Hard Fork - A.I. Safety Is So Back + Mythos Mayhem with Nikesh Arora + Hot Mess Express
Episode Date: May 15, 2026This week, between the president’s negotiations in China and a potential executive order, we discuss why the Trump administration seems to be changing its tune on A.I. safety. Then, Nikesh Arora, ch...ief executive of Palo Alto Networks, the largest cybersecurity company in the world, gives us a firsthand account of where we stand in the race to secure the internet. And finally, we run through some of the wildest headlines of the week in a round of Hot Mess Express. Guest: Nikesh Arora, chief executive and chairman of Palo Alto Networks. Additional Reading: White House Considers Vetting A.I. Models Before They Are Released Chief Executives to Accompany Trump to China Is Anthropic’s New A.I. Really That Scary? It Depends Whom You Ask. Venmo Finally Takes Privacy Seriously Amazon Staff Use A.I. Tool for Unnecessary Tasks to Inflate Usage Scores Graduates Boo Commencement Speech About A.I. Dua Lipa Files $15 Million Suit Against Samsung for Using Her Face to Sell TVs EBay Rejects GameStop’s $55 Billion Takeover Bid Shein, Temu Trade Blows as UK Trial Spotlights Supply Chains People Are Seriously Pissed That Grindr Outed Them With Its Latest Madonna Advert Sam Altman Testifies That Elon Musk Wanted Control of OpenAI We want to hear from you. Email us at hardfork@nytimes.com. Find “Hard Fork” on YouTube and TikTok. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify. You can also subscribe via your favorite podcast app here https://www.nytimes.com/activate-access/audio?source=podcatcher. For more podcasts and narrated articles, download The New York Times app at nytimes.com/app. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Transcript
Discussion (0)
Casey, will you record my audiobook for me?
Yes, I would love to, actually.
Okay, thanks.
Yeah, because I got the briefing yesterday on what this would entail for me.
They want 36 hours in the studio to record this audiobook.
That's wait, hold on, 8, 16, 24.
That's over four days worth.
That's four and a half days of recording.
That's like almost a full week.
I know.
Oh, my God.
I know.
But apparently people have, you know, a connection to us because of our voices.
So they didn't want me using like an AI clone.
to do it. It makes it. You know what? I really think that there would be a case that I should do this because it would force me to read your book. You know what I mean? Like put me like then I really can't get out of it. Like I'm on the hook to read this thing for real. And so that might be the best way to do it. You can insert your little like snotty wisecracks if you want like mystery science theater. Yeah, a little extra commentary on the side like oh I see we're using that transition again. Hmm. Oh boy. He really ended this whole thing.
thing with Time Will Tell.
I would have suggested a different direction.
Was this book edited?
No, wait, now I kind of actually want you to do it.
I'm Kevin Russo Tech columns at the New York Times.
I'm Casey Noon from Platformer.
And this is hard for it.
This week is AI safety back?
The Trump administration seems to be changing its tune.
Then Palo Alto Network CEO Nikesh Aurora joins us to discuss what's real and what's
hype in the freak out over Claude Mythos.
And finally, the...
The train has returned to the station.
It's the Hot Mess Express.
Buckle up.
People don't typically buckle a seatbelt on a train.
This is a very safe train.
All right.
Well, the big news this week is that President Trump headed to China with a cohort of American business executives to have a series of meetings about Chinese trade policy and AI and other things with Xi Jinping and other leading Chinese officials.
Now, is it true when they walked off the plane, a bunch of H-100s fell out of the plane?
the leg of Jensen Wong's pants.
I haven't heard that confirmed, but I'll look into it.
Thank you.
I want to talk about this, but less through the lens of like sort of President Trump and
United States trade policy, then through this sort of larger shift that I think we've
both observed over the past week or so, which is that after several years of kind of
dismissing AI safety and dumer fearmongering about AI, the Trump administration, or at
least parts of the Trump administration, seem to be getting quite scared about what's
happening. Yes, and while this is something that I think was honestly inevitable, it still has been
jarring to see it happen because it seems like this administration has really turned on a dime when it
comes to this subject. Yeah, so let's talk about what's been going on and some of the data points
that support the idea that the Trump administration is sort of changing its AI posture, at least
has several different AI postures that it's considering. But first, let's do our AI disclosures.
I work for the New York Times, which is suing OpenAI, Microsoft, and Perplexity.
And my fiancé works at Anthropic.
So first, there was this executive order or rumored executive order that my colleagues at the New York Times reported on last week.
This would be a new executive order to create an AI working group that would bring together tech executives and government officials to potentially come up with new ways of overseeing or regulating AI.
One of the potential plans being discussed is a formal government review process for new AI models before they are.
released. So this is still ongoing. We still don't know exactly what the executive order will or
won't include, but we are expecting more news on that. Yes. And the reason that is notable, Kevin,
is that on President Trump's first day in office in his second term, he canceled President Biden's
executive order on AI, which among other things included this a very similar kind of review process
for new frontier AI models, right? Like the Biden people were very
confident that we would one day get models that could be used to commit great harm. And so they wanted
to get a handle on that before those models were released. And when Biden did that, many Republicans were
saying, this is anti-innovation, you're going to make us lose to China. Well, well, well, now the shoe is
on the other foot and they're saying, hey, slow down. Don't release those things quite so fast.
It's so remarkable how fast the Overton window has shifted on this idea. I mean, as you just said,
like during the Biden administration, during the SB 1047 fight here in California over this proposed AI bill,
people in tech and on the tech right and sort of among the more libertarian crowd were incensed about the idea that the government might ask them to do pre-release testing of their models that they then submit the results of to the government.
They called this, you know, communist.
They were sort of implying this would be kind of the end of free.
enterprise as we know it. And now just a couple of years later, they are reportedly considering doing
something similar. So what do you think happened here? Well, I think that basically, to use a phrase
you sometimes like to use, like the Trump administration's view of AI just did not survive contact with
reality, right? And that in a word, what has changed here is mythos, the model that Anthropic now
has released in a preview to a very small group that includes now many federal agencies. This model is
very good, apparently, at finding novel vulnerabilities in code that can be used to create exploits.
And that appears to be true across many, many, many programs. And so the administration, I think,
took a look at this and the serious people over there said, look, whatever your views may be about,
you know, free trade and the threat of losing to China, like, we have a model right now that if it
were just sort of unleashed on the public could just create vast amounts of harm. And I think, to their
credit, the Trump administration said, okay, then what would be a policy to prevent harm from happening?
Yes, Mythos is the proximate cause here for a lot of this, but I think it's also worth talking about
the various factions within the Trump administration that appear to be battling over control of this new
AI regulatory push. There appears to be a terfoor breaking out between the Center for AI Standards and
innovation, or Casey. Shout to Casey. Which is formerly, formerly,
known as the U.S. AI Safety Institute. This was a group within the Commerce Department that was set up under the Biden administration. The Trump administration came in and basically they didn't like that this was what they considered sort of a bunch of Dumers. So they sort of made some changes, including to the name. But this is a group of AI researchers and safety experts who work in the Commerce Department, who want to be involved in vetting new models. And there is just something so funny about these people coming in and saying AI safety is such a stupid idea that we have to
remove safety from the name of this institute, and then one year later be like, well,
AI safety is really going to be a focus for us from now on. Yeah, so there are some people who
believe that the vetting of frontier models should take place in the intelligence community
among like the NSA and various other organizations. So there's some turf war there. There's
also just like this interesting kind of posture war over like whether the kind of let it rip
approach to AI development, or as former AISR, David Sacks, put it the Let Them Cook philosophy of
laissez-faire regulation and this more sort of hawkish safety-oriented faction within the Republican Party
that does see these models as a big threat and wants to take steps to reel them in.
