Skip to main content

This Week On What the Hack: How Hackers Are Using AI

This Week On What the Hack: How Hackers Are Using AI

A teenager rage-hacks a Tetris leaderboard and becomes a millionaire by 18. Now Tal Kollender breaks into companies for a living—and fixes whatever made that possible. We talk about that and Anthropic’s Mythos, which is a cyber idyll for our time.

Episode 258

https://www.podtrac.com/pts/redirect.mp3/pdst.fm/e/tracking.swap.fm/track/tcQd6Q6C0RUUlOHq1Ytj/mgln.ai/e/51/pscrb.fm/rss/p/traffic.megaphone.fm/TPG6910267796.mp3
Loading title…
0:00

Ep. 258: “Fighter Pilot Cadet Turned Hacker, She Keeps Us Safe”

Beau: Have you ever cheated to win something and then found out that your opponent cheated as well? What was the game?

Tal: It was a nice manipulation on Tetris game.

Beau: That’s where this episode starts, with a kid, a Tetris leaderboard. You know, like on Tetris, like who’s winning? And a grudge turned into a career.

Tal: I was so upset and I woke up the next morning and I saw that I’m no longer ranked number one.

Beau: There was more on the line for Tal Kollender, the CEO of Remedio, than just being ranked number one. There were also real prizes she could win.

Tal:And I promised my parents that they will get, you know, we will get the foosball, we will get the prizes that I promised them. And usually when I promise, I make it happen. And when I saw that someone else won, and it was never, it was… I mean, like, I didn’t see his, you know, like, kind of a nickname before. I was so pissed, and I said, “No way.” I mean, I’m the best here. Like, he must have been cheated. Like, if he cheated, I will also learn how to cheat. And that’s how this journey started.

Beau: She didn’t just learn how to cheat. She hacked the back end of the game scoring database. Not the game itself, just the database behind it. And from there, she didn’t stop. Prizes turned into a nickname. The kids in her neighborhood called her the female Robin Hood. She made her first million dollars before she was 18, as one does if you’re, I don’t know, if you’re not me. Today she runs a cybersecurity company called Remedio. She spent time in one of the most elite cyber units in the Israeli military, and right now she thinks most companies, maybe yours, actually she probably thinks probably yours, have absolutely no idea what’s running inside their own network. And, you know, I think that most people have no idea what’s making them vulnerable. I’m Beau Friedlander, and this is “What the Hack?” The show that asks, in a world where your data is everywhere, how do you stay safe online? I think I wanna start with something like, Tal Kollender of Remedio, co-founder, CEO of Remedio, is a cybersecurity entrepreneur, true, a former professional hacker, also true, who has spent her career closing the gap between identifying security risks and actually fixing them. So sounds like you’re a bug hunter, but I’m guessing that’s probably not how you would put it. And you have been a hacker. I guess the first thing I’m curious about as the father of daughters is the fact that you’re a hacker in the first place. It’s a very male world and you’re not a guy. So how is that?

Tal: When I started it…

Beau: Tal grew up in Israel in a neighborhood that was mostly boys, playing soccer and basketball instead of, in her words, Barbies or Polly Pocket. She didn’t think much about being a girl in a male-dominated field until years later when her company started operating internationally. By then, it was too late to stop her anyway, right? She’s already in there. But the Tetris story isn’t really about Tetris. It’s about what happens to someone who can’t stand to lose and what happens when the system she grew up in took that exact trait and pointed it somewhere very specific.

Tal: So to be honest, I started in a fighter pilot course before and, I didn’t, unfortunately didn’t pass the entire course. So, I would say I was a bit too, a bit… You know, I was rude. I thought that I know better than the pilot next to me. And obviously he didn’t like it. After a few month, I found myself going to my real hobby, which became a profession, which is, you know, like, joining some elite computer unit. And one thing really interesting that happened there is I really wanted… It’s very hard for me to hear “no.” And when I kind of, I failed myself, you know, and I didn’t continue, eventually I didn’t finish as a fighter pilot. What happened is that I really wanted to go back there, so I did everything I could. I became like, you know, like I got, you know, like the president certificate, like whatever. And I did so many good things, you know, and all I wanted is to go back to finish my fighter pilot course. And when I just sent them everything, “Hey, look, you know, I changed. I’m okay now,” they said, “No, sorry, you are not going back.”

Beau: Even though she wasn’t going to be a fighter pilot, she did serve in the Israeli Defense Forces in the IDF’s Computing and Communication Center with Special Forces.

Tal: And this is where I got my security clearance. I am passionate about what I do, but also about the military and what they do, and they kind of switched my, I would say, a black hat to a white hat, and I started doing things helping my country. And that’s where I… That’s how I grew up. So, like, the army pretty much made me very mature in a few months.

Beau: After her military service, Tal went back to the private sector, although this time less, shall we say, in a legal gray area. And so when did you leave the military?

Tal: After five and a half years, I started working for some high-tech companies.

Beau: Black hat to, I guess gray hat to white hat. White hat. We’re going for white hat. Same skill, same obsessive quality, same refusal to accept no. The problem sets were different ’cause now we’re talking about cybersecurity. Now, she’s looking at defense though, not offense. Hackers are, you know, looking at how to get in. And security people have the harder job because they have to imagine all the ways the hacker is gonna think up.

Tal: My role was finding things and to think like an attacker, but not only finding things, fixing things.

