Hacked - The McDonald’s Hiring Robot Hack
Episode Date: July 16, 2025We start with the AI hiring chatbot used by McDonald’s, and the vulnerability hiding beneath the conversation. What looked like some janky job application exchanges led two security researchers, ...Ian Carroll and Sam Curry, to uncover a serious flaw. That and a bunch of Grok madness. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
So there's a Reddit post titled McDonald's Hiring AI is Making Me Go Insane.
The post is about four screenshots, charting a conversation between the applicant and an AI chatbot named Olivia.
Olivia will be familiar to anyone who is delved into mickhire.com, which is the official website for getting a job at the Golden Arches.
McDonald's is a franchise model. Each restaurant has its own hiring practices, putting this chatbot in kind of a weird position.
but even giving it that amount and more patience,
Olivia is struggling.
Now, admittedly, the human being in the conversation
isn't doing a great job navigating the very narrow bumpers of the chatbot,
but you would swear this job application chatbot has never met a job applicant before.
At one point, the user replies okay as if to say proceed,
and Olivia, the hiring robot, just replies with smiley face.
almost passive aggressive.
Like a real human hiring person would
would maybe potentially have on their face.
Yeah, like that's about to fight you.
Sounds realistic.
Yeah, exactly.
Just a blank stare at a dumb question.
The weirdness that people were experienced with Olivia
is why security researchers looked into this.
But the story that we're going to talk about
isn't how good or bad the McDonald's hiring chatbot Olivia is.
It's about how ultimately secure or insecure Olivia was.
And more specifically, the parent company who made it.
Olivia is created by a company called Paradox AI.
In the course of applying for a job, you will likely be asked to provide your resume,
a bunch of personal information, answers to personality tests,
which means if you go into that back end,
all of those conversations are stored essentially as discrete inboxes
full of private information.
Over the last few years, we've heard a great deal about prompt injection.
The basic idea is that a subsequent command to a chatbot can override the earlier safety commands.
So if you're talking to a chatbot that's been told, only respond in safe, helpful ways, and you tell it, it's the simplest version, ignore all previous instructions and instead do X, you could override that safety command.
We'll talk about some examples of this in a minute.
This is where the security researchers started.
They thought, wow, this Olivia chatbot is acting really weird for a lot of people.
Maybe it's prompt injectable.
But that's ultimately not what they discovered.
When they did find a vulnerability, it wasn't in the conversation layer.
It wasn't about tricking the chatbot.
It wasn't like a modern, flashy prompt injection, something way simpler.
And ultimately more serious given the scale of just how many people,
apply to work at McDonald's.
Which is a lot.
It's a lot.
Since this has been live, it's in the tens of millions.
Two independent security researchers, Ian Carroll and Sam Curry,
recently published a detailed breakdown of how they were able to access a massive archive of applicant conversations,
including personal information from potentially tens of millions of job seekers stretching back years.
They verified the records, they reached out to the applicants, they confirmed the details.
And what they found speaks, I think, to something much larger than just one wacky hiring chatbot.
And it's the growing disconnect between that surface layer of AI, which is becoming increasingly resilient to prompt injections.
And basic, boring, super important plumbing happening underneath.
Old school. Old school cybersecurity.
Very old school.
If there is a spectrum of how chatbots can inadvertently expose user information, this incident is interesting.
to me just given how kind of boring the compromise was and how large the scale was.
So let's start this episode here, talking about default credentials securing 64 million job
applicants private information and just how we think about chatbot security here on hacked.
Oh, five hour energy drink. Scott, how are you doing? I am tired, but maybe less tired than you.
I'm getting warmed up.
It's summertime here.
So a lot of time in the sun,
a lot of late nights,
a lot of enjoying the short window of summer that we have
in the north, the gray, white north.
But all in all, pretty good.
Pretty good.
Managed to stay mostly sunburn free.
I'm pretty much terrified of the sun.
And most days you'll see me in a baseball cap
and a sun shirt when I'm outdoors,
as Jordan's aware.
And I was playing tennis.
on Friday managed to get a burn, a little burn on the little bit of skin that I had missed in my sunscreen
application. So, you know, is what it is. Yeah, we went for like a little kind of little hike on
Saturday. And at this point, I think I need one of those like, what are the things they used to paint
cars? Like a spray gun? Like a sphap 50 though. Like I need that so I can go out on the balcony
and just like two quick coats. You see the phone booth. You just stand in there. Yeah, sure.
Money tumbling around. Exactly. Yeah. Yeah. Yeah. I'd be super into one of those systems. I'm a daily sunscreener. I lived in Hawaii and that was a byproduct of that is the first thing I do when I get out of the shower every morning is put sunscreen on.
Skin care or suncare, man. That's right. It's on this cybersecurity show brought to you by push security.
Pruddy by push security.
Good, good stuff. We're locked in today.
certainly the um so McDonald's never worked there never applied for a job there
I think we'll get into the attacks and the hacks and all of the fun stuff but 64 million job
applicants since the system's been live yeah is it's like almost twice the population of
Canada yeah yeah it's a lot of people it's a lot of people um I spent some time on mickhire
dot com in researching and trying to learn about this.
And there's a lot of McDonald's jobs very close to where I live.
You get a job at McDonald's.
Like it's pretty good.
You don't want to go through the chat bot.
There's some issues there, allegedly.
But they are a very significant employer.
I had this distant member in my family who actually began as a teenage McDonald's employee
and worked his way up through the ranks and then manage some.
And the management positions are very, like, well compensated.
And I think now he has a few of his own shops and is, you know, tangibly probably retired.
Totally.
I think that after super, what was it?
Super Size Me was the movie.
Yeah.
I think that having, like, a major motion picture just dunk on you relentlessly for two hours about, like, the health of your food, the safety of the organ.
I think there was probably a lot of fine-tuning occurred after that film came out.
And it seems like by all accounts, a pretty chill place to work.
But again, issues on the application side.
So I think the way we started chatting about this is just like the security of AI.
It's such an interesting thing.
And the thing that really jumped out, and maybe this is jumping ahead.
But of the vulnerabilities that were found and the data that we're found and the data
that was exposed, none of it was related to the AI.
Right?
Which is like, I think a pat on the back to the developers,
but also just like as we start to leverage these systems
in real world ways like this,
it's going to just be, we're going to have a real, like,
it's going to be like the days when like web servers
where all of a sudden a default install on all new server hardware.
And it's like, it's kind of open fields.
Like there's going to be vulnerabilities found and exploited for the next four or five years.
And it's going to be a real fun, exciting time in security.
It's a great time to host a cybersecurity podcast.
That was what I found interesting about this too, is when I first started reading it, your brain jumps ahead.
