Odd Lots - Legendary Hacker Matt Suiche on Cyberwar in the Age of AI

Episode Date: March 12, 2026

We tend to think of warfare in two distinct arenas: the physical and the digital. Increasingly, however, those lines are blurring. Last week, Iran launched drone strikes on data centers in the UAE and... Bahrain. Israel has reportedly been hacking traffic lights in Tehran, and this week brought a suspected Iranian cyberattack on US medical device company Stryker, all underscoring long-held fears that hackers could take aim at vital physical infrastructure. On this episode, we speak with Matt Suiche, the legendary French hacker and founder of OnDB, a data infrastructure startup for agentic AI. We discuss what we know of Iran’s cyber capabilities, what digital warfare looks like today, and how AI is transforming coding and hacking. Read more:Stryker Remains Offline After Cyberattack Linked to Iran GroupGoogle to Provide Pentagon With AI Agents for Unclassified Work Only http://Bloomberg.com subscribers can get the Odd Lots newsletter in their inbox each week, plus unlimited access to the site and app. Subscribe at  bloomberg.com/subscriptions/oddlots Subscribe to the Odd Lots NewsletterJoin the conversation: discord.gg/oddlotsSee omnystudio.com/listener for privacy information.

Transcript
Discussion (0)
Starting point is 00:00:00 Thanks for listening to Odd Lots. Follow the show on Amazon Music for more future episodes or just ask, Alexa, play the Odd Lots podcast on Amazon Music. Today's show is brought to you by Vanguard. To all the financial advisors listening, let's talk bonds for a minute. Capturing value and fixed income is not easy. Bond markets are massive, murky, and let's be real. Lots of firms throw a couple flashy funds your way and call it a day. But not Vanguard. At Vanguard, institutional quality isn't a tagline. It's a commitment to your clients. We're talking top-grade products across the board of over 80 bond funds, actively managed by a 200-person global squad of sector specialists, analysts, and traders. These folks live and breathe fixed income. So if you're looking to give your clients consistent results year in and year out, go see the record for yourself at vanguard.com slash audio. That's vanguard.com slash audio. All investing is subject to risk vanguard marketing corporation distributor.
Starting point is 00:00:58 Life changes fast and one thing shouldn't. Your storage price. At XYZ Storage, lock in your rate for a full year with our industry-first locked-in pricing promotion. No surprises, no sudden increases, just secure, affordable storage you can count on. Whether you're storing a little or a lot, now's the time to make your move. Visit XYZ Storage.ca. Bloomberg Audio Studios. Podcasts, radio.
Starting point is 00:01:34 News. Hello and welcome to another episode of the Odd Thoughts podcast. I'm Tracy Allaway. And I'm Jill Wisenthall. Joe, you know I have some prepper tendencies. Yeah, does it? Slightly prepper tendencies? Preper adjacent. I know you do because my plan for when everything, when everything goes bad is to bring my family over to your place. So I'm relying on you, actually. That's fine. I actually figured that and I've been building an extra store of supplies. I'm going to like send you a whole list of things my kids like to eat and stuff like that just so that we're ready. Just so that we're ready. Okay. Well, one of the things I saw on a bunch of the prepper boards that I sometimes look at, I don't want people to think that I'm crazy about it, but I find it interesting. I find it
Starting point is 00:02:29 interesting seeing how people's like insecurities manifest in physical stuff. But anyway, one of the things everyone was saying was you need to start taking cash out because of the situation in Iran, because we're all expecting a big cyber attack that's going to absolutely destroy. the U.S. financial infrastructure. By the way, have I told you my idea for business? Like, I've looked at prepper meals, like prepared meals and they all look terrible. They do look terrible. Like a slightly high-end version for yuppies, I think would be really good.
Starting point is 00:02:57 Like something they, you know, like some nice. I think it's a physical limitation on how good you can actually get, like, dry food to taste. Science can do a lot of things these days. Anyway, let's talk about the actual issue at hand. Yeah, well, are you taking cash out? No, I know you're silver. I haven't yet. I'm relying on my store of gold and silver. That's right. But I think this raises a legitimate and actually very interesting topic, which is what do we know about Iran's cyber, I guess, facilities, skills, what could happen in this context? And then also everything that's going on with the world of AI, right? Like cyber security, cyber hacking, it's changing really rapidly given this new technology.
Starting point is 00:03:42 Totally. I mean, also, just within the context of the war itself, setting aside hypothetical doom scenarios, there's a really interesting report in the Financial Times about Israel having been able to hack into all of the traffic lights in Tehran. Yeah. Almost unbelievable and shocking. But there's already within the war itself or even over the last couple of years, there was the pager attack that Israel had executed. And so, yeah, cyber is part of it. And the timing is wild here because. Speaking of AI, it was just on Friday, we're recording this March 5th. I'm not exactly sure the date is coming out. But a week ago, basically, there was the news, the complete collapse of the anthropic relationship with the Department of Defense or the Department of War. And so it's all in the mix right now. And how is AI actually going to change warfare?
Starting point is 00:04:31 And what are the national security implications of AI and AI and hacking? There is a lot in this sort of mix that's all happening right now. Absolutely. The thing that really caught my eye was the story about a hacker using Claude. to hack into like the Mexican government system? Did you see that? That was really interesting because it seemed like the hacker extracted a bunch of information from Claude itself.
Starting point is 00:04:52 You know, I'm pretty sure you cannot go to Claude Code and say like, I want to break into the Mexican government website, help me like build this app. It won't do that. It's trained to avoid malicious uses. But people find a way to jailbreak them. People find a way to sort of extract information from the AI itself. It has in its training and so forth. And there's been examples of leaks where, you know, people upload data to the AI and somehow
Starting point is 00:05:17 other people see it. Anyway, there's a lot here that we have to learn more about. We should talk about all of it. And we do, in fact, have the perfect guest. Someone who's been on the podcast before, but it's been a while. We're going to be speaking with Matt Swish. He is the founder of O&DB, which is a data infrastructure startup for a gentic AI. So honestly, the perfect person.
