Risky Business - Risky Business #827 -- Iranian cyber threat actors are down but not out
Episode Date: March 4, 2026On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: The US-Israeli attack on Iran had a whole lot... of cyber. It’s clearly in the playbook now! The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used by Chinese crypto scammers So long Maddhu Gottumukkala, but CISA’s annus horribilis continues Adam “humbug” Boileau complains about the Airsnitch wifi attack just being three ethernets in a trenchcoat ASD’s Cisco SD-WAN threat hunting guide is clearly borne of … experience This week’s episode is sponsored by AI threat hunting platform Nebulock. Sydney Marrone joins to talk about how useful AI models are on the hunt, and her work building out an open source framework and maturity model. It’s methodology agnostic, so you can adapt it for your environment, and the github link is in the show notes! This episode is also available on Youtube. Show notes Inside the plan to kill Ali Khamenei Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran | TechCrunch Matthew Prince 🌥 on X: "Counter to what some cyber vendors are saying, there’s been a dramatic drop in Iranian cyber operations. Likely as the operators are sheltering. They may pick back up, but right now there’s a noticeable lull." / X Cyber Command disrupted Iranian comms, sensors, top general says | The Record from Recorded Future News Iranian Hackers Use Elon Musk’s Starlink To Stay Online Exclusive | U.S. Smuggled Thousands of Starlink Terminals Into Iran After Protest Crackdown - WSJ Attacks on GPS Spike Amid US and Israeli War on Iran | WIRED Amazon Data Centers on Fire After Iranian Missile Strikes on Dubai A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals | WIRED Canceled contracts, a failed polygraph and personal disputes: Inside the turbulent tenure of Noem’s former cyber czar - POLITICO CISA CIO Robert Costello exits agency | CyberScoop OpenAI alters deal with Pentagon as critics sound alarm over surveillance Inside Anthropic’s Killer-Robot Dispute With the Pentagon - The Atlantic Read the full transcript of our interview with Anthropic CEO Dario Amodei - CBS News CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements Large-Scale Online Deanonymization with LLMs Hackers Weaponize Claude Code in Mexican Government Cyberattack - SecurityWeek New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises - Ars Technica CISA orders agencies to patch Cisco devices now under attack | Cybersecurity Dive CISCO SD-WAN THREAT HUNT GUIDE ClawJacked attack let malicious websites hijack OpenClaw to steal data Area Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums | WIRED Intellexa founder, three others sentenced to 8 years in prison over Greek spyware scandal | The Record from Recorded Future News Moscow man accused of posing as FSB officer to extort Conti ransomware gang | The Record from Recorded Future News Farewell, Felix · The Recurity Lablog Atmos Sphere 2026 | Atmos The Agentic Threat Hunting Framework | Nebulock blog GitHub - Nebulock-Inc/agentic-threat-hunting-framework: ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy. · GitHub
Transcript
Discussion (0)
Hi everyone and welcome to risky business. My name's Patrick Gray.
Absolutely jam-packed show this week. We've got a bunch of news to get through.
And Adam Bwalo and James Wilson will be joining me in just a moment to walk through all of that.
And then we'll be hearing from this week's sponsor.
And this week's show is brought to you by Nebulok, which is a startup that does AI-based threat hunting.
And in this week's sponsor interview, Nebulauk's head of threat hunting,
Sydney Moroni is joining us to talk about a gentic threat hunting guide that she has written.
But yes, Sydney Maroni is this week's sponsor guest and that interview is coming up after this week's news,
which starts now.
And Adam, of course, the big news this week is the war against Iran.
You know, he's kicked off by none other than the FIFA Peace Prize laureate Donald Trump.
the president of peace. Donald Trump is bombing the absolute crap out of Iran in conjunction
with Israel. And, you know, it didn't take long for the cyber angles to emerge here.
Of particular interest is this piece from the Financial Times that cites some, you know,
anonymous sources talking about how the, you know, IP traffic cameras and whatnot in Tehran
have been compromised for just years and years and years.
Yeah, I mean, it's one of the things we've seen.
seen in a number of conflicts around the world is the importance of internet connected cameras
for reconnaissance, for battle damage assessment, for all kind of like on the ground situation
awareness remotely. Like the sort of things that previously you would have relied on, you know,
human sources for or surveillance, you know, overflying, that kind of thing, like actually
being able to see on the ground what something looks like really does it appear make a pretty
big difference. And in this case, Israel's access to the
the camera systems there seem to have been pretty important at tracking movements in and out
of the compound where Alecimini was, you know, was eventually killed, understanding the pattern
of life around that.
I mean, that's, you know, you can certainly see how those dots are we joined together.
And of course, Israel, you know, has been up in Iran's business so much over the years, you know,
with the big gas pumps and camera systems and, you know, all sorts of things like that.
There were also reports that they were, all the Americans, whoever it was,
it was in the mobile phone system around the compound and was able to disable communications for bodyguards in the time leading up to the attacks
or they weren't getting any advance warning of incoming aircraft or whatever else.
So, you know, the cyber angle to this seems like it may well have been, you know, kind of more, you know, important,
perhaps than in other conflicts that we've seen.
Yeah, I do think this really does cement the idea that IP cameras are a risk, right?
And it sort of explains why a bunch of the SIGAN agencies for years have been so absolutely terrified of like Hick Vision cameras and there's initiatives to rip them out of places.
And, you know, so yeah, that's one aspect to this.
I think another interesting thing here is a lot of the reporting is suggesting that the timing of this war kicking off.
I'm sorry, it's a special combat operation.
Special military operation was taken.
So they've gone for special combat operation, I think.
But yeah, the reason this kicked off when it did is because they had the opportunity to actually get Kermainei because they knew where he was.
So that might actually explain the timing where it was like, well, you know, we know that this meeting is happening.
Let's go.
And yeah, following people around on traffic cameras through Tehran, building pattern of life.
You know, no surprise there that the cyber angle here is largely about intelligence gathering.
We also have a write-up here from TechCrunch.
Lorenzo has done a bit of a round-up of, you know,
just a round-up of some of the cyber activities that have been reported,
including, like, there was a prayer app that got hacked
and, you know, was giving people messages to lay down their arms and whatever
and, you know, join an uprising against the government.
I think there was some TV stations hacked as well,
and they had Netanyahu and others, you know, broadcast onto Iranian TV.
I mean, most of it is much as much as you expect, right?
Yeah, yeah.
I mean, we've certainly seen, you know, that I'm thinking like all the episodes of between two nerds that we've had over the last couple of years about the conflict in Ukraine and the extent to which cyber hasn't really been that impactful here.
And there are certainly some elements of that here.
Like, I mean, things like hacking a prayer app to tell people to lay down their arms.
You know, that's the sort of thing that Tom and Gruck would probably be like, you know, come on.