Right. So do we know at this point who seems to be winning that battle? And do you think it matters
to the average person, which side gains the upper hand?
I do. I think there's obviously going to be some back and forth. We'll see when this executive order comes out, like, what they do about the testing requirements and where they locate that. If it's like, we're going to let the NSA do this or we're going to let Casey do this. I think that all might matter a little bit. But I think the general posture of the administration changing from AI safety is ridiculous and these doomers are using hyped up fears to enact regulatory capture.
is very different from what we are seeing now, which is, oh, wait, these models are very powerful
and we don't want our adversaries to get access to them. But we should also say it is entirely
confused and incoherent right now at the level of the federal government. Because on one level,
you have President Trump inviting Jensen Huang of Nvidia onto Air Force One to fly with him to
China to try to make a deal to presumably open up the export of Nvidia's most powerful AI.
chips to China, while at the same time you have other high-ranking government officials saying,
we need to institute some kind of safety regime because these models are potentially very dangerous.
Yes, and nowhere is that schism more apparent than in the Pentagon, Kevin, where on one hand,
the Pentagon has designated Anthropic as a supply chain risk because it refused to amend its contract
to enable any, quote, lawful use of its technology, as we talked about on the show for a few months.
that designation. The Pentagon is still arguing for in court. But at the same time, we learned that this week, during the period where the Pentagon is supposed to be unwinding all of Anthropics technology from the Pentagon, the Pentagon is also implementing mythos and using it to try to scan for vulnerabilities. It's truly wild.
I want to be in the meeting where the person who has to remove Anthropic from the Pentagon sits down with the person who's installing Anthropic into the Pentagon and just sort of,
hear what those talks are like.
Yeah.
So aside from the obvious sort of incoherence and maybe hypocrisy of these conflicting positions,
like which side do you think is going to come out on top here?
Well, obviously, I'm always going to side with Casey.
You know, Casey is a great agency, great people over there.
And I mean, honestly, like, they were just set up to do this exact thing, right?
Like, when it was established under President Biden, the idea was,
these models are getting better.
Pretty soon they're going to be dangerous.
we need to have a way of evaluating them before they are released.
And frankly, they've just sort of like hired a lot of people who I think ordinarily might not work in a Trump administration,
but felt like this is so important that I'm going to swallow hard and go over there and try to, you know,
serve my country by protecting us from the worst things that AI can do.
And so to me, like, that seems like they would be very well set up to do this kind of work.
Where I think we still just have an obvious gap, though, Kevin, is it's not entirely clear to me what is supposed to happen in the case,
when a company like Anthropic comes up with a model that is too dangerous to release
in the view of something like Casey, but wants to release it anyway.
And I assume we are just going to get there.
Like sometime within the next six months, one of these companies is going to say,
yeah, it's risky, but, you know, we think it's sort of fine to put out there.
We have, like, business imperatives.
We're going to talk ourselves into it.
And, like, then what happens?
Yeah.
I mean, it's also just so clearly unfortunate that the issue of AI safety has become polarized
in the way that it did over the past couple of years.
years that sort of caring about safety, talking about safety, became sort of like vaguely woke
coded and people in the Trump administration thought it was like a bunch of hysterical liberals
using fears of AI to like get heavy-handed regulation into place. Like I don't think that was ever
true, but I think it has become especially untrue now when you have very senior people in
the Republican Party talking about how we need to restrain these systems. So it's just, it's
frustrating because I think you and I both saw, like, this technology is real. It's going to get,
you know, even more powerful than it is. And at that point, it's not going to matter whether you're a
Republican or a Democrat. Like, you do not want this stuff falling into the hands of our adversaries.
True, but I think the Trump administration was always out on a limb here in a really weird way.
Like, we have talked a lot recently about what the surveys show when it comes to the public
opinion of AI in America. Republicans and Democrats are, like, largely aligned in being, like, deeply
skeptical of it and even
outright hating it.
And that's why you see so many
Republican state legislators trying to
pass laws to reign in
AI. You did not have to convince
Republican state legislatures that AI
was dangerous and needed to be regulated.
They were racing to do it. And the Trump
administration has had to put a lot of energy into trying
to pass a moratorium so that it can
preserve its sort of all gas, no brakes
approach to AI. So what I think happened here
was that there was basically like a
minority of Republicans that
happened to be running the country that said, let the labs do whatever they want. And then Mythos comes
out and the bill comes due and they sort of have their pants down and they have to change their tune.
Just to sort of throw a lot of metaphors in there.
Pants, tunes. Oh, I'll come up with more. Don't worry. We're getting there.
One other thing here is that you are starting to see the issue of catastrophic or existential risk
floating up and percolating on the right. This is something that people like Bernie Sanders have now
been talking about on the left for a couple of months. But on Tuesday of this week, Ted Cruz was
talking about catastrophic risk and the need to protect against it. So I just think that the
improvement of these models and the fact that they are so clearly useful for dangerous things
like cyber attacks is going to scramble some of the usual partisan allegiances here. Yeah,
I mean, look, the idea that a large language model might eventually get so good that it could
like break into your computer and wreak havoc.
Like that was not a liberal view.
Like that was just a view grounded in an observation of like the rate of improvement in the
model.
In truth, I am glad that they are reversing course on this.
And they're doing it before we've had a massive catastrophe.
Maybe an asterisk there though, which is I truly feel like every single day for the
past week I've seen news of a major cyber attack.
And increasingly we're getting word that these may have had AI systems involved in
identifying these vulnerabilities.
Yeah, so there may be a catastrophe unfolding under our noses.
We just don't know about it yet.
Yeah, stay tuned for next week's episode.
I want to talk a little bit about this China trip and what, if anything, we think that has to do with AI regulations.
So there was some reporting in the Wall Street Journal last week that both the U.S. and China have been considering a series of official discussions around AI.
We know that AI is on the agenda for President Trump's meetings with Xi and China this week.
And we also know that China has.
has been looking to get access to mythos.
There was a great story recently in The Times
that talked about the fact that a representative
from a Chinese think tank approached anthropic officials
at a meeting in Singapore last month
to basically lobby them to open this model up to China.
And we want to give them the Hard Fork Hutzpah Award
for shooting your shot.
If you work at a Chinese think tank
and you think Dario Amadee was about to hand you mytho,
like that is truly, like, I aspire to your level of self-confidence.
Listen, you miss 100% of the shot.
shots you don't take. So along with Jensen Huang, who finagled a last-minute invite on Air Force
1 after there were news reports that he was not going to be going on this trip, Elon Musk,
Tim Cook, and Dina Powell McCormick from META are also on the trip with Trump. What's going on
here? And how would you characterize the blunt rotation among those tech executives?
You know, I mean, this is a group of executives that are aligned with the Trump administration,
and they have all found in various ways that the more time you spend flattering President Trump,
the more like tax breaks and other forms of relief your company gets.