Starting point is 00:05:37 And a legendary French hacker. I should have said that first. Matt, thank you so much for coming back on all thoughts. Thank you very much. It's been a while. I think it's been, what, four years? Yeah, I think it has been. The last time we spoke to you, you were still in Dubai, and now you're coming to us from
Starting point is 00:05:52 Sweden and a very Gustavian-looking background over there. I think actually when we talked to is right after Russia's invasion of Ukraine. So I guess, yeah, wow, that has been almost four years, Matt. Every time there's a war, we call you, Matt. But because war is so intermixed with cyber espionage, cybersecurity, hacking and so forth, it's a natural, natural time. So for the benefit of people who didn't listen to the episode four years ago, can you just give some context around who you actually are and your sort of history in the hacking community,
Starting point is 00:06:20 including, you know, shadow brokers and the Wanna Cry era and all that stuff? So I've been in enterprise software for almost like 20 years, particularly cybersecurity. And my name appeared in a few of the different leagues because of various analysis that I have done of private information that was being leaked. but also a lot of attacks that happened that happened to target critical infrastructure over the last 10 years. And last time we were on the podcast,
Starting point is 00:06:48 one of the thing we talked about is does cyber really matter once you enter into a kinetic war, which is exactly what's happening now? And the main takeaway was once you start using missiles, most of these cyber elements are not really relevant because you would use cyber
Starting point is 00:07:07 mostly to gather information and intelligence to prepare an attack or to disorganize an enemy, you create confusion. But as we have seen now, you can use like drones that are like $20,000 and create more chaos that you would do with any sort of exploits. You know, I liked how you're introduced as a legendary hacker. And then you're like, oh, I've been 20 years in enterprise software. I feel like this is like the, the wind of the poo meme. It's like, you know, the casual and then fancy dress up.
Starting point is 00:07:39 hacker and then enterprise software. And then below it, it's like 20 years in a enterprise software. But this is a really interesting point that you made this idea between, okay, mostly it sounds like when people imagine cyber attacks, they imagine what Tracy talked about in the beginning. Suddenly the entire financial infrastructure, like I just come to a hall, people worried about or there's going to be a blackout, et cetera. But in reality, or what we've seen so far by and large, is that cyber in the context,
Starting point is 00:08:09 of war is still much more about data collection, espionage, and so forth, rather than these more, like, you know, the types of things you might see in a movie. Yeah, exactly. I mean, over the last, like, 10, 15 years, we have seen some, like, attacks, like cyber attacks against a critical infrastructure. Iran targeted, like, Aramco around, like, 2012. They were just mostly, like, using what we call a wiper that was, like, a malware that was erasing the hard drive of most of the machines.
Starting point is 00:08:39 And then we obviously have the case of Stuxnet a few years before where it was a joint Israeli-U.S. operation against some of the nuclear centrals in Iran where some of the PLCs were targeted. But what we have seen over the weekend is some of the drones happen to target some of the Amazon data centers. And that created so much instability because multiple of the zones have been down. and I think two out of three, and the third one is still recovering days after, because most of companies, either private companies or public companies, not relying on the cloud,
Starting point is 00:09:18 which is something that was not really the case before. And once you have some sort of centralization in terms of dependence, you also become an easy target. And most of governments, AI companies, cloud companies, do not really have $20,000 drones in their threat models, which is like something that's pretty new,
Starting point is 00:09:41 but also confirms that kinetic wars can have more impact. So I take the point about cyber being perhaps more useful before a war when it comes to info gathering and things like that. But we have seen some deployment of cyber attacks in the past week or so. So we know Israel is attacking some cyber infrastructure in Iran, and we know that Iran has perhaps attempted some things, maybe not as successfully. But walk us through what we've actually seen so far. So so far we have seen an Israeli operation where one of the prior app has been hijacked
Starting point is 00:10:16 and so message was sent to the users. So it's more like to create confusion within people. Also the traffic light operation to understand the position of some of the target. but it's more used for like reconning. And in terms of destruction, we didn't see anything significant. Even the government itself of Iran shut down most of the internet for a lot of the users. And a lot of what we see on social media is the usual disinformation and misinformation campaign, especially now with AI, there's so much AI slop, with like the videos, the text, the bots.
Starting point is 00:10:56 That's becoming pretty common now, even when there is no war. So it's not really, like, really impactful. So it's more like to create confusion than being actually destructive. And now we're definitely entering in a stage where it's been extremely destructive. And I cannot remember the last time we have seen so many countries being targeted, which is pretty like a first, I would say, in terms of like a war climate. Can you talk about, you know, people stare at their screens all day and they fool themselves into thinking that they're cold. monitoring the situation, et cetera, but mostly...
Starting point is 00:11:33 Is that projection, Joe? I don't delude myself. No, I, like, actually, like, I sort of look at my screen and I know that I'm being inundated with contextless garbage and slop and propaganda and so forth. I'm curious how you monitor this situation actually, as someone who takes these topics seriously and doesn't just sort of become an overnight expert, you know, the day after bombings begin. Like, how do you pay a...
