Risky Business - Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs
Episode Date: April 22, 2026On this week’s show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week’s cybersecurity news, including: Vercel got owned..., and there’s a few infostealer and compromised employee dots to connect Mozilla used Mythos to find 271 bugs, which feels like a sign of the bug-pocalypse Speaking of the bug-pocalypse, is that why NIST is noping out of enriching a bunch of bugs? The NSA is using Mythos even though the government did that whole Anthropic blacklisting thing And DDos attacks hit a couple of smaller-player socials This week’s episode is sponsored by Permiso. Ian Ahl chats to Pat about the subtle signals Permiso uses to detect ShinyHunters-style activity in cloud and on-prem environments. This episode is also available on Youtube. Show notes Vercel April 2026 Security incident Vercel breach linked to infostealer infection at Context.ai Vercel confirms breach as hackers claim to be selling stolen data Matt Johansen: “This is not a good look” | X NIST limits vulnerability analysis as CVE backlog swells | Cybersecurity Dive CISA Cyber on X Ransomware attack continues to disrupt healthcare in London nearly two years later | The Record from Recorded Future News Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks | CyberScoop In defeat for Trump, House extends electronic spying program for just 10 days | The Record from Recorded Future News Crypto infrastructure company blames $290 million theft on North Korean hackers | The Record from Recorded Future News US-sanctioned currency exchange says $15 million heist done by "unfriendly states" - Ars Technica Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox | WIRED NSA using Anthropic's Mythos despite Defense Department blacklist Beyond the breach: inside a cargo theft actor’s post-compromise playbook | Proofpoint US Beware scam messages offering ships safe transit through Hormuz Strait, says security firm | The Straits Times New Jersey men given lengthy sentences for running North Korean laptop farms | The Record from Recorded Future News Turns Out We’re Not Alone - Volodymyr Styran US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms | Cybersecurity Dive Bluesky blames app outage on ‘sophisticated’ DDoS attack | The Record from Recorded Future News Mastodon says its flagship server was hit by a DDoS attack | TechCrunch An IT expert explained under what conditions using a VPN can cause a smartphone to explode
Transcript
Discussion (0)
Hey everyone and welcome to another episode of Risky Business.
My name's Patrick Gray.
This week's show is brought to you by Permissau,
and they make a really interesting sort of identity security product, I guess.
It monitors identity actions or account actions,
and can tell you when some weird stuff is going on,
and we're joined by Permissos Ian Arl a little bit later on
to talk through how they detect Shiny Hunter's activity, actually,
and what sort of things stand out as red flags in logs that are going to give you an idea that something's up.
You know, this is useful stuff to know even if you're not using their platform.
So do stick around for that interview.
Adam Boiloh is away at the moment.
He's overseas.
Hope you're having a good time, Adam, if you're listening.
So this week we are joined by a very special guest co-host.
He is an international man of mystery who is currently working as a postgraduate researcher at King's College London.
on the topic of cyber war.
He is The Gruck.
The Gruck, welcome to risky business.
Good to be here.
All right.
And as always, these days, James Wilson joins us as well.
James, how's it going?
It's good, man.
Good to be here.
All right.
So we're going to kick things off with a discussion of this Versal incident.
Actually, before we talk about the Vassell incident,
James, can I get you to give listeners who are not necessarily familiar with Vercel?
Just a quick recap on what they do.
Because honestly, and I know this is.
I'm telling on myself here, but I kind of had to look up exactly.
I knew that they had the NextJS connection,
but I wasn't actually sure what their online cloud service is,
and I figure if I didn't know,
there's probably plenty of people listening who don't as well.
Yeah, it's quite a sprawling landscape.
So, yes, their origin story, I guess,
is producing and building NextJS,
which is one of the most popular JavaScript,
typescript-based web app frameworks these days
that does everything from front-end right through to back-end,
etc. But suffice to say they didn't stop there.
They're now a hosting provider.
You don't have to host Next Chair stuff with them.
It can do all manner of things.
And they've gotten heavily into the, of course, all the things AI.
And they're actually one of the leading AISDKs that people use to build their apps at the moment.
So they're a big deal.
Yeah, yeah.
And they got owned and it looks like, you know, we would say, you know, in cases where people get owned really badly on the show, we would say they got owned quite a lot.
It doesn't look quite like that's what's happened here.
though they have had an incident which has impacted some customers.
I guess the mechanics of the attack are probably the more interesting things here than the impact of it.
Can you just walk us through how this happened?
Yeah, the chain of events here begins with an infostealer was made its way onto an employee at context.
com.
Which is something completely unrelated to Versal.
That info steal, I think it was on their personal laptop, actually, this Context AI employee.
The logs out of that, it basically accostrated as these things do a bunch of.
of credentials out of the browser. And the attacker went through those and found that, okay,
they were able to get access to things like the Versel tenant that Context AI uses to host the product,
the super-based database they use, their OrthKit implementation. So suffice to say,
everything you need to very much own all things, Context AI. What it seems they've done then
is with that access to the super-based database, they've gone through and found that's where
all of these OAuth tokens that are stored, because Context AI is one of these.
things that you add to your Google workspace, for example, so that it's your AI assistant
that goes rifling through all of your mail and drive and all these wonderful things, which, of course,
for it to rifle through, you've got to give it access to all those things. So the attacker's
gone and found, okay, I've got Superbase. Superbase seems to be chock full of OAuth tokens. What's
interesting out of these OAuth tokens finds that one of them belongs to a Versal employee,
and what it appears is from there, they've then gotten themselves quite permissive API access
to the Google workspace that an internal Vursell employee was using
and then they're off to the races from there.
Yeah, and it looks like the precise way that they've moved laterally
and whatever and managed to obtain a bunch of secrets
from Versel customers is not clear.
But you can tell from Vurcell's communications
that they do actually have,
they have actually thought about,
because they do like this hosted front end thing, right?
Like that's really where they're hosting started.
They've actually put some thought into how to protect customer secrets
in their interface, simple protections.
where you can mark stuff as sensitive,
and that is basically a write-only permission for secrets
which only get pooped out the other side via the build environment
when you're actually deploying apps, right?
So what it appears has happened here
is a bunch of first-sell customers had environment variables
and didn't mark them sensitive,
and that's how these attackers were able to access their console somehow
and just read them out.
Yes, as you said, there is still a lot of dots
we've got to try to connect on that one,
but I think it's safe to assume that with a very, you know, broad spectrum access to that Google
workspace, there's a lot of things that would have been possible. And you're right. Versal,
I think not only did they do a good job of spelling out what the incident actually did,
they were very quick also to say, not just the usual advice of, hey, rotate your credentials
and tokens. Of course, you've got to do that. But I actually appreciate that they called out a couple
of things they did around, I think secrets are now sensitive by default, which is a very good thing.
it probably should have always been that way,
but good on them for making that change.