That's not really, you know, that's not the good cyber.
But, you know, there really is a gamut of legitimate uses here from, you know, Patent of Life stuff
through to some of the disruption we've seen of air defense systems, like certainly going into Venezuela.
We've got, I guess, like a preview of what that looked like.
And then, you know, there's been a number of stories about, both in this set of conflicts against Iran
and the earlier strikes about the extent to which, you know, air defense was not particularly effective
and, you know, where we saw, like, what, power cut off to radar sites or something.
something prior to the previous attacks.
So, you know, there are a set of things that cyber is legitimately being, is legitimate useful
for that are being used, you know, now several times.
We see a whole, this is a playbook now.
It's not a one-off, right?
This is clearly the way that they're going to do this in the future.
And everyone else is going to be paying attention.
There is cyber doctrine now, right?
And, you know, we have seen some comments from US military officials along the lines of,
you know, there was cyber and space-based, you know, operations against their defense and
whatnot. So yeah, it does look like there is a playbook for this stuff now.
We've seen a comment from Matthew Prince of Cloudflare.
He says, said on X, counter to what some cyber vendors are saying, there's been a dramatic
drop in Iranian cyber operations, likely as the operators are sheltering, they may pick
back up, but right now there's a noticeable lull. Our read on this, you know, we had a,
all of us had a meeting yesterday, had a bit of a discussion. And Tom Uren, our colleague
suggested that perhaps they're not hiding from the bombs, but they're
normal offices are being absolutely deduced to smithereens.
And I think that is actually a fairly likely scenario.
Yeah, I mean, either way, access to the internet in the country is pretty heavily restricted.
So, like, there is a great many reasons why they might be somewhat occupied and not really able to,
you know, contribute.
You know, most of the talks of counterattacks we've seen so far have been of the, like, missile
and drone variety towards other states in the Gulf.
You know, we may see some cyber coming, but yeah, right now they've probably got other things
going on in their lives, you know, regardless of whether it's packets or bombs.
Yeah, and of course, Cyber Command's out there talking about how they've disrupted Iranian
comms and whatnot. So, you know, I think just trying to get anything done in Iran at the moment
would be actually quite difficult. But that's not to say that once this calms down, we won't
start seeing Iranian threat actors really kicking up and causing a stink. I mean, I am not entirely
sure how worried we should be about this yet, but my feeling is that it's not.
trivial, like that we could see a bunch of nuisance attacks coming out of Iran eventually.
Yeah, because when else are they going to do it?
Like, if not now, what were they preparing for?
What was all of the preparing the battle space?
I mean, what's the escalation risk now, right?
Exactly, right, exactly.
Like, why, what reasons would hold them back now after they've had their leader, you know,
bombed by an adversary?
Like, why wouldn't they go on and throw everything they've got?
They're launching, you know, missiles and everything else.
if they've got anything left in the tank cyber-wise,
like surely we are going to see it in the very near future.
Yeah, well, and look, there's the other wildcard here too,
which is that we don't know how any of this is going to play out yet, right?
I mean, I think where I am with this
and where most of the people I know are with this
is that we have no idea what's going to happen here.
And you can sort of really hope for a positive outcome,
but it seems like a pretty narrow opportunity to get that outcome,
Right? So this is a massively destabilizing event that's going to have all sorts of, has potential to have all sorts of second order effects. And we just don't know how that's going to work out. But, you know, only time we'll tell. We've also seen a bunch of Starlink related news. Adam. We've got a report here from Forbes that says that Iranian hackers are using Starlink to stay online. Are these script kitties or is this like state-sponsored activity?
I think, well, one of the groups is Handala, which is linked to the IRGC.
I'm sorry, the Ministry of Intelligence and Security.
So, like, they are very much state aligned.
But, you know, I think anyone who's getting online from Iran at the moment is getting online
through Starlink, it seems.
So there isn't very many other options.
So you get a little bit of everything as to whether, you know, the MOIS-linked hackers
are able to go really operate in these circumstances.
We don't really know.
But, yeah, I think anyone using the internet in Iran right now,
probably on Starlink, for better or for worse.
And, you know, staying with Starlink,
it looked like the United States,
according to this report from the Wall Street Journal,
the United States has actually smuggled
thousands of Starlink terminals into Iran.
This happened amid the protest crackdowns.
So, you know, that's a bit of a wildcard
in all of this as well.
But it's like, yeah, I'd imagine the networks
are not working particularly well over there.
And Starlink is that, yeah, it's a bit of a wildcard.
Yeah, I mean, it certainly has changed
how we deal with communications,
you know, in places where the local infrastructure
that doesn't exist or the government, the regulatory environment doesn't want it to exist.
And, you know, anyone who's looking at building, you know, their own isolated internet,
I'm looking at you, Russia, you know, has to contest now with the existence of a global network
that's very hard to block other than, you know, direction-finding terminals or looking on people's roofs
or whatever else, which, you know, Iran has been very much trying to do.
Yeah, yeah, indeed.
Now staying with wireless stuff, don't rely on your GPS in the straight-of-all-muse at the moment,
Adam, I think it would be the TLDR.
Yeah, I've been looking at some of the flight tracking sites and the boat tracking sites,
and yeah, GPS is just all over the place in that region.
You know, the planes, you know, flipping around the world instantaneously
with, you know, spoofed signals or faked responses up to the receivers for the ADSB data,
and yet the same in the shipping environment.
So, you know, we've seen large-scale GPS disruption for it.
It's kind of expected as part of any modern conflict.
Yeah, I mean, I've color me completely.
unsurprised that this is happening right yeah yeah all right now we're going to
bring James into this one because this story is actually kind of funny in that
I mean is it funny I don't know but a missile has hits an Amazon data
center in Dubai leading to an absolutely hilarious statement from Amazon
saying that an object hit their data center causing sparks and fire which is an
interesting way to say that your data center got bombed
But there's a whole dimension to this that Adam and I, you know, we were completely unaware of,
but James, you worked for Amazon.
You're much more familiar with how they run their data centers.
And from what you've told us, recovering from this is going to be an absolute nightmare.
Yeah, I wouldn't be surprised if they have to essentially scorch the earth and start again with the entire data center.
So the thing with Amazon data centers is that they,
They are largely something where equipment goes in and it only comes out wrecked.
And what I mean by that is when you go into a facility,
there's parts of the facility in particular the data center halls
where you cannot take any electronic equipment into.
You don't have your phone.
You certainly don't have any USB devices.
You go through all manner of metal detectors to make sure
that it's literally just the human flesh and blood that is walking in to the data center.
And anything that gets removed out of there,
especially servers that might be carrying hard drives and SSDs,
they're physically destroyed, right?
We would drill through the drives.
We would drill through the main boards before they would be permitted
and they'd be inspected before they're taken out.