So, I mean, you know, this is exactly what we talked about expecting Tim Cook to do once he announced
that he'd be stepping down as CEO is, you know, you're just kind of like a Trump whisperer
and you follow him around and you say, you know, go President Trump.
and also please give Apple what we want.
So, you know, meta, Apple and Nvidia
have all had huge success with this administration,
and now as their reward,
they get to be photographed
with the president flying around China.
Yeah, I think, like,
I am just very unsure where all of this settles out
because I can imagine, you know,
Trump wanting to go to China
and make a bunch of deals,
and obviously Jensen Huang and NVIDIA
want to be able to sell their chips in China.
And so I can see them on one hand,
like giving some kind of expanded access
to Chinese AI companies
to get these American.
American chips, but then I can also see them not wanting China to get access to models like
mythos. So I just, I don't know how that resolves. And I see it as basically inherently contradictory
that you want to give China or sell China the means to make its own mythos caliber models
while at the same time trying to block them from getting access to the one that we have today.
This is where it would be helpful to have a coherent strategy, but we don't, right? It's like
the same administration that is like installing and uninstalling anthropic at the same time
is kind of having a similar level of confusion over in China,
where it seems like the administration is just like highly susceptible to like blowing
wherever the wind is today.
Yeah.
I mean, I am generally not all that optimistic about the government's ability to regulate technology
in a way that is timely and relevant.
And I hope I'm wrong here, but I just, I think that we will see this sort of,
of incoherence and contradiction until there is like some big event that kind of forces everyone
to like sit up straight. I mean, my question is, will this be a case of the same AI safety-minded
people who were dismissed for the past couple years by the Trump administration be proven right
again in the future when it turns out that China did use access to American technology
to build mythos or better level models? And will there be any regrets, you know, that we sort of
paved the way for them to do that. I mean, you know, I don't think it's unlikely.
Yeah. It's interesting, though. Like, I had a conversation with a federal official recently,
like, in the last couple of weeks where this person was basically telling me that AI is just a
normal technology, sort of taking the line that we've heard again and again from the people
who don't want to regulate this stuff, saying, like, this is just the internet, this is just the
PC. It's not some special technology that requires special rules. And that position has just
become so untenable, to me at least, when you have models that are out there finding zero-day
exploits. Like, clearly, our military, our intelligence agencies, they don't think this is a normal
technology. They think it's more like a step change that requires them to, like, act in different
ways. So I am very curious what happens to the sort of AI's normal technology camp inside the Trump
administration as the technology continues to grow. They may change their arguments or they may not.
Like, that's the thing.
You just don't know how committed these people are to their view.
You don't.
We should also talk about some of the international reaction to Mythos
because it's not just China who wants into this thing.
Germany's digital affairs and cybersecurity agency are out this week
with a proposal for establishing their own version of something like the U.S. Casey.
They are also demanding access to state-of-the-art models like Mythos.
So it just seems like this model has sort of forced,
conversations around the world about who should have access to which models when,
should the public have access, should governments have access, which governments should have access.
It just seems like we are kind of like in a new era of AI brinksmanship.
For sure. And, you know, what I hope that we will see in the coming months is more and more
cooperation. Like the whole reason that we had that series of AI action summits over the past few
years was to try to get more cooperation among the Western powers with this stuff.
And then last year, the U.S. sort of came in and said, that's over. The U.S. is winning the AI race. And you can like it or learn to live with it, basically.
Right. And, you know, so it's no wonder to me that these other, you know, Western powers are seeking access to these models. And I think there's probably, honestly, a good case that they should get access to these models. Because when it comes to, you know, fixing every vulnerability on the Internet, I think we could probably use all the help we can get.
Yeah, and I remember that AI Action Summit.
I didn't go to the most recent one in India, but the one in Paris before that, I remember
it was just like, oh, we're just not going to talk about any of this.
Like, we're just not going to talk about the dangers that this technology might create
because we're so invested in this sort of accelerationist posture.
So how far we've come, and yet we are still in the very early endings of this.
Does it make you wonder what would have happened if the Trump administration had just
been listening to Hartforke a year ago?
Could they have saved themselves some trouble here?
It's possible.
So, Casey, the politics of AI and AI regulation are obviously shifting very quickly.
We may learn more this week after these meetings in China.
But, like, what is your take on what this latest burst of news signals about AI or AI regulations?
My take is this is a rare bit of good news when it comes to AI regulation, right?
Like, I am somebody who's been worried about AI safety for a long time.
And one of the main reasons I've been worried about it is that our government,
has seemed to have this feeling of like,
let's just see what happens.
Whereas to me, it seemed pretty obvious
what was going to happen.
Now we have arrived at that point.
We have a super powerful model.
And to their credit, the Trump administration is saying,
okay, it seems like we were wrong
about how capable these models were going to be.
Let's make some changes.
And do you think there's any way that this turns out to backfire?
I mean, I'm just remembering, like,
people wanting social media to be regulated.
And then when the Trump administration started doing things,
in the realm of social media,
it amounted to what you and I would consider
sort of censorship or at least
wanting to strong arm the social media companies
into doing their bidding.
So do you think there's, it's possible
that something similar happens with AI
where it's like we get the regulation,
but it's just the wrong kind
or this pre-release testing
is testing for the wrong kind of thing?
Yes, I am very sympathetic
to those who believe that this could amount
to a kind of prior restraint on free speech
and that there is the risk
that there are, you know, members of the Trump administration will effectively say,
you can't release that model not because it's actually dangerous, but just because it seems
woke and gay. And I think that we need to keep an eye out for that. And, you know,
potentially someone is going to need to sue over it. But when I look at how I want to balance those
things, for the moment, I would rather have an administration saying, uh, the crazy cyber model,
don't give that to everyone. Yeah. I think I'm landing at a pretty similar place where I'm like,
I'm a little worried that this regulatory push from the right is going to be confused and maybe too sudden,
and there's going to be some sort of overreaction that ends up with something more like the sort of censorship that you mentioned.
But I am glad that after many years of denying that this technology was important, that it would become as good as the people at the lab said,
that our government at least appears open to the idea that maybe they need to step in and do something here.
I'll take the little wins where I can get them.
That's what I'm saying.
When's the last time we talked about a win on this show?
Yeah.
When we come back, what is Claude Mythos doing to the world of cybersecurity?
We'll talk to Palo Alto Network's CEO, Nakashurora.
Well, Kevin, is it just me or every time you look at the tech news,
do you see some new cyber attack that seems to have befallen some company or another?
Yes, this is my experience of social media over the past two weeks.
I log in.
I see three posts from companies about how they've discovered more bugs in a 24-hour window than in the previous, you know, 80 years of their company's history.
And then everyone's reposting that with just like, it begins or it is over or hide your kids.
Yes, just to name a few of those, Mozilla was one of those companies saying that it had pushed 423 security bug fixes in April alone compared to an average of about 22 per month throughout 2025.
Google announced on Monday that for the first time ever,
its threat intelligence group had identified an attacker using a zero-day exploit
that the group believes was developed with AI.
So that's kind of a grim milestone.
And then if you're a student, perhaps you notice the cyber attack on the learning platform
Canvas last week, which forced the site down for several hours.
And the company behind Canvas, which is called Instructure,
had to negotiate a deal with hackers for the return and destruction of the stolen data.
So, you know, on when he...
And there are cyber attacks going on all the time.
But it does seem like some new inflection point has been reached.