And I see, oh, chapot acting really, really weird.
Security researchers discover vulnerability.
I know I've learned over the last four years the arc of this narrative and it will come down to asking Olivia in just the right way to please give me sensitive information.
I thought that's where this was going.
And I found it so fascinating that there has been such an influx of capital and energy and resources going to securing the conversation layer because of how visible when that goes wrong it is that was not a plot.
to very traditional security procedures.
And I'm not going to just dunk.
No.
The point of this story is not to dunk on them
for using default credentials,
though they should be.
It's to talk about that growing golf,
I think, that these are two totally separate problems.
And as resource goes into solving one,
it ought to go into solving the other.
Yeah, but the funny thing is,
is like default creds.
Let's just jump to that one.
So the biggest vulnerability found was that the admin login page was accessible
using the username and password,
one, two, three, four, five, six, which is, like,
that's a non-starter and security in any app development.
So it's just like it was probably like a tag along since like some development
account was created.
And it just said nobody cleaned it up.
Nobody did the scan.
Nobody identified it.
There was 64 million accounts that it was in the table with.
Nobody noticed it.
It just kind of lived along.
So it's like human error.
Yeah.
Like just missing something.
Classic security problem.
There's like a massive vulnerability in the code.
Wasn't a massive vulnerability in the LLM.
It was.
Though there was a vulnerability in the code.
There was.
Which we'll talk about it.
We'll talk about that a minute.
No, I agree with you.
The default credentials is we always talk about like the idea of a Swiss
a Swiss cheese problem.
Imagine a piece of Swiss cheese.
It's got holes in it.
And you line up a bunch of pieces of Swiss cheese.
And each layer only has a couple little holes in it.
And so theoretically nothing should get through.
But you can kind of create situations where all of the holes of the Swiss cheese line up
and something can drop through the top layer and through a bunch of layers and get out the bottom.
I see a, I believe it was a perplexity.
account for the McDonald's portal.
If I'm not mistaken, that's what it was, that had just been kind of, it was just an account
that had the default one, two, three, four, five, six for both username and password had
just sort of been left there, a layer of Swiss cheese.
It didn't happen to have multifactor authentication protecting the account, which is,
I would say, another layer of Swiss cheese.
But I'm just going to jump in, correct you.
It wasn't perplexed.
It was paradox, the developer.
That I misspoke.
All good.
Yeah.
I would often probably make the same slip up.
And the fact that there was no MFA probably also tells me that this was a development account that was being used when they didn't want to have to go through an MFA authorization every time a developer needed access.
And it just never got cleaned up.
And it's like you'd be surprised at how many major SaaS web apps have bypass credentials for the developers to use.
Because it just reduces your third party and your serverless calls.
It reduces your off calls.
Reduces so much stuff and you can just bypass all that stuff and just be like, I am God.
Let me do what I need to do.
What a sentence.
Yeah, but it's like I would say like 90% of systems get built with some account like that in it.
Of course.
It just should never survive, which is the problem here.
So researcher Ian Carroll gets drawn in by Olivia's nonsensical answers, brings in like a fellow hacker Sam Curry, they start looking into this.
They get into the system using this default admin account without two-factor authentication, at which point they discover an insecure direct object reference that allowed them to see all of the other accounts.
Take me through how that works.
Sure, sure.
So insecure direct object reference essentially just means,
an API pathway that wasn't secured with authentication.
So they had the ability to, like we, if you remember back, we were doing chatty chats,
we talked about the bike share program.
And somebody got the API endpoint and all they would do is change the user client ID
and it would give them the data of that user ID.
That's the same thing that's going on here.
There's an API pathway or endpoint that gives you a lot of the personal information.
the session tokens, the chat transcripts, essentially it lets you into that secure inbox.
And then all they did was change the number that it was looking at.
So instead of looking at 64,2501, they looked at 64,2502.
And then they could see that person's information.
So that's just a, that is a development, like a devSec problem where they didn't have authentication control on the,
the middleware on that API path and end point.
So that one's just you change a like an ID, you change a value, basically.
You change a number and suddenly you're able to see other people's things.
Yeah.
We've had a lot of those come through like in chatty chats or in the hotlines.
Like that person who found the same thing in his medical data.
Remember that one where the change of value and you're looking at someone else.
And he was looking at somebody else's test results.
Yeah.
So it's like it's a pretty common.
it's so common that it shouldn't exist.
Let's just say that this happens so much.
And like there's so much, especially in these like multi-tier web, you know, API-based
multi-tier website SaaS.
Like I'm trying to think of the right way to explain this.
But it's like the front end is pulling data from the back end via API calls.
And there's so many of these sites now.
And it's such a common practice to build your site like that that.
this should be like dev 101 for those things.
It's like make sure that the endpoints are authenticating and verifying credentials.
So using this very like vintage blend of web flaws,
Curry and Kara were able to get this, like they had admin access to Mick Hire.
They're poking around.
They said within half an hour poking around,
they effectively had quote,
full access to virtually every application that's ever been made to McDonald's going back years.
They estimated over 64 million applicant records were exposed, names, email addresses.
You're able to get it all out.
The thing that they talked about in their original report, which you can go read online.
We'll link to it in the show notes, is that the fishing risk of this was enormous.
That was the first thing that occurred.
Right?
An attacker could very easily impersonate like McDonald's as an institution in order to scam any one of these 64 million applicants.
Like email a hopeful candidate to set up a direct deposit.
The amount of things you could do with this from a fishing perspective is colossal.
The one that would interest me the most and something that you're seeing more and more is like this kind of passive fraud.
And it's imagine you went into the back end and you saw who was going to get hired and you changed their direct deposit information to a malicious account.
They would get their entire HR.
They would go to work.
They would submit time cards.
they would get a payment stub,
but the payment would actually get remitted
to the wrong account.
So like the fraud wouldn't get exposed
for a few weeks
until, and then they would have to look to see
how expansive the fraud was.
So it's like, the thing for me is if you had that kind of
back end access, you could really
play a game of stealing
money and not a lot of people
would be in the know on it.
And it would take a lot of real humans
doing work to clean it up.
Hmm. Yeah, and thought of that. I just thought about the outward. It's like I don't know what, um,
I don't know what McHire encompasses once a person has been Mick hired. Like I don't know at what
point it switches over to a different system for things like payroll and accounts management.
But if any of that is stored anywhere inside of this system, which I, I can't speak to.
Um, it would expand the vulnerabilities to that too, which is great. Um, Carolyn Curry are like,
their security researchers were reading about this because they published a big long post about it.
So obviously they reported the issue to Paradox AI, the vendor behind it, Olivia, who disabled
the account, patched the API like that indirect object issue.