So when you've got a situation where an object has broken the physical perimeter
of a data center, it raises the question of,
well, how can they reestablish that lineage of trust of any of the hardware in there?
What's to say someone didn't sneak in there while there's a big hole in the wall
and implant a bunch of things with a USB drive?
You just don't know them because you don't know.
I can't imagine you've got to start again from scratch.
So the recovery from this, I think, will be quite lengthy.
Yeah, I mean, you just sort of wonder if given the scale of this as a problem that maybe an exception is made or a secondary process has worked out, like, I don't know, maybe there's someone at Amazon who worked on a procedure for this and it's in a binder somewhere.
I mean, is that possible?
Possibly, but I just don't see how they reestablish the trust with their customers, you know.
We made an exception here because it was an object that went through the wall and, you know, trust us.
it's fine. But the reason they do such extreme care around devices go in and they're certified
that they're blank. And when they leave, they're destroyed is that's how people universally trust.
Okay, well, I'm going to put my data in a data center. So I just don't think an exception would even be
entertained here. But at the same time, this is the first time we've seen a multi-AZ outage that
hasn't been caused by a software bug. So we're definitely in some pretty uncharted territory.
Yeah. And look, full credit to whoever wrote that statement, because that is, you know,
know, just incredible BS.
That is like 10 out of 10 BS that an object struck the data center causing sparks and fire.
And of course, you know, you made the point to us earlier that it's not just about, you know, a hole going into the wall,
but presumably there were some firefighters and whatnot on the scene.
And, you know, people who are not Amazon staff who had not been, you know, they brought in their hose.
That's not just, you know, just a fleshy meat sack going into the old data center there.
So, yeah.
Probably someone at Amazon's having a hard day is the TLDR there.
on that one.
Now, we're going to move on to this story by Andy Greenberg
that implies a bunch of stuff.
I'm going to throw some weight behind
what Andy Greenberg is implying in this story.
I'm going to be pretty light on details
about how I came to form a series of opinions
that I'm going to share with the listeners right now.
Now, the story, the headline is
a possible US government iPhone hacking toolkit
is now in the hands of foreign spies and criminals.
And the story basically, it's along the lines that the exploits that were a part of the triangulation campaign
that targeted, I think it was over a thousand devices in Russia,
that exploit chain is now being used by criminals to steal cryptocurrency.
Now, this story also sort of implies that this exploit chain may have been the one
that was stolen by Peter Williams, who was a manager at L3 Trenchin,
and sold to a Russian exploit broker.
It has been my opinion, and Adam I'm sure you'll back me up on this,
that I'm not making it up now.
It has been my opinion for several months
that the exploit chain that Peter Williams did sell to a Russian broker
was the triangulation exploit chain.
It has been my opinion for several months
that the reason the Russians discovered the triangulation
campaign is because Peter Williams sold those exploits to a Russian exploit broker and somehow
they wound up in the hands of the Russian government and from there the Russian government coordinated
with Kaspersky to come up with a parallel explanation for how they found this tool chain.
So if people have wondered why I've been saying that Peter Williams got off extremely light
in his sentence which was what seven and a half years or something, I mean this is
is scandalous what's happened here.
Now, Andy doesn't explicitly say, oh, that's what happened.
But look, it's long been my feeling that that's what's happened.
I have varying levels of confidence in little bits and pieces of it,
but I can say that, and as I said, you'll back me up that I've been saying this for a while,
it is my opinion.
And I haven't wanted to say it publicly, but it is my opinion that what Peter Williams walked out of L3 trenchant
was the triangulation kit.
and it caused a massive harm to the security interests of the United States and its allies and Ukraine in particular.
Adam, I mean, what do you even say here, right?
The story around triangulation and Kasperski's discovery had always, you know,
it always felt like there was more to say there.
And, you know, we very rarely see so much of these stories, I guess, you know, now coming out into the public eye.
and, you know, seeing what that full chain looks like,
you know, seeing some of the details of that.
Google published the write-up.
We've got a bunch of indicators of compromise from,
I think I verify have also been,
they got a hold of a copyright from a Chinese, like, as you say,
cryptocurrency, you know, criminals that were using it,
managed to X fill it out.
They apparently got a debug build of it out of that process,
I think they said, and they found a bunch of internal details in naming,
or maybe it was Google that got the debug,
but anyway, someone managed to get a debug build of it
that had a bunch of these.
internal names.
And, you know, the story is just we don't normally see the inside of this unless you are
in that kind of quite rarefied world.
So it's interesting to see the details.
It's interesting to tie it back, you know, to that campaign triangulation and just kind of
see what the, you know, what the big end of the market looks like, what the, you know,
the expensive stuff looks like and it looks pretty good.
Yeah, I mean, at the time that triangulation was quote, unquote, discovered, you know, we said
well, they were operating a pretty massive scale, so it was kind of inevitable that they would have got caught.
But you have to wonder how much longer could that campaign have operated for if one of the insiders wasn't flogging off the exploits for chicken feed.
Like this guy deserves way more time in prison.
Like this is serious stuff, you know?
This is serious stuff when this is presumably an NSA operation targeting a thousand devices in Russia in a time of when one of its allies is at war with Russia.
I mean, to undermine that is just mind-boggling.
And to do it just for such a relatively small amount of money.
Like, this guy is an idiot.
He's a moron.
And especially given that he came out of ASD and, you know,
the intelligence world, like, you know,
he understood what that mission was.
Like, he worked with people, you know,
who lived and breathed this mission to then sell them out.
You know, I've been to a bar with some people that worked at,
you know, L3 Harris trenchant.
And they've all got a lot of feelings about this.
Oh, yeah.
As do spooks and, you know, some of the other people.
And, you know, to sell it out for so little does just seem a little bonkers, you know.
Yeah, no, it's unbelievable.
And, yeah, the feelings are strong from people on those, you know, I too know some of those people.
And I think if you put this guy in a room alone with some of his former colleagues, you know,
he would not be emerging unscathed.
Let's put it that way.
So yeah, look, that's, you know, I'm going to go ahead and just say Andy Greenberg's reporting there is bang on.
And, you know, what a scandal. What a scandal. What an idiot. Absolute moron.
Yeah, really.
All right. So we're going to move on now just to some, just briefly.
We mentioned, I think, you know, a couple of weeks ago, this acting assistant director, Madhu Gotta Mukala.
You know, we sort of tell you about how there's, they just kept being this steady drumbeat of weird news about the guy.
and he seemed like he was a bit strange and not exactly good at making friends in Cicester.
He's out now and Politico has, you know, written a like really fierce write-up on his departure.
It's, yeah, the interim chief of the nation's top cyber defense agency had convinced many people
he was not up to the task long before his sudden reassignment late Thursday.