And, of course, a reason that people think we might be seeing more of these is AI.
Yes.
So we have talked about Claude Mythos preview, the model that Anthropic did not release widely,
but released to a select group of companies and open source maintainers.
And today we're actually going to talk to someone who has used Mythos and who has been on the front lines of this frantic sprint
to secure the infrastructure of modern life.
Yes, our guest today is Nikesh Aurora.
Nikesh is the CEO and chairman of Palo Alto Networks,
the largest cybersecurity firm in the world,
which supports more than 70,000 customers,
including the vast majority of the Fortune 100.
And as you mentioned, Kevin, Palo Alto,
was among the organizations given early access to Claude Mythos,
as well as GPT 5.5 cyber.
Yes, and Nekche is one of the people,
I think, who is best positioned to see the effects
that these models are having on cybersecurity because they do work so broadly across industries.
They're also a big government contractor.
So I'm just really interested in what he thinks is different about this new class of models.
Yes.
And something I appreciate about Nikesh is that in an industry where there is a lot of hype,
because of course the more scared that a cybersecurity executive can make you,
the more likely you might be to buy their software,
Nikesh is somebody who I think tries to maintain an even keeled approach here
and not to ring alarm bells where none are needed.
But that said, I do think that he is quite concerned
about some of the things that he's saying.
Well, let's bring him in.
Nick Hasteroro, welcome to Hard Fork.
Well, thank you for having me.
I want to just start with your account
of what it feels like to run a major cybersecurity company right now.
Casey and I have talked with people at these companies
for many years, usually because something terrible has happened.
And I feel like the vibe we get is like,
this is the worst, most dangerous time ever in cybersecurity.
What is your subjective experience as someone who's been in this field for a long time?
I'm a little more perhaps relaxed than what you're trying to ascribe that people come here tell us is the worst moment.
Historically, what's happened is in the last seven years you've seen,
the time from somebody breaching an organization and being able to extract, well, say, crown jewels,
has been measured in days.
Unfortunately, with the emergence of AI, the arrivals of vast technologies,
that time frame has shrunk down to minutes.
And when that happens in minutes,
your defense systems have to be able to be activated
and defend yourself some minutes.
And fundamentally, the cybersecurity infrastructure
was designed for days.
Some parts of it are making it to seconds,
the good parts where you know how to stop them.
But we have to go basically over all the back infrastructure
to make sure it's AI ready
so we can fight AI with AI.
So you're seeing that.
You're seeing AI's out there.
You're seeing people like Anthropic launch models like Mythos.
You see an open AI do that.
it's 5.5 cyber, they're showing you the out of the possible from a bad actor perspective.
So we have to make sure we move as fast as them or faster perhaps to try and plug those holes,
make the infrastructure better.
So your company recently put out a report on some patches that you all have made to your own systems.
Yes.
You disclosed 26 critical exploits covering 75 issues, and you said that's against a typical baseline of under five.
meaning that they discovered like five times as many in a comparable period.
Five to seven times, yeah, depending here.
Yeah, so is that pretty standard for what kind of spike you all are seeing in exploits
or discovered exploits as a result of mythos and similar models?
So what we've discovered some of the newer models that have come out in the last few weeks,
perhaps a month or so, is BIA models are getting really good at coding.
Well, guess what?
As the models start to understand what good code looks like,
they also start developing and understanding what bad code looks like.
So if you point this model and say,
okay, now look through all this code repository I have
and find me bad code, it will.
And unfortunately, humans have been writing bad code for a very long time.
So on average, we'll find about one-fifth or one-seventh of what was found
in the last six weeks using these models.
Now, of course, remember, we ran a concerted effort to see what the models are going to find.
We had hundreds of engineers working on it to make sure we look under every rock,
run every product through it.
It's almost like that it's a great cleansing, right?
So there's a great cleansing moment.
We found seven times the volume that we would have normally found in a normal period.
It's not going to happen again, hopefully, because we have hopefully cleared out a whole bunch of the, let's call it, the tech debt or the vulnerability debt.
But I think a lot of organizations will have to go through this moment to understand how much of their code written in the past suffers from these vulnerabilities.
They'll have to do their own work.
They'll have to make sure that is fixed.
I think the challenge we're going to run into is most companies use a large corpus of open source.
And open source doesn't get bashed or remediated as quickly as your own proprietary code can.
The other thing we found very interestingly with Mitzos and other models is it's really good at daisy-chaining vulnerabilities.
And that's what needs to be sort of contended for.
I'm trying to get a sense of the scale of this issue because I feel like within the past few weeks, I've heard a lot of stories like the one you just described about your own company.
Mozilla has been publishing blog posts about discovering hundreds of bugs, you know, over a period where maybe previously they only would have discovered a couple of dozen.
My sense is that as more companies sort of like undertake this audit, they're going to find that they have similar problems.
So like what is the time scale that we might expect these kinds of issues to be fixed?
And is there enough time to fix particularly like critical infrastructure before our adversaries gain actually?
to similarly capable models?
That's a great question.
That's what should keep us up at night, right?
Because not every organization has resources to fix code that could have been written 20 years ago.
Now, the good news is that, you know, pretty much most of the cyber defenders have had access to the models.
They understand the scale and enormity of the problem to some degree.
I think what we have been able to do is we've been able to enlist the support of many of the system integrators in the world, like the IBMs,
the Pricewaterhouse, the Lloyds, the Accentures, et cetera,
who are all rallying to make sure they make resources available
to many of these customers to be able to patch these things.
But I think we are in the midst of sort of testing an interesting solve
where we can, once we know the vulnerabilities in an organization,
we can write signatures into our perimeter defense firewalls
to say, if you see somebody trying to go in this direction,
we know there's an unpatched piece of code behind it, block them.
So we can create a temporary scaffolding to let organizations have a little bit more time to go fix their vulnerabilities.
But it has to be done.
And the risk, like you rightly articulated, is that open source or nation states or third parties can start building models that are similar to what Anthropic or open AI have built.
And the risk is that they get there faster than the patches or have been enabled in many enterprises.
Yeah.
I want to understand a little bit more about the defense side of this now that you have access to this myth of.
model. There's been a lot
written about it. It's the subject of
much debate at the highest levels
of power. And I kind of
just want to ask, like, what is it like
to use it? Does it feel
different than using, like, Claude Co?
You know, like, if you've used another anthropic product, does it feel
kind of the same? Or just like, what does it like to use
Mythos? In the beginning, it was
not that
impactful.
Because when you're looking for a bad code, it's going to
find everything. Remember, I mean, it's 30% of false
positives. Right? So it's not like
always going to get the right thing, but unfortunately we've got to go test every one of them out
to see which is real. But what became more and more fascinating, the more context we gave it,
the better it became. What do you mean? Well, you showed a piece of code. It doesn't know what the
code is trying to achieve. Right. Right. So you have to give it context saying, well, this code
works. So you're not just pointing it and say, go, go test this firewall and tell me what you find.
You're actually like giving it some instructions beyond that. You have to give it context in terms of
what is the purpose of the code, what does it do, what is normal behavior supposed to look like?
then you have to give it more context
in terms of other threat research.
The models don't have all the threat research in the world.
We sit on hoards of threat data saying
this is how 10,000 attacks have been conducted
in the past five years, which is data we store, we hold,
because we write machine learning algorithms
to protect the instances.