And just a couple of other things that, like,
they really owned this and said,
look, we could have done better.
Here's the things that we're doing better.
And they are legitimate things that I think will,
from this point onwards,
help to prevent the exposure that an event like this can cause.
Yeah, look, the incident comms on this from Versel
have been absolutely top rate,
like absolutely superb.
It feels like they've updated when they've had information.
I remember at some point, James, you were like,
well, I haven't had an email from them.
Yeah.
You know, despite the fact that we knew that they'd emailed some people,
And then they did email you and they said, look at, you know, it doesn't look like you were impacted.
They've called in Mandyant.
I'm guessing Mandyant's been advising them on this as well.
So, yeah, looks pretty good.
There was a, you know, apparently like shiny hunters were responsible.
And then some shiny hunters people are saying, no, it wasn't us.
And then there's like forums, you know, forum post popping up where people are saying we're going to sell data taken from Versel.
But then it's like not really sure if it's just like stuff out of one, you know, Gmail inbox or whether it's like serious.
data or whatever. So as to who did this, we don't quite know, do we? Yeah, we don't know.
But I think what we can take a lot of comfort from it from is that whatever this data is,
it doesn't seem to be the kind of thing, even if it falls into whoever's hands might be
silly enough to purchase it, could lead to some sort of, you know, broad spectrum supply chain
attack or a large scale attack on customers of the sell. I largely feel like this is done and
dusted and there's been some good lessons learned along the way. And, you know, I guess we just
got a way to see now, but I don't feel like there is a huge looming danger from whatever that data
is. Not another shoe to drop right on this one. You know, I think, I think, you know, a point of
discussion around this is that this Versacell staff had given really permissive authorizations
to context AI to, you know, basically own that account, which is what you have to do,
if you want to get any, extract any sort of value from these AI assistance, you need to give
them permissive access to your account. But, you know, Matt Johansson, Matt Jay on Twitter has pointed out
that, you know, based on things context has said,
it looks like Versel wasn't even a paying customer of context,
and that seems a bit weird
that Versel staffer would be allowed to connect their account
to context AI in such a way.
And you wonder if maybe their environment was a little bit too permissive,
or do you think that that's a cheap shot?
I, from working in a lot of corporates with Google workspaces
and knowing how these things get set up,
I find it very unusual, this claim that context AI says,
well, Versal wasn't even a paying customer,
yet they had this very permissive access.
An enterprise would be very uncomfortable,
even saying to someone, yes, I'll permit you to use that free tier account
in an enterprise, because they're going to want contract,
they're going to want to want terms.
They're going to want an SLA ability.
Yeah, right, because when something like this happens,
they want to go and look at that agreement and say,
right, where's the liability pay up? And in a free tier where you've just clicked on the Euler and not
Reddit, you don't get any of that. So I don't think this is a, Verscel was okay with this. I think this
was a, it was too easy to do something that shouldn't have been allowed. Yeah, okay, I think that's a fair
point. Grock, you want to jump in here, please. Yeah, so I've got a couple of things. One is I think that
it's, it's interesting that this shows how modern cybersecurity is a lot less about exploits.
a lot more about O-Orth tokens and what you've connected to what else, right?
Like, it's all at this very, very high layer and it's got very little to do with dropping O'Day.
But the other thing is that, like, Shadow IT used to be the person who brought in, like, a Wi-Fi
router and put it under their desk.
And now it's someone who, like, connects your entire network to some random fly-by,
just to some third party application
that might have all sorts of additional access.
Look, it is the case, right?
That's how stuff's done these days.
And indeed, I think it is even in the sponsor interview this week
or it could have been another one recently
where it's like, you know, attackers aren't even touching the endpoint
anymore. They don't need to.
I mean, in this case, there was an attacker touching an endpoint
because they did use an info stealer, but you don't even need that anymore, I guess, is the point.
Yeah, but I think Gruck's point is a good one, right?
we've gone from they break in to they log in to now you logged in for them.
Not bad.
I like it.
All right.
Now, look, speaking of vulnerabilities, though, and I wanted to get your take on this one,
Gruck, Mozilla has apparently found 271 bugs in Firefox by using Mythos.
No idea what the token cost is there.
I'm guessing it was substantial.
You know, are you on board with predictions of a bit of a bugpocalypse?
because I do think that's the way this is going to head.
You know, but yeah, what's your feeling here?
I'm of two minds about it.
On the one hand, like, 271 is, that's a big number.
That is a lot of bugs.
But I'm also, like, I'm not sure.
Does that mean that they are now overall 271 fewer bugs in Mozilla?
Like, or does it mean that infinity minus 271 is still infinity?
right? Has it meaningfully changed things? And I don't think we know yet. I think that's going to be the,
like that's going to be the question, particularly because now generating code is so much easier as well.
So in a way, adding bugs is going to go a lot faster.
Well, yeah, and there's this thing too, right, where like you look at a company like Fortinet, right,
where their software is super buggy and super bad and you think there's already stuff they could be doing
to fix this and they're not.
So do we think they're going to spend money
throwing a whole bunch of tokens at this problem
when they're not putting people on this problem to begin with?
Like, why would they throw the money from tokens into it?
But like, I wanted to bring James in here
because you did an interview with Brad Arkin
that you published last week.
Now, Brad, of course, was for a time the CSO for Adobe, right?
Which meant that he was responsible for Flash
and Adobe Reader and stuff.
And these products were bottomless pits of vulnerabilities.
And he thinks the discourse around mythos is a bit dumb because you ain't going to improve the quality of software by just burning tokens to shake out bugs.
Quite to Gruck's point where he's like infinity minus 271 is still infinity.
I mean, it's really, Gruct's just basically saying what Brad told you last week.
Yeah, look, I think there's some key words there, right?
You know, does it improve the quality potentially?
But quality doesn't equal safety and prevention from exploit.
And Brad's crystal clear point to me was, look, we could have, in time, enumerated all the bugs, fixed all the bugs in Flash and in Reda, but it wouldn't have done us any good.
What we had to do was look at the commonality and say, what do these vulnerabilities tell us about higher order concepts in our code base that we can go and do very targeted fixes around?
You know, like, do you fix 100 bugs and potentially introduce, who knows how many regressions and leave however many bugs still there?
Or do you say, let's just wrap that up in a sandbox?
that sandbox and the arbiter between the sandbox is a smaller code attack surface, bang,
that is then a material difference in your attack surface.
So I'm with Gruck here.
It's an impressive stat.
It's great to see Mithos being used, but this does not equate that the software is now
any way further towards being inexploitable or less exploitable.