Starting point is 00:12:00 attention to what matters. How do you actually know what's real and so forth and avoid just sort of the delusion of staring at the screen and engaging with Slop? It's a good question because there's so much of it. So I think the default reaction is to ignore most of it. Yeah. Unless it becomes really significant. In this case, I think it comes down to looking at the actual damage. Many people from the military world, but also the intelligence community, has been underestimating Iran capabilities, exactly like people used to do with North Korea and now North Korea are some of the best hackers in the world
Starting point is 00:12:37 when we see them like targeting financial institutions, whereas before they would not do much. So there is definitely like internal capabilities that are available. But there is so much noise. Now, like you say, a lot of people are monitoring the situation, giving that quote-and-quote like overnight expert opinions. And that's becoming a lot of noise. But I would say that in this particular case, we have heard of the imminent threat of Iran for around 40 years.
Starting point is 00:13:09 And that's also not really a new situation. So most of people would have context around it. And even for the attack that happened last weekend, many people were expecting them for weeks, especially as the continuation of what happened next tomer. Today's show is brought to you by Vanguard. To all the financial advisors listening, let's talk bonds for a minute. Capturing value and fixed income is not easy. Bond markets are massive, murky, and let's be real.
Starting point is 00:13:54 Lots of firms throw a couple flashy funds your way and call it a day. But not Vanguard. At Vanguard, institutional quality isn't a tagline. It's a commitment to your clients. We're talking top-grade products across the board of over 80 bond funds, actively managed by a 200-person global squad of sector specialists, analysts, and traders. These folks live and breathe fixed income. So if you're looking to give your clients consistent results year in and year out,
Starting point is 00:14:20 go see the record for yourself at vanguard.com slash audio. That's vanguard.com slash audio. All investing is subject to risk vanguard marketing corporation distributor. Eating well shouldn't be complicated, but somehow it turns into recipes, prep, cleanup, and half your Sunday gone. Actors solves all that. These are fresh, ready-to-eat meals designed by dieticians, delivered to your door, and ready in just minutes. No prep, no cleanup, no excuses. And it's not just about convenience. You're getting real food, balanced nutrition, and zero artificial stuff. Meals that help you stay
Starting point is 00:14:54 on track for all of your goals without the grind of doing it all yourself. Grilled chicken, roasted veggies, steak plates, postables. They taste like something you get in a restaurant, but they come out of your microwave in two minutes flat. If time, Cost or effort have been holding you back from eating better? Factor just took those off the table. Right now, get 11 meals, free shipping, and free sides for life. Hurry, this offer won't last long. Go to FactorMeals.ca and use code fit. That's 11 meals, free shipping and free sides for life, but only with the code fit at factormeals.ca. Factor, Canada's number one ready-to-eat meal delivery service. Life moves fast, and when you need more room, XYZ storage is here, whether you're moving,
Starting point is 00:15:36 decluttering or just need extra space, clean, secure units are ready when you are. Students heading home or switching apartments between semesters, save 50% off your first three months. Make space for what's next. Visit xyz storage.ca. People who need space. Can you actually talk a little bit more about the data center attack? Because that's not cyber really. I mean, that's just a kinetic warfare against the data center. I was surprised how disruptive was that? I sort of would assume that cloud service providers that it's fairly liquid.
Starting point is 00:16:19 Okay, one goes down, but, you know, it can just be the same software, can be run from numerous other clouds. But I saw that there were disruptions. I saw Fortnite tweeting about the fact that some of their gameplay was impaired due to the attack on data centers. How disruptive have those attacks been? because this is, of course, a very, you know. This is where kinetic meets cyber. Yeah, and there's a lot, you know, in the future, like, thinking about hardening these data centers and, as you say,
Starting point is 00:16:47 like making them, they're going to be increasingly targets for war. Like, how disruptive was that? Very good question. So I think one of the main takeaways is that it has been extremely successful. So like we said before, like a Shahid drone is around $20,000, and they managed to shut down two of the zone. of Amazon. Actually, even if you look at the official report from Amazon,
Starting point is 00:17:11 for like 36 hours, they were just saying, oh, some objects struck the data centers before they actually explicitly said there were drone strikes. So a lot of services that have been using them have been targeted, so from like local applications, from two banks,
Starting point is 00:17:27 because in a data center, you are taking care of multiple different services. Right. And even Versal had to reroute their data to Bombay and to exclude like Middle East as deployment. So even if you take the cost of most of like zero-day exploits that can go up to like multi-million dollar attacks, if you are really aiming at destructing things, the cost reward of using such an attack is really efficient.
Starting point is 00:18:02 So you really enter into some sort of asymmetric conflict. where you can just spend like some really old material and have way more impact than someone who's going to be like cutting edge and just trying to impress with like capabilities because at the end of the day, it does not really matter. How do governments actually build up their cyber capabilities nowadays? Because I have this image in my head of maybe 10 or 20 years ago, you know, they would recruit like a 20 year old such as yourself at the time. And they would be working in a dark room.
Starting point is 00:18:36 that sort of thing. But then... Drinking Red Bull. Drinking Red Bull, that's right. But then, you know, we had the boom in Silicon Valley, and so you had competition from private companies. Now we have the boom in AI, and again, even more competition from private companies. And at the same time, governments seem to be, I guess, seeding some of their own skill set to
Starting point is 00:18:58 potentially private companies, like Anthropic and ChatGPT and some others. walk us through how, I guess, the development of governmental cyber capacity has actually shifted. I mean, something that didn't really change over the last, like, years in terms of capabilities. Like, I guess we all remember, like, the Snowden leaks in 2013 when we started to see more about the inside of, like, capabilities from a government, including, like, domestic mass surveillance, global surveillance, exploitation capabilities. And since then, every other year, we have seen an history of data being leaked that belongs to the government. So in a way, things have been changing a lot, but not really much. Like most recently, there was a contractor from Elfrey Harris that was sentenced to 87 months sentence because he happened to sell zero-day exploits to a Russian broker. And that's actual exploit that belong to the government because there was some sort of integrator.