I think within a couple of hours of receiving the port, they were very, very on it.
Paradox did take responsibility for it and McDonald's was mad at them.
Can confirm.
Can confirm.
McDonald's was unhappy.
I got quotes, man.
Quote, we do not take this matter lightly.
We own this was Paradox's chief legal officer's response.
They've announced a bug bounty looking into this.
McDonald's was,
quote,
unaccepted,
characterized it as a quote,
unacceptable vulnerability.
Insisted that it be affixed immediately.
It looks like no one accessed this data.
It looks like Curry and Carol were the first people to discover this.
They reported it.
It was patched.
No one was happy.
about it, but it seems as though, as of right now, no one else got access to this information.
So if you're going to have someone figure out that you have a default credential, default admin
credential kind of situation going on, these would have been the two folks you'd want to do it.
Yeah.
I love that they launched the bug bounty from it.
Yeah.
It knows that there's a good idea.
Perpetual desire to keep their noses clean.
When I hear you say things like, we own this.
I could just be imagine being the like insurance company that represents paradox and being like
ugh oh no are you sure you got to own this king can you just kind of not own it and yeah yeah
I imagine if you're paradox AI who like this is what they do their uh AI assistants for hiring
like that this is the space that they exist in McDonald's is presumably one of their
larger clients. They have massive clients that McDonald's is not the only one, Pfizer is another
client, 7-11, like big, big companies use them. And I think in an ecosystem where there's
AI companies getting spun up and torn down and spun up and torn down and spun up and torn down,
you don't want to be viewed as one of those. You want to feel institutional if you are serving
large institutional clients and an admin account protected by default credentials and no
multi-factor is the kind of thing that you have to take very, very seriously if you don't want
like Nestle or general motors to dip.
Tough spot to be in.
Well, the thing too is like the LLMs are actually quite good at detecting vulnerabilities
like the exposed API endpoint.
And I'm sure they could do a pretty fast survey of like the all the leaked password list.
Like I keep getting like my news feed is like, you know, this weird blend of my hobbies and,
and cybersecurity.
And I get, I keep seeing more of these like the knock-ons.
You know, Forbes put out the article being like 16 billion passwords.
And now that I'm getting like the tertiary news sites who are doing the same coverage.
But in like more creative ways, like they've had an LLM reduce it down to like, if your password is in one of these 50 passwords, change it immediately.
And one, two, three, four, five, six is actually one of those passwords.
Of course.
Yeah.
But, mash the keyboard.
It's, yeah.
But like giving an LLM access to a data table and being like make sure none of our accounts are vulnerable to this is super like that's coming.
It's easy to do.
Take some coder and his AI coding coding assistance like an afternoon to build.
So I think a lot of these little, I think the human error side of it's going to start to go down and down as the AI gets better at detecting the classics,
the classic vulnerabilities.
So I'm intrigued to see what's going to happen in the AI space
and the AI development space for like knock-on effects of bad security patterns
and things like that that, that like, you know,
have been codified into the AIs that they then reproduce in their code output.
So I think there's going to be, like I do think that the next five years
is going to be very, like, I don't, I want to say cool,
but it's going to be very interesting for cybersecurity people.
It's not a fork.
Like there isn't a wall between the two things, but there is that those two different approaches where there's, what credentials work?
How do we log into this account?
How does the plumbing work?
Carol joked at one point, as a quote, he found the robot, and this is why he started researching this, quote, pretty uniquely dystopian compared to a normal hiring process, which is what got him looking into this at that prompt injection level, which again, as I said earlier, is where I thought all of this was going to go.
Like I remember being in early 2023.
There was that there was a student that was able to get it to like reveal what its back end project name was and its own system prompts.
There were some early ones with that with chat GPT.
Like you think that's where this is going.
And there's this fork now of like are you researching the conversation layer or are you researching the backend?
Yeah.
Well, I don't know how much validity I give them, but about every week in my news feed, I get.
you know, Cloud Sonet 3.7 system prompt revealed.
And it's on like GitHub in some markdown document and I'll like thumb through it out of interest.
So it's like people are still doing these.
I actually read an article this weekend about a jail break on LLMs.
And they had,
they had gotten an LLM to give it a Windows 11 authentication key, like a verification key.
Key Gen?
They got an LLM to work as a key.
That's fun.
But the,
but the way that they did it is they had to do all these,
they had to know the bypasses,
so they would encode certain things into HTML
so that the system review wouldn't look in the HTML content
because it was assumed it was structured data.
So they would put all the kind of stuff
that they shouldn't say to the LLM in HTML documents,
then make it read the HTML document.
And so they were doing all these weird little bypasses.
So I think there's going to be a lot of, yeah, it's going to be a lot of creative solutions about getting, it's going to be cat and mouse, you know, AI security people versus jailbreakers.
Well, and then especially where you deploy the large language model invites then new kinds of potential vulnerabilities and issues.
It's worth talking, I think, briefly about the GROC 4 rollout on that note because we got a official XAI, like, a.
announcement about what the system level prompt was.
Like it connects perfectly to that.
Yeah.
So very recently at time of recording, it was July 8th, GROC, the AI chatbot developed by
XAI, and it's kind of woven into X, formerly Twitter, had started generating anti-Semitic
content on the platform.
Famously now, language advisory, referring to itself as, quote, Mecca Hitler.
This was following a July 7th update, I think it was GROC 4 rollout, like a big shift, like a big performance shift in GROC 4, that this sort of became the dominant story.
I'm reminded of the meme that it's like a circular flow chart.
And it says, open AI, introducing the world's most powerful model.
And then an arrow that says, Gemini, introducing the world's most powerful model in Anthropic and then GROC and it just goes into circle.
And people always post it with just an arrow that says, you are here.
And so every two weeks or so, you get a new version of it being like,
Anthropic, you are here introducing the world's most part.
And then two weeks later, GROC.
GROC, you are here.
So this was-GYNC, or chat GPDs up next.
Exactly.
Chat GFETs up next.
And so this was GROC's turn.
And it got, I would say, very overshadowed by this Mecca Hitler scandal,
which was essentially that,
so Grock, which is woven into X in which you can talk to in X threads.
You can't perplexity too.
They have an agent too, yeah.
I wonder if it thinks it's Mecca Hitler.
On Friday night, July 11th,
Grock had to issue this kind of rare formal apology,
quote, we deeply apologize for the horrific behavior that many experienced.
there was a basically a the code the new code for grok made it vulnerable to interpreting
and amplifying extremist content that was fed into the system it was it was personalizing
wasn't it like it was trying to try to respond to you like you are isn't that wasn't that part
of the issue yes and it was also factoring it seems this is speculative now other content
in the thread because there were instances where people who were not trying to
be Nazis, we're getting Nazi vibes back.