You don't get there from just 271 bugs being fixed.
One of the things I remember that Flash used to do when they were, you know, back when we were on that treadmill all those years ago, they used to kill the techniques that were used in the exploits.
So they realized that it was just going to be impossible to, you know, fix all the, like the various different types of confusion.
And so they started killing the techniques that got used to cause, say, like a type confusion.
like that had one specific technique that was exploited.
So they killed that technique,
which meant that it didn't matter if they left the actual type confusions in there.
You couldn't turn that into an exploit.
And I don't know if AI is going to get you to that understanding
or if it's just going to enumerate all of the different type confusions that you have.
Yeah.
Because those are two different things.
And one of them like meaningfully moves you forward and the other doesn't, right?
Yeah. Well, it's funny, right? It's just so funny bringing this up. Because it's been long enough now that I, you know, I'd feel comfortable saying, you know, some of the things that Brad told me back then, which is like, I mean, they were trying to kill Flash, right? They wanted to kill Flash. No one in security at Adobe wanted Flash to be a thing. And then some product group would always like, reanimate its corpse for some project, make it a dependency. And they'd be like, oh my God, here we go again. But, you know, when they finally killed it, the corks came, you know, the corks were popping. But that was, you know, I think that was a really interesting case study.
you know, when we look at the impact that stuff like, you know,
frontier models might have on bug discovery and is that actually going to fix everything.
I think what we are saying is probably not no.
And moving on to this next story,
and NIST is now going to, this is like insane, right?
So NIST has obviously fallen behind on doing vulnerability triage and enrichment.
Like this has been a story for over a year now.
At various points they've talked about,
oh, we've got a new contractor helping and, you know, we'll get right on it.
And now they're just like,
eh, we're not really going to bother.
But there's got to be some, you know,
there's got to be some really strict criteria
before we bother enriching something.
Otherwise, we're just going to take the vendor's word for it, basically.
And one of the criteria is that the bug might,
it has to be on the Kev list, on the Syssa Kev list.
And then our very next story is Sisa Cyber putting out an alert
about the Axiase compromise,
you know, about the AxiS supply chain attacks.
So like with Sissar suffering so badly at the moment,
you know, as I've referred to it constantly on the show,
we have entered Siss's Century of Humiliation.
You know, you just sort of think, what is NIST doing?
Like, you're relying on a government agency
that has now become quite dysfunctional,
not due to its own fault,
but because it's being targeted by the White House
for being, I don't know, woke, radical left or something.
And I just think, you know, where does this end?
And your point, Grock, when we were talking about this before we got recording,
is you reckon this might be NIST kind of getting ahead
of the frontier model bugpocalypse
and just saying, yeah,
we're going to just preemptively wave the white flag here.
I think it's the smart move.
I mean, if you are NIST
and you see Mozilla coming out and saying,
hi, we've got exactly one product
and there were 271 security issues
that we killed this month.
As NIST you go, that's not happening.
Like, that is, like, we cannot.
Like, that's just not a thing that we can do.
So yeah, like the smart move is just go, yeah, if you're not on the list, you're not getting in.
Yeah.
James, you and I were chatting as well and about whether or not you think AI could make a dint in solving this.
And the answer there is like, at least with current models, probably not.
Like you, you know, the work is not, I don't know that it's quite repeatable enough that you could get an AI agent to work out like a CVSS score reliably, you know?
That's not a 3.0.
That's a 10.0.
You're absolutely right.
That's on me.
There's that and then there's like, okay, when does the madness end?
If the AI is finding the bugs and the AI is probably writing a vulnerability disclosure
and then AI is determining whether your AI discovered bug and AI written vulnerability disclosure is accurate,
just stop at some point that there's enough AI in the loop at that point.
I really don't think it's going to, even if you prompted it well, it's not going to help.
Give all the money to open AI.
Skip the whole security theater with you.
finding the bugs and enriching them, just give all the money, you know, AI, run your tokens to your thing.
Just reminding me of how like in the earlier days of chat GPT, people were writing bullet points and then asking chat GPT to generate an email,
which they would send to someone who would then put it into chat GPT and say, can you give me a bullet point summary of this email?
Oh, God, the horror. The horror.
We've got a story here from Alexander Martin over at the record talking about how a ransomware attack against a British
pathology provider or pathology lab, the fallout is still being felt more than 18 months later
in, you know, the fallout is still affecting British healthcare operations. James, walk us through
this one, mate. Like, what's the go here? How badly have things been affected? Yeah, look, it's a,
it's a troubling story. So in June 24, there was, Cinovus was essentially the provider that was
attacked here. Now, Sinovus is essentially a pathology, blood testing service, but the knock-on
effects that had to the entire healthcare system was incredible and still being felt, because
you know, if the blood test couldn't be done in time and there was a backlog of that, then you
can't determine which blood supplies you need for which transfusions. And if you're not doing the
transfusions, then you can't manage your blood supply stocks and your logistics around it. And so
it's an interesting article because it points out that yes, 18 months later this poor organization
is still struggling with systems that are not fully recovered.
They still have a massive backlog of attacks,
and even just one single provider of diagnostics and pathology
can have such a massive ripple effect throughout the healthcare system.
Yeah, I mean, these are the sort of stories that make me,
you know, I've always made me treat the ransomware issue
as a national security issue.
And in fact, this morning we were having a look at Catalan's newsletter
and associated risky bulletin podcast script.
And, yeah, yeah, one of a former FBI,
official was testifying before a House Homeland Security Committee in the United States saying,
hey, we think you should make, you know, that these ransomware operations should be designated
as terrorist groups or terrorist operations. I think in that case to unlock more prosecutorial
and surveillance tools against them. But, you know, I think finally people have realized a few
things, which is it is worth exercising state power against these kinds of groups, not just law
enforcement power, like I mean real state power. And that it's not an acceptable, it's not
not something we can ignore anymore. Grak, any thoughts there?
Yeah, no, I'm, like, I'm all for it. I think that the ransomware groups, they're permitted
to exist because they provide actual value to Russia as a tool of state power, right? Like,
they don't exist, you know, simply because Russia allows corruption and whatever. I think that
they literally give Russia additional tools of state power. And, you know, and, you know, it's a lot of,
if nothing else, they give them a bargaining chip at one point to be like, look, we will shut down
the ransomware gangs if you give us these concessions. I agree with you on the bargaining chip thing.
I think the state power argument's a little bit, a little bit softer, to be honest.
