Odd Lots - Legendary Hacker Matt Suiche on Cyberwar in the Age of AI
Episode Date: March 12, 2026We tend to think of warfare in two distinct arenas: the physical and the digital. Increasingly, however, those lines are blurring. Last week, Iran launched drone strikes on data centers in the UAE and... Bahrain. Israel has reportedly been hacking traffic lights in Tehran, and this week brought a suspected Iranian cyberattack on US medical device company Stryker, all underscoring long-held fears that hackers could take aim at vital physical infrastructure. On this episode, we speak with Matt Suiche, the legendary French hacker and founder of OnDB, a data infrastructure startup for agentic AI. We discuss what we know of Iran’s cyber capabilities, what digital warfare looks like today, and how AI is transforming coding and hacking. Read more:Stryker Remains Offline After Cyberattack Linked to Iran GroupGoogle to Provide Pentagon With AI Agents for Unclassified Work Only http://Bloomberg.com subscribers can get the Odd Lots newsletter in their inbox each week, plus unlimited access to the site and app. Subscribe at bloomberg.com/subscriptions/oddlots Subscribe to the Odd Lots NewsletterJoin the conversation: discord.gg/oddlotsSee omnystudio.com/listener for privacy information.
Transcript
Discussion (0)
Thanks for listening to Odd Lots. Follow the show on Amazon Music for more future episodes or just ask, Alexa, play the Odd Lots podcast on Amazon Music.
Today's show is brought to you by Vanguard. To all the financial advisors listening, let's talk bonds for a minute.
Capturing value and fixed income is not easy. Bond markets are massive, murky, and let's be real. Lots of firms throw a couple flashy funds your way and call it a day.
But not Vanguard. At Vanguard, institutional quality isn't a tagline. It's a commitment to your clients.
We're talking top-grade products across the board of over 80 bond funds, actively managed by a 200-person global squad of sector specialists, analysts, and traders.
These folks live and breathe fixed income. So if you're looking to give your clients consistent results year in and year out, go see the record for yourself at vanguard.com slash audio.
That's vanguard.com slash audio.
All investing is subject to risk vanguard marketing corporation distributor.
Life changes fast and one thing shouldn't.
Your storage price.
At XYZ Storage, lock in your rate for a full year with our industry-first locked-in pricing promotion.
No surprises, no sudden increases, just secure, affordable storage you can count on.
Whether you're storing a little or a lot, now's the time to make your move.
Visit XYZ Storage.ca.
Bloomberg Audio Studios.
Podcasts, radio.
News. Hello and welcome to another episode of the Odd Thoughts podcast. I'm Tracy Allaway. And I'm Jill
Wisenthall. Joe, you know I have some prepper tendencies. Yeah, does it? Slightly prepper
tendencies? Preper adjacent. I know you do because my plan for when everything, when everything goes
bad is to bring my family over to your place. So I'm relying on you, actually. That's fine. I actually
figured that and I've been building an extra store of supplies. I'm going to like send you a whole list of
things my kids like to eat and stuff like that just so that we're ready. Just so that we're ready.
Okay. Well, one of the things I saw on a bunch of the prepper boards that I sometimes look at,
I don't want people to think that I'm crazy about it, but I find it interesting. I find it
interesting seeing how people's like insecurities manifest in physical stuff. But anyway,
one of the things everyone was saying was you need to start taking cash out because of the
situation in Iran, because we're all expecting a big cyber attack that's going to absolutely destroy.
the U.S. financial infrastructure.
By the way, have I told you my idea for business?
Like, I've looked at prepper meals, like prepared meals and they all look terrible.
They do look terrible.
Like a slightly high-end version for yuppies, I think would be really good.
Like something they, you know, like some nice.
I think it's a physical limitation on how good you can actually get, like, dry food to taste.
Science can do a lot of things these days.
Anyway, let's talk about the actual issue at hand.
Yeah, well, are you taking cash out?
No, I know you're silver.
I haven't yet.
I'm relying on my store of gold and silver. That's right. But I think this raises a legitimate and actually very interesting topic, which is what do we know about Iran's cyber, I guess, facilities, skills, what could happen in this context? And then also everything that's going on with the world of AI, right? Like cyber security, cyber hacking, it's changing really rapidly given this new technology.
Totally. I mean, also, just within the context of the war itself, setting aside hypothetical doom scenarios, there's a really interesting report in the Financial Times about Israel having been able to hack into all of the traffic lights in Tehran.
Yeah. Almost unbelievable and shocking. But there's already within the war itself or even over the last couple of years, there was the pager attack that Israel had executed. And so, yeah, cyber is part of it. And the timing is wild here because.
Speaking of AI, it was just on Friday, we're recording this March 5th.
I'm not exactly sure the date is coming out.
But a week ago, basically, there was the news, the complete collapse of the anthropic relationship
with the Department of Defense or the Department of War.
And so it's all in the mix right now.
And how is AI actually going to change warfare?
And what are the national security implications of AI and AI and hacking?
There is a lot in this sort of mix that's all happening right now.
Absolutely.
The thing that really caught my eye was the story about a hacker using Claude.
to hack into like the Mexican government system?
Did you see that?
That was really interesting because it seemed like the hacker extracted a bunch of information
from Claude itself.
You know, I'm pretty sure you cannot go to Claude Code and say like, I want to break
into the Mexican government website, help me like build this app.
It won't do that.
It's trained to avoid malicious uses.
But people find a way to jailbreak them.
People find a way to sort of extract information from the AI itself.
It has in its training and so forth.