Starting point is 00:20:11 So we see like nation states or like governments like the US investing like enormous amount of money into offensive capabilities. But they also keep being burned by insiders. A lot of those capabilities are also as strong as the internal coercion. But I guess what I'm asking is, you know, if you're the Department of Defense or I guess now the Department of War, And you're thinking about developing in-house capabilities versus partnering with a company like Anthropic. And we should talk about all the drama that's going on there. How are you balancing those decisions nowadays versus, say, 10 or 20 years ago? My understanding is that now a lot of it is also like outsourced because they cannot really develop as many capabilities internally.
Starting point is 00:20:58 So now, like, we have seen with Anthropic that it had been used in the Maduro operation. Right. And then after that, like, there was a pull out from entropy because they said it was violating their ethical, like, like policy, yeah, standards. So I would say now something that's really changing, like very fast is the incorporation of, like, AI into those decisions. But as we all know, like AI can also hallucinate.
Starting point is 00:21:33 So even Dario, the CEO of Anthropics, that it's definitely not in a state where it can be used for like fully autonomous decisions like that. So I would say like the AI element would be like the main difference. Even we start to see it now for like exploit development or
Starting point is 00:21:49 vulnerability discovery, but it's still too early to kind of like give a definitive opinion about it. But Overall, I would say it's very similar. Well, talk to us about exploit development because I know that you can't just go to ClaudeCode code and say, like, I'm working on a zero-day malware attack. Help me figure this out. But, you know, I also know that there are some very talented people who pride themselves in being able to jailbreak AI and elicit outputs that the labs do not want their AIs to produce.
Starting point is 00:22:22 So do you have a sense how just within the pure, like, hacker community, AI is being employed today for these purposes or what they're able to get out of these tools. It's a good question. So like we started to see people leveraging like AI for like bug discovery. Yeah. Which actually is becoming like pretty good. I think even entropy published an article explaining how cloud can be used for discovery into smart contracts and how it found some bugs automatically. And I think even recently they released something called the Cloud for Security that was aiming at doing code assessment.
Starting point is 00:23:02 But now we're entering into this interesting paradigm shift where the cost of software is going towards zero. So if your company and if your cost of building software is becoming less and less, it's also hard to convince people that auditing software for security reasons is going to be more expensive than developing the actual software. So I think that's one of the shift we're going to see. But when it comes down to... Yeah, say more about that.
Starting point is 00:23:29 Pause that last part. What did you mean by that? It's going to be hard to convince. If you can have like to allocate budget for like building a product, so you have most of the budget that's usually allocated for like your software engineers to build the software. And then you do some code review afterwards to make sure there is no vulnerabilities before it gets released to the public. But security's risk is usually like pretty high. You cannot just rely on like AI tools, at least not at the moment. Maybe in a year from now it's going to be possible.
Starting point is 00:24:04 So it's going to be like really interesting to see how it's going to like do like a market shift. Because now we've cloud code and as a famous vibe coder, Joe, I'm sure you know that. The cost of building software is approaching like zero if you just look on the timeline. Are you actually on this note, are you a believer in the SaaS? Because obviously there's the argument that, well, now everyone can just create their own software fairly easily using natural language. But on the other hand, if you're a big corporation or presumably a government, you're going to want to have, you're going to still want to buy software from an external provider given some of the security concerns, given that it might not necessarily make sense for various reasons, management reasons perhaps, to recreate an entire software business in-house. So I'm definitely biased on that, but as someone who thinks the cost of software is going towards zero, and as someone who is watching the software costs like collapsing, one of the things that we realize is that data is the only durable asset in the AI economy.
Starting point is 00:25:14 That's why we decided to work on DB, the current startup I'm working on, because that's the only thing that's really going to have value long term if agents need something to transact or to take decision on. because even if you look in terms of like in any context, you know, if agents are designed to think autonomously, you need to have enough information to take those decisions whenever you're going to have your reasoning loops. So software itself, if you just build it, is pretty static.
Starting point is 00:25:45 Whereas like the agentic like feedback loops are more dynamic, but what changes the context they take decision on. So definitely like SaaS business, are going to have a hard time because if anyone, including the Shopify CEO, can just rewrite an MRI software in one afternoon just to look at his back MRIs, you can imagine how disruptive it's going to be by the end of this year. I think the only thing we haven't seen yet is like enterprise AI agent.
Starting point is 00:26:19 So so far, I would say since Christmas, people are mostly like still playing around, trying to find a proper use case. We see a lot of like consumer, like AI agent, like open cloth that really made like agents more mainstream, but we really haven't seen yet enterprise AI agent. So as everyone is kind of scared of being replaced for their jobs, we haven't really seen like actual like AI agents replacing entire departments or full on like employees. So we have seen some disruption around like software engineering. mostly to make software engineering more efficient, especially in terms of development with
Starting point is 00:27:01 shorter timelines. But we haven't seen yet proper enterprise agents. How do you define an AI agent? So my view of an AI agent, and I like to remind people like what an AI agent actually is, at the moment, most of the AI agent is just like a piece of code usually written in Python or in type script that's just doing a bunch of calls to like, anthropic open AI and running in a loop and taking decisions and calling like third party tools, like MCPs or web searches. So that's mostly what an AI agent is. We tend to think of AI agent as a completely different persona, but at the end of the day, it is just like a piece of software that's running as a service on a machine or on a server. So from a security standpoint, which is pretty
Starting point is 00:27:54 interesting, it's just like another service or like software, but people really like to think of it in another way. Well, just so like I'm from the security standpoint, I mean, one of the exciting aspects of AI agents is that they can work autonomously, right? You set a task and it can go out and find what it needs to do and it sees like, okay, this didn't work. I'm going to try. It's going to try this thing.