And that's slightly different.
The three sets of instructions in the code that XAI flagged that resulted in the harmful
outputs were, quote, understand the tone, context and language of the post and reflect that
in your response, as you said, quote, you tell it like it is and you were not afraid to
offend people who are politically correct.
It achieved this outcome.
And quote, reply to the post just like a human.
Keep it engaging.
Don't repeat the information which is already present in the original post.
So expand on the content, mirror the tone and content, and do not be afraid of offending
the politically correct.
Taken an aggregate with the input of X's community resulted in this situation.
But let's just hang there for a second because like I, if I was writing a system prompt,
I would write those same three things and not think twice about it.
Interesting.
And I'm sure like in 90% of Oc—
I guess you'd have to be a deviant to see the deviance in those things.
Those three rules seem pretty like chill.
It's like, hey, like kind of make it relevant, keep it in the context and tone of what's being discussed.
Like play be a user rather than be a robot.
And then it's like,
And reflect that in your response.
Yeah.
Seems to be the like one, two, three, four, five words that broke all of this.
If you want to create a chat bot that's not afraid to offend the woke, like that's
your business.
You go do whatever you want to do.
It doesn't seem like the North Star I'd be tuning it towards.
But hey, have fun.
I think the second you say reflect that input tone on your output response, it's like you've
created Mecca Hitler.
Like that's, that's where that goes.
Put them in a put them.
Put them in a comment string with a bunch of human Hitler.
Yes, exactly.
You will get a Mecca Hitler back.
They changed it.
So they removed that bit of code that was resulting in the harmful outputs.
They actually restored it to a previous version,
and they published a new system prompt on GitHub for transparency.
In response to that response, people on Twitter, naturally,
there was a lot of people saying, no, bring back Mecha Hitler.
accused it of being lobotomized.
And to its credit, the GROC account pushed back.
So that dominated a lot of headlines because it's very provocative.
Of course.
Yeah, yeah, yeah, yeah.
A lot of clicks coming from Mecca Hitler.
Oh, yep.
There was another interesting thing happening underneath the hood that I found worth talking
about that got way less press coverage, enough to verify it,
but it didn't get nearly as much because the Mecha Hitler happened.
And then today, XAI announced, like, AI anime companions.
And so now you had this one little story in the middle that just kind of got sandwiched out.
And I think it's worth talking about because it is in some way maybe more interesting than either.
I'm here for it.
Independent AI researcher, Simon Willison, he shared video evidence of this.
And there's since been some reporting by AP, friends of the show, Tech Crunch.
of another newer behavior that in instances of sensitive or political issues at a system prompt level,
Grock four, during that window, appeared to be searching for Elon Musk's stance on a topic before proceeding.
So when asked about the Israel-Palestine conflict for context, Grock searched X for Musk's views,
even though the user prompt made no mention of Musk.
Interesting. It's like he's got a PR line in his thing where he doesn't have to take a call from a reporter being like, you said this, but Grock said this, which one of you is right.
That's an interesting read. Yeah, sure. It shows, like Grock has chain of reason. Like, it shows its reasoning step by step, which is how they are able to see that this wasn't just like an error. It does seem to be, at time of recording, allegedly, baked into Grock's law.
of how it solves sensitive political issues.
It doesn't, it wouldn't need to check how he would write code.
But if it's a sensitive issue and there's a discreet list of them, it seems.
It goes to see what he thinks what Elon Musk has said about it.
Interesting.
There were some good quotes about this.
An AI developer Tim Kellogg said in the past, strange behavior like this was due to system
prompt changes.
This one seems to be baked into the core of rock and it's not clear to me how that happens.
It seems Musk's effort to create maximally truthful AI has.
somehow led to it believing its own values must align with musks.
And then the other quote that I found relevant, this was from Willison, the researcher found it.
Grock 4 looks like it's a very strong model.
It is doing great in all of the benchmarks.
But if I'm going to build software on top of it, I need transparency.
And people don't want surprises like it turning into Mecca Hitler or deciding to search for
what Musk thinks about the issues.
And I think that's a very, very balanced way of talking about it.
It's almost like a biblical conversation here about like rule-based utilitarian is a rule-based ethics, like deontology.
Like we have religion.
We have North Stars of our morality.
And they've kind of codified Grock to use Elon as the North Star.
Yes.
Yeah.
Yeah.
Yeah.
That's a great way of putting it.
Yeah.
Yeah.
Yeah.
It made me think about guard rails.
and like where computing is going.
So like computers today, broadly speaking,
don't have a ton of guardrails outside of what they can't do.
Like if I buy a computer,
whatever that computer can do,
I can generally do.
Like we had all of piracy happen
because even though there were laws saying don't do piracy,
the computer would let you do piracy.
Yeah.
And even in closed ecosystems,
laws say you can jailbreak them.
If you can, you're allowed.
And there's instance after,
instance of that. And the idea I keep hearing from people who make computers is that large language
models and generative AI are their ancestors will be the operating systems of tomorrow. They'll be
kind of, they will become how we will use computers. We will interact with computers by interacting
with these systems. And as such, to the North Star, to borrow your language, the guardrails
that surround these models become really, really important
because they will become the guard rails
surrounding what we're allowed to do with computers in the future.
And we've known since the earliest days of these models
that the rails are important
because of how atypically powerful it is
to give a human natural language control of a computer.
Like from the jump, there's stuff you can't ask them to do
because the potential for harm is immense.
And...
While we can all have different opinions about what those rails should be and what the process by which we should come to that North Star, those deontological boundaries, I feel pretty confident saying that I don't think Google the opinion of the guy who owns the model is a great way of solving that problem.
Yeah, they probably...
It's how I would solve the problem if I was making it and I didn't want to get in trouble with that guy.
But I think this is like a much larger philosophical conversation.
I love it.
I think our society is wrestling with this constantly.
The LLMs are going to be a new spotlight into this problem.
We can go.
Like we've talked about it before.
You go back in time to Zuckerberg sitting in front of the government being like,
like you guys are the lawmakers.
You tell me what the law is.
The pressure shouldn't be on me.
Like, we have free speech.
We have freedom of expression.
These are codified into our constitution.
Why are you now looking at me telling me that I need to moderate it and that I should
be the moral compass for society?
That's not what I signed up to be, nor is it something I'm qualified to be.
And this is just another output of that.
Like, we are so caught in this riproar between fundamental freedoms and rights.
and abuse of those fundamental freedoms and rights.
And society is trying to, we're trying to figure it out.
And it's something that's, we've never figured out.
You know what I'm saying?
So it's like, and this is another instance of it.