And there's been examples of leaks where, you know, people upload data to the AI and somehow
other people see it.
Anyway, there's a lot here that we have to learn more about.
We should talk about all of it.
And we do, in fact, have the perfect guest.
Someone who's been on the podcast before, but it's been a while.
We're going to be speaking with Matt Swish.
He is the founder of O&DB, which is a data infrastructure startup for a gentic AI.
So honestly, the perfect person.
And a legendary French hacker.
I should have said that first.
Matt, thank you so much for coming back on all thoughts.
Thank you very much.
It's been a while.
I think it's been, what, four years?
Yeah, I think it has been.
The last time we spoke to you, you were still in Dubai, and now you're coming to us from
Sweden and a very Gustavian-looking background over there.
I think actually when we talked to is right after Russia's invasion of Ukraine.
So I guess, yeah, wow, that has been almost four years, Matt.
Every time there's a war, we call you, Matt.
But because war is so intermixed with cyber espionage, cybersecurity, hacking and so forth,
it's a natural, natural time.
So for the benefit of people who didn't listen to the episode four years ago, can you just give
some context around who you actually are and your sort of history in the hacking community,
including, you know, shadow brokers and the Wanna Cry era and all that stuff?
So I've been in enterprise software for almost like 20 years, particularly cybersecurity.
And my name appeared in a few of the different leagues because of various analysis that I have
done of private information that was being leaked.
but also a lot of attacks that happened
that happened to target critical infrastructure
over the last 10 years.
And last time we were on the podcast,
one of the thing we talked about
is does cyber really matter
once you enter into a kinetic war,
which is exactly what's happening now?
And the main takeaway was
once you start using missiles,
most of these cyber elements are not really relevant
because you would use cyber
mostly to gather information
and intelligence to prepare an attack or to disorganize an enemy, you create confusion.
But as we have seen now, you can use like drones that are like $20,000 and create more chaos
that you would do with any sort of exploits.
You know, I liked how you're introduced as a legendary hacker.
And then you're like, oh, I've been 20 years in enterprise software.
I feel like this is like the, the wind of the poo meme.
It's like, you know, the casual and then fancy dress up.
hacker and then enterprise software.
And then below it, it's like 20 years in a enterprise software.
But this is a really interesting point that you made this idea between, okay, mostly it
sounds like when people imagine cyber attacks, they imagine what Tracy talked about in the
beginning.
Suddenly the entire financial infrastructure, like I just come to a hall, people worried
about or there's going to be a blackout, et cetera.
But in reality, or what we've seen so far by and large, is that cyber in the context,
of war is still much more about data collection, espionage, and so forth, rather than these more,
like, you know, the types of things you might see in a movie.
Yeah, exactly.
I mean, over the last, like, 10, 15 years, we have seen some, like, attacks, like cyber
attacks against a critical infrastructure.
Iran targeted, like, Aramco around, like, 2012.
They were just mostly, like, using what we call a wiper that was, like, a malware that was
erasing the hard drive of most of the machines.
And then we obviously have the case of Stuxnet a few years before where it was a joint Israeli-U.S. operation against some of the nuclear centrals in Iran where some of the PLCs were targeted.
But what we have seen over the weekend is some of the drones happen to target some of the Amazon data centers.
And that created so much instability because multiple of the zones have been down.
and I think two out of three,
and the third one is still recovering days after,
because most of companies,
either private companies or public companies,
not relying on the cloud,
which is something that was not really the case before.
And once you have some sort of centralization
in terms of dependence,
you also become an easy target.
And most of governments,
AI companies, cloud companies,
do not really have $20,000 drones in their threat models,
which is like something that's pretty new,
but also confirms that kinetic wars can have more impact.
So I take the point about cyber being perhaps more useful before a war
when it comes to info gathering and things like that.
But we have seen some deployment of cyber attacks in the past week or so.
So we know Israel is attacking some cyber infrastructure in Iran,
and we know that Iran has perhaps attempted some things, maybe not as successfully.
But walk us through what we've actually seen so far.
So so far we have seen an Israeli operation where one of the prior app has been hijacked
and so message was sent to the users.
So it's more like to create confusion within people.
Also the traffic light operation to understand the position of some of the target.
but it's more used for like reconning.
And in terms of destruction, we didn't see anything significant.
Even the government itself of Iran shut down most of the internet for a lot of the users.
And a lot of what we see on social media is the usual disinformation and misinformation campaign,
especially now with AI, there's so much AI slop, with like the videos, the text, the bots.
That's becoming pretty common now, even when there is no war.
So it's not really, like, really impactful.
So it's more like to create confusion than being actually destructive.
And now we're definitely entering in a stage where it's been extremely destructive.
And I cannot remember the last time we have seen so many countries being targeted,
which is pretty like a first, I would say, in terms of like a war climate.
Can you talk about, you know, people stare at their screens all day and they fool themselves into thinking that they're cold.
monitoring the situation, et cetera, but mostly...
Is that projection, Joe?
I don't delude myself.
No, I, like, actually, like, I sort of look at my screen and I know that I'm being inundated
with contextless garbage and slop and propaganda and so forth.
I'm curious how you monitor this situation actually, as someone who takes these topics
seriously and doesn't just sort of become an overnight expert, you know, the day after
bombings begin.
Like, how do you pay a...
attention to what matters. How do you actually know what's real and so forth and avoid just
sort of the delusion of staring at the screen and engaging with Slop? It's a good question because
there's so much of it. So I think the default reaction is to ignore most of it.
