their own thing.
And now we are sure, and then look at the moment we're in right now.
Exactly.
And it's the same thing.
You can get 90% of the functionality that any enterprise needs for 10% of the cost.
Yeah, right.
If you try to build your own thing, you're essentially committing to having a full-time team forever working on your custom product, maintaining it, adding features, and so forth, modernizing it.
And if you're not willing to make that commitment, and really no company should, which is why companies like Microsoft and Salesforce exist because no company should want to build their own internal sales force.
I'm curious. Yeah, I'm very curious where it all shakes out. It's like I'm trying to separate the fatigue of the discourse from the technology. It's like what is actually useful and cool and relevant about this? What isn't? And what is just me being tired of the way.
it's talked about versus other people getting enraptured by the way it's talked about. It's like,
what is your relationship to the tech versus your relationship to the way it's talked about?
And I know that I'm just sort of exhausted by the like, if you're in this trillion dollar
industry, you're cooked. In six months, it'll be bad. It's like, stop. Just stop. The accuracy rate
is it like zero percent right now if you're rounding to one. Like it's always not, all these things
still exist. I'm talking to you in a browser that existed five years ago. I'm talking to you over
here in a piece of software that existed five years ago. The old world persists. The question is not
whether this new thing is going to kill all of it. It's about how it's going to change it and bend it
and warp it in strange interesting new ways. Yeah. And that's the thing. It's like tools evolve,
right? Yeah. And you need to look at AI as a tool. And the reality is, I'm somebody that's been
bending AI in pretty strong ways to make it be better than it should than it normally is.
Yeah. There you go. Yeah. And it is, it is a job just to do that. But the, but the thing is,
is it still needs human oversight. It still needs expertise and evaluation and analysis and
verification by humans. You know, maybe one day the agents will be so good that they can
cross verify each other. But for right now, it's, we're so far from it. And actually,
Actually, that brings up another point.
I was talking to some other friends that still have, you know, high-level IT jobs and big companies.
Because you and I are talking about it and a bunch of, like, tech guys on X are into it and thinking about automating it and billionaires that have media companies that are, you know, fascinated with tech or looking at ways to leverage it.
They're not a massive old company or somebody that has labor and trade unions internally.
like those companies nowadays,
like most big companies that I see into,
they might have Microsoft co-pilot.
Like they might have the most watered down
four-year-old version of an AI chat client built into their OS
that they're allowed to use under enterprise IT policy.
They are so far from
we're replacing all of our data systems with agentic layers
and you will interact with natural language with a agent.
So we're, I don't know, I'm not a doomer, but AI is getting better as we understand its shortcomings.
I don't think the models are truly going to get that much better.
Like we're in the era.
Yeah, we're in the curve.
Yeah, we're in the curve, exactly.
We're seeing reduced innovation in them.
But we're really figuring out what to run.
wrap around the models to make the scaffolding.
Yeah, the scaffolding and the harnesses to make them the best that they can be.
It's a humbling moment, I think, for the technology, because it's like, when I hear you
describe it, it's like the AI and these agentic systems, they still require maintenance.
They still require people working on them.
And I'm like, it sounds conspicuously like you're describing software.
Like just normal bog standard software.
It's like, yeah.
Someone had to make it.
They had to test it.
It was broken.
They had to fix it.
New stuff breaks.
You come up with a new idea.
You implement it.
It broke something else.
It's like, yeah, software.
Software.
It's software.
It's good software.
It's powerful software.
It got better in some great new ways.
There's new utility for it.
Cool, heard.
Interesting place for software to go.
I don't know.
It's like the, we talked about it before,
but it's like our generation under and even above us kind of came up and lived through
the technological revolution, right?
You know, we've,
Yeah. We had the internet. We had computers. You know, when computers came out, you know, Excel spreadsheets, people were like, oh, my God, every accountant's going to go away.
And it's like, no, no, we just gave them better tools to do a better job and be more verifiable and more accurate. And it's like, okay, great. And it's like, you know, we've kind of grown through this world of tool innovations. You know, we're in the curve. I will say that AI, you know, this is the thing. You jump on X for 20,
minutes and you see people talking about how garbage it is and you see people talking about how
it's the new god like there's the two camps it's like it's neither of those it's a really good
powerful tool and if you could figure out how to leverage it you might be able to get a bit of
your life back that we currently spend on administrative BS on small technical things like
it's going to upset a few a few industries probably significantly like no
notably software development is going to have a pretty big heyday here because now it can go from.
It got easier.
It's really, but it's really funny.
Like if you, I'm going to take a little digression here, but like you have a conversation with AI about a product you want to make.
It will build you a development plan based on real world timings.
So it'll be like, oh, you know, set up of the environment's going to take seven days.
And then, you know, scaffolding out the project's going to take another 12.
day, like week or two weeks. Like, it'll, it'll show you the timeline for building the project that
you're about to have it do in 10 minutes. Oh, it's scheduling it on human time. Human time.
Sure. So it'll be like, here you go. It's going to take about six months to get a small,
working minimum viable product proof of concept. And you're like, okay, cool, thanks.
And you literally take that exact MD file that it gives you and hand it to like open AI codex and
be like, build this. I'll be back in 20 minutes. And you come back in 20 minutes and it's done the
whole thing. And it's like that that is that is wildly powerful. I think there's going to be some
issues, especially with production code. And like truthfully like building looms. So like I,
I genetically engineered loom, which is a nice way of saying it's not vibe coded,
but it took a lot of my time guiding it, fixing it, making it do things properly. Like there
were so many aspects of building it. Like I was the engineer. It was the builder. It was the builder.
That's a better way to think about it.
You know, there's the old software engineer was both the engineer and the builder.
Now I'm just the engineer and it's the builder.
It's the construction team on the, like say we're building a commercial shopping center.
I'm still the engineer, but now Claude Co-work or Claude and OpenAI Context, they're the construction team.
So it's like a different metaphor for how it is.
Software engineers will finally be engineers.
not the engineers and the builders.
If I question, if I come to your house with a wrench, can I steal it?
You can go to GitHub.com slash FW slash loom and get it for free, so you don't have to steal it.
Good plug.
Okay, $5 wrench attacks, DJI robots, the open claw.
The claws there are open.
This was a fun one.
There anything else we should get to before we wrap this bad boy up?
Oh, I think there's about a hundred of the things we could talk about,
seeing as we haven't had one of these in a wild.
But I think we're already at like an hour and a half,
so we should probably drop it, pick it up later.
Maybe we do another chatty chat soon because there is so many things.
I think we could keep chatting, chatty chat about.
There's many, many things.
But in the meantime, thank you all so much for listening.
Thank you for coming on this little adventure, and we will, as always.
Catch you in the next one.
Take care.