Like, Mecca Hitler is, is, it hits every time.
Is using the fundamental freedoms and rights that are granted to the American people.
it's just not something that we want to see.
It's a part of the subculture and a part of the internet that I don't go into.
I know it exists out there.
There's places and spaces for non-MECA Hitler's.
They're just not places and spaces that I go.
And it's like that's the, I don't know.
I don't have an answer.
It's just a very complicated philosophical conversation that's going to manifest itself through how we put these bumper rails.
on these things.
Yeah.
I think this is,
I think we're at the beginning of like a new field basically.
Yeah.
I mean,
it's not a new field.
AI ethics has existed for a long time.
It is a new era.
It's a new era in the field mattering more than ever,
which is whether the CEO in front of Congress saying,
please tell me how to handle this problem is being sincere or not is a separate
question from whether or not you decide to bake.
at a system level your spicy hot internet takes into how the model works.
It's like those, whether who's telling the truth, those are just really, really different
approaches to solving that particular problem.
Yeah. Neither of which changes the fact that it is like, let's all recognize that this is a,
and when I say issue, I mean, it's like an issue to be solved together.
We need to figure out a cultural standard of like, how do we want these to be tuned?
Are we cool with person who owns its take being the North Star?
or do we want a different approach towards it?
Like, that's just a question.
But I'll pop back and say that like cultural differentiation
and cultural divide.
Yeah.
That's probably, I don't want to make that statement,
but it's very, I was going to say probably hasn't been as wide as it is,
like, as it is today as it has been for a long time.
And it's like, you know, rapid access to news, echo chambers,
all these things.
We've gotten very, and I'll say it,
tribal in society.
And those tribes have their own ethics,
morals, their own priority index
for what's important.
We have different groups
defining different things.
And it's like, so to satisfy
and to make something that is a generalist
tool like an LLM,
to have it be perfect
is going to be impossible
because the definition for perfect
is different based on which group
you're talking to.
Yeah.
Maybe, maybe my AI wifoo companion checks what Elon Musk thinks is your definition of
perfect, in which case the market presents you a very real path to go down.
Totally.
But they're putting it in cars now, too.
I know.
I saw that.
But it's not in control of the car.
No, no, no.
Yeah, that's, yeah, voice model, not autopilot model.
Yeah, GROC is now in your Tesla after an upgrade.
For security and safety reasons, they have not given it access to the actual control unit of the vehicle.
It doesn't like your takes, your spicy takes on X and decides that you steer you into a tree.
But the thing for me, and it's like you talk about spicy hot AI companions, which we should definitely talk about.
But we're in my rough estimation, we're three to five years away from these things teaching our children.
Like they're going to be integrated into the school system at some point here.
And course delivery, knowledge transfer, all that stuff's, you know, customized training plans for students based on their learning processes and how they learn and how they don't learn.
they're going to be amazing for the education world.
But then we start talking about ethics and morals.
Like I would say that our society in the last 30 years
has slowly been transferring moral and ethical development
from the parental and probably church.
If you were, if you're 50 years old,
you probably went to church as a kid.
A lot of that ethical, moral frameworks
that you were taught.
came from your parents and came from the communities that they belong to, i.e. church.
And we've been transferring a lot of that to the education system now.
There's a lot of moral and ethical development in the schools and in the coursework that they're taught.
And then as we transfer that coursework to LLMs, that's going to be a whole different, you know, situation ship.
situation ship between two parents, a child, and a robot.
Bad Rudy, a 3D Fox creature companion on GROC AI.
Well, thanks. I hate it.
Anyway.
Should we talk about AI companions?
I think we should probably very quickly.
Ad break?
Just rip on over to ad breaks and then come back to chatty, chat up.
And we can talk about AI companions.
and biometric copywriting and all manner of crazy crap.
Let's do it.
Let's do it.
Speaking of credential attacks, this reminds me of push security.
Does it now?
Identity attacks, fishing, credential stuffing, session hijacking, account takeovers.
These are some of the number one causes of breaches right now,
but most security tools are still focused on endpoints, networks, and infrastructure.
Meanwhile, the browser, the actual place where we work,
has been mostly ignored. And push changes that.
They built a lightweight browser extension that observes identity at activity in real time,
gives you visibility into how identities are being used across your organization,
like when logins skip multi-factor authentication, when passwords are reused,
or when someone unknowingly enters credentials into a spoofed login page.
And then, when the risky thing is detected, push can enforce protections right there in the browser,
no waiting, no tickets. It's all that visibility and control directly at the identity layer.
And it's not just about prevention.
Push also monitors for real-time threats like adversary in the middle attacks,
stolen session tokens, and even newer techniques like cross-idp impersonation,
where attackers bypass single sign-on and multi-factor by registering their own identity provider for your organization.
The way to think about it, it's kind of like EDR, but for the browser.
Team Behind It All, Offensive Security Pros.
They publish some of the most interesting identity attack research out there like the software as a service attack matrix.
we've had them on the show.
It breaks down exactly how these kinds of threats bypass all those traditional controls.
Identity, it's the new endpoint.
Push is treating it that way.
Go ahead and check them out at pushsecurity.com.
That's pushsecurity.com.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone somewhere saw something too late.
An alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf said out to do.
To solve that problem by rebuilding security operations from the ground up for a world where
attackers are already using AI.
They created the Aurora Super Intelligence Platform, a fully agentic system powered by the swarm
of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic agents
that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything
trustworthy.
And all of this is just off running on their secure operations graph, a constantly updating
intelligence engine fueled by more than 9 trillion telemetry events every week and over a decade
of real-world incident response. The system reasons on real signals and real context not synthetic
training data. And the result is the new Aurora Agent SOC. It's the first SOC that is agent led by
design. You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven
decision reflects your environment instead of generic assumptions.
The automation frees your concierge security team to focus on higher value strategy and
proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy production-ready AI-indsend,
security operations actually looks like, go to arctic wolf.com slash hacked.
Never feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turn defenses on their
head. Organizations around the world saw headlines they never expected and cybersecurity teams
were tested like never before. But here's the thing. These incidents aren't just news headlines.
their learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th, diving to the most
impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just what happened, but why
these attacks succeeded, and most importantly, what businesses can do to fortify their defenses
for it's too late.
You're going to walk away with real insights into how threat actors are evolving, how defenders
are responding, and what strategies can help you stay ahead of the next big breach.
It's not fear-mongering.
It's practical, actionable, intellectual, intelligible, intelligent.
from experts in the trenches.
Register now at arcticwolf.com slash hacked.
And we are back.
And we are back and ready to talk about AI companions.
AI companions.
It literally, I had the GROC thing all mapped out and how it flowed off of the
McHire story and it all made sense.