Yeah. Unless it becomes really significant. In this case, I think it comes down to looking at
the actual damage. Many people from the military world, but also the intelligence community,
has been underestimating Iran capabilities,
exactly like people used to do with North Korea
and now North Korea are some of the best hackers in the world
when we see them like targeting financial institutions,
whereas before they would not do much.
So there is definitely like internal capabilities that are available.
But there is so much noise.
Now, like you say, a lot of people are monitoring the situation,
giving that quote-and-quote like overnight expert opinions.
And that's becoming a lot of noise.
But I would say that in this particular case, we have heard of the imminent threat of Iran for around 40 years.
And that's also not really a new situation.
So most of people would have context around it.
And even for the attack that happened last weekend, many people were expecting them for weeks,
especially as the continuation of what happened next tomer.
Today's show is brought to you by Vanguard.
To all the financial advisors listening, let's talk bonds for a minute.
Capturing value and fixed income is not easy.
Bond markets are massive, murky, and let's be real.
Lots of firms throw a couple flashy funds your way and call it a day.
But not Vanguard.
At Vanguard, institutional quality isn't a tagline.
It's a commitment to your clients.
We're talking top-grade products across the board of over 80 bond funds,
actively managed by a 200-person global squad of sector specialists, analysts, and traders.
These folks live and breathe fixed income.
So if you're looking to give your clients consistent results year in and year out,
go see the record for yourself at vanguard.com slash audio.
That's vanguard.com slash audio.
All investing is subject to risk vanguard marketing corporation distributor.
Eating well shouldn't be complicated, but somehow it turns into recipes, prep, cleanup,
and half your Sunday gone.
Actors solves all that. These are fresh, ready-to-eat meals designed by dieticians, delivered to your
door, and ready in just minutes. No prep, no cleanup, no excuses. And it's not just about convenience.
You're getting real food, balanced nutrition, and zero artificial stuff. Meals that help you stay
on track for all of your goals without the grind of doing it all yourself. Grilled chicken,
roasted veggies, steak plates, postables. They taste like something you get in a restaurant,
but they come out of your microwave in two minutes flat. If time,
Cost or effort have been holding you back from eating better? Factor just took those off the table.
Right now, get 11 meals, free shipping, and free sides for life. Hurry, this offer won't last long.
Go to FactorMeals.ca and use code fit. That's 11 meals, free shipping and free sides for life,
but only with the code fit at factormeals.ca. Factor, Canada's number one ready-to-eat meal delivery service.
Life moves fast, and when you need more room, XYZ storage is here, whether you're moving,
decluttering or just need extra space, clean, secure units are ready when you are.
Students heading home or switching apartments between semesters, save 50% off your first three months.
Make space for what's next. Visit xyz storage.ca.
People who need space.
Can you actually talk a little bit more about the data center attack?
Because that's not cyber really. I mean, that's just a kinetic warfare against the data center.
I was surprised how disruptive was that?
I sort of would assume that cloud service providers that it's fairly liquid.
Okay, one goes down, but, you know, it can just be the same software, can be run from numerous other clouds.
But I saw that there were disruptions.
I saw Fortnite tweeting about the fact that some of their gameplay was impaired due to the attack on data centers.
How disruptive have those attacks been?
because this is, of course, a very, you know.
This is where kinetic meets cyber.
Yeah, and there's a lot, you know, in the future, like,
thinking about hardening these data centers and, as you say,
like making them, they're going to be increasingly targets for war.
Like, how disruptive was that?
Very good question.
So I think one of the main takeaways is that it has been extremely successful.
So like we said before, like a Shahid drone is around $20,000,
and they managed to shut down two of the zone.
of Amazon.
Actually, even if you look at the official report from Amazon,
for like 36 hours,
they were just saying,
oh, some objects struck the data centers
before they actually explicitly said
there were drone strikes.
So a lot of services that have been using them
have been targeted, so from like local applications,
from two banks,
because in a data center,
you are taking care of multiple different services.
Right.
And even Versal had to reroute
their data to Bombay and to exclude like Middle East as deployment.
So even if you take the cost of most of like zero-day exploits that can go up to like
multi-million dollar attacks, if you are really aiming at destructing things,
the cost reward of using such an attack is really efficient.
So you really enter into some sort of asymmetric conflict.
where you can just spend like some really old material and have way more impact than someone
who's going to be like cutting edge and just trying to impress with like capabilities because
at the end of the day, it does not really matter.
How do governments actually build up their cyber capabilities nowadays?
Because I have this image in my head of maybe 10 or 20 years ago, you know, they would
recruit like a 20 year old such as yourself at the time.
And they would be working in a dark room.
that sort of thing.
But then...
Drinking Red Bull.
Drinking Red Bull, that's right.
But then, you know, we had the boom in Silicon Valley, and so you had competition from
private companies.
Now we have the boom in AI, and again, even more competition from private companies.
And at the same time, governments seem to be, I guess, seeding some of their own skill set to
potentially private companies, like Anthropic and ChatGPT and some others.
walk us through how, I guess, the development of governmental cyber capacity has actually shifted.
I mean, something that didn't really change over the last, like, years in terms of capabilities.
Like, I guess we all remember, like, the Snowden leaks in 2013 when we started to see more about the inside of, like, capabilities from a government, including, like, domestic mass surveillance, global surveillance, exploitation capabilities.
And since then, every other year, we have seen an history of data being leaked that belongs to the government.
So in a way, things have been changing a lot, but not really much.
Like most recently, there was a contractor from Elfrey Harris that was sentenced to 87 months sentence because he happened to sell zero-day exploits to a Russian broker.