Now, that's a lead.
Well done to Politico, but yeah, he's gone.
And there's details in this story.
I think one of the funny ones is that he drives a cyber truck.
He's a cyber truck guy.
And I think that sort of underscores the idea that he might be a jerk.
But he would leave it in the charging bay and not move it.
And he actually stood down an employee who was caught on security camera walking past his cyber truck and flipping it the finger.
Right. So he winds up like suspending that guy, which is, it seems a bit nuts.
It does.
I think it was the cameras on the cyber truck that caught it.
So, like, he had to go dig through and find that himself.
So, like, yeah, this guy does not seem like he was good news.
And you're right, the Politico piece is just savage, right?
I mean, describing him as, you know, asleep at the wheel and, you know, has a bunch of examples of, you know, things where he, you know, is kind of, you know, for example, one of the briefings, he asked specifically about hackers from India, where, you know, his ethnic kind of roots are, derailing the briefing, which was about actual threats, you know, that they actually face as opposed to, you know, whatever was his personal.
bug bear. So little things like that that just really don't make you feel good about his
leadership and sure enough yes out the door and I think you know so it's going to take a while to
recover from the kind of savage mess that it's been over the last little while. Yeah as I've
described it's sis's century of humiliation continues and it's CIA Robert Costello is gone as well
yes and the the deck on this cyberscoop piece is his nearly five year tenure had been had
recently been marked by turmoil. Yeah. No kidding. All right. So now let's follow up on a story that
we talked about last week. You know, we had a chat about Anthropic trying to put technical guardrails
on its models. And Pete Hagsith, Secretary of Defense, getting really shirty about that and basically
saying, no, you can't do that. We will designate you a supply chain risk. Look, and that's what
they've done, which is just insane. This is obviously going to be challenging.
in court because Anthropic didn't budge but you know I was actually
fairly sympathetic to the government's case but the correct way to go about
addressing that is to maybe you know go to a court and use the the what is it
the Defense Production Act to argue your case right not to say well we're
gonna try to harm your business we're gonna we're gonna take this punitive
measure now of course this is wonderful news for Open AI because Sam
Altman has just swept in and scooped up this contract but
now we know a lot more about why it is that Anthropic was feeling uneasy.
There had been some very vague reporting about, well, it's about autonomous weapons and
surveillance. Now we know much more about the details of that. James, what exactly were Anthropics
concerns here? Yeah, super interesting turn of events. So the, again, the two red lines were
this cannot be used for mass surveillance of US citizens and it cannot be used in fully
autonomous weapons. Now, the interesting subtext that we've since discovered about the latter point,
is they're actually completely fine with their AI being used in autonomous weapons.
Just not yet.
They felt that it's not ready and that at the right time,
they'll happily provide the models to ensure that autonomous weapons could be used.
This was not a moral stance.
This is like, you want to kill a robot.
Man, we would love to help you with that, but our models just aren't ready.
Like, let's just wait a little bit more time and we'll make you a killer robot that, like,
the best killer robot.
Yeah, the current killer robots in beta, and we just don't think that's right to deploy it just yet.
So that became the actual sticking point.
And yes, like Sam went from Friday morning, wow, we solidly support you guys.
You're like putting out statements of solidarity with Anthropic, right?
Yeah, to Friday afternoon.
We've signed the deal.
It's going to be amazing.
But the, you know, we know so much more now about the anthropic side of things and what their challenges were.
But we actually know a lot less about what Open AI has actually agreed to.
The only part of the contract that have been made public at this stage are really,
things that are self-serving for open AI's interest.
But if you read between the lines of some of the things
that Anthropic was rejecting,
it's that the government would sort of acquiesce and say,
yeah, yeah, yeah, okay, we won't use your model for autonomous weapons,
and then they'd throw in an MDASH, ironically, and say,
unless appropriate.
Yeah, or as appropriate or as, you know, you can see.
Yeah, so they were, they were sprinkling gotchas through their,
through their contracts.
But again, like, I think the real issue here,
And when it comes to the mass surveillance, the sticking point seemed to be that Anthropic was really concerned that various bits of the US government were going to start doing very powerful intelligence processing on commercially available information.
Now, this is the stuff that data brokers sell.
There are loopholes galore when it comes to the Fourth Amendment in the United States where, you know, government agencies can just buy this stuff, that it would be illegal for them to collect themselves and then just apply a bunch of processing to it.
Anthropics like, well, no, we don't think this is this is appropriate.
However, the strange thing is none of these contracts touch NSA, for example.
So are they concerned that the Pentagon is going to be doing mass surveillance of US citizens?
To what end?
Like, I don't understand.
I still don't quite understand the concerns here.
And I think if you're concerned about commercially available information and privacy and the Fourth Amendment
and these sorts of things in the United States, you know, the correct group to remedy this is Congress.
not the chief executive of an AI company
and certainly not the Secretary of Defense, right?
So, like, I think what everybody has landed on here
is that this is Congress's job
and they're missing in action, basically.
Yeah, exactly.
And I think, you know, you and I've had a lot of spicy conversations
about this, that even when I hear your very well-reasoned arguments, Pat,
it comes down to, yes, but that's all based on trust and norms and laws.
And those things seem to increasingly not being paid attention to
by the administration.
And so it's difficult to work out where exactly the line is between,
is this just Silicon Valley paranoia or is there something significant here?
I don't know, but it's just, it's so weird to see this playing out so openly.
And like, as you say, the people that should be the adults in the room making this decision
are absolutely absent.
Adam, you know, what's your read on this?
Like, I don't quite understand the, like the people I'm concerned about using commercially
available information if I were American, it would be the local police and it would be the
FBI because they're the ones who are going to actually arrest me. I would be less concerned
about the Pentagon doing it because what are they going to do? Like, airstrike my house. Like,
that's just, it's just not what the Pentagon is for. But like, where did you land on all of this,
right? Because it is, it is a complicated issue. Yeah. I mean, I think, you know, your argument that,
like, what's the DOD going to do with this information, you know, makes kind of sense. But I guess
the thing that I, you know, that struck me about this is like, it really is a result of the cultural
context in the US at the moment, right? There's so much distrust of the government. There's so much
distrust of, like, the government as a whole, like not DOD, you know, not just DHS. Like,
it's just the government in general, whether it's law enforcement, whether it's military,
whatever it is, is just, you know, currently doing things that many Americans find abhorrent.
And so, of course, you know, they want to do something about it. And so many feel disenfranchised
by their, you know, political representatives not doing what they want, that they, you know,
are they doing it any way they can.
And, you know, some of, I don't know, I don't know whether I'm cynical that
anthropic and to a degree open AI are trying to, you know, sort of virtue signal like this,
or whether it is just generally they are so distressed as a country that it's hard to, you know,
for all of the arguments to be sensible and logical.