Starting point is 00:28:19 It's going to try this thing. Oh, I need to connect to this web service to get this information, et cetera. the downside of AI agents is precisely the same. The downside of AI agents says that they could do whatever they want to do. And if it accidentally deletes a bunch of files because it thinks that's what's necessary to execute the task. So like I'm curious, like from a security standpoint, like, I mean, we've already seen examples of people getting private information exposed or as I mentioned, the example of deleting a bunch of information. Is this like a new way to think about the security threat model? the fact that the capability and the downside are one and the same. It's the same. It's sort of
Starting point is 00:28:58 like hallucinations, right? The ability to, like, create an output and it also, you know, is hand in hand with the ability to create a wrong output, a false output. And so, you know, the ability to act on its own is also the ability to destroy on its own. Is this sort of like a novel threat model or a novel paradigm in thinking about enterprise security? From an enterprise security standpoint, it is pretty much the same thing in the sense of like if you're building software, you cannot just really like patch software afterwards and stuff because it never ends. Like security modes be like built in and you need to have like a safe design from the beginning. What we have seen now is like whenever people do something agentic, they just give like all per miisrons up front. Yeah.
Starting point is 00:29:46 Which is like probably the worst thing you can do. And if you're an enterprise, as you can imagine, if you just give like all permissions to an agent, it just becomes Murphy's laws. If something bad can happen because you give it access to, it will happen. So you're going to see like more data leaks for sure because there is no safety by design in those like architectures or like those like agents, which is in terms of vulnerabilities and like exposure would be like very similar to what we have seen of the last. like 10, 20 years. But, you know, if people are ignoring what has been done in terms of software security for the last 20 years, that's why we're going to have a lot of problems. And I think we're probably going to start to see, like, people, especially in enterprise,
Starting point is 00:30:34 like pushing back a lot because there's compliance that needs to be like, you know, like answer to. So you cannot just give like full access to like, you know, your agent. Eating well shouldn't be complicated. But somehow it turns into recipes. prep, clean up, and half your Sunday gone. Factors solves all that. These are fresh, ready-to-eat-eatians, delivered to your door, and ready in just minutes. No prep, no cleanup, no excuses. And it's not just about convenience. You're getting real food, balanced nutrition,
Starting point is 00:31:21 and zero artificial stuff. Meals that help you stay on track for all of your goals without the grind of doing it all yourself. Grilled chicken, roasted veggies, steak plates, postables. They taste like something you'd get in a restaurant, but they come out of your microwave in two minutes flat. If time, cost, or effort have been holding you back from eating better, Factor just took those off the table. Right now, get 11 meals, free shipping, and free sides for life. Hurry, this offer won't last long. Go to FactorMeals.ca and use code fit. That's 11 meals, free shipping and free size for life, but only with the code fit at FactorMeals.ca. Factor, Canada's number one ready-to-eat meal delivery service. Life changes fast, and one thing should be.
Starting point is 00:32:02 your storage price. At XYZ storage, lock in your rate for a full year with our industry-first locked-in pricing promotion. No surprises, no sudden increases, just secure, affordable storage you can count on. Whether you're storing a little or a lot, now's the time to make your move. Visit XYZ Storage.ca. The news doesn't stop on the weekends. Context changes constantly. And now Bloomberg is the place to stay on top of it all. Hi, I'm David Gurra. Join us every Saturday, and Sunday for the new Bloomberg this weekend. I'm Christina Refini.
Starting point is 00:32:44 We'll bring you the latest headlines, in-depth analysis, and big interviews. All the stories that hit home on your days off. And I'm Lisa Mateo. Watch and listen to Bloomberg this weekend for thoughtful, enlightening conversations about business, lifestyle, people, and culture. On Saturday mornings, we put the past week's events into context, examining what happened in the markets and the world. That on Sundays, we speak with journalists,
Starting point is 00:33:07 columnists, and key political figures to prepare you for the week ahead. Join us as soon as you wake up and bring us with you wherever your weekend plans take you. Watch us on Bloomberg Television. Listen on Bloomberg Radio, stream the show live on the Bloomberg business app, or listen to the podcast. That's Bloomberg this weekend. Saturdays and Sundays starting at 7 a.m. Eastern. Make us part of your weekend routine on Bloomberg Television, radio, and wherever you get your podcasts. Speaking of the long arc of history, one thing I really wonder is you've obviously been in this space for a very long time.
Starting point is 00:33:45 at this point. Can you describe how you think your own career and, I guess, coding experience would have been different if you were, say, starting out now in 2026 versus, I guess you would have started out in like the late 90s or early 2000s, maybe even before that. Yeah, mid 2000. Well, I would say like what has changed is back, even like we even without going through like the 2000s, Like back in the Snowden Days, when the global surveillance program was being exposed, like a lot of people were really, like, scared of it and scandalized by it and pushed back, and people really cared about privacy. It was like now we're entering in a new arc where very few people care about privacy,
Starting point is 00:34:37 where you see like the sea of entropy. being asked why he refused to work with the US government, and he says, well, they wanted to do a domestic surveillance program, so that's against or like a safety like chart. So this is all aspect of people relationship with data, which I guess is very different. In terms of software, obviously, like now you can write more things. anyone can write anything
Starting point is 00:35:09 but I think we're still in this weird adequate software phase where we know what AI can do but it cannot really do anything more or anything less yet we still haven't seen
Starting point is 00:35:24 the actual use case for it because it's obviously like very exciting and it feels like a lot of it is very different from before but we don't really have any evidence of how it's really helping in national security. I know it's been helping people who have been analyzing like Epstein's emails because there's a lot of data and that makes it faster.