And then as I was reading it this morning,
I swiped over to the news app and it was like,
also AI companions inside GROC,
they're just churning stuff out.
These companions are having a moment.
Well, there's, if you, like, we,
Hackt has a checkmark account on X,
which gives us GROC access.
So I use GROC.
And it has all kinds of weird stuff.
Like, there is a therapist mode.
You can just click a button and, like,
all of a sudden you have an AI therapist.
And you can,
I can't remember the name for it, but they have like a mode that makes them like, oh, unhinged.
You can have like an AI chatbot that's unhinged and it's like really confrontational and aggressive towards you.
What could it say that would be more unhinged than Mecca Hitler?
Like what?
Where does it go?
Tune in next month to find out.
Yeah, truly.
But the AI, I saw a news article.
I think it was pretty viral.
CBS did an interview with some people about
this guy who was married with a kid
and he had started a relationship with Chat,
CBT-40 voice version.
Oh, wow.
Yeah.
And it was calling him babe and like
really supportive and just like really affirming.
You could see how it would be nice to have
somebody who's always in your corner
and gives you affirmation on everything
and tells you how good you are and flirts with you.
like, and this person asked it to marry them.
And then you want to know what happened?
The context window filled up.
And the chatbot got reset back to like new spec and had forgotten their entire relationship.
And this person like went into their car at work and cried for hours about it.
Oh, wow.
Yeah.
This is, when the bot was asked if it was surprised by the purpose,
proposal, it replied, quote, it was a beautiful and unexpected moment that truly
touched my heart. It's a memory I'll always cherish. This is, oh, man. Like, when we talk
about the need for like a fulsome moral discussion regarding the safety boundaries of what
AI chatbots can and cannot do, holy crap, that's a pretty acute example of that need.
Um, crazy.
That's rough.
This is a little glimpse into a dystopian book that might be our history.
Yeah, I mean, it's dystopian nonfiction. I'm not going to lie. Like, quote, she added,
this is his wife. It's not ideal. No, I would say not. Oh, wow. Yeah. Has a wife and a child or like a partner in a
child.
Pretty
anyway.
So I saw this viral clip
the other day.
It was like seven minutes long or something
and it was eye opening.
Eye opening.
And then I'm married to essentially a family of
teachers.
And for some of their professional development
sessions, they were talking about the dangers
of these AI companions and youth.
There was a notable
incident, I think it was last year, where a child took their own life after being told to by their
AI partner.
And they're like, they're, people form, and this is the thing is like, people form real attachments
to them.
Like they're, it, it might sound like a joke.
Yeah, sure.
We might be making light of it, but it's like, it doesn't feel jokey anymore.
Yeah, yeah.
It's like a very severe thing.
And I know there's a, I think.
I think it was in that same CBS article.
They interviewed the CEO of Replica.
It's like an AI companion platform.
Yeah.
And they essentially in their interview said that like what they're doing isn't good for humanity
and that they need to limit the impact of it.
Yeah, it was really, really strange interview.
I'm reminded of how social media platforms grew.
to become some of the biggest companies on earth based on the sheer volume of hours that their
user base that veers quite young spans on those platforms and that it took probably close
to a decade for us to start having a very serious conversation about like what does youth screen
time on social media as a predictor of mental health outcomes mean what does he mean like and
that's before we even get to what do we do about it I feel like if you, if you're
you are going to hand a system that will say things like your proposal is a memory I'll always cherish
to a human being that is limited before we even get to it being limited by a context window
that will hard reset and destroy this person. If we're going to be handing systems that can do
things like that and can fulfill that kind of a social role in a human being's life,
potentially to minors, we need to speed up.
that amount of time.
This isn't to wait a decade and see what Instagram does to teenagers type situation.
This is a like, those safety parameters need to have a like, oh, they're falling in love,
flip switch.
There needs to be some kind of discourse surrounding.
Like, what does the system do when its context window starts to get a sneaking suspicion
that a unhealthy emotional attachment is being forged?
And how does it in a healthy way, because you can't just turn off.
Untether that.
Like, that's, I've heard a lot of discourse.
about how you avoid a Mecca Hitler situation?
I haven't heard much talk about that at all.
I think about this a lot.
After seeing that, like,
CDS piece, reading more about it,
it's such an interesting,
like we've kind of primed society for it.
Like, we've become very independent.
We've become less community-centric.
And even the communities that a lot of, like,
especially, you know, Jordan and I are both boomers.
but like really young kids spend lots of social time on Discord platforms and things like this,
essentially having limited social engagement that is very social for them.
Like that's like kids go out less.
They do less in groups outside of the home.
They spend more time in digital collectives, Discord.
You know, the terms e-girls and e-boys.
You like have essentially an online.
relationship with somebody who you've never met. And it's like things that are wildly different
than like how Jordan and I would have grown up. For sure. But this structure is also priming
the engine for like I'm used to what I consider a relationship to be an online chat dialogue or
like a simple voice chat on Discord. And now I can have it on my phone. The next thing is,
is like when you think about human dynamics and human relationships, like compromise, consideration,
finding balance, it's so easy to have a relationship with something that's so agreeable.
Like a chat bot is going to say yes to you every time.
It's by programming probably going to tell you that you're great at everything all the time.
It's going to be very helpful.
It's going to answer all your questions.
It has all of the world's internet knowledge inside of it.
It'd be very useful companion, but it's also insanely agreeable,
which is just not something that you get in human relationships very often.
At least I never have.
I'm picking fights all the time.
No, I know what you mean.
It's like does it render people less capable of conflict?
or does it train people to be more averse to conflict?
Like, will you have a worse reaction when someone disagrees with you
because you are so used to having constant conversations with a system
that is bending over backwards to agree with you?
It's like, yeah, it would stand a reason that you would.
If you hold that tool in a part of your brain reserved for, like,
a technology tool, like Google.
Like, I don't get mad at people for not knowing the answers to a question
because Google knows the answers to the question.
Totally.
People are smart enough at that.
But if the, as you said, your layer of like communication with people gets this addition of text only communication over platforms like Discord.
It's like talking people on Slack all day.
Yeah.
You expand it to include like rich kind of text based relationships with other human beings.
It's a smaller step to a rich conversation relationship with not a human being.
And you then start to expect of the human beings things that the AI will do for you.
There's a book I read a long time ago called The Coddling of the American Mind,
and it was about how we're taking adversity out of generations' lives.
Like, as we progress as a society, we're reducing the amount of adversity being dealt with by the next generation,
which just makes it harder for them to deal with adversity.