Yeah, no, I mean, I get that.
But it's always, it's always been the case for us as Australians when talking about America
because, well, you know, you're not Australian, I should say, me as an Australian
and you as a Kiwi, but I think, you know, in our part of the world, you know,
we just have a different attitude towards the state in that we recognize that the state is,
you know, mostly concerned with doing the right thing by its citizens and is a necessary thing
that is, you know, generally good but not amazing and can always be better, whereas in the United
States, they think the government is out to get them and sometimes it is.
So it's always a little bit of a challenge for us when analyzing the United States and
and the things that happened there.
But look, on the topic of commercially available information,
we actually have a report from 404 Media,
which looks at CBP Customs and Border Protection,
having bought a bunch of data to track people out of the advertising ecosystem.
I mean, this is stuff that our colleague, Tom Uren,
has written about a lot over the last few years
in the seriously risky business newsletter.
I mean, clearly some legal reform is required here.
I mean, this stuff, to be honest, like this concerns me,
If I were American, this would concern me more than the Pentagon stuff.
James, do you have any thoughts on this piece here?
Yeah, look, I was thinking about how when you first time you launch an app
and you get that pop up that seems to be in every app now that's like,
do you wish to ask this app not to track?
And I think when you've got a story like this,
you've got to realize that it's far more than just the app
and the advertisers that you're touching when you say don't track
or ask not to track.
This actually proliferates out to data sets that will be readily available by,
as you said, local police.
DHSS, et cetera, et cetera, FBI.
So, yeah, maybe the string's too long to fit in the button,
but it really should say, ask DHS and ICE not to track when you launch that up.
Yeah, I got 99 problems with the Pentagon 8.1, right?
It would be my takeaway there.
And look, we've got another really interesting piece here that touches on privacy and AI.
This is about large-scale de-anonymization using LLMs,
where you can basically take, what is it, like a writing sample
and then tie it to other online personas that may be anonymous?
Is that about it, Jant?
Yeah, look, this one is really frightening, if I'm honest.
So, yes, essentially, what they proved here is that using an LLM
and a novel way to use LLMs and the embedding technology that I'll get to in a second,
they can do essentially cross-platform de-anonymization.
So if you've got your LinkedIn profile, but you run an anonymous Reddit account,
an anonymous hacker news account or whatever else.
It is now quite trivial, they've demonstrated, at scale is the other key element here,
to stitch those profiles together and essentially uncover who you are on these other platforms,
even though you are technically operating as an anonymous user.
What's super interesting about this is they talk back to the Netflix Prize data set,
which is a 2008 paper that came out that said researchers took this large corpus of data,
anonymous data from Netflix and they applied some pretty great at the time techniques to
de-anonomize you out of that with only sort of two maybe three data points. And this was shortly
before I joined Apple and that was absolutely our focus. You know, de-anonymizing wasn't enough. You had
to de-anonymize the de-anonomized information because correlation was so easy. But the problem with that
exercise was it didn't scale. And the scary thing about this paper coming out about this LLM being used
de-anonymization is that first of all, they did this with entirely publicly available APIs.
So there's no custom-trained model.
There's no huge financial barrier here that would make this unworkable for any given entity
that has access to a frontier model LLM.
And the second thing is because they've used LLM embeddings,
which is essentially using the LLM's multidimensional space and understanding of language
to create a database of relevant and related terms and language structures,
they've demonstrated that this can be done at scale
where the efficiency drops off really gracefully
as opposed to the previous techniques
which just fell apart at scale
and like I'm trying not to be cynical
but it's incredible timing that this article drops
right as there's so much concern about
mass surveillance being facilitated with LLMs.
Yeah I mean I'm going to go ahead and just say
that's a coincidence in my view
but it is holy dolly like it is
you know it's the sort of thing that you know
has been theorized, right, for a long time, this sort of analysis. But to be able to like
auto, do it, put it on auto and just get her done. Like, that is the new part. And I think so
much of what AI delivers is around scale, which is something that has come up, uh, again, again,
it's speaking of, man. Like, what was it? Last week, James, you said when we were talking about
these fortigates getting owned by Claude Code, you know, and it was pretty rudimentary stuff.
You said, look, it's a matter of time before someone just tricks Claude into doing.
an end-to-end compromise, you know, just by asking it nicely.
And a couple days after we had that conversation last week, out popped this story,
which is everywhere about the Mexican government losing like
gigabytes upon gigabytes of data to a Claude-based attack that looked like exactly what you described.
Yeah, again, it's low rent hacking by all accounts and interestingly,
it hit many, many different properties throughout the Mexican government.
This is not like, you know, one service got popped and they just siphoned out the database.
This is like multiple places hit, multiple different data sets taken, but it all tied back to
use of Claude and Open AI.
And, you know, the moral to the story here, to the point I was making last week, if you break
a offensive cyber campaign down into small enough chunks, every single bit of those chunks,
every one of those little chunks can be made to look like.
It is just defensive cyber work that it will gladly help you with.
but then you roll them all up and it's just straight up hacking.
Matt, I actually last night did a sponsor interview with Tony Delafonte,
who is the founder of, you know, Proula, right?
Which is a online, you know, it's a cloud security scanner.
And what's really interesting is if you ask Claude to go and help you
with your cloud security, you know, posture,
it actually will try on its own and then give up and it downloads and runs Proula,
right?
Which is kind of funny, but, you know, we got to this situation where AI means that that,
you know, nailing down your cloud infra in particular and getting all of that stuff configured
correctly is so important now because every little skid with access to an LLM these days,
like if you don't find it, they're going to. I mean, Adam, do you agree with that sort of view
on this, which is that like you've got to get your ducks in a row these days because the,
you know, script kitty mark twos, they're coming and they're using LLMs. Yeah, I mean, in the end,
the important thing now is that someone wants to hack you, not that they're,
can hack you, right? They, if they show up and just say, hey, I would like this
organization to be compromised, they give that to Claude or whatever to go get done. Like,
that's what you're defending against, like a kid with intent, but all of the means is now,
you know, automated by machines, which yeah, it's a hell of a wild time. And yeah,
you just got to get everything right all the time. There's no longer, you know, you can,
we've always said, like, security through obscurity doesn't really work. Like, but now we've got,
you have to get everything right all the time.
for real now, not for pretend like it's been for the last, you know, 25, 30 years.
Yeah, I mean, it's a bit satisfying, I guess, being able to say no for real.
Like, it's not, this isn't theoretical anymore.
But yeah, anyway, wild times.
Now, we've got a write-up here from Dan Gooden on this thing that they're calling
an air snitch.
Now, the premise here, I've seen this do in the rounds, big time.
But you're like very lukewarm on this, Adam.
I think it's really cool.