Okay, it's one I'm willing to make, but I admit that it's very much a, you know, assume a ransomware
group of radius R, traveling at constant velocity, right? It's like, to me it makes a lot of sense
to view it as this gives the state the ability to do rating operations which delegitimize the
political protections and so on of adversaries, right? That makes sense to me, but it's very,
it's very unlikely that it makes sense to the Russians. They don't think about it like that,
because they're not as sophisticated as I am and don't really understand everything.
So are you saying that it's an exercise of state power that they don't realize it's an exercise
of state power? Exactly, right. They've failed to,
appreciate what they have. That's what's going on. But anyway, it means that using state power against
it is absolutely the right move. Yeah, I mean, I think that they, you know, my argument is a little
bit different. My argument is that they're failing to do anything about it, which, um, which means
that they've sort of broken the compact of, you know, behavior of responsible states. And that's when
you get, you know, the people in basements at Fort Meade involved, basically. Um, anyway,
moving on now, we're going to swap out gruck because we're worried he's going to go off on a tangent.
So we're going to bring in Gruck 4.7, who is an LLM.
Now, we were going to get real Gruck to talk about this one, but he can be a little bit verbose, right?
So we've distilled him into a model so we can properly scope the response we're going to get for this one.
So here goes.
Grock, I want you to act as an expert in cybersecurity who is providing tightly scoped commentary on a cybersecurity podcast.
The audience for the podcast is people who are knowledgeable.
about offensive and defensive cyber security
and work in both the intelligence community and private sector.
I have provided you with a link to an article from the record
titled In Defeat for Trump,
House Extends Electronic Spying Program for just 10 days.
Please read this article and get ready to provide us
with expert commentary about it.
Before you generate any output, we have some rules.
Keep your comments directly ready.
relevant to what is written in the article.
Do not invoke Bismarck, the general, or the ship.
The grain trades impact on warfare through the ages is not relevant to this discussion.
Please refrain from connecting an analysis of the economic model of the Ming dynasty to this discussion on 702 reauthorization.
Now we have established the rules.
Tell me, what do you think of the last?
latest trouble the US government is having in reauthorizing the 702 intelligence collection
process. What do you think about this latest trouble that the US government is having
reauthorizing 702? Gruk 4.7. Take it away. It's interesting that you would bring up Bismarck
because the FBI have brought this on themselves. Right. So the 702 program is a very important
of the national security apparatus.
It allows them to look at communications
between foreigners and people located inside the US,
and that is very useful,
because if you want to attack the US,
it helps to be inside the US.
Well, but it also allows them to actually monitor
the communications of two parties located outside the United States
when they're using US infrastructure like Facebook.
I mean, that was the original intent of 702.
And I think, yeah, where you're going
with the FBI brought them onto itself.
It's like incidental collection is a thing
where sometimes you wind up accidentally grabbing some data on US persons.
And the FBI was authorized to look at that data, you know,
because, hey, it could be useful in stopping terrorism.
And then in 2023, they just did some ludicrous number of queries
where it looked like maybe they had been accidentally automatically querying the 702
data set every time they plugged someone's name into it.
And everyone freaked out and here we are a couple of years later.
Yeah, and the fact that they're having difficulty getting this reauthorized is because they've failed to make the case for why they need it.
And then afterwards, they went ahead and they abused it or they appeared to abuse it.
And I think that, you know, like if people don't know why you need a thing, but they know that you abuse something, they're not going to want to give it to you.
Right?
So, yeah, this is entirely on them.
Yeah, I mean, I think it's interesting that the pushback is.
coming from the Republicans who are, look, it's really weird.
I feel like I'm having a stroke anytime I try to talk about American politics
because, you know, the Republicans you would normally associate with being hawkish, right?
But then you've got a Republican president who ran on an anti-war platform
who promptly starts a war in the Middle East.
And, you know, you had Bush starting the war.
But then, you know, the whole rhetoric in the U.S. is about warmongering Dems.
And it's just, as I say, I feel like I'm having a stroke.
I mean, are you surprised to see the pushback against this coming from the right, I guess?
Because this, you know, 702 was a Bush thing, right?
Like it was a Republican Party who gave the United States 702.
So does that part of this surprise you?
You know, nothing surprises me anymore this year.
Like, in a rational world, if this was 2022, 2023, and I was seeing like the right is coming out against law and order,
that would make absolutely no sense.
But I guess law and order is woke these days.
It makes no sense.
Honestly, I don't know what's going on.
I'm with you on that one.
Ultimately, do you think 702 is going to get reauthorized in some form?
Like, I feel like the, you know, Congress is going to do a powwow.
They'll give some concessions and whatever.
Maybe make the FBI, you know, more oversight on the FBI or make him get warrants or something.
But ultimately, 702 is going to get re-offed.
It has to be, right?
It has to.
It has to. Yeah.
Yeah.
I mean, if for nothing else, I think if they got rid of it, there'd probably be a huge drop in GDP
just because they'd have to fire all those agents who are, you know, maintaining the infrastructure
that it runs on, right? Like, there's just, there's so much involved that getting rid of it
overnight is impossible. That's it. So it's the tail wagging the dog. It's Big 702.
You cannot get on the wrong side of Big 702. All right, well, we'll see how that shakes out.
Now, James, let's bring you back in here because we've got a story.
here from Jonathan Greig over at the record looking at a crypto infrastructure company
that apparently got hacked by the North Koreans and it's a it's a big one like it's not quite up
there with the 1.3 billion that we had last year but this is a $290 million theft. You said to me
already this was very interesting and started explaining it to me and I'm like uh-uh wait till we're
recording. I want to get fresh reaction. Tell us tell us about it. Yeah, super interesting because normally
it's like, you know, a crypto exchange had a bug in a contract or a bug in something,
and it's like a self-contained attack, right?
The thing that gets attacked is the thing that, where the funds disappear from.
That's not the case here.
Yes, $290 million was taken from this Kelp Dow,
but the way that it happened was actually by a compromise in something else entirely.
It's this thing called Layer Zero.
Now, when I stepped through this to understand it,
there is this thing called R.S.Eath, which is basically a token,
or a type of thing that you can issue that says,
I've really got ether, and I've stored it in this place,
and they've issued this RSEath,
and then people can actually go to other institutions in the crypto marketplace
and say, look, I've got all this ETH.
What will you give me as leverage because of this?
And, you know, they can earn yields and all this other sort of stuff, right?
So, but the role layer zero provided is it is basically the service
that validates these transactions around this, you know,
know, eth-staked coin. And I think what the attacker's determined here is that if a crypto exchange
out there or a Dow out there is solely relying on layer zero alone to trust the validation of those
exchanges, then they don't have to hack them. They just go and make sure that they can essentially
get layer zero to produce falsified records about how much ether someone actually has. And then they can
go to that Dow and say, well, look, I've got all this ether. Look at layer zero. And look at layer zero.
that'll verify it.