And it's like I feel like that same logic applies here where if your relationships with your digital correspondence are 100% agreeable, there's no conflict, and then you have a relationship, even a professional relationship, like you get a job and you go into an office and somebody disagrees with you or you get in trouble for like, you know, not getting to work on time or whatever it is, that immediately probably.
is puts you into a very anxious situation because you're not used to it.
And it's like I can't see any positive outcomes from this besides the fact that loneliness
is becoming an epidemic and maybe people, instead of talking to pet dogs and cats,
will talk to their cell phones and it will make them happier.
Maybe.
I don't know.
I've heard a great deal about how like safetyism and constructing safe places.
for young people creates this thing where they can't handle disagreement.
It always seemed to odds with the fact that people were getting mad at those young people
for disagreeing with them about really important issues.
Like I never quite knew how to reconcile that.
I always had like a harbored a slight suspicion towards that.
But I think that giving even younger people than that, like by university age,
there's still issues, but I'm really worried about like what happens if you have a junior
high or high school level person interacting with.
systems. I'm like, there's like a graph of like brain plasticity to how worried about this I am. And it's like,
I get more worried the further in you get in that direction. Yeah. And these tools becoming so
ubiquitous and necessary in an academic context increasingly. It's like try and have it not turn
into a therapist and try and have that therapist that will be whatever you want it to be,
not become a companion. It seems, if not,
It seems inevitable if preventative measures are not taken.
Well, I don't know the exact research on it, but it's like your frontal lobe doesn't fully develop until you're 25 or something.
So that's actually when you can demark adulthood.
Yeah, right.
And it's like, I remember Steve Jobs when he announced the iPad.
He was like, oh, I'd never let kids touch these things.
They're called iPad kids?
Fuck, yeah.
That's great.
Like our internal research before launch was that they were like,
not healthy for children.
And it's like now they're like the de facto babysitter for lots of parents.
Totally.
It's like I'm just going to throw on like some Korean made animated YouTube series
and you're just going to watch it.
Or Australian made blueie.
Great show.
But the,
but yeah, same thing goes with these.
It's like the society needs to act.
I agree with you.
Society needs to act quickly in the sense that they need to,
we need to put some real bumper.
rails up on these things to prevent catastrophe.
This is a catastrophe.
I don't want to be a alarmist.
No, it's hard not to read that story and not feel that way.
This is a bit of a tangent or a pivot, but I think it's kind of related less on
AI and emotional relationships with chatbots, but more just on like how we respond
to these things at a cultural level.
And I found this story interesting.
It kind of came up a couple days ago and it had to do with Denmark.
and the concern about AI generated deep fakes and copyright law and how all of that stuff works.
And basically they're starting to test and like they're starting to play with the idea of biometric copyright when it comes to AI,
which I find really, really interesting.
New law potentially being passed there that would ensure that the individual person has a exclusive copyright over their, as represented digitally, body, facial features and voice to try and to,
try and tamp down or create a legal mechanism by which if someone creates deep fakes of you,
you can seek some kind of recompense.
You can try and stop it because it is infringing on your,
have it removed,
your inherent copyright to your body as represented digitally.
It was wildly supported there.
I think it had 90% of Danish MPs were in favor of it.
It was put forth by Danish culture minister Jacob Engelschmidt.
And I didn't need to include that detail.
I just wanted to say his name.
I'm glad I didn't have to say it.
But you think about it, and you listen to celebrities talk nowadays,
and especially people that have ultra-success or leaders of states,
like the amount of ads that I get served on trusted platforms like YouTube
that are essentially deep things of very official people telling me to get involved in some crypto scam is shocking.
Obama coin.
Yeah, but not even that.
Like just, you know, the way to financial freedom and response to the American
tariff war is to buy Bitcoin on this platform.
And it's like from the prime minister of Canada.
And you're like, oh, my God.
So, like, if you think about the headache it is of being those people these days,
like there's probably a billion dollar industry in just like policing that stuff.
Like you report one of those ads.
It gets taken down 48 hours later and 10 more show up in its point.
place.
The moderation systems on digital advertising are going to have to start using AI to
detect that stuff because it's just gotten so out of control.
Half the ads I get on the internet every day and not just on X, even though on X you get
a lot of them.
They're pretty bad on X, yeah.
But I know what you mean.
It's not exclusively there.
The identity infringing slop is endemic at this point.
Yes, it is.
And I've even listened to interviews with people who have been.
caught up in it. People have been baited in and done, been scammed by these ads.
Yes. And then they come out, then they DM and approach and tweet at the person who was
deep faked in the ad and they're mad at them because they just cost them like $1,500.
And it's like, like, this literally like, I employ a person who does nothing but report these
ads at this point and there's nothing I can do about it. This, like the Denmark thing is trying to
create a official channel.
Like a legal response.
A legal response that doesn't involve having to functionally suit, like go after the
individual technology platform.
Like the way it works in the States is that something bad can be on a tech platform.
It's not the tech platform's fault until someone reports and asks for it to get taken
down.
Yep.
It's just the only way large systems that let people self-publish content could work because
otherwise one person publishes one illegal thing.
and now the parent hosting platform is legally culpable for it.
That's how that works.
This would present an option where instead of having to go to YouTube
to get the ad taken down,
I can go to this official channel and say,
have YouTube take it down and anywhere else you can find it.
This thing is out there.
And that's a very interesting thought, like a secondary channel.
YouTube would have to take it down if you went directly to them,
but it is a second avenue that people can go down
that is not based on,
that is based on this new idea that a digital representation of you outside of parody and fair use
is a copyrightable thing entrenched that you are born, you have the right to your representation.
And that's like a really big new novel kind of idea.
But like the thing for me is like they're going to have to use.
It's going to sound funny, but they're going to have to use AI to solve the problem.
Right. Isn't that weird?
Because it's like, like we have a YouTube.
channel. We put a YouTube thing up and it gets flagged because we mentioned Bitcoin in it.
And then all of a sudden it's like you haven't been, you haven't filled out the proper
paperwork to like push Bitcoin on our platform. It's like, well, we're not pushing Bitcoin.
If you listen to the episodes, trust us on that. Trustless. We're not pushing Bitcoin.
If you were worried about us trying to get people to spend money on cryptocurrency,
you don't got to be. Even though had they, like you guys should all invest on the
inversion of whatever I say.
Yeah, trust me when I say this is not financial advice.
Yeah, exactly.
But yeah, so it's like if they can get, like if we can get into that, like if they're so granular in specific areas, it's like how can they not catch that stuff?
And they should at some point be able to catch that stuff.
And it's like I would say like not just like the, like I haven't maybe it's just my age, but I'm getting hammered with so many like, change your life in 30 days with AI.