So the idea is there's a bunch of like old-school techniques you can use to buy.
bypass the isolation between a guest network and the primary network on a wireless access point.
I mean, I think that's going to be actually quite useful to a bunch of attackers in a bunch of
different contexts.
But you were like, this is all just Ethernet tricks.
Ethernet wasn't designed to separate like this.
Not really surprising.
So you bar humbugged this when I was like, all excited.
I mean, honestly, both of those things are true, right?
It absolutely is interesting.
And being able to go from someone's public Wi-Fi to their internal.
network or to steal traffic or interact with devices on internal network.
Like that is useful, but on the other hand, it is still all old bar humbug Ethernet.
So the guts of this research is essentially manipulating the layer to traffic flows of the Ethernet,
and Wi-Fi is just Ethernet over radio, to make traffic go where it's not supposed to.
And the kind of concept of both client isolation and, you know,
you know, guest networks or having multiple networks on the same piece of networking hardware,
so having one access point that runs multiple SSIDs.
That's all kind of implemented on top of Ethernet,
and Ethernet was never really designed for this type of segregation.
And so the guts of the trick is manipulating, say, like, the cam tables,
the tables that map, Mac addresses to the port, you know,
the physical Ethernet port that are devices out.
And on wireless, that port is a logical,
instruct and force by crypto and on wide network, obviously it's a physical wired port.
And by saying like if you send a packet that says, hi, my Mac address is 12, then annual
Mac address isn't somebody else's is.
The network will learn that station 12 is in your direction and start sending you traffic
towards it.
And that gets you traffic in one direction.
There's other tricks, forgetting traffic in the other direction.
And so they can manipulate the layer to routing to cause traffic essentially to do man in the
middleware traffic between stations that you wouldn't otherwise be able to see get delivered to you.
And in a wireless contest, that means delivered to you with crypto keys that you know about,
because you've negotiated your connection to the network.
So it's legitimately interesting work, but on the other hand, my Kiwicon one talk, which is what,
2007, was doing this on Metro Carrier Metro Ethernet Networks to bypass client isolation
on Ethernet, large-scale Metro Ethernet Networks.
I remember that talk.
Yeah, this was like the Enterprise.
great Ethernet stuff and you could just like hop your way through like every other customer basically.
I remember that talk.
19 years.
This is it.
But Wi-Fi.
Yeah.
Yeah.
Well, cool.
Yeah.
I guess I should have thought to go back and try it against Wi-Fi stuff.
No, so like it's 2026 man.
So if you want to talk about hacking, like it's now you just get a fish kit, right?
And you do the SaaS and the, you know, anyway.
Everything's changed.
Everything's changed so much.
We just ask Claude to do it now.
Yeah, you just ask Claude and it's done.
Real quick, we're just going to mention this.
this one, SISA has ordered an agency to patch a bunch of Cisco devices.
Not really interesting in and of itself.
What is interesting though is when you were reading about this,
you stumbled across the Australian Signals Directorate guide to threat hunting.
And you were like, oh, okay, this is actually, this is actually really cool.
So there's the Cisco SD-Wan threat hunt guide from February 2026, version 2.4.
There's some light reading for you.
But you just wanted to get that in the show notes because you said it's actually a good read.
Yeah, I mean, Cisco SD-Wan gear.
is everywhere, especially in telco environments, and like that's so far so normal.
But yeah, the threat hunting guide from ASD just says, we have been here and had to hunt
for stuff in this environment a lot because we're at version, whatever it was, 2.4 of this dock,
and the dock's very good.
And that just says, you know, a bunch of people up and a bunch of SD-Wans in Australia.
And I just thought that was interesting and also good job ASD.
And James, this one you wanted included in the week's show, which is a security.
bug in OpenClaw and I'm like what is it some sort of like you know prompt injection thing and you're like no it's heaps stupider and I'm like wow stupider than prompt injection let's hear it so tell us yeah so good I got such a great laugh out of this so the default stance for security for open claw is they say you know the back end process only binds to local host so it's safe you know no one can access it from the outside but we forgot to realize that any browser can happily talk to and a lot of
local host because that's not covered by the origin restrictions that generally prevent that sort of cross-site
access in a browser. So it's such a trivial vector here. Any JavaScript running in a browser can access the
local open claw service and they've got to put rate limits around how many times you could make
attempts to authenticate to that web socket port on local host and so very easy to just brute force
access into your open claw.
So just
hilarious for the fact that like local
host you think, yeah, of course that's safe.
I can't access from the outside world.
But buddy, the browser is where that boundary
is now. So yeah,
good for the lolls. And you
pulled out this one too, which is
a guy doing some research
into his robot vacuum, some clod-based
research, I think, into his robot vacuum,
managed to pull down some, like,
an API key or something where he's like, oh, cool,
now I can get access to my back-end for
robot vacuum and he's like used it and it's like all of the backends for all of the robot vacuums
and there's like 6,700 of them.
Yeah, you got to read the article for this one for a couple of reasons.
One, yeah, he was his whole use case here was I want to use my PS5 controller to control my robot
VAC which what an awesome weekend project gets out ClaudeCode to do this and ClaudeCode
happily finds that there's an API key that you can use to access the backend services for
these robots and then he discovers it's the same backend key that's used for all
of them. But one of the best bits about this is when you look through the article, he shared some
of the screenshots and it's like Claude Code mocked up this like gorgeously late 90s hacker kid
kind of world map and pings of where all of these vacuums were. But, you know, the vulnerability
itself is a bit like, yeah, I appreciate key, but just the fact that this was found by accident
and reverse engineered by Claude Code, you're going to see more of these. Yeah, got to love it.
Now, meanwhile, Suzanne Smalley over ads, the record has reported that a Greek court on Thursday,
they sentenced the founder of the Interlexa Consortium and three associates to prison for their role in a sprawling spyware scandal that has dominated Greek headlines since it came to light in 2022. I think this is good. I mean, we're not used to seeing these people sent actually to prison, Adam. I mean, do you think this sends a message to, you know, to other people who might be thinking about cutting some corners when selling these tools and when knowing what they're being used for when what they're being used for is not good? I mean, you know,
Do you think this sends a message there?
I think it will send a message.
I mean, the founder and there was another associate from Intellexa itself.
I don't know that they're necessarily in Greece or within the immediate jurisdiction.
I'm sure they will be, if they're smart, they'll be out of the jurisdiction.
But yeah, it's got to provide some pause for other people playing in this game,
that you will get some blowback.