And then the Dow goes, yeah, great, that's a huge stake.
What would you like to do with it?
And they've then said, well, I'd like to withdraw all these funds based on the fact that I've got it.
A fake bank statement saying, hey, look, you know, I've got $2 billion.
Surely you can, you know, let me drive away in this new Porsche.
You know, my check's not going to bounce, you know.
And then they phone the number on it and your girlfriend picks up and goes, yeah, this is the bank.
What do you want?
So, I mean, that's a lot of cash.
Like, who are the bagholders here?
Who lost the money in the end?
Is it actually like this doubt?
Like, I don't understand this stuff nearly well enough, James.
Yeah, look, I couldn't get a clear read on that either because it is, you know, it's crypto and it's pseudonymous and it's all these wallets.
And so, but suffice to say, these were, you know, there were big wallets involved here.
If you're playing in this ecosystem, it's because you're a large holder of crypto and you're specifically using these leverage services to make even greater use of your crypto.
This is not just a mar and power.
Oh, yeah, I got a little bit of crypto back on it was cool.
There's like complex derivatives and stuff.
Like I saw some humor around this one, you know,
with pictures of like screen caps from the big short and stuff of like,
now what we do is we've got this staking protocol and then we learn it.
Oh, yeah.
It's just, it gets real, it gets real complex real quick.
I think the only people who understand this are in North Korea
making a lot of money out of the fact that everyone else
is trying to look like they understand it and just giving money to them, right?
Yeah, I mean, I think that there's a reasonable case to be made
that the North Koreans understand this stuff very well
because I think you might be right there, buddy.
Now, look, staying on the topic of crypto,
we've got this exchange called Grinex.
Now, these guys are frequently doing business with...
They're exchange based in Kyrgyzstan,
but they're frequently doing business
with like Russian ransomware actors and whatever.
So they've got owned and like, what, $13 million got pinched.
Other people put the value at $15 million,
and they're shutting down basically,
like they're cooked, they're done.
And they've come out and they've said,
oh, this was unfriendly states like Westerners,
you know, sort of pointing the finger at five eyes.
But, you know, look, Tom, our colleague, Tom Uren,
who hosts the weekly Between Two Nerds podcast with you, Gruk.
If listeners out there are really enjoying Grock's vibe,
you can listen to him every week in Between Two Nerds,
which is published to the Risky Bulletin podcast feed here on the,
it's part of the risky business extended universe.
But yes, it looks like, yeah, Tom said no, it doesn't really feel like a Western operation.
James, your take was the same.
And, you know, there's even some analysis here from Elliptics saying, yeah, it doesn't look like it.
It looks like more like a crime operation.
Grock, you had some feelings in your waters about this one as well.
Yeah, so like when I started reading it and the first thing I saw it was, you know, like this was a hostile, like this was a hostile state that has attacked us because we are, you know, helping Russian financial sovereign.
and I immediately thought, oh, it's the Australians.
This is great.
Like they're going after, you know, the infrastructure that ransomware relies on.
And as I kept reading, I was just like, this doesn't feel right.
Like this is, like this is not, like it should be the Australians.
This is what they should be doing.
But this is absolutely not them.
We do like a bit of a slash and burn operation.
Like ASB likes to torch, you know, bulletproof hosting providers and stuff.
It's pretty tasty.
Pretty tasty.
Yeah.
So, I mean, what I would expect is if it's the Australians,
they would have sent all the money to burn,
like they would have burned all of the crypto
at addresses, you know,
like screw ransomware or something like that
would have just gotten $15 billion or whatever it was.
Just to make them cry, I know, it's like...
Right. Yeah.
Yeah.
But that's not what they did.
They pitched it.
The money vanished, it got pinched,
and then it got laundered through
like a fairly complex sequence of transactions.
And that screams, let's just say,
hacktivist, who doesn't like
the Russians.
Yes.
Could be anyone.
Is there a country anywhere where people don't like Russians?
It will remain a mystery.
All right, let's move on to the next thing here.
We've got a piece here from TechCrunch from Lorenzo actually doing a bit of a roundup
on these defender bugs.
They've been kicking around.
Like people who are, if you glued to Infosex social media like I am, you would have seen
there was some sort of disclosure drama, someone calling themselves chaotic eclipse.
wound up blogging about these bugs and saying, oh, you know, MSRC wasn't being nice to me,
so he'd go and dropped, like, they odied them, basically.
And now people are actually out there using the bugs.
We love to see it.
It feels a little bit like the late 90s.
James, what do we know here about these bugs and the exploitation of said bugs?
Yeah, three bugs, all very Windows defender-centric, but interestingly doing three very different things.
So one goes after the update a mechanism.
It's able to essentially hijack the point in time when Defender thinks it's got a legitimate update and goes and applies it.
And because of course Defender is operating as a very highly privileged operation, that's a real nice way to put binaries where you want them to be.
So I'm guessing that's like a local previsque, that one.
Yeah, yeah, yeah.
These are all privisks of some different flavor.
Sorry, the third one's not.
But the second one certainly is, and again, Defender, but looking at the way that it essentially quarantines,
There's some sketchy logic around what it does and the exploit here is if you just can get the file into the right position,
right as Defender goes to quarantine and look into it.
Then it happens to sort of write the file back into place without the quarantine in there.
And so you just get there at the right time and your file ends up in the right spot at the final step.
But then the nice one is that if those are not to your flavor, luckily he's got a third one,
which just crashes Windows Defender,
and then you can do whatever you want on the system anyway.
It's pretty funny, right?
Because, like, everyone thinks of CrowdStrike
as being the 800-pound gorilla in EDR.
And it's not.
It's Microsoft.
I mean, Defenders in storebase
and, like, the amount of money Microsoft make out of this stuff,
it makes CrowdStrike look like a Ma and Parr shop, you know?
Yeah.
Just crazy.
Real quick, we've got a report here from Axis
that says that NSA is using Mythos
despite the fact that the, you know,
White House has declared them radical left-wing terrorists or whatever it is.
So that's kind of an interesting data point.
You know, don't know what that's all about, but I'm sure we'll be hearing plenty about it.
I think I saw some comments from Trump too where he was saying that Anthropic are radical left,
but like we'll get along because they're smart and we'll find something and, you know,
just the usual sort of thing.
Like, I really wish he wasn't so funny, you know?
Yeah.
What else have we got here?
now here's one for you, Gruck. So we spoke about the original research into this proof point,
the proof point threat research team have been doing some really fun research into this
hacking campaign where people get into like shipping companies and whatever and basically
manipulate the system so that they can send their own truck drivers or hired truck drivers to
pick up containers and like deliver them to like their warehouses or whatever. This is like
freight hijacking but like new school techniques in freight hijacking. They
the proof point team, they took a punt on something,
which is they grabbed some of the malware from the organization that's doing this,
and they detonated it inside like a deception environment, right?