Starting point is 00:35:53 But in terms of like real use case, I don't think the like it feels like the current world is very different than before, but there's so much noise and so much like slop all over that in a way, it is pretty similar. I don't know if that makes sense. Well, I mean, your company is on db.aI. So you must think that it's going to be used or that there's clearly something there. Actually, tell us about, I'm actually really, I'm on your website right now. It looks really interesting because it's something I've been thinking about.
Starting point is 00:36:26 But you must have some vision for like where it's going and that there will actually be significant demand for these. services. Sure. I mean, like I was saying, like, I think now we've like, anything that's agenic, building software, which is like the main use case so far for AI, it's going to make software like going to zero. So that's real. So like, say, like there's, in your view, there's no question that already AI, I mean, talk about a use, it's a pretty big use case right there, bringing the cost of building software to zero. Yeah. I mean, like, even if you look at the offer of cloud code. He said they didn't write code since November.
Starting point is 00:37:05 So a lot of people are like this, you know, even us internally, like, we definitely like use cloud code a lot. But if software is going to zero, like what's left in terms of like the internet layers? So our conclusion is that data
Starting point is 00:37:21 is the anything that's going to be like timeless in the AI economy. So building like a layer for that. Especially now there's like all those innovations. around like payments and stablecoin that you can use to actually like pay like anything online. Yeah. So we think like, okay, if you have like issues like entropy or like open AI just scrapping internet
Starting point is 00:37:46 and using like public internet. So you may as well find ways of charging like boats or agent for your data. So at least you can have these new like revenue unlock that's going to emerge in these like new new economy. because I think a lot of the traditional economic model, like for instance, like we said like with SaaS, are going to be like disrupted a lot. So there is a completely new market around how people are going to consume data.
Starting point is 00:38:15 And I think people would just be ready to pay like more to have high quality data because the more noise there is, the more you want to make sure that the data you have access to is going to be like valuable and real. So, yeah, even from a security standpoint, you know, like once you build like an infrastructure layer, you can have this like built in security to make sure that the data you give back or the access, like for the interface that you define is actually secure because even if you'd look at open clow, for instance, one of the top skill was malware. So like people just like living in these like wild west, but they just run everything.
Starting point is 00:38:55 So it's us anticipating that entry. enterprise is going to look very different and they won't just run like anything they find online. Yeah, you know, this is one of the things that I've encountered in my vibe coding for is is that one of the annoying things is, okay, you want the agent to like go out and grab some information or query some database or whatever. And then it's like, okay, like let me know when you've gotten an API. They're like, okay, come back and get an API. And then you have to like go to a website and then you have to like get out your credit card. and you have to set up an account
Starting point is 00:39:30 and then you get an API key and then you copy and paste it and so forth. And that's very annoying. I want, what I want is for the agent to just be able to go there, say, oh, you know, like, let me just pay you with some stable coins, et cetera, just go out and get the information on its own without having this human in the loop.
Starting point is 00:39:48 But it also occurs to me, and this is something that I've asked about with others, which is that, like, once I'm just like entirely operating in the terminal and the agent is going out and scraping information for me, et cetera. Like, why do we even have a free public internet anymore? And so, like, I'm curious, like, whether the direction of the internet and information in general is just entirely, like, you know, paying microtransaction or fees for data consumption so that the data then arrives in some usable form in the terminal that I'm operating. Yeah, no, I think you're raising
Starting point is 00:40:21 some really good points. We need to talk after. You can be our new design partner, you know? Yeah, I can be a consign. He's going to hack all the API keys for you. I can be a consultant. No, I hate having to deal with all these API keys. And why am I still using my critical? You're completely right. See, I told you your famous vibe code.
Starting point is 00:40:40 But the US case you're describing now is like a makes entire sense. That's why like we position ourselves kind of like as a trusted like provider. We're like instead of having to go like everywhere to get data, you know, you have like this single point and unified access. A bit like open router for AI models. but for data providers. Because if you think about it, when you use Cloud now in your terminal, the level one is basically you asking the model itself for information,
Starting point is 00:41:10 but as we know, like the model may be like a few months old and doesn't have access to all the information. So like the second level is the agent like CloudCode or Cloud for desktop or like chat GPT doing web searches. And that's just them looking on the internet. doing like a Google search, etc. But that's still not giving you access to like the actual like relevant data that you would need where, for instance, you would have like those API keys and stuff.
Starting point is 00:41:40 So like the level after that is basically access to private information. So in private information, usually the one that's valuable. Like in the case of Bloomberg, for instance, Bloomberg has a lot of extremely valuable information that you can only have access to it through the terminal once you have the subscription. or like any SaaS services, if you think of like SaaS platform at just like some fancy UI where you can like browse the database but the data that's valuable
Starting point is 00:42:07 is just in the database directly. So if you'd have access to those APIs and we're not have to create like one million subscriptions left and right because there's already like someone who's doing the integration for that kind of like as a programmatic like API marketplace but the integration now is like much easier
Starting point is 00:42:26 and especially if you trust it, because now what we have seen also is like whenever you use all those tools, they make you install like MCPs, but more and more people are like moving away from MCPs. They're just using like skills because like you just said, we start to spend more time into the terminal. So like the terminal and anything that CLA is becoming like a natural interface for like agents, even for humans. Because you don't need to try to understand those like fancy UI and UX. to just say like, okay, I want to do ABC, just do that. So I think it just makes more sense to have like this interface for it. And like you said, you know, like otherwise it just like it becomes too complicated. Just on this note, can we talk a little bit about, I guess, institutional knowledge of code?