So we say, oh, we're arming you with all the past known techniques
that have been used.
Can you see if some of those known techniques
can be applied in this scenario?
Effectly, you're giving all the human training of the past
to make sure that in the future
you can build defense against those techniques.
You mentioned using both Mythos and GPT 5.5 cyber.
I'm curious, like, in your mind, how comparable those models are?
Like, are they in the same class, or is one different than the other?
You know, the most fascinating part is that they both found different things,
which tells you that based on their grounding, their training,
whatever they've been used to train at,
one of them was better at certain things,
the other one is better as some other things.
But it just tells you that there is still a lot that's going to get found.
I mean, one thing that stuck out to me as I was reading some of your blog posts and your sort of postmortems about your experiments with mythos is like if a cybersecurity company is finding five to seven times more vulnerabilities using this model, like the average bank, the average insurance company.
To say nothing of Kevin's personal website.
My personal website. I mean, we're going to be looking at many multiples of that, right?
Or is it the case that everything is so centralized and runs through just a few platforms that, like,
The average institution is not as screwed as I think they are.
I wouldn't say the average is screwed.
I think, look, there's a lot of work that needs to be done.
It's not just good at finding vulnerabilities.
The other thing we also found as part of our testing,
it can even take a look at products you might be using,
perhaps to power your website, which you may have misconfigured.
That's not a vulnerability.
That's human error in the way you're using the product we've left the door open.
For example, many people will take products and saying,
ah, it's easier if this control pain of this product was accessible,
from home or from the internet so I could just go access to it from wherever I am and manage this
thing. Well, you should not leave control pains of most products in your company exposed to the
internet because if I can find it, other people can find it too. Right. When Mythos was first announced,
there were a lot of people who were very skeptical. They said, oh, this is just marketing hype
or Anthropic doesn't have the compute to serve this model, which is why they're only releasing
it to a select group of companies. A month or so later,
Do you still hear that kind of thing from people in your industry, that maybe this isn't the sort of apocalyptic moment that Anthropic and others have said?
Yeah, I look at it slightly from a longer term perspective.
I think what the Mitzvoss model showed is what the art of the possible is going to be in the future.
Once we are compute, unconstrained, or we have better models in the future which are trained better.
So it just sort of gave us a window into what's coming, I think which was very useful.
I think that's a bit of a, you know, it's a bit of a tough rap towards mythos that did this in purpose.
I think, remember, these companies, whether it's Open AI or Anthropic, they're sort of working their way trying to understand how to do this.
Both of them and Open AI want to do it right.
They want to do it so that AI is not used in a bad way, at least in this instance.
I think they were trying to do the right thing.
I think there's no easy solve to this.
I give them marks for trying to do the right thing.
and I think they sort of, they partly got a most of it right.
Some of it they fumbled on the way there, but I'm credit to both of them for trying to get it done right.
Speaking of how we fix this, so for decades, cybersecurity has operated using this sort of a 90-day responsible disclosure window.
I find something, I find a bug.
I sort of privately notify you, but in 90 days, you know, I'm going to go public with this,
so you better get your act together and fix it.
And companies often do take 90 days or longer to sort of implement those bug fix it.
So I read a blog post this week by a researcher named Hymanshu Anand who wrote that in his opinion, the 90-day responsible disclosure window is dead.
I also saw that in your own company's blog post last week, you guys said that within 25 minutes in an AI-assisted scenario, somebody could get initial access to a system and exfiltrate the data.
So do you agree that this 90-day window is dead?
And if so, what the heck do we do about it?
I think the principle of the 90-day window is to allow the owners of the product or the piece of software or piece of code to have enough time to investigate, to fix it, and make sure their customers are secured.
I think the 90-day window is going to shrink, as he has rightly articulated.
How much does it shrink still up for debate?
How long do we have?
Think about it for what we just did, right?
We announced this morning that we've batched almost 30 critical vulnerabilities.
We've known about these for two or three weeks.
We've had the time to go test it.
We had time to build patches, pretty much deployed everything that's available from a SaaS software perspective.
So challenge is not the SaaS software.
Right, SaaS software you can find, you can fix, you can deploy.
It's not a problem.
The challenge is when there's a laptop sitting in front of you, and I've got to go make sure you update your laptop because you're required to do something with it.
And I can tell you, he will go like six months without installing the mandatory updates.
I'm not even kidding.
Delay, delay, delay.
I mean, I am starting to see more of those just in my products.
and I'm getting more requests to update system software.
Is that mythos related?
No, seriously, I'm wondering to myself, every time I'm going to see it.
I'm like, oh, what did mythos find now?
So is like, are we starting to see as consumers evidence
that some of these systems are needing to be patched more frequently?
I think there is going to be, as I said,
there is going to be the cleansing of the vulnerability backlog
that has been built over the year.
So you will most likely experience in the next three to six months
if you're an enterprise,
you'll experience it in a lot more boxes that you buy.
You buy servers, you buy switches, you buy routers,
all those things where you have code lying on them
will have to be looked at
and will have to be bashed or upgraded over time.
So you're going to see some of that cleansing happen,
but hopefully you can power through it and get to the other side.
But it sounds like it is just a good time
to install those software updates when you get those.
Yes, I highly recommend you do that.
One persistent question about these kind of models
is whether they favor attackers or defenders.
So I guess I'm just going to put
that question to you.
Like, is this technology better for people who want to break into systems or people who want
to safeguard systems?
And if you had attackers and defenders with an equal model, who would win?
It's a great question.
The classic Batman versus Superman.
Remember, it's an unbalanced fight to start with.
We have to be right 100% of the time.
The bad guys can write it once.
So it's an uneven playing field from that perspective.
So the model, if you can find you five vulnerabilities, and you can exploit one of them,
is a win for them and a loss for us.
It doesn't matter if you protect you on the other four.
We don't get 80% grade for protecting the other four.
We get zero because it was able to find something breached.
So for now, the bad actor is most likely able to use it much better than the good people.
That's not a model constraint or model fault.
It's because the model doesn't protect.
Remember, the sensors we apply around your perimeter protect.
The sensor has to be smart enough to understand what the model is going to find.
And that's why the fact that we got this window of four to six weeks to test them to understand them,
we're busy building defense techniques to make sure that as this tsunami of AI-based attack starts to arrive,
we have enough defense capability, which is still powered by AI to give us a real-time response that we need.
Is there a sector of the economy that you're most worried about when it comes to cybersecurity and the new capabilities of the AI systems?
You know, the challenge always is the companies which use technology where their core business is 95% something else and the 5% part is technologies.
And you can take that to mean small businesses.
You can take that to mean sort of core industrial manufacturing output type businesses where they're not spending as much time thinking about the technology.
They're busy digging for gold or building infrastructure or something else.
Or hospitals that use technology.
So you're worried about the non-tech businesses.
that may not have as many resources
or as many engineers working out.
I'm not worried about financial institutions.
They have more engineers than I do.
They will go rally against it.
They'll put the resources to work,
and they've been protecting themselves for very long time.
They understand the implication of these things.
It's like, you know, poor doctor's office.
Remember that there was a breach that happened,
I think almost a year ago,
and I was slightly more of change health care,
which caused a whole bunch of the entire physician ecosystem
to come to a halt, and the physician didn't know what to do about it.
Yeah.
Hmm.