Like a simulated environment that wasn't even set up to look like a transport organization.
And they collected so much good telemetry.
And I'm like, I'm embarrassed for these attackers for not realizing
that they were in basically like a honeypot environment.
Was that your takeaway here too, Grock?
Yeah, I mean, I think one of the things that should have clued them in is just this sheer amount of credentials and everything.
Like, everything they touched was gold, right?
Like they're like, oh, I wonder if there's a login to Gmail.
Oh, there's 20.
Oh, I wonder if they've got access to like a shipping manifest.
Oh, there's 2,000 of them.
It's like, you know, those posters for people who work in intelligence, which is like if she's a 10 and you're a 6, you know what I mean?
Like, it's a, if it's too good to be true.
And you're a two, it's...
If you pop shell and it's just this good, like, yeah, it's probably not.
But, yeah, I mean, it looks like they were going after, like, in this case, they were looking
for financial access into, like, banking, accounting, tax software, money transfer services,
transport-related entities, fuel cards, whatever.
Like, they seem like this group just does omnifraud in anything transportation.
That's exactly what I was thinking, is that this very much feels like the mob in a way.
And, like, you know, if you've got your, you're like, BEC guys, they learn how to do one sort of scam, you know, like maybe it's a tax refund or whatever.
And they hammer that until something else comes along.
But these guys are just omnivorous, right?
Like, they get in and they're like, let's find the credit cards.
Let's find the cards that they use for fueling up their trucks.
Let's find whether we can get cargo manifests and pick up some good stuff instead.
It's like, it's very much like, let's make money.
and we're using cyber to do that,
as opposed to like, let's use cyber and make some money.
Well, and I'm going to let you very quickly go off on a tangent about the IRA
because we know how much you love talking about the IRA.
We negotiated this.
We negotiated this.
This is an allowed tangent.
So what's fascinating is historically,
one of the main sources of revenue for the IRA
was hijacking trucks.
There's actually a famous photo of all these IRA terrorists
in Adidas jackets, which came from an Adidas truck that got hijacked.
It was used to track them because the only people who had Adidas jackets
were people with connections to the IRA.
But similarly, it used to be a huge thing for the New Jersey mob.
They used to get tons of money from hijacking trucks.
And it looks like now that the trucks have all sort of,
they've digitized and they're, you know, cyber-enabled,
I guess the mob has become cyber hackers to get back into, you know, throwback to the 1970s.
Yeah, or this is just the new form of I organized crime and it's not a bunch of like Sopranos
lookalikes, you know, actually pulling the strings on this. It's people who look more like the
three of us, right? So.
I'm just thinking that, you know, like there's a whole bunch of old guys, you know, we're going
to get the team back together. We're going to do one more heist.
that's it
just one more
one more score
all right
so we've got a few more to talk about
and then we're going to wrap it up for the day
this story is absolutely insane
for people who've been really monitoring the situation
when it comes to the Strait of Hormuz being closed
there was this crazy situation the other day
where an Indian boat was trying to go past the blockade
and the Iranians were shooting at it
and the captain is like on the radio saying
what are you doing?
your list, you gave us approval to go. It turns out it looks like that may have been one of the
boats that reportedly fell for a crypto scam and paid a whole bunch of like USDT, like crypto coins,
stable coins to who they thought was the IRGC so that they could sail their boat out of the
Strait of Almuz, but it looks like the money may have gone to scammers. And that's how not only
did they lose the money, but then they were getting shot at by the IICC. Like what a world.
Yeah, look, this is absolutely crazy. Maybe it's those New Jersey guys.
who are, you know, they're stealing freight, they're scamming straight of Homoos,
they're all over this one.
It's wild, though.
Like, I wish I'd thought of that.
This is like the perfect crime.
We've got a law and order story here, James,
and you noticed something interesting in this one.
A couple of guys in New Jersey have been given really long prison sentences
for running the North Korean laptop farms.
What's crazy, though, is it seems like one of the people was like the mastermind,
and then the other one was kind of like pretty junior in the scheme,
they both got basically the same jail sentence, which is a bit crazy.
Yeah, that's what surprised me.
I mean, one got eight years, one got nine years,
but there's a big difference seemingly in their involvement.
You know, one guy was doing the trips to China that just happened to be really close
to the North Korea border and went to school with someone who was North Korea.
And obviously has all the wherewithal and connections to set this up and to be running the operation.
And the second guy was, it seems to be just one of these poor folks that gets stuck running.
the farms and there was bound to be more than just him running those farms. But yes, both got the
same penalties, which is harsh, but also in the article it says that between them, they were paid
$600,000 by North Korea between them over this three or four year period, which is just like
juice ain't worth squeeze. Yeah, I don't think that half of it was going to the guy who was,
you know, changing the batteries and making sure everything was plugged in. No, no. So 600,000 between
the two of them, probably most of it went one way.
I think you're bang on there.
Real quick, I wanted to talk about, like, a week or two ago,
we spoke about Sisser, adding a bug in the True Conf
video conferencing client to the Kev list,
which is like, I'd never heard of True Conf.
And, you know, that seemed a bit weird.
And we've got Vlad Steyron,
Vlad Steyron, sorry, probably murdering his name anyway,
from Ukraine, a running hacker on,
on the socials.
He heard us talk about that and he had to do a double take
because it turns out TrueConf is Russian.
So he's wondering why on earth Sisa is asking,
you know, is asking government agencies to immediately,
like the ordering government agencies to get this stuff out of their network.
It sort of implies that it is in their network and what is it doing there?
That seems very strange.
And then it gets weirder from there because it turns out like in this piece
there was some sort of campaign targeting targets in Southeast Asia, I think.
And then we had a newsletter piece this morning, James, you and I were working on that when Catalan filed it.
And it looked like a Ukrainian APT crew is going after TrueConf server bugs.
So it looks like, you know, we're just like, oh, gee, that's weird, true conf.
What's that?
And it's apparently being hacked by everyone and it's Russian.
And it's like, that's a little bit of funny context there.
Look, I am going to speed up through these because we are running out of time.
Last couple of things to talk about here.
Blue Sky and Mastodin both got DDoS.
The joke, of course, going around is that dozens of users were impacted.
But that's not fair.
I mean, I'm a blue sky user.
It's a pretty active social media network, Mastodon, plenty of stuff happening there.
But yeah, this is going to happen when it's not some, you know,
mega-corps social media network.
This is going to happen.