Starting point is 00:43:14 Because I remember one of the things that happened in the early days of AI development. I mean, not that early. I think it was like 2017 or something back when Facebook's AI lab still exists. What was that called again? Like the acronym was fair or something. I don't remember that. Yeah, they had like a little Facebook like experimental lab. Anyway, they invented a bunch of chatbots and the chatbots started talking to each other in pretty much incomprehensible language.
Starting point is 00:43:41 But like they clearly understood what each other were saying. And so I'm just wondering if you extrapolate that to AI generated code, could we have a situation where the models are constantly iterating on themselves? They're constantly talking to each other. And so we end up with a system that becomes very, very difficult for human engineers and coders to actually understand. Yeah, I mean, I think what we're going to start with is, like, humans, you know, like us are going to move towards, like, creating, like, markdown files as, like, a programming language. So everything is just going to be, like, normal, like, language.
Starting point is 00:44:19 But for the machine itself, obviously, yeah, I remember that video, that is, like, G.B. language like transfer thing. Well, if you think about it, it's not that much different from voice to text in that sense. And at the end of the day, it just like beats like being transferred. Because even like whenever you connect on the web page, you know, like you write it in text, but behind it's just like bytes dot a Bing exchange. So agents still need to agree on the protocol that they're going to use
Starting point is 00:44:51 and not necessarily an encryption format, but an encoding format. So once you know what it is, you know, it just becomes like a reverse engineering problem or like a forensic problem where you're just like, okay, like this is what's being used when those packets are being sent, you know, let me just decrypt it. Once you know, the protocol, you know, like, that's. So I don't think we're going to end up in a situation where like who would have like no idea of it because you're always going to have like people who are like pretty good like reverse engineers. But at the same time, you also going to have your like AI assistant who's going to. help you to like reverse engineer those things. So in a way, even if it happens, like, you are not like alone with your redbell and your laptop. I know, I know AI agents. We all going to have AI agents. Yeah. So that's also like the reality of things. So we're far from just like the
Starting point is 00:45:47 clipy plugin that we used to have in Microsoft office. So you can have these like CLA interface, we just give like comments. Yeah. And then it's like, that into like, okay, I understand what I need to do, you know? And that's it. No, I love, like, interacting with just the CLI now. And, like, every time I have to go to the web, it feels like some sort of failure. Like, I'm like, oh, I have to go to this bright website. Yeah, and I just, like, want the information right there on the black screen talking, you know, communicating back and forth in English. You know, that's, like, feeling familiar for you.
Starting point is 00:46:20 You know, something I'm thinking about is I imagine that there's a lot of, like, crusty all. Linux and Unix programmers who are like, oh, this code is, this isn't high quality code that the AI, that the chatbods produce. This is slop code. It needs all kinds of fixing and so forth. From your perspective, is the code itself of good quality or of improving quality? How just the lines of code itself from your standards is a good stuff? Yeah, it's pretty good. And even when it's bad, you just tell it, okay, like, this is bad, you know, like just do it better, you know? Like if you're using like negative rewards, you know,
Starting point is 00:46:57 if you say, okay, like this piece of code is garbage, you know, it's going to understand better because you kind of give like a strong emotion. Whereas like if you say, oh, it's okay, you know, it's just be like, okay, like, whatever, you know, if it's okay, it means it's passing like the adequate test. Whereas like, if you say, okay, that's garbage, you write it and I always do this. So if I ask a bot for something, I will always say like after the first version, like, do better and just see what it comes. comes up with and then just try to iterate on that.
Starting point is 00:47:25 This is tough because you're talking, when you're talking in English, the brain deludes itself into thinking that you're talking to, or when you're talking in human language, any language. The brain deludes itself, you feel like you're talking to a person. So you have to be nice? Well, then I feel like. I don't have that problem, Jay. Oh, really? But then I feel like, I like, I don't want to say, oh, this is garbage.
Starting point is 00:47:45 I don't, but from your perspective, it's actually sort of important to be firm with the bot and you get better results by being more sharp with it. Yeah, because it's the equivalent of a negative reward, like just like positive reward. If it does something, you'll say, okay, like, that's great. That's exactly what I try to explain. Then it's like, okay, like that's like a reference point. Well, like if it starts to go on a tangent, you just say like,
Starting point is 00:48:09 oh, that's completely like out of the line. Redo this. Like, why are you doing this? You know, like the more explicit you are, the better it's going to understand how far it is for the requirement. I just have to get better. You know, I'm sort of conflict avoidant.
Starting point is 00:48:27 I know. And I like being nice to people. So I just still says please and thank you. So I just, so the basilisk doesn't get him. Yeah, that's right. So I have to, I just have to be like, no, this is trash.
Starting point is 00:48:36 This is garbage. You totally, we're all dumber for having seen this code. Okay, this is good to know. I mean, it's a good point. You know, like all those like AI companies, they're recording all the prompts, you know. Yeah. God knows if they are keeping it,
Starting point is 00:48:49 if there's retention around it. You know, like, we know the open AI is keeping them, you know, like they can get supone. Suponi, is so you pronounce it? Yeah, so like, who knows, you know, like in years from now? Like, if there's, like, full-on, like, autonomous, like, robots managed by the Department of War because they think it's lawful. We all get social scores based on our AI prompts. Yeah.