And that's actual exploit that belong to the government because there was some sort of integrator.
So we see like nation states or like governments like the US investing like enormous amount of money into offensive capabilities.
But they also keep being burned by insiders.
A lot of those capabilities are also as strong as the internal coercion.
But I guess what I'm asking is, you know, if you're the Department of Defense or I guess now the Department of War,
And you're thinking about developing in-house capabilities versus partnering with a company like Anthropic.
And we should talk about all the drama that's going on there.
How are you balancing those decisions nowadays versus, say, 10 or 20 years ago?
My understanding is that now a lot of it is also like outsourced because they cannot really develop as many capabilities internally.
So now, like, we have seen with Anthropic that it had been used in the Maduro operation.
Right.
And then after that, like, there was a pull out from entropy because they said it was violating their ethical, like,
like policy, yeah, standards.
So I would say now something that's really changing, like very fast is the incorporation of, like,
AI into those decisions.
But as we all know,
like AI can also hallucinate.
So even Dario, the CEO
of Anthropics, that it's definitely not
in a state where it can be used for like fully autonomous
decisions like that.
So I would say like the AI element
would be like the main difference.
Even we start to see it now for like
exploit development or
vulnerability discovery, but
it's still too early to
kind of like give a definitive
opinion about it. But
Overall, I would say it's very similar.
Well, talk to us about exploit development because I know that you can't just go to ClaudeCode code and say, like, I'm working on a zero-day malware attack.
Help me figure this out.
But, you know, I also know that there are some very talented people who pride themselves in being able to jailbreak AI and elicit outputs that the labs do not want their AIs to produce.
So do you have a sense how just within the pure, like, hacker community,
AI is being employed today for these purposes or what they're able to get out of these tools.
It's a good question. So like we started to see people leveraging like AI for like bug discovery.
Yeah.
Which actually is becoming like pretty good. I think even entropy published an article explaining how
cloud can be used for discovery into smart contracts and how it found some bugs automatically.
And I think even recently they released something called the Cloud for Security that was
aiming at doing code assessment.
But now we're entering into this interesting paradigm shift where the cost of software is going
towards zero.
So if your company and if your cost of building software is becoming less and less,
it's also hard to convince people that auditing software for security reasons is going to be
more expensive than developing the actual software.
So I think that's one of the shift we're going to see.
But when it comes down to...
Yeah, say more about that.
Pause that last part.
What did you mean by that?
It's going to be hard to convince.
If you can have like to allocate budget for like building a product, so you have most of the budget that's usually allocated for like your software engineers to build the software.
And then you do some code review afterwards to make sure there is no vulnerabilities before it gets released to the public.
But security's risk is usually like pretty high.
You cannot just rely on like AI tools, at least not at the moment.
Maybe in a year from now it's going to be possible.
So it's going to be like really interesting to see how it's going to like do like a market shift.
Because now we've cloud code and as a famous vibe coder, Joe, I'm sure you know that.
The cost of building software is approaching like zero if you just look on the timeline.
Are you actually on this note, are you a believer in the SaaS?
Because obviously there's the argument that, well, now everyone can just create their own software fairly easily using natural language. But on the other hand, if you're a big corporation or presumably a government, you're going to want to have, you're going to still want to buy software from an external provider given some of the security concerns, given that it might not necessarily make sense for various reasons, management reasons perhaps, to recreate an entire software business in-house.
So I'm definitely biased on that, but as someone who thinks the cost of software is going towards zero,
and as someone who is watching the software costs like collapsing,
one of the things that we realize is that data is the only durable asset in the AI economy.
That's why we decided to work on DB, the current startup I'm working on,
because that's the only thing that's really going to have value long term
if agents need something to transact or to take decision on.
because even if you look in terms of like in any context,
you know, if agents are designed to think autonomously,
you need to have enough information to take those decisions
whenever you're going to have your reasoning loops.
So software itself, if you just build it, is pretty static.
Whereas like the agentic like feedback loops are more dynamic,
but what changes the context they take decision on.
So definitely like SaaS business,
are going to have a hard time because if anyone,
including the Shopify CEO, can just rewrite an MRI software
in one afternoon just to look at his back MRIs,
you can imagine how disruptive it's going to be by the end of this year.
I think the only thing we haven't seen yet is like enterprise AI agent.
So so far, I would say since Christmas, people are mostly like still playing around,
trying to find a proper use case.
We see a lot of like consumer, like AI agent, like open cloth that really made like agents
more mainstream, but we really haven't seen yet enterprise AI agent.
So as everyone is kind of scared of being replaced for their jobs, we haven't really seen
like actual like AI agents replacing entire departments or full on like employees.
So we have seen some disruption around like software engineering.
mostly to make software engineering more efficient, especially in terms of development with
shorter timelines. But we haven't seen yet proper enterprise agents. How do you define an AI agent?
So my view of an AI agent, and I like to remind people like what an AI agent actually is,
at the moment, most of the AI agent is just like a piece of code usually written in Python or in
type script that's just doing a bunch of calls to like,
anthropic open AI and running in a loop and taking decisions and calling like third party tools,
like MCPs or web searches. So that's mostly what an AI agent is. We tend to think of AI agent as
a completely different persona, but at the end of the day, it is just like a piece of software
that's running as a service on a machine or on a server. So from a security standpoint, which is pretty
interesting, it's just like another service or like software, but people really like to think of
it in another way.
Well, just so like I'm from the security standpoint, I mean, one of the exciting aspects of
AI agents is that they can work autonomously, right?