What's interesting in Greece, though, is that none of the people who bought and used it
have so far, you know, faced any particular consequences, you know, because this was used in the
context of spying on political opponents and stuff. So, like, you would expect there to be some
consequences for that kind of use of it. But so far we've only seen Interlexa and, I think,
the local reseller, you know, facing some consequences. But, you know, I am sure it has to send
some chilling message, some chilling effect to other people who play in this game. And, you know,
ultimately being, you know, found guilty in Europe, you know, the arm of Europe's extradition treaties
and other things you know that's pretty long and getting away from that i imagine it's going to be
difficult for them yep now uh moving on to some more law and order related stuff darina
anton york over at the record again uh has a report and this is kind of our skateboarding dog this
week adam which is a guy in moscow he's been accused uh of posing as an fsb person to extort
the conti ransomware gang so it's it's good there's some arrests around uh conti uh
Unfortunately, it's someone who was trying to shake them down.
This was after someone hacked Conti and leaked a bunch of their internal chats
and that out of a bunch of identities and cryptocurrencies and then so on and so forth.
Yeah, this guy apparently read the Conti leaks and just decided that the right life choice
was to go shake down some criminals for money, claiming to be the FSB.
And, like, of course this was going to end well for him.
So I don't know.
Mr. was the name, Rustland.
Ruslin Satychin.
He is probably going to have a bad time.
I imagine he's ending up either on the front
or in a special penal colony
or whatever else happens to you in Russia.
But it's like, what were you thinking, buddy?
What were you thinking?
He wanted to get paid.
I just think it's funny that the Conti people,
like the Conti operators, didn't get arrested,
but the guy who tried to shake him down did.
You know, like that's...
And the fact that it's a perfectly reasonable scam
to pretend to be the police in Russia
to solicit bribes and people are going to go,
oh, okay, you know,
they're going to believe you
because that's what the cops there do.
Anyway, we're going to end on a sad note, which is FX, Felix FX,
who is a was, I'm sorry, he's passed away.
He was a very well-known hacker and security researcher,
a tremendously intelligent guy.
He'd been on the show at least once, I think maybe a couple times.
I'd met him before as well.
I liked him.
I hadn't seen him in a very long time.
Either way, Felix is no longer, he's no longer with us.
and that sucks.
Yeah, no, that's real sad.
Like, he was, you know, his name was one that I remember reading in old school text files and things.
I mean, the work on some of the tools that came out of Fenlett
and the other kind of European hack and crews.
Yeah, his name was all over that.
And, you know, he was, you know, a lot of people credit him with making, you know,
introductions around the industry and in the scene and, you know,
just being one of those people that, A, is a great hacker,
but B, also, you know, is just a lovely person to be,
and it makes great connections between people.
and, you know, those people are, you know, outsized in our communities and, you know, we value them very much.
So, Valé, Felix FX, Lindner.
And, yeah, that's, it was very sad.
Bummer, bummer way to end the week.
Sorry about that, everybody.
But, yeah, and I'll just let people know, too, after we're finished recording today, I'm actually getting on a plane.
I'm heading down to Sydney.
And I will be speaking, well, I'm on a panel at a conference down there.
It's the Atmos.
Atmos are running a conference down there called Svear, 2026.
it's a one-day event.
So I imagine some of you listening to this are going to be there.
So come and say hello, by all means.
They've got a great lineup, actually, of speakers and whatnot.
And Chris Krebs is coming down too, so I'm going to catch up with him, which is going to be great.
So, yeah, I'll catch some of you down there.
But that is actually it for the week's news.
Big thanks to you, Adam Bwalo, big thanks to you, James Wilson.
And we'll do it all again next week.
Thanks for us, Pat.
I will see you then.
Thanks, Pat.
See you then.
That was Adam Bualo and James Wilson there with a check of the week.
Security News. Now a little bit of housekeeping before we get into this week's
sponsor interview and we have launched two new podcast feeds we have launched
at the Risky Business Features channel James is publishing podcasts in there he's
recording chats with Brad Arkin who is the former chief security officer of
Adobe Cisco and Salesforce so they have some fabulous conversations and there's other
interviews and stuff going on in there so do head to risky.biz and find that
feed there or just search
through your podcatcher for risky business features.
So do check that one out.
We've also launched a product catalog on the site.
So if you head to risky.combs and hit catalog,
basically it's like a sponsor directory at this stage.
It's just very plain language descriptions of what some of these companies do.
And we're planning on building that out and adding more and more entries over time.
So yeah, please do head to risky.
combs to subscribe to James's podcast.
We've also got RiskyBus Stories,
risky business stories, which is where we're going to publish some of the stuff that Amberley's working on, so you can subscribe to that one too.
Please do subscribe to these feeds. It really does help us, and yeah, that would be great.
Now, it is time for this week's sponsorative view now with Sidney Moroni, who is the head of threat hunting at Nebulok, our sponsor for this week's show.
Nebulauk does AI-based threat hunting, so you can do vibe hunting, which is a lot of fun.
and Sidney Maroni actually wrote the guide on agentic threat hunting.
I've linked through to the GitHub page for that guide in this week's show notes,
but she decided to come along onto the show to talk about that guide a little bit
and agentic threat hunting in general.
And here's what she had to say.
This is just an easy way for people to apply it to their threat hunting
and also give their threat hunting memory and context,
which I think are huge.
So right now, if you run a threat hunt, you might not know what you ran a year ago.
So you start from scratch every time.
And with a framework like I've created, you don't stretch from scratch.
You have some sort of memory to go from.
I mean, it really does feel like people are just now realizing that these things don't have a memory.
Correct.
You know, these LLMs, they don't remember anything.
So you've got to sort of prime up with the correct context every time you run a query.
And that ain't, you know, then you're back to having the sorts of plumber.
that you need in a typical enterprise solution in the first place. There's going to be a database.
There's going to be some structured data. There's going to be like some sort of query language,
like, you know, that the agent has to know instead of a human operator and like this is this is where we are.
Exactly. And that's part of the framework. The first step is to implement a repository.
And so I use an example of like Git. So storing all your hunting knowledge, your past hunts and your current hunts in Git.
and then using that and running queries against your Git repository to find out information
about your hunts and your program.
Where are enterprises at these days with trying to go agenetic with their threat hunts, right?
Because I would imagine that there are few organizations that are trying to do this.
I'm guessing the ones that are trying to do this are the ones who have threat hunt teams already, right?
and they're just trying to now automate some of that with AI agents.
Correct.
I think a lot of this is more cutting edge and like pushing the boundaries of where AI is going.
Most companies are stuck using a certain model or a certain tool when it comes to AI.
And so they have a lot of limitations.
And therefore it can be really hard to implement.
I've been working with a global manufacturing company that has implemented
the Gentic through hunting framework. And they are struggling just like any other global company
to move up towards the gentic layers because there's just so much process and it's just such
a large company. So that's why as part of the framework, I have a maturity model. So you can
start from just documenting your hunts into adding AI and using AI to run against the hunts
and building agents out, connecting MCP servers.