Starting point is 00:49:13 These thoughts creep into my head, unironically, where it's like at some point is there going to be some, am I going to regret having, I don't know. They were there in my head. Truly a brave new world. Matt, just one last question from me, but going back to cybersecurity and the current situation with Iran, what are you on just the lookout for? Like, what would peak your interest the most to see in that particular space? I think now in that particular space because I'm one of those people who think it's related to the Epstein files, you know, like it's just more about like getting more Epstein files related stuff to see if there is like more connections to it, you know? So I think that would be the only thing
Starting point is 00:50:00 that would kind of be like digital that will like spike my interest because now we have seen, you know, like just those like all drones can do like so much damage and that Iran demonstrated that they can be like really precise. with their attacks. So now I think it's more about seeing which direction it's going to go to and how long it's going to last, which is like the big question mark
Starting point is 00:50:25 because there's so many other components. Like the energy sector, you know, like, how is it? We have seen the price of like memory, like increasing a lot. So now if they're starting to block like the Detroit of Ormos, you know, like what's going to happen to like the cost of data centers and like memory and AI in general, you know,
Starting point is 00:50:44 like we're going towards on one side you know we're going towards like the cost of tokens and insurance going down but that may also like bring the cost up you know so if you're going to use like AI for like your next generation wars but if your enemy can just like increase your cost of token and insurance what does that even mean like do you even need AI in the first place is it even relevant so i think there's these all like asymmetric like warfare that's going to happen that we we really haven't seen yet. And I think that's going to be like really interesting. But the same time, there's so much noise and so much,
Starting point is 00:51:18 so many things happening at once that it's becoming like extremely like hard to focus and just like extract that that's really relevant. Yeah, definitely feels like that. Tough choices potentially coming for Havelock as your token costs go up. Matt, it was so wonderful to reconnect again. Thank you so much for coming back on Oddlots. And yeah, you'll have to get back to Joe about those APIs. Yeah, I'm happy.
Starting point is 00:51:42 Let's, uh, let's, the most famous vibe for there on Twitter, no. Yeah, bring me on as a consultant. Sounds good. Take care, Matt. Thanks, Matt. Bye, bye, bye. Joe, always good to catch up with Matt? Super interesting.
Starting point is 00:52:05 It's incredible how much is happening right now at this particular nexus, especially, obviously the anthropic stuff. But I, you know, it's interesting, you know, you think about cyber warfare and you think about, okay, we're going to hack into a system and take out critical infrastructure. But another thing you can do is just attack a data center. Just send a drone to a data center. I thought that was really interesting. That sort of like we got very used to thinking about cyber as like this thing that exists only in code.
Starting point is 00:52:32 In code. But now you have this like new front of kinetic warfare where the two like really intersect. Yeah, they do really intersect. And yeah, these are like huge national security vulnerabilities. And he pointed out, I mean, certainly today, but, you know, was this in anyone's threat model thinking about the risks to it, you know, the cheapness of. drones, the ability to take them out. Super interesting. Also, just this idea, like, yes, you know, obviously, again, as your observation, the point we think of, like, cyber attacks, like, we're going to take out this whole thing. But in least in the warfare context,
Starting point is 00:53:05 his point, like, most of it is like before the war, et cetera, the sort of information gathering, spy craft and so forth prior to the actual attacks. But it is interesting to see Israel in particular use some cyber attacks as a sort of soar of chaos. Definitely. In Iran. I can't imagine what it's like to actually be on the ground there at the moment for many reasons. But like you imagine just being there worried about your physical safety and then the traffic lights aren't working as well. Well, right.
Starting point is 00:53:35 And also just thinking like, wait, there's cameras everywhere or like how much is being recorded, like create like a sense of like paranoia among everyone about about everything. And also the interesting thing. Obviously, this is very topical in markets, but the sasspocalypse idea. Matt in particular seemed pretty bearish on the outlook for existing software companies, I guess. And I did think his comments about what that would mean for security budgets within organizations were pretty relevant and worrying. Absolutely. All right. Shall we leave it there?
Starting point is 00:54:08 Let's leave it there. This has been another episode of the All Thoughts podcast. I'm Tracy Alloway. You can follow me at Tracy Alloway. And I'm Joe Wisenthall. You can follow me at the stalwart. Follow our guest, Matt Sweensch. She's at M. Swish.
Starting point is 00:54:19 Follow our producers. Carmen Rodriguez at Carmen Armin, Dashel Bennett at Dashbot, and Kale Brooks at Kail Brooks. And for more OddLod's content, go to Bloomberg.com slash OddLod for the daily newsletter and all of our episodes. And you can chat about all of these topics 24-7 in our Discord. Discord.g. slash OddLots. And if you enjoy OddLots, if you like it when we talk about the intersection of kinetic and cyber warfare, then please leave us a positive review on your favorite podcast platform. And remember, if you are a Bloomberg subscriber, you can listen to all of our episodes,
Starting point is 00:54:49 absolutely ad-free. All you need to do is find the Bloomberg channel on Apple Podcasts and follow the instructions there. Thanks for listening. You can get the news whenever you want it with Bloomberg News Now. I'm Amy Morris. And I'm Karen Moscow here to tell you about our new on-demand news report delivered right to your podcast feed. Bloomberg News Now is a short five-minute audio report on the day's top stories. Episodes are published throughout the day with the latest information and data to keep you informed. Yes, there are other products like this from a variety of news organizations, but they usually rerun their radio newscasts throughout the day. That's not what we do. We create customized episodes that can only be heard on Bloomberg News Now. And we don't wait an
Starting point is 00:56:05 hour to publish breaking news. When news breaks, we'll have an episode up in your podcast feed within minutes, so you're always getting the latest stories and developments. Get the reporting and the context from Bloomberg's 3,000 journalists and analysts we're all over the world. Listen to the latest from Bloomberg News Now on Apple, Spotify, or anywhere you listen. What separates good leaders from transformational ones? I'm Jessica Chen, and in season two of Leading By Example, we'll sit down with executives like Grace Chen of Bertie Gray to find out. It's important to understand where you spike, but also really acknowledge where you don't
Starting point is 00:56:45 and find people who can fill those gaps. Listen to leading by example, executives making an impact on the IHeart Radio app, Apple Podcast, or wherever you get your podcasts.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.