You set a task and it can go out and find what it needs to do and it sees like, okay,
this didn't work.
I'm going to try.
It's going to try this thing.
It's going to try this thing.
Oh, I need to connect to this web service to get this information, et cetera.
the downside of AI agents is precisely the same.
The downside of AI agents says that they could do whatever they want to do.
And if it accidentally deletes a bunch of files because it thinks that's what's necessary to execute the task.
So like I'm curious, like from a security standpoint, like, I mean, we've already seen examples of people getting private information exposed or as I mentioned, the example of deleting a bunch of information.
Is this like a new way to think about the security threat model?
the fact that the capability and the downside are one and the same. It's the same. It's sort of
like hallucinations, right? The ability to, like, create an output and it also, you know, is hand in
hand with the ability to create a wrong output, a false output. And so, you know, the ability to
act on its own is also the ability to destroy on its own. Is this sort of like a novel
threat model or a novel paradigm in thinking about enterprise security?
From an enterprise security standpoint, it is pretty much the same thing in the sense of like if you're building software, you cannot just really like patch software afterwards and stuff because it never ends.
Like security modes be like built in and you need to have like a safe design from the beginning.
What we have seen now is like whenever people do something agentic, they just give like all per miisrons up front.
Yeah.
Which is like probably the worst thing you can do.
And if you're an enterprise, as you can imagine, if you just give like all permissions to an agent, it just becomes Murphy's laws.
If something bad can happen because you give it access to, it will happen.
So you're going to see like more data leaks for sure because there is no safety by design in those like architectures or like those like agents, which is in terms of vulnerabilities and like exposure would be like very similar to what we have seen of the last.
like 10, 20 years.
But, you know, if people are ignoring what has been done in terms of software security for
the last 20 years, that's why we're going to have a lot of problems.
And I think we're probably going to start to see, like, people, especially in enterprise,
like pushing back a lot because there's compliance that needs to be like, you know,
like answer to.
So you cannot just give like full access to like, you know, your agent.
Eating well shouldn't be complicated.
But somehow it turns into recipes.
prep, clean up, and half your Sunday gone. Factors solves all that. These are fresh,
ready-to-eat-eatians, delivered to your door, and ready in just minutes. No prep, no cleanup,
no excuses. And it's not just about convenience. You're getting real food, balanced nutrition,
and zero artificial stuff. Meals that help you stay on track for all of your goals without the grind
of doing it all yourself. Grilled chicken, roasted veggies, steak plates, postables. They taste like
something you'd get in a restaurant, but they come out of your microwave in two minutes flat.
If time, cost, or effort have been holding you back from eating better, Factor just took those
off the table. Right now, get 11 meals, free shipping, and free sides for life. Hurry, this offer won't
last long. Go to FactorMeals.ca and use code fit. That's 11 meals, free shipping and free
size for life, but only with the code fit at FactorMeals.ca. Factor, Canada's number one
ready-to-eat meal delivery service. Life changes fast, and one thing should be.
your storage price. At XYZ storage, lock in your rate for a full year with our industry-first
locked-in pricing promotion. No surprises, no sudden increases, just secure, affordable storage you can
count on. Whether you're storing a little or a lot, now's the time to make your move. Visit
XYZ Storage.ca.
The news doesn't stop on the weekends. Context changes constantly. And now Bloomberg is the
place to stay on top of it all. Hi, I'm David Gurra. Join us every Saturday,
and Sunday for the new Bloomberg this weekend.
I'm Christina Refini.
We'll bring you the latest headlines, in-depth analysis, and big interviews.
All the stories that hit home on your days off.
And I'm Lisa Mateo.
Watch and listen to Bloomberg this weekend for thoughtful, enlightening conversations
about business, lifestyle, people, and culture.
On Saturday mornings, we put the past week's events into context,
examining what happened in the markets and the world.
That on Sundays, we speak with journalists,
columnists, and key political figures to prepare you for the week ahead.
Join us as soon as you wake up and bring us with you wherever your weekend plans take you.
Watch us on Bloomberg Television.
Listen on Bloomberg Radio, stream the show live on the Bloomberg business app, or listen to the podcast.
That's Bloomberg this weekend.
Saturdays and Sundays starting at 7 a.m. Eastern.
Make us part of your weekend routine on Bloomberg Television, radio, and wherever you get your podcasts.
Speaking of the long arc of history, one thing I really wonder is you've obviously been in this space for a very long time.
at this point. Can you describe how you think your own career and, I guess, coding experience
would have been different if you were, say, starting out now in 2026 versus, I guess you would
have started out in like the late 90s or early 2000s, maybe even before that. Yeah, mid 2000.
Well, I would say like what has changed is back, even like we even without going through like the 2000s,
Like back in the Snowden Days, when the global surveillance program was being exposed,
like a lot of people were really, like, scared of it and scandalized by it and pushed back,
and people really cared about privacy.
It was like now we're entering in a new arc where very few people care about privacy,
where you see like the sea of entropy.
being asked why he refused to work with the US government,
and he says, well, they wanted to do a domestic surveillance program,
so that's against or like a safety like chart.
So this is all aspect of people relationship with data,
which I guess is very different.
In terms of software, obviously, like now you can write more things.
anyone can write anything
but I think we're still
in this weird
adequate software phase
where we know what
AI can do
but it cannot really do
anything more or anything less yet
we still haven't seen
the actual use case for it
because
it's obviously like very exciting
and it feels like
a lot of it is very different from before
but we don't really have any evidence of how it's really helping in national security.
I know it's been helping people who have been analyzing like Epstein's emails
because there's a lot of data and that makes it faster.