I mean, like, for the moment,
Like, do you sort of breathe a sigh of relief that these models are not generally available, or do you think they could be released and it wouldn't be that big of a deal?
Well, they have been released, right? Both Opus 4.7 cyber and Open AI's 5.5 have both been released with cyber capabilities and guardrails.
But not Mythos. But Mitos has another unique property, which perhaps goes towards a conversation about constraints, is that mitos runs in Ultramo. Ultra mode is a compute consumptive mode.
which allows the model to persist for much longer
than the flash mode that most models are released in.
So if you're...
It's just work for a lot longer,
spend a lot more compute.
That's right. That's right.
That's right.
Than other models.
The compute cost is from the persistence, perhaps,
not from the capability.
And the persistent allows the daisy chaining
to happen much more effectively, right?
Because it's trying different techniques,
trying to see which was most likely to work.
So that's what causes the daisy chaining to happen
in a more effective fashion.
So that's why...
So is it a good thing that, like,
the average person doesn't have access to that right now?
I think so.
I think every company should have a chance to be able to fix these things in the meantime.
But again, I don't know who the average person is in this case, right?
Is every company out there an average person, then they should have access to it?
Because they have to fix their stuff.
You mean, the average bad person?
Basically, I mean, I'm just like thinking about, you know, all of these cyber attacks
that we've seen just over the past couple of weeks.
And I'm assuming that they do not have access to a mythos level model.
And so I'm just asking myself, like, well, what if they did?
Yeah, what if they did that they'll find a way to,
attack companies are much faster.
Yeah.
Right.
I don't think the nature of the attacks change.
I don't think the nature of the outcomes change.
Most likely they will be used to leverage ransomware, perhaps cause economic harm if you're
looking at it from a nation state perspective.
I think the entire sort of fundamentals of how the bad actor industry works is not going to
change.
What it does change is the pace and the volume perhaps of attacks are going to be made possible
because of the availability of these models.
I want to talk a little bit about what, if anything, an average person can do here.
I myself am the subject of an ongoing fishing attack where...
Somebody almost like you.
I mean, I hope so, but basically almost every day,
somebody tries to get me to reset my ex-password from an email address
that has nothing to do with X.com,
and because I'm looking at my emails on the desktop,
that's very easy for me to see, and I'm not fooled, you know, congratulations.
That's me. I've been trying to steal your...
How could you?
But I also believe that within six months or a year,
one of those emails is going to come in,
And it's just going to look way more convincing, right?
It's just going to figure out a way to trick me.
And one of my frustrations with talking about cybersecurity in general is it tends to leave people with the sense of like, well, everything's really bad.
Sorry, good luck to you.
Usually we give people advice like create a strong password and use multifactor authentication.
That's right.
Is that good enough or do people need to update the playbook?
I think one of the things, my frustration has always been that if you think about it, we have much better cybersecurity solutions in the enterprise world.
than we do for the consumers.
For example, if you get a corporate email
and all the phishing attacks
who comes to your corporate email
or spam's company corporate email,
be pretty good at sussing these out
because the X email address
that you talk about that you're getting,
which is not actually X,
we see it in one custom world,
block it everywhere else.
Now, the problem is the consumer world
doesn't have any such gatekeepers,
right? It's because we're effectively
the gatekeepers of enterprise,
but consumer world doesn't have gatekeeper.
The consumer gatekeepers are the email providers.
The consumer gatekeepers are the telecom network,
So it gives us, you know, if you were getting an attack on your corporate mobile device and we were sitting in front of it, it won't happen.
But in our personal devices, we can all get spam, we can all get fished, we can all get all this stuff happen to us.
I think part of the frustration I have is that there are some consumer companies that need to implement better cyber controls for all of us consumers, which they're not.
Well, like any particular controls come to mind that you'd like to see out there?
Well, think about the email, right?
I mean, you're telling me, is it hard for the email provider to figure out that this is not an excellent?
email address.
Like, I'm, shit, there'd be these same guys are building AI, right?
These guys are building AI.
Just going to anticipate what we want and do it for us.
So somebody just need to pay attention to it.
That's sort of, I mean, for what it's worth, though, so, you know, this is like my paid
Google workspace for my work account.
And, like, you're absolutely right.
Like, it seems like a very simple classifier that Google makes to just be like,
hmm, this probably isn't coming from X.com.
How are your engineers feeling about all this?
I mean, I imagine they're working a lot these days.
Are they excited because there's this new tool, new set of tools available to them?
Are they stressed out because all of a sudden their workload just got five times bigger?
Like, what is the mood?
Yes.
All of it.
Look, I can think about it.
If you're a technologist, this is a phenomenal time to be doing this, right?
The amount of opportunity to learn, the amount of opportunity to understand.
Some of the people are fearful.
I'm like, how is this going to work?
And then you can find, I think, every emotion you can think of is probably,
in every engineering team out there.
We have 9,000 plus technical people.
I think it's not just the tool in front of us.
I think it's the uncertainty of what this holds
in the next two, three years.
I mean, people are seeing OpenClaw being deployed.
Now, OpenClaw is a scary thing
from a security perspective.
It's going to take all your permissions,
all your credentials, do all kinds of stuff for you,
but it's cool.
So the early adopters are doing cool shit.
I had dinner with somebody who came to my house.
I got OpenClau on my phone.
He's doing everything I've given her names called Zara.
and it's doing all the things I'm asking you to do.
And the guy said next to say, holy shit, that's a security nightmare.
You're worried about your ex-AI, ex, you know, pose to change a password.
You don't need to change a password.
Open clause is going to tweet on behalf because it's had a moment last night.
Totally.
Right?
Yeah.
Yeah.
And for all of my objectionable tweets over the years, I would like to just formally say that
was my open claw acting autonomously.
There we go.
So are you personally, like, running any of these insecure?
Like, are you running open claw?
Are you experimenting with this?
stuff just from like a, I need to understand the landscape perspective?
On a segregated device, which has no connection to many of my things, which makes it totally
useless, by the way.
You can't even book a meeting in my schedule because it does not have access to my schedule.
It can't respond to an email on my behalf because it doesn't have access to my email.
So I'm still sort of using it the old-fashioned way, which is I'm using Gemini and the
end of the other.
I did do that.
I took my earning script, sent to Gemini, and said, what do you think?
Two quarters ago it says, are you trying to hide something?
You're too enthusiastic.
You use the word momentum and excited too much more than you normally use.
I'm like, holy shit, that's not bad.
Tone it down.
Yeah, that's very funny.
Is it changing your hiring plans at all?
I mean, you employ thousands of cybersecurity engineers and researchers.
Yes.
You may need fewer those people in the future.
No, I need more.
I think this is the fallacy out there, right?
The fallacy is that organizations are going to get 30, 40, 50, 60% more productive
from a development perspective and a testing perspective,
so we need less people.
The problem is every technologist that you talk to
has a feature request list,
which is longer than their arm,
and typically people have product roadmaps
that are six to 12 months out.
Why is that?
Because they don't have enough people.
Or they cannot serialize something
because it takes a lot of effort to get it done.
So I think the first thing that's going to happen
is as we create more capacity,
we're going to try and fill the technological backlog
and try and make that work.
I do understand there are people out there, I'll call it, reshaping their technical organizations by creating capacities.
Everybody who's out there saying, I'm reducing my headcount by 7% or 15% or 20% which you're beginning to see recently.
I think they're just creating capacity.