But don't worry, because Eric Geller over at Cybersecurity Dive,
he reports that the US and nearly two dozen other countries have struck back against DDoS for hire platforms
and they've taken down 50 websites associated with Buddha services.
Now, sure, I think that's a good thing to do, but I'm not really expecting that it's going to make that much difference.
Gruk, what do you think there, bud?
I'm just going to go back to what I said earlier.
Infinity minus 50 is still infinity.
Yeah, that was very, like I think the reason to do this is for the deterrent effect,
not because you really think it's going to make that much of a difference.
I think it's more a case that if you don't occasionally arrest these people,
all of a sudden you have infinity times two.
Some part of it is worse.
I don't know.
Let's just go with that.
You have double infinity.
Yeah.
Yeah, really infinity.
And then finally, we've got a piece from the Russian media,
which is talking about how it's basically Russian propaganda,
aimed at Russians, saying,
man, if you run a VPN app on your phone, it can explode.
which gives you the idea of like,
because we've talked about how they have,
you know,
canned mobile internet in St. Petersburg and Moscow.
And, you know,
there's like serious content restrictions happening.
So obviously VPNs are proliferating
and they're trying to combat that
with this sort of ludicrous propaganda.
But you do get the sense that perhaps the reason
the internet crackdown is coming
is because they're preparing for a mobilisation
because they're running out of people
in their war against Ukraine.
Is that the feeling you get, Grock?
Yeah, absolutely.
they've been trialling different attempts.
So they've shut down telegram.
They've shut down a bunch of other messengers.
They're interfering with things that are not based in,
like things that are not sovereign internet for Russia.
It seems very much like they are ramping up for a shutdown of some sort.
Yeah.
And that's, yeah, like that has to be for some reason.
Well, guys, that's actually it for the week's news.
Grak, thank you so much for joining us, mate.
It's a pleasure to have you on.
You've done one of these before, but it's been years since you've come on and
joined as a co-host on the main show.
Again, anyone who wants to hear more, Gruck, if you just can't get enough Gruck,
you can go find him on the Between Two Nerds podcast, which is published into the
Risky Bulletin RSS feed.
But yeah, that is it.
Gruck, thank you very much.
And James, thank you also, mate.
What have you got coming up this week?
Oh, that's right.
We're interviewing Nicholas Carlini from Anthropic on Friday.
We're hoping to publish it that day.
So if you can't get enough James, you go and subscribe to risky business features.
But yes, thanks to you both, and I'll catch you both soon.
Thanks for having me.
Cool.
Thanks, Pat.
Great to meet you, Grock.
That was the Grock and James Wilson there with a chat about the week's security news.
Big thanks to both of them for that.
It is time for this week's sponsor interview now.
And Permiso is this week's sponsor.
It was founded by a bunch of ex-fire-eye mandiant people who basically, yeah,
I guess, you know, just had the good idea of building a product and a platform that looks at identity and account activities and can from that detect various, you know, types of malicious activity.
And, you know, that's turned out to be a really good idea because as we were just talking about in the news, this is how a lot of the, a lot of attacks happen these days.
It's just funny stuff to do with identities, account resets, things like that.
So Ian Arl is with Permissau and join me to talk really about how they're tackling,
I guess some of the tradecraft used by groups like Shiny Hunters,
which are very sort of identity-centric in the way that they attack things.
Here's Ian R.
It's really interesting, right?
Because modern threat actors in general, you know,
when you're looking for bad things from a modern threat actor,
it's not go find the bad IP anymore or go find the bad file hash anymore.
There's no like easy tells.
It's like, how do they do things?
just a little bit differently than your normal user does.
So when they're registering MFA, man, if I see somebody go from Android to Apple,
that's weird.
People don't do ecosystem changes.
Or if somebody has an iPhone 17, the next device they register is a 12.
Doesn't make sense, right?
So even some little things like that stand out.
But the real crux of it is you have to find.
combinations of these signals across the various places you're looking.
So not just the IDP.
Once they get through the IDP, what do they do next?
They're landing in 365 and searching or hitting copilot to go find some documents on how
your VPN works.
Right?
So now a weird MFA event and a search for VPN documents.
Ooh, more interesting.
That's the way we kind of think about the world and with modern threat actors like.
these guys, but also the North Koreans, the pesky North Koreans, as you like to
refer to them. You've been listening to the show. Yep, excellent. Yep, yep. Yeah, the pesky North
Koreans, APT-29, right? They all operate the same. Get some valid creds, land in your SaaS platforms,
learn as much about your environment as possible for carrying out their mission, whatever that
mission happens to be. Yeah, I mean, when we talk to Adam Bwilo, who's had a very long career
as a pen tester, my co-host, of course, Adam.
You know, he talks about, like, the first thing he does on target is go looking for the docs, right?
So he can figure out what the network looks like.
I mean, it feels like, yeah, using a platform like yours to spot that sort of activity makes a lot of sense.
But I'd also think, like, what I'm hearing from you is, like, if you don't have a platform like that,
maybe loading up those sort of documents with Canaries is going to be quite fruitful.
Oh, for sure, right?
They're going to look for the same things.
In fact, I should share them with you at some time.
I keep a long list of the search terms I've ever seen shiny hunters, scatter spider, various groups use.
And I love search terms for detection because search terms show intention.
I know what a bad guy wants when I see what they're searching.
And sometimes it's almost like they're reading off an SOP.
You can see like, oh, they searched for password, then AVD, then VDO, then VDI.
Oh, they really want to get to Azure Virtual Desktop.
Great. Now I know what to go look for on that side of the house. But yeah, so if you know what they're looking for, you can plant some things in there with a canary for sure. But at the very least, make sure you're logging those things and looking at them. You could tell, you know, a bad search. Nobody searches for AKAA unless they're looking for long with Daxis skis. And that's a really easy tell there.
Yeah, it's interesting, though, because what you're telling me, though, about those two things, right?
Like someone changing from Apple to Android.
Recently, my mate, Dave, changed from iOS to Android, thus ruining a very long-lived iOS group chat.
Thanks a lot, Dave, for going to Android and doing that.
That was very disappointing for the rest of us.
So it does happen.
It does happen.
But I guess what you're saying is like, okay, that is a marker.
like that's a flag, you know, that becomes immensely more valuable when you see,
okay, so someone switching to Android, maybe not a big deal.
Someone switches to Android, then they're conducting searches for internal docs.
That's when your confidence can go up astronomically once you start chaining these things together,
right?
For sure.
And then to pull in like a little bit of the Yuba stuff, right?
And then they use co-pilot.
Is this user ever used copilot?
they're coming from a residential proxy.
Do they ever come from a residential proxy?
You can start tying in some of your anomaly stuff,
which is normally way too noisy on its own,
but you start tying anomaly with some impactful events,
some known TTPs.