But in terms of like real use case, I don't think the like it feels like the current world
is very different than before, but there's so much noise and so much like slop all over
that in a way, it is pretty similar.
I don't know if that makes sense.
Well, I mean, your company is on db.aI.
So you must think that it's going to be used or that there's clearly something there.
Actually, tell us about, I'm actually really, I'm on your website right now.
It looks really interesting because it's something I've been thinking about.
But you must have some vision for like where it's going and that there will actually be significant demand for these.
services. Sure. I mean, like I was saying, like, I think now we've like, anything that's
agenic, building software, which is like the main use case so far for AI, it's going to make software
like going to zero. So that's real. So like, say, like there's, in your view, there's no
question that already AI, I mean, talk about a use, it's a pretty big use case right there,
bringing the cost of building software to zero. Yeah. I mean, like, even if you look at the offer of
cloud code. He said they didn't
write code since November.
So a lot of people
are like this, you know, even us
internally, like, we definitely
like use cloud code a lot. But
if software is going to zero, like
what's left in terms
of like the internet layers? So
our conclusion is that data
is the anything
that's going to be like timeless in the AI
economy. So building like
a layer for that. Especially now there's like
all those innovations.
around like payments and stablecoin that you can use to actually like pay like anything online.
Yeah.
So we think like, okay, if you have like issues like entropy or like open AI just scrapping internet
and using like public internet.
So you may as well find ways of charging like boats or agent for your data.
So at least you can have these new like revenue unlock that's going to emerge in these like new
new economy.
because I think a lot of the traditional economic model,
like for instance, like we said like with SaaS,
are going to be like disrupted a lot.
So there is a completely new market around how people are going to consume data.
And I think people would just be ready to pay like more to have high quality data
because the more noise there is,
the more you want to make sure that the data you have access to is going to be like valuable and real.
So, yeah, even from a security standpoint, you know, like once you build like an infrastructure layer,
you can have this like built in security to make sure that the data you give back or the access,
like for the interface that you define is actually secure because even if you'd look at open clow, for instance,
one of the top skill was malware.
So like people just like living in these like wild west, but they just run everything.
So it's us anticipating that entry.
enterprise is going to look very different and they won't just run like anything they find online.
Yeah, you know, this is one of the things that I've encountered in my vibe coding for is
is that one of the annoying things is, okay, you want the agent to like go out and grab some
information or query some database or whatever. And then it's like, okay, like let me know when
you've gotten an API. They're like, okay, come back and get an API. And then you have to like go to
a website and then you have to like get out your credit card.
and you have to set up an account
and then you get an API key
and then you copy and paste it and so forth.
And that's very annoying.
I want, what I want is for the agent
to just be able to go there, say,
oh, you know, like, let me just pay you with some stable coins,
et cetera, just go out and get the information
on its own without having this human in the loop.
But it also occurs to me,
and this is something that I've asked about with others,
which is that, like, once I'm just like entirely operating in the terminal
and the agent is going out and scraping
information for me, et cetera. Like, why do we even have a free public internet anymore? And so,
like, I'm curious, like, whether the direction of the internet and information in general is just
entirely, like, you know, paying microtransaction or fees for data consumption so that the data
then arrives in some usable form in the terminal that I'm operating. Yeah, no, I think you're raising
some really good points. We need to talk after. You can be our new design partner, you know?
Yeah, I can be a consign.
He's going to hack all the API keys for you.
I can be a consultant.
No, I hate having to deal with all these API keys.
And why am I still using my critical?
You're completely right.
See, I told you your famous vibe code.
But the US case you're describing now is like a makes entire sense.
That's why like we position ourselves kind of like as a trusted like provider.
We're like instead of having to go like everywhere to get data, you know, you have like this single point and unified access.
A bit like open router for AI models.
but for data providers.
Because if you think about it,
when you use Cloud now in your terminal,
the level one is basically you asking the model itself for information,
but as we know, like the model may be like a few months old
and doesn't have access to all the information.
So like the second level is the agent like CloudCode or Cloud for desktop
or like chat GPT doing web searches.
And that's just them looking on the internet.
doing like a Google search, etc.
But that's still not giving you access to like the actual like relevant data that you would need where, for instance,
you would have like those API keys and stuff.
So like the level after that is basically access to private information.
So in private information, usually the one that's valuable.
Like in the case of Bloomberg, for instance, Bloomberg has a lot of extremely valuable information that you can only have access to it through the terminal once you have the subscription.
or like any SaaS services,
if you think of like SaaS platform
at just like some fancy UI
where you can like browse the database
but the data that's valuable
is just in the database directly.
So if you'd have access to those APIs
and we're not have to create like one million subscriptions
left and right
because there's already like someone
who's doing the integration for that
kind of like as a programmatic like API marketplace
but the integration now is like much easier
and especially if you trust it, because now what we have seen also is like whenever you use all those tools, they make you install like MCPs, but more and more people are like moving away from MCPs.
They're just using like skills because like you just said, we start to spend more time into the terminal.
So like the terminal and anything that CLA is becoming like a natural interface for like agents, even for humans.
Because you don't need to try to understand those like fancy UI and UX.
to just say like, okay, I want to do ABC, just do that.
So I think it just makes more sense to have like this interface for it.
And like you said, you know, like otherwise it just like it becomes too complicated.
Just on this note, can we talk a little bit about, I guess, institutional knowledge of code?
Because I remember one of the things that happened in the early days of AI development.
I mean, not that early.
I think it was like 2017 or something back when Facebook's AI lab still exists.