They're saying that capacity allows me to hire more people and make room for people that I need who have the newer skill set.
They're not just spending that salary money on tokens instead.
Look, I think that the interesting part is I was saying this earlier.
I was speaking somewhere else.
And the part we don't realize that we're dealing with a tsunami of a desire to transform.
I think we're in a decade-long transformation of business ahead of us.
Imagine, like, you have a new technology.
My CFO would never come and say, I want to use AI to transform my team.
He wants to transform his team and see if he can do it much more efficiently, but he wants AI.
My head of HR wants AI because she wants to create an AI interviewer, an AI assessor,
instead of having humans do it.
So every function wants more AI to deploy.
The question is, where's the money going to come from?
It's probably going to come from efficiency in those teams, those functions.
So that's what's going to pay for the tokens.
I have to say, I don't think anyone wants to be interviewed by the AI assessor.
That's not a good vibe, you know?
I don't know.
Would you want to be interviewed for a job by an AI?
I think AI is most likely going to be better at assessing my domain skills than a human being.
Really?
Yes.
If you're trying to hire a good coder,
if you're trying to hire somebody who knows agentic air really well,
I mean, sitting and talk to them is not going to get me a better answer.
If they can sit in code and deploy open claw in front of them,
I'll literally have done that interview.
It's like, I said, well, I'm really conversant to the eye.
I'm like, really? That's cool.
What are you done for?
I was like, well, I built myself an agent.
I'm like, show me.
It's like, what do you mean?
I'm like, you don't zoom?
Show me.
They see this bizarre, like, you know, simplistic.
Like, oh, I got to make a shopping list from the recipe.
I'm like, dude.
It's an AI girlfriend.
It's like, actually, I shouldn't show you that.
Yeah.
So now we have an HR problem.
Well, Nikesh, thanks so much for coming in.
Really great to talk to you.
And good luck out there.
Fascinating.
Thank you, Kevin.
Please tell Mythos to spare our families in the coming up rising.
When we come back, it's time for the Hot Mess Express.
Well, Casey, we've got a train to catch today.
The Hot Mess Express is here.
The Hot Mess Express is, of course, our segment where we take a look at the various calamities,
befalling people in and around the tech industry, and at the end of discussing them decide what kind of mess was this?
What's pulling up to the station today?
Well, let's see what's first here on the tracks.
You just love the sound effect.
Our first story today comes from The Verge.
Oh, and this is truly the end of an era.
Venmo is starting to test a big redesign of its app, and is part of it.
of the changes, Kevin, it will be implementing a major new privacy feature. The onboarding
process for new users will set their posts to only be viewable by their friends by default
instead of being public. And this is very sad for me because for years now, every time I've
opened up Venmo to, you know, pay a friend, I've seen a recent transaction from someone I
hooked up with once in 2016. And the thought that other people aren't going to have that
experience makes me really sad. So, you know, as a note,
nosy person who loves to gossip, I am sad about this story because, you know, it was always fun to
see which of your random phone contacts had been paying their fractional share of the rent or back
for dinner. People put various joky things on their transactions, you know, illicit drug deal,
foreign arms trade, et cetera. And it's just sad that we won't get to experience that.
Yeah. Also, you know, the public by default Venmo transactions gave us many great stories over the years,
including Joe Biden's secret Venmo, which was a BuzzFeed story.
J.D. Vance had a public Venmo that Wired reported on.
Matt Gates's Venmo payments were part of a federal inquiry into his payments to women,
according to the New York Times.
So I guess all of us investigative reporters are going to have to find a new easy way of writing a story, Kevin.
Yeah, now the only baffling security breach from these apps is that Telegram still does notify you when one of your phone contact joins.
And I always love to screenshot that and send it to people and be like, crypto or drugs?
What is it this week?
The only two possible answers.
So what kind of mess is this Venbo mess?
This is unfortunately a cleanup, not a mess.
This used to be a very hot mess.
And now, you know, belatedly, it is getting cleaned up.
Fair enough.
RIP.
Let's see what else coming down the tracks.
Oh, well, this was interesting, Kevin.
And ties in closely to something that you've written about recently.
Amazon has started to widely deploy its in-house mesh claw product in recent weeks,
which allows employees to create AI agents that can connect a workplace software and carry out tasks on a user's behalf.
But some employees are saying that colleagues are using the software to automate additional unnecessary AI activity
to increase their consumption of tokens, which will then, of course, you know, make them look better to their bosses.
So did we see that one coming or what?
Yes. I believe you invokes Goodhart's Law about what happens when a target becomes a measure.
When a measure becomes a target, it ceases to become a good measure. When a measure becomes a target, it ceases to become a good measure.
Is, of course, Goodhart's Law. Thank you so much for that. Yes. And I imagine that at the famously frugal Amazon, they are loving this era of people just spending a bunch of random tokens to move up the leaderboard.
Here's the thing. I've talked to a lot of, you know, Amazon employees over the years.
tokens are the only thing at that company that is free.
You want to diet coke from the vending machine?
Get out your wallet.
Okay?
So these guys finally find something free and now they're getting in trouble.
Yeah.
The good news is they have unlimited tokens.
The bad news is they can only use them on mesh claw.
Yeah, I'm going to say that this is actually a hot mesh.
That's what kind of mess this is.
Very good.
All right.
Next up, Kevin.
This comes to us from 404 Media.
And boy, did I see this.
clip in about 14 different places over the past week. Students boo commencement speaker after she
calls AI, quote, the next industrial revolution. You see this one? Yes. Yes. So May 8th, commencement
speaker, Gloria Caulfield, who's the vice president of strategic alliances at Tavistock Group,
told graduates of the University of Central Florida's College of Arts and Humanities and Nicholson's
School of Communication that AI is the next industrial revolution. She was met with thousands of booing
graduates and someone in the crowd, Kevin, yelled.
AI sucks.
So what did you make of this commencement moment?
Here's my thing.
Students are allowed to feel however they want about AI.
But if you boo the commencement speaker for suggesting that AI is a big deal,
I want to see your chat to be history.
If you have used AI to write your exams to help you with your problem sets,
in any way for your academic work, you are not allowed to boo it at commencement.
That is my rule.
I don't know.
I think these students were fine to boo.
I mean, you know, Ms. Caulfield was, after all,
addressing the College of the Arts and Humanities,
who I'm guessing is probably not the group of students
at the university that are most excited to see AI come into their lives.
So here's the thing that I'll say that is sincere.
I think people are radically underestimating
how mobilized young people are against AI right now.
I see this every time I go to a college to talk to students,
there's like a small group of them who are like running open claws and very excited and like 80% of
them are like, I hate this.
Yeah.
So look, if you have to give a commencement speech within the next few months or a highly relatable
situation that many of our listeners will be in, now you know.
Yeah.
Careful how you talk about AI.
Yeah.
Okay.
Kevin, our next story comes to us from the good folks at Variety.