You start finding some really interesting things.
Copilot has been a huge boon for our threat actors lately.
It's a way of getting around all these search term
detections that I've been looking for is now they just go and copilot and ask find all the VPN
documentation instead. It does it faster, does it better. Yeah, they just ask, they ask copilot,
like just could you, what could you tell me about XYZ, right? Exactly. And then copilot,
and you're not getting invocation login out of co-pilot by default. You have to do a lot of extra
things to enable the level of logging you need to know what that actual search term was. Now you've got to
start guessing. So now when I see copilot, when it has an event, a copilot interaction event,
it shows you what file it touches to answer your questions. So now I have to start taking some
guesses like, oh, the file name has VPN in it. The file name has password or login in it.
Right. Maybe that's indicative. Have you thought about kicking out your own co-pilot query,
which is tell me about what's in this file name? Exactly. Yes. More so, give me the contents, too.
like help me understand the contents.
Because that's always the hardest part from a log perspective is,
man, I could take a good guess at what that file name might be.
But I don't know unless I can get some DLP markers or look at the content itself.
Yeah.
One of the most fruitful log sources, because as I say, you know,
you're taking in a bunch of very quite different, you know, logging, right?
From the IDP, from SAS, from your own environment, from, you know, 365 or whatever.
You know, I guess what are the,
most fruitful combos there because you always hear about people, oh yeah, you know, it's a long
tale of different stuff that you can ingest. But usually there's a couple of things where you're
just like, no, you absolutely have to use this and this. And that gets you like, you know, it's like the
rocks in the jar. You know, you start by putting the rocks in the jar and then the pebbles and then
the sand, you know what I mean to fill up the jar? What are the rocks that go in the in the, in the
jar for this sort of detection? Exactly. Yeah. So I would say, you know, where do we see the
attackers most? That's the places you want the logs from. So you're, whatever your federation
sources, right, whatever IDP you have,
ACTA, ANTRA, whatever.
Better make sure you're getting
great logging from there.
And then you're going to go right to
your SaaS platforms of interest.
So what are ones getting hit all the time?
Your, you know,
Google workspace 365,
those types of sweets of product
for sure.
But then Salesforce.
We know a lot of Salesforce stuff going on.
Yeah. Salesforce logging
is kind of
atrocious if we're being real, but they're necessary. You need to look at them. Snowflake logging.
You need to see what people are doing there. The places where people go, you need to make sure
you have logging. Endpoint logging, oddly in a lot of these cases, ends up being almost
useless, though, because in most these scenarios, they're not sitting on one of your endpoints, right?
They're sitting on their own. So it becomes a weird, a weird case where, you know, me coming from the
Mandy in background, I'm like, I really want some good endpoint investigations again.
And I just don't see as many as I would hope.
Well, it's kind of becoming irrelevant.
I was literally having that conversation with a friend of mine like yesterday about how like,
well, you know, endpoint security has been the bread and butter like money wise for Infosec for
so long.
But it's like let that robot sink because we're getting a new yacht, you know, like it's all,
it's all very much changing.
But I also wanted to ask you, you know, we're talking about AI just a just a moment.
ago, one of the tricky things at the moment where a lot of vendors like yourself are having
to retool or just refocus a little is you got to work out when a user is using an AI agent
with their own credentials to perform a certain task, right? Because knowing what a user is doing
versus what one of their helper agents is doing is becoming more and more important. You actually
have, you know, the way you're chipping away at this is actually kind of interesting because
you're doing stuff like looking at user agent strings and whatever, which I mean, I think for
now is going to be perfectly fine. Later down the line, when people are using agents maliciously,
they're going to start faking user agent strings and we're in a whole different kind of weird
detection and evasion war. But currently, that's kind of how you're doing it, right? It's like,
you know, certain behaviors and agent strings and whatnot. Yeah, right. I guess maybe it's the
detection background in us, right? But when a lot of our clients wanted us to help them, like, measure
adoption of AI. And how do I do that? Well, I kind of look at the same data set and I look for markers of
AI. Well, if somebody's using copilot, there's a log event for that. If somebody is summarizing a chat
in Slack, there's a log event when that's occurring. When somebody installs OpenClaw on their system,
there's some file artifacts that are made when someone connects OpenClaught into teams or Slack.
Well, it uses a particular user agent when it goes in. So there's just so, I think you just
just have to be flexible about the ways that you can look like detection, right? I mean,
sometimes I need request parameters. Sometimes I need a user agent to do the type of detection I
need. I need to be able to look at all those log sources, pull out what those markers are as
signals, and then start labeling the identities that are doing them. We'd use badges as our terminology
there. So I badge people as you're an AI user or you're an AI agent or you're an AI builder
based off of these things that you're doing,
not just your configuration,
but what you actually do.
Has there been much customer demand
for actually, you know,
trying to untangle all that?
Oh, for sure, right?
And it's weird.
It starts off traditionally like,
hey, first we just want to know,
like, who is even doing anything
a had related, right?
It starts very nebulous like that.
And then immediately,
after we're able to answer that question,
the client's next one is like, well, so what? Now what do I do? So now we apply like our normal
exposures types of framework for it. Well, here's some AI identities that also have access
to sensitive data. Do you care about that? If you do, great, let's go reduce the risk on those.
Or here's some overprivileged identities that are doing something in AI. But ultimately,
we always get to kind of like now is anybody abusing it who's doing shadow AI usage.
Well, Shadow AI, when I have the IDP logs, right, or I can say like, oh, I can see who federates into chat chapti or not.
But I also have their endpoint logs so I can see who's using chat chvety and I didn't see a federation event.
Okay, that's a shadow AI user, right?
That somebody's using their personal account.
They're not going through the prescribed path.
Man, I know that this is a big one because when I talk to Ireland, the browser maker, that's what they want to talk about.
We find Shadow AI.
When I talk to Push, they talk about that as well.
We find Shadow AI.
Now, here you are, Ian R.
From Permiso, talking about how you find Shadow AI.
So I'm going to infer from this that this is something that there is market demand for and everybody wants.
But look, we're going to wrap it up there.
We've run out of time.
Ian Arl, thank you so much for joining us on Risky Biz.
Yeah, I guess throw out some ideas there for how people can think about doing detections on groups like shiny hunters.
and also I guess how they might think about building some detections as well
for when a user is in fact not a user,
but is in fact a little lobster claw.
Pleasure to chat to you, my friend. Cheers.
All right, thank you so much.
That was Ian Arl there from Permissau.
Big thanks to them for that.
And that is it for this week's show.
I do hope you enjoyed it.
I'll be back soon with more security news and analysis.
But until then, I've been Patrick Gray.
Thanks for listening.