What was that called again?
Like the acronym was fair or something.
I don't remember that.
Yeah, they had like a little Facebook like experimental lab.
Anyway, they invented a bunch of chatbots and the chatbots started talking to each other in pretty much incomprehensible language.
But like they clearly understood what each other were saying.
And so I'm just wondering if you extrapolate that to AI generated code, could we have a situation where the models are constantly iterating on themselves?
They're constantly talking to each other.
And so we end up with a system that becomes very, very difficult for human engineers
and coders to actually understand.
Yeah, I mean, I think what we're going to start with is, like, humans, you know, like us
are going to move towards, like, creating, like, markdown files as, like, a programming language.
So everything is just going to be, like, normal, like, language.
But for the machine itself, obviously, yeah, I remember that video, that is, like, G.B.
language like transfer thing.
Well, if you think about it,
it's not that much different from voice to text in that sense.
And at the end of the day, it just like beats like being transferred.
Because even like whenever you connect on the web page, you know,
like you write it in text, but behind it's just like bytes dot a Bing exchange.
So agents still need to agree on the protocol that they're going to use
and not necessarily an encryption format, but an encoding format.
So once you know what it is, you know, it just becomes like a reverse engineering problem or like a forensic problem where you're just like, okay, like this is what's being used when those packets are being sent, you know, let me just decrypt it.
Once you know, the protocol, you know, like, that's.
So I don't think we're going to end up in a situation where like who would have like no idea of it because you're always going to have like people who are like pretty good like reverse engineers.
But at the same time, you also going to have your like AI assistant who's going to.
help you to like reverse engineer those things. So in a way, even if it happens, like,
you are not like alone with your redbell and your laptop. I know, I know AI agents. We all going to have
AI agents. Yeah. So that's also like the reality of things. So we're far from just like the
clipy plugin that we used to have in Microsoft office. So you can have these like CLA interface,
we just give like comments. Yeah. And then it's like,
that into like, okay, I understand what I need to do, you know? And that's it.
No, I love, like, interacting with just the CLI now. And, like, every time I have to go to
the web, it feels like some sort of failure. Like, I'm like, oh, I have to go to this bright website.
Yeah, and I just, like, want the information right there on the black screen talking, you know,
communicating back and forth in English.
You know, that's, like, feeling familiar for you.
You know, something I'm thinking about is I imagine that there's a lot of, like, crusty all.
Linux and Unix programmers who are like, oh, this code is, this isn't high quality code that
the AI, that the chatbods produce. This is slop code. It needs all kinds of fixing and so forth.
From your perspective, is the code itself of good quality or of improving quality?
How just the lines of code itself from your standards is a good stuff?
Yeah, it's pretty good. And even when it's bad, you just tell it, okay, like, this is bad,
you know, like just do it better, you know?
Like if you're using like negative rewards, you know,
if you say, okay, like this piece of code is garbage, you know,
it's going to understand better because you kind of give like a strong emotion.
Whereas like if you say, oh, it's okay, you know, it's just be like, okay, like,
whatever, you know, if it's okay, it means it's passing like the adequate test.
Whereas like, if you say, okay, that's garbage, you write it and I always do this.
So if I ask a bot for something, I will always say like after the first version, like,
do better and just see what it comes.
comes up with and then just try to iterate on that.
This is tough because you're talking, when you're talking in English, the brain deludes itself
into thinking that you're talking to, or when you're talking in human language, any language.
The brain deludes itself, you feel like you're talking to a person.
So you have to be nice?
Well, then I feel like.
I don't have that problem, Jay.
Oh, really?
But then I feel like, I like, I don't want to say, oh, this is garbage.
I don't, but from your perspective, it's actually sort of important to be firm with the bot
and you get better results by being more sharp with it.
Yeah, because it's the equivalent of a negative reward,
like just like positive reward.
If it does something, you'll say, okay, like, that's great.
That's exactly what I try to explain.
Then it's like, okay, like that's like a reference point.
Well, like if it starts to go on a tangent, you just say like,
oh, that's completely like out of the line.
Redo this.
Like, why are you doing this?
You know, like the more explicit you are,
the better it's going to understand how far it is
for the requirement.
I just have to get better.
You know, I'm sort of conflict avoidant.
I know.
And I like being nice to people.
So I just still says please and thank you.
So I just,
so the basilisk doesn't get him.
Yeah, that's right.
So I have to,
I just have to be like, no, this is trash.
This is garbage.
You totally, we're all dumber for having seen this code.
Okay, this is good to know.
I mean, it's a good point.
You know, like all those like AI companies,
they're recording all the prompts, you know.
Yeah.
God knows if they are keeping it,
if there's retention around it.
You know, like, we know the open AI is keeping them, you know, like they can get supone.
Suponi, is so you pronounce it?
Yeah, so like, who knows, you know, like in years from now?
Like, if there's, like, full-on, like, autonomous, like, robots managed by the Department of War
because they think it's lawful.
We all get social scores based on our AI prompts.
Yeah.
These thoughts creep into my head, unironically, where it's like at some point is there
going to be some, am I going to regret having, I don't know. They were there in my head.
Truly a brave new world. Matt, just one last question from me, but going back to cybersecurity
and the current situation with Iran, what are you on just the lookout for? Like, what would
peak your interest the most to see in that particular space? I think now in that particular
space because I'm one of those people who think it's related to the Epstein files,
you know, like it's just more about like getting more Epstein files related stuff to see
if there is like more connections to it, you know? So I think that would be the only thing
that would kind of be like digital that will like spike my interest because now we have
seen, you know, like just those like all drones can do like so much damage and that Iran
demonstrated that they can be like really precise.
with their attacks.