Duolipa has filed a $15 million lawsuit against Samsung for using her.
face to sell TVs. And this one is honestly pretty incredible. Samsung has apparently used
Dua Lipa's image on the cardboard packaging of its TVs starting last year. When Ms. Lepa
became aware of it, she demanded that the company stopped using her image and apparently, like,
could not get through to anyone at Samsung. So, Samsung finally responds on Monday and said,
this was all the fault of some third-party content partner. And Samsung said, we have a great respect for
is Lepa and the intellectual property of all artists, and they are actively seeking and remain
open to a constructive resolution with Miss Lepa's team. Well, it sounds like a constructive resolution
could be taking her face off the packaging and paying her $15 million. And I understand her
concern, because the thing that people always forget about Samsung products is that they do explode
when you least expect them. There was, of course, the famous series of explosions related to their
phones. So if I see my face on a Samsung TV, I'm thinking, I do not want to be the literal face
of an exploding piece of hardware. Yeah. What kind of
kind of mess is this?
This is a true hot mess because the TV could have exploded.
Yeah.
Now, you want to read one?
Okay.
Okay.
All right, this next one comes to us from our colleagues at the New York Times.
eBay rejects GameStop's $55 billion takeover bid.
Last week, GameStop offered $55 billion to eBay in an unsolicited takeover attempt.
According to some interviews, they appeared not to have $55 billion, which would put her
damper on their plans.
This week, eBay officially said no to the GameStop offer, calling it, quote, neither credible nor attractive.
Which is also what our last iTunes review of this podcast said.
And there you have it.
You know, this one is an interesting story from the world of what I like to call companies that I can't believe still exist.
I don't know what's happening on eBay.
I don't know what's happening at GameStop.
But what I do know is these companies probably don't belong together, Kevin.
Yeah, I find this fascinating because it is just like the internet-brained CEO of GameStop.
He's this guy Ryan Cohen who's like, you know, sort of rose to prominence during the meme stock mania of like 2020 and 2021.
And now you can just do whatever you want.
If you're the CEO of a company, you can just say, we're going to buy a company that's like five times bigger than us.
How?
Shame on you for asking.
I mean, is it unreasonable given their history to expect that they could have announced this?
and GameStop stock could have gone through the roof,
and all of a sudden they would have had $55 billion by eBay.
Yeah.
But that didn't happen.
Well, if they had done this deal in typical GameStop fashion,
they would have offered about half of what the market value for eBay was
because it's used and probably doesn't even work on your console anymore.
I like jokes that you'll only get if you have returned a video game to GameStop.
It's kind of a...
Listen, for our younger listeners, there used to be a time when you could walk
into GameStop with a box of old video games that you wanted to get rid of, and they would offer you
between 50 cents and $1 for each video game.
All right.
This is the sort of mess where we're explaining the joke.
Okay.
Okay.
So, we've got a few more items, Kevin.
So Sheehan and Timu are fighting it out in UK courts, Kevin, as Sheehan has accused Timo of, quote,
astonishing levels of copyright infringement.
And Timu accused Sheehan of waging, quote, an aggressive and relentless battle.
using copyright allegations to undermine competition.
This comes to us from Bloomberg,
and the whole trial revolves around thousands of photographs
that Sheehan says are from its website.
According to Sheehan's lawyers, Timu sold identical clothing items
using the same images and is seeking to piggyback
off Sheehan's own investment in building up its supply chain
and training and upskilling suppliers.
What do you make at this fight?
The fast fashion brands are fighting.
They're fighting.
There's no one I'm rooting for in this fight.
I've never bought an item of clothing from either of them.
But it is very funny that two of the brands who have made their sort of entire existence ripping off the clothing from more established purveyors are now fighting each other about which ones ripping off the other one.
Yeah, truly a situation where is there a way they both could lose and learn a hard lesson about intellectual property.
Yes.
We're rooting for them.
Next up!
Favorite story of the week, Kevin.
And I imagine you heard about this one.
people are seriously pissed that Grindr outed them with its latest Madonna advert.
Did this happen to you?
No.
Okay.
So this issue stems from the fact that Madonna has been doing this big campaign inside
of Grindr to promote her upcoming album Confessions on a Dance Floor 2, which is a concept
album about a 68-year-old woman who still wants to be at a nightclub like after midnight.
And she's advertising on Grindr.
And apparently over the past week, when you opened up Grindr, even if you had a
your phone volume turned off, you would hear a sound of Madonna saying loudly,
Hi, Grindr, it's mother.
No.
Which, first of all, it's grandmother.
Sorry.
Second of all, apparently, like, you know, people who are not out to their families
were opening Grindr at the dinner table, which, you know, you're already sort of putting
yourself in harm's way there, maybe.
But the last thing they expected was to have Madonna being like, hey, look at, look at this guy.
He's on Grindr right now.
So truly one of the most misconceived ad campaigns in recent history.
Wow.
Yeah.
That's so wild.
It's like if they put U2's songs of innocence on your phone, but it just outed you to your family.
Yeah.
The song was, you're gay.
That was the, that was the song.
Here's the thing.
This is a dangerous mess.
It is not always safe for people to be outed to people in their immediate surroundings.
So shame on Grindr, they really should have known better.
Yes.
Push notifications should be a little.
legal. All right, and one more, one more car coming down the train tracks here, Kevin.
This is from the Elon Open AI trial this week. Sam Altman was on the witness stand Tuesday
and testified that at one point, Elon thought he should run Open AI. Sam asked him,
hey, what do you think would happen to the company if you died? And according to Sam, Elon replied,
I haven't thought about it a ton, but maybe control should pass to my children?
Question mark, question mark. Question mark. So, what do you think?
think, do you, well, let me just ask it this way. Do you think we would be better off if OpenAI was a hereditary monarchy controlled by the Musk clan?
I do. I, that really is the idea. You know, we always talk about what is the ideal governance structure for AGI.
Yeah. I think we can all agree that it would be best if, you know, Elon's 27 children were involved somehow.
Yeah, or just, you know, I don't know, they pick one at random. You know, one is probably, I don't know, 11 years old and rides a skateboard around town.
And they're like, all right, kid, you run AGI now.
Best of luck.
So, yeah, that continues to be a legal mess.
Yeah, the whole trial has just been fascinating to me,
less because I care about the actual legal issue on trial.
And more because it has just produced all these amazing and incriminating files
from, like, the early days of Open AI,
including all of their texts and emails and messy dramas.
I live for it.
Yeah, I mean, look, it's very hard to run a successful company
without a lot of executives saying a bunch of really stupid things.
and writing them down.
Like, we just see it over and over again.
Yeah.
Yeah.
So let that be a lesson to us.
Yep.
Hot mess.
And that is it for the Hot Mess Express.
Thank you to all of this week's passengers,
and best of luck with your messes.
Try to stay on the right side of the tracks.
Hey, before we go, one request,
we want to hear what it's like for people who are undergoing
major career changes in response to AI.
So, for example, if you have recently,
left a computer or desk job to do something more manual like HVAC installation or tree trimming.
We would love to hear how it's going.
So anything in that realm, please send us an email.
We would love for you to share your story with our audience.
Our email, again, of course, is Hard Fork at ny times.com.
Tell us about your career shift and why you're making the change.
Hard Fork is produced by Whitney Jones and Rachel Cohn.
We're edited by Viren Pavich.
We're fact-checked by Caitlin Love.
Today's show was engineered by Chris Wood.
Original music by
Alicia Buketup, Rowan Nemistow, and Dan Powell.
Video production by Jake Nicol and Chris Schott.
You can watch this whole episode on YouTube at YouTube.com
slash hard fork.
Special thanks to Paula Schumann, Pue Wing Tam, and Dahlia Hadad.
You can email us at hardfork at nyatimps.com
with what you would do with Mythos if you could.