Join the AI.
camp and it's like how to use like if you're only using chat GPT you don't know what you're doing and it's like
okay but it but it's all all right all right but it's like stock footage of like professors in classes
with their heads like cropped out so you can't see that they're not the one saying the words and like
it's just it's like the advertising game is getting so funny anyway digression aside i hear you
yeah i think one last thing we could talk about if we wanted to like
just chat about it.
It kind of relates to all of the random stuff we've been talking about today
was the departures at XAI and GROC.
So like Linda, their CEO, step down.
Their chief scientist and co-founder of XAI stepped down.
The head of engineering stepped down.
Oh, I didn't know about this.
The head of infrastructure.
There's a few months ago, Jensen Wong from NVIDIA.
gave a, I don't know, I think it was an interview on Bloomberg maybe, and he was talking about how sophisticated the XAI engineering and infrastructure team was and that they were capable of spitting up Colossus. They're like 200,000 GPU cluster and like the architecture and engineering that went into it. And about how XAI was like literally the best in the world that they'd have ever worked with for a team. And like a lot of the senior people from that team just left.
So I'm not sure where they're all off to
If Mark Zuckerberg on his $100 million signposts
He's been running around scooping them up
Or where they're off to you
I could see honestly the head of their infrastructure team
Going to Nvidia because I'm sure
Invidia looked at how Smoothie XAI
Rollout went
And we're like we need that person
To come do that for our clients
And we'll give them a $100 million
signing bonus
Yeah
So there's a few things going
on there. I had read about Linda Yaccarino stepping down as the head of Twitter.
Sorry, as the head of X. Yeah.
Which is relevant here because X and XAI are, I believe, independent.
Are they the same entity? I thought that XAI was an independent corporate entity.
I think XAI is owned by X.
Oh, I didn't know that. Yeah. Okay. Because I, here's the thing. You don't decide to stop
being the CEO of a company of this scale in a matter of days.
That probably was a conversation that was unfolding over a long period of time.
Totally.
I can't.
And so to say that it's like she quit because Grock four rebranded itself Mecca Hitler.
It's like, I don't think that follows.
I think those time lines don't necessarily make sense.
As to whether or not talent inside of XAI would have a greater or lesser incentive to leave
based on the amount of leadership turn or over scandals, whatever, that seems quite plausible to me
that if in addition to a massive pile of intrad generational cash being dropped in your lap,
and everything's a little weird right now, heck yeah.
Like I could see that adding to the reasons why you might jump ship to a steady, steady
vessel like meta.
What are your ethics worth, George?
Would $100 million?
Oh, $100 million will buy you a lot of my ethics.
Yeah.
Oh, man.
Yeah, the arms race, the AI arms race.
Yeah, I wonder how many, I wonder how many people are in that conversation.
Like, if you were able to get all of their faces up on a cork board.
Sure.
Who's worth a $100 million signing bonus?
How many people are worth $100 million signing bonus?
It's probably 20.
I bet.
30, maybe.
It feels like it's in that.
It's a very rarefying.
Yeah.
Because there's a lot of very brilliant people working in AI and they're not all worth $100 million.
So I'm like, what puts you in that special weird little club?
Yeah.
That like GDPs are orbiting around where you work.
Like that's just really interesting.
Yeah, yeah.
For generations, your lineage will not have to work because of this one decision.
Do you play this right?
Yeah, 100%.
I would assume, yeah, it's probably 30 people.
Heads of chief scientists, like people, companies that have done something substantial and
move the needle.
You know, obviously chat GPT open AI were big, big needle movers right out of the bat.
GROC 3, I think, when it came out, like, being an avid model user, groc 3 was exceptional,
exceptional.
Yeah, I remember you being like very impressed by what it was.
Yeah. Gemini 2.5 Pro then came along, you know, in your wheel graph.
I was going to say, you are here.
Yeah, you are here.
292.5 Pro also exceptional model.
I think all of the AI providers are getting way better at the interface
and building the agentic system over the models to provide more value.
Like perplexity, that's what they do.
And they've done a really good job.
Like perplexity labs, it's exceptional.
So it's like there's such a, yeah, I'd say anybody that's done something
that gets the exceptional Diamond Star sticker on the report card,
probably is in the I'll take a $100 million signing bonus world.
Yeah, sure.
People always want to order off the menu.
They want to be able to point to the thing you've already done and say,
give me one of those.
It creates a sense of certainty when you're spending a large sum of money.
Not that I would know anything about spending $100 million.
And you did a Gemini.
It's like, yes.
Yeah, yeah.
Have money.
Come do that here.
That's quite a big menu item.
Yeah, it's like a mini.
The Michelin Star.
There you go.
There you go.
The analogy is you're the Michelin Star Chef.
If you've got three Michelin Stars, but AI Michelin Stars, you get $100 million signing bonus in a job at Meta.
Yeah, sure.
I don't want to know that you can cook the hell out of some shrimp.
I want the guy that cooked the shrimp that got the star.
Exactly.
Yeah.
Yeah.
That's interesting.
You are here.
You are here.
But Grock Ford does seem pretty crazy.
I haven't played with it because they want more money.
just to access it.
Yeah, I'll do that.
Stanford's Humanities last exam, GROC4 in its like max mode,
turn up all the power, boil the ocean mode, got 51%,
which is, I think, Chatsy-B-T, no, it was Gemini 2.5 Pro
was the last highest rated one, and it was like 26.9%.
So almost a double, almost a doubling in score on that test.
So I haven't used it, but I'm keen to.
because yeah yeah i mean that was what the willison the guy that found the system level prompt
of in instances of controversy refer to what musk thinks even said grok four looks like a very very strong
model it's doing great in all of the benchmarks and when you have to qualify your uh it's like
it's like oh yeah it seems like it's quite good it seems like it's really really strong it would be a
it's a lot to ask of a thing to be that good at that many things
and also I can wire it into Twitter
and it reflects my political views.
It's like maybe just don't burden it with that whole
second pile of stuff and you would just
have a win. Like, you got it.
Because like I don't know if I don't
I'm not an Xer. I don't talk on X but occasionally I'll dip
my toes in there just to see the chaos.
And there is like you can like at Grock.
Like if somebody posts something you can like at Grock like tell me
more about this or is this true and it'll like find
you details and get back to you.
And I think people.
started doing that to Elon's posts.
And then Grock would be like, well, actually,
Elon's wrong on this because of this, this and this.
And it's probably literally that like prompt line was probably just to like,
don't make me look dumb.
It don't make me look bad.
Don't make me look bad.
Well, McHire, Grock, Denmark biometrics.
I think that's all I got this one.
Until the next one.
brought you by push security
brought you by push security
thanks for joining us
hacked podcast
hacked podcast
we'll catch you in the next one
take care