So now I think it's more about
seeing which direction it's going to go to
and how long it's going to last,
which is like the big question mark
because there's so many other components.
Like the energy sector, you know, like,
how is it?
We have seen the price of like memory,
like increasing a lot.
So now if they're starting to block like the Detroit of Ormos,
you know, like what's going to happen to like the cost of data centers
and like memory and AI in general, you know,
like we're going towards on one side you know we're going towards like the cost of tokens and
insurance going down but that may also like bring the cost up you know so if you're going to use
like AI for like your next generation wars but if your enemy can just like increase your cost of
token and insurance what does that even mean like do you even need AI in the first place is it even
relevant so i think there's these all like asymmetric like warfare that's going to happen that we
we really haven't seen yet.
And I think that's going to be like really interesting.
But the same time, there's so much noise and so much,
so many things happening at once that it's becoming like extremely like hard to focus
and just like extract that that's really relevant.
Yeah, definitely feels like that.
Tough choices potentially coming for Havelock as your token costs go up.
Matt, it was so wonderful to reconnect again.
Thank you so much for coming back on Oddlots.
And yeah, you'll have to get back to Joe about those APIs.
Yeah, I'm happy.
Let's, uh, let's, the most famous vibe for there on Twitter, no.
Yeah, bring me on as a consultant.
Sounds good.
Take care, Matt.
Thanks, Matt.
Bye, bye, bye.
Joe, always good to catch up with Matt?
Super interesting.
It's incredible how much is happening right now at this particular nexus, especially, obviously
the anthropic stuff.
But I, you know, it's interesting, you know, you think about cyber warfare and you think
about, okay, we're going to hack into a system and take out critical infrastructure.
But another thing you can do is just attack a data center.
Just send a drone to a data center.
I thought that was really interesting.
That sort of like we got very used to thinking about cyber as like this thing that exists only in code.
In code.
But now you have this like new front of kinetic warfare where the two like really intersect.
Yeah, they do really intersect.
And yeah, these are like huge national security vulnerabilities.
And he pointed out, I mean, certainly today, but, you know, was this in anyone's threat model thinking about the risks to it, you know, the cheapness of.
drones, the ability to take them out. Super interesting. Also, just this idea, like, yes,
you know, obviously, again, as your observation, the point we think of, like, cyber attacks,
like, we're going to take out this whole thing. But in least in the warfare context,
his point, like, most of it is like before the war, et cetera, the sort of information gathering,
spy craft and so forth prior to the actual attacks. But it is interesting to see Israel in
particular use some cyber attacks as a sort of soar of chaos.
Definitely.
In Iran.
I can't imagine what it's like to actually be on the ground there at the moment for many reasons.
But like you imagine just being there worried about your physical safety and then the traffic lights aren't working as well.
Well, right.
And also just thinking like, wait, there's cameras everywhere or like how much is being recorded, like create like a sense of like paranoia among everyone about about everything.
And also the interesting thing.
Obviously, this is very topical in markets, but the sasspocalypse idea.
Matt in particular seemed pretty bearish on the outlook for existing software companies, I guess.
And I did think his comments about what that would mean for security budgets within organizations were pretty relevant and worrying.
Absolutely.
All right.
Shall we leave it there?
Let's leave it there.
This has been another episode of the All Thoughts podcast.
I'm Tracy Alloway.
You can follow me at Tracy Alloway.
And I'm Joe Wisenthall.
You can follow me at the stalwart.
Follow our guest, Matt Sweensch.
She's at M. Swish.
Follow our producers.
Carmen Rodriguez at Carmen Armin, Dashel Bennett at Dashbot, and Kale Brooks at Kail Brooks.
And for more OddLod's content, go to Bloomberg.com slash OddLod for the daily newsletter and all of our episodes.
And you can chat about all of these topics 24-7 in our Discord. Discord.g.
slash OddLots.
And if you enjoy OddLots, if you like it when we talk about the intersection of kinetic and cyber warfare,
then please leave us a positive review on your favorite podcast platform.
And remember, if you are a Bloomberg subscriber, you can listen to all of our episodes,
absolutely ad-free. All you need to do is find the Bloomberg channel on Apple Podcasts
and follow the instructions there. Thanks for listening. You can get the news whenever you want it
with Bloomberg News Now. I'm Amy Morris. And I'm Karen Moscow here to tell you about our new on-demand
news report delivered right to your podcast feed. Bloomberg News Now is a short five-minute audio
report on the day's top stories. Episodes are published throughout the day with the latest
information and data to keep you informed. Yes, there are other products like this from a variety of
news organizations, but they usually rerun their radio newscasts throughout the day. That's not what we do.
We create customized episodes that can only be heard on Bloomberg News Now. And we don't wait an
hour to publish breaking news. When news breaks, we'll have an episode up in your podcast feed within
minutes, so you're always getting the latest stories and developments. Get the reporting and the
context from Bloomberg's 3,000 journalists and analysts we're all over the world.
Listen to the latest from Bloomberg News Now on Apple, Spotify, or anywhere you listen.
What separates good leaders from transformational ones?
I'm Jessica Chen, and in season two of Leading By Example, we'll sit down with executives like
Grace Chen of Bertie Gray to find out.
It's important to understand where you spike, but also really acknowledge where you don't
and find people who can fill those gaps.
Listen to leading by example,
executives making an impact
on the IHeart Radio app,
Apple Podcast,
or wherever you get your podcasts.