So you really layer on top and start gradually,
then throwing a bunch of agents or doing agentic AI against your threat hunting.
Now, we were chatting before we got recording,
and you are what I would describe as a heavy Claude user.
You spend a lot of time in Claude.
I guess one thing that I find interesting about this whole, like, you know,
Claude code in the enterprise, like SaaS evaluations, tanking and whatever. And the idea that, you know, coding is essentially free for some stuff these days is, you know, just going back to what I was saying earlier about how you need to provide these models with context and everything. And you need to actually build stuff. You need to build an architecture that these models can then use to be more useful in threat hunting. I mean, is that easy now with some of these AI building tools? Or is it still, is software design,
for something like this still hard?
I'd say it's getting easier.
I think if you have an idea,
you typically can build it with AI,
but you still need to ensure that there's that structure
and sometimes that's the difficult part to figure out.
And so I've done threat hunting for about seven years now.
I helped build the peak threat hunting framework at Splunk,
where you apply structure to everything.
So it's built on those foundations.
think those foundations and knowing those are still going to be important and applying those with
the AI to build out things is going to be key instead of just letting the AI do everything.
And you'd be like, it did something.
I don't know what it did.
But knowing those foundations is going to be crucial.
Yeah.
Now, I totally understand where you're coming from with like a maturity model for this sort of thing,
which is where people are using like a co-pilot approach to document the things that they've
been doing on a manual threat hunt.
That might be your lower level.
and then you're getting up to like the full stack solution
probably something along the lines of what you've built
at Nebulaque
but I got to ask like you know you've
got about seven years experience in threat hunting right
you are newer at you know you've been like what four months
with Nebulauk now
I mean how much is this changing the game
how much is the agentic stuff actually changing the game
and in what ways right like I'm guessing
a lot of it's going to come down to speed and volume and being able to go down rabbit
holes that like manually you never would have been able to go down. But then the question becomes,
is that useful? Like, are you actually turning up interesting stuff doing that? So I guess, yeah,
I'm after a threat hunter's perspective on, you know, what the actual benefit is here? Because
there's so many imagined benefits, but what are the real benefits here of AI in this space,
given that you are the expert in this space and have gone from, you know, as you say,
previously working at Splunk doing this stuff, writing the peak framework, and now you're moving
on into the AI side of things. So yeah, where is this all going and why? And like, what's the point?
Big question. Such a wonderful question. If you would have asked me last year where I thought
Threatening was going, I would tell you it's going to change incredibly in the next year.
And that is because of AI. AI is going to speed things up and allow you to do more. You
Nailed it. I used to run threat hunts in two to four weeks, I would say, manually,
running the queries, doing all the research, everything involved in running the threat hunt.
And now I can do a threat hunt in an hour, maybe a few hours, just depending on the scope.
And it is just impressive at some of the analysis that it can do.
of course there's a lot of double checking of work we all know we need to trust but verify
AI so I I do think it's going to change a lot of our work and it is currently I think a lot of
teams are starting to realize that yeah so I mean is it the case though that you can you know
that the agents because they can operate at speed and scale will run down you know lines of
inquiry that you wouldn't bother with manually and then actually find something interesting,
or is it more the case that they wind up going down dead end rabbit holes, right? Because I imagine
maybe a bit of both, right? It's a little bit of both. And I think that's where something like
memory can be really helpful. With agentic threat hunting framework, I've started building
memory pieces in in the, I've named it sessions, and that it records some of your queries and the
results you get and how you determine something and why you determine something good or bad.
Yeah, the result of what when it came back to the human operator, it's like, yeah, you've done
this 10 times and every time it turned out to be nothing.
Exactly.
Because that's something that we tend to forget.
And like, I don't remember what I hunted a year ago, let alone what my colleague hunted three
months ago.
So that's where the framework comes into play and helps with the memory.
And then those sessions can really help with remembering what decisions.
you make and helping you make better decisions in the future.
Like, that's the idea behind it.
Now, correct me if I'm wrong because I'm not an AI expert, I am a podcaster.
But when we look at these agents and trying to give them, prime them with context every time
we want to run a query, is there sort of like an upper bound limit to how much context we can
give them before they start getting confused?
Because that's sort of my basic understanding of these things is you can only really give
them so much context before they start getting a bit overloaded.
and their little digital brains just start freaking out.
Mm-hmm.
The hallucinations, yes.
It's going to depend on your scope.
It's like when you use chat GPT or any clod, any tool,
if you give it some enormous scope, it's going to get confused.
If you scope it down properly, which I try to do with threat hunting
or if I'm using clawed code or whatever tool,
then it does better at the context and not getting confused.
but it's always a problem and I think that's something that is the consumer right now is trying to
figure out and all the companies, the models, they're trying to figure out how to resolve this.
So I think we're all in it together really.
Yeah, I mean, as I said earlier, I can't remember if this was before or after I hit record,
but you know, I just think of like these agents as self-sourcing bash scripts instead of like,
you know, incredible, super intelligent e-beings.
and I find that's a useful way to think about it.
It is a lot of it's just scripting.
I mean, if you think of something like OpenClaw,
it's just running a bunch of cron jobs,
running reminders for you.
It's not, it's a little bit,
it has a little bit of knowledge and memory,
but still it's just code on the back end.
So look, you know, we, you've come here to talk about your agentic threat hunting framework
and we've barely talked about anything.
You know, we've talked about the need for content.
and the, you know, different maturity levels and stuff.
What, you know, what are the other big things that you've squeezed into this thing
that you think people should know about before they go and, you know, check it out?
So one of the features of the framework is something called the lock pattern.
And this is just a pattern that a human and an AI tool can follow to do threat hunting.
So right now, there's not a lot out there on documentation as far as when we are threat hunting.
and I know documentation isn't exciting,
but everyone in security knows that this is incredibly important.
So it gives the path to document that both a human and AI can understand.
So when you get to that point where you're using AI and maturing,
you can feed it in and you can let your tool use it just as you would
and probably understand it even more and do better analysis.
And be a little bit more consistent as well.
Exactly.
All right.
Now, where can people find this framework?
You can find the framework on GitHub or just check out agenticthreateningframwork.com.
And it'll point you to a blog post that will then lead to our GitHub repo that has everything.
Again, it's open source and vendor agnostic.
So it's just a methodology.
So go check it out.
Awesome.
I will drop a link to the GitHub in this week's show notes.
Sydney Moroni, thank you so much for joining me to talk about AI in Threather.
hunting. Very interesting stuff.
All right. Thank you.
That was Sydney Maroni of Nebulauk there.
Big thanks to her for that.
And big thanks to Nebulaugh for being this week's risky business sponsor.
And that's it for this week's show.
I do hope you enjoyed it.
I'll be back soon with more security news and analysis.
But until then, I've been Patrick Gray.
Thanks for listening.