Beau: According to IBM’s most recent Cost of a Data Breach Report, the average breach now costs a company $4.4 million globally on average. And in the US, that number is over $10 million. The report also found something else. When companies have a lot of unauthorized, ungoverned AI running around, what the industry calls shadow AI, that adds another $670,000 to the bill on average. What does that mean? Is that, like, does that mean somebody’s using ChatGPT when they should be using Claude or Gemini? I guess it might, but I’m guessing probably more problematic is people using AI agents. Agentic AI that they’ve configured themselves. ‘Cause think about all the misconfigurations that can happen when some dodo is doing that, and they’re doing it in an environment where it has been explicitly banned. Most companies wouldn’t allow it. So the stakes are real, but Tal’s argument is that most companies aren’t actually struggling to find the problems. I would argue they actually are. But the real problem is they’re struggling to fix them. They knew they had this thing. There was… a bug hunter told them. They knew, “Okay, we gotta fix it.” They haven’t fixed it yet. And that gap between knowing something’s broken and actually closing the ticket, that’s what she’s trying to do.

Tal: Detection is not enough. The problem today in the industry is the remediation. 100% people already see, they know it, they have too many tools that will tell them what is wrong instead of, hey, I mean, here is what is wrong, but we fix it for you. We want to fix what others only find. In very short, not only that we close the gap, but we make it safe and fast.

Beau: So what is remediation for people who don’t know?

Tal: Let’s say that you have a company or you work for a company that they have, I don’t know, let’s say whatever number of employees. One thing that the company must do is running kind of penetration testing or running some vulnerability checks to see, you know, what are, what’s going on within their devices, within their applications, within everything, the cloud. The problem is that those tools that I just mentioned, they are mainly focused on finding the problem. Now, when you find one problem, usually it takes a lot of time to address it. And it can be problems that are 20 years old, but they are still here. Usually you get a very nice PDF report with hundreds, if not thousands, of things that you need to fix. And one fix can take you between days to weeks to month. But you cannot really focus, you cannot really dedicate your team’s time to fix it.

Beau: And so the obvious conclusion is you’d think just patch everything automatically, auto-update all the time. But it turns out that’s like telling someone to just renovate their house without ever turning off the water or turning off the electricity or learning about contracting or getting a contractor or, yeah, come on. Touch the wrong anything. I don’t know, buy something before everything is decided. Do you get the picture? You can’t, you can’t just do that. So, the idea that you can just patch something, that’s really not the solution.

Tal: Think about Patch Tuesday of Microsoft. Every month they are trying to address, like, dozens of CVEs, and not everyone can update all of their operating systems just in one click. They can’t, because they don’t know what are the dependencies, they don’t know what they are going to break, and sometimes they have some legacy operating system.

Beau: When Microsoft releases a giant batch of fixes, if you have an old big system with everything connected to everything else, you know, like a Jenga tower, built over 20 years, you don’t know which piece you can safely pull out or replace. In other words, if you do something, you might be doing something that creates a new vulnerability. Choosing the wrong one could lead to something else breaking, you know, or falling, Jenga-wise. A lot of companies are still running really old, really complicated systems, and the pieces that you put in and the pieces you take out, they’re not interchangeable. These are the kind of things you can’t just auto-update. It’s way too complex. ‘Cause what happens if the whole thing falls over. I’m sticking with the Jenga tower. If suddenly thousands of employees can’t log into their computers, that’s the real deal. If banks, airports, weather services, whatever it is, are locked out, hospitals, it’s a huge deal, right? And all it takes is one of these crazy Babel’s tower of nonsensical interlocking parts that are sensical to the person who built them to fail because of, you know, the patch. The patch that was like, “oh, so obvious, just use the patch.”

Tal: Microsoft released another Patch Tuesday, and within the Patch Tuesday, there is one thing that keeps repeating itself, you know, like, unfortunately, too many times. It used to be called Print Nightmare.

Beau: Print Nightmare is a vulnerability in the part of Windows that handles printing, the print spooler. That’s the process that happens before your printer starts making noise. But here’s the thing. A lot of companies, they don’t print anymore, right? But that service is still sitting there, weirdly, dumbly, dangerously, switched on, on millions of computers like an old unlocked door nobody remembers exists. But it’s there. It’s just got a little dirt over it. Dig it up, the hackers know it’s there. They don’t need to dig it up. So instead of just boarding up that door for good, Microsoft has spent years patching it over and over, and every time someone finds a new way to pick the lock, well, you get the picture. So what Tal does is, Remedio, her company, will go into a company and say they’ll check every device. Now, has this one ever gotten a printer hooked up? Has anyone printed anything in the last three months? If the answer is no, get rid of the door. The vulnerability can’t be used against you anymore because the thing it depends on isn’t there. End of story. No risk, nothing breaks, problem gone. That’s what she calls a quick win. Zero disruption remediation.

Tal: So again, so anything from legacy protocols or ciphers to some misconfigured application that, you know, keeps, you know, like wide open. Anything from even Microsoft Teams to Java to Cloud, I don’t know, like even to Adobe, okay? Yeah.

Beau: So it can be like the company CISO. If they don’t have one, this is really the problem, but it’s the…that somebody hasn’t actually closed all the doors?

Tal: Yes.

Beau: Is that– how common is that?

Tal: Wow. 100% of the time we find, we find variety of configuration drift.

Beau: Do you include in that drift user error, like human beings, like bring your own device and the things that come on their devices?

Tal: Yes.

Beau: You do. Well then, it’s endless what you can find out there.

Tal: Exactly what I was about to say. It is endless.

Beau: So that’s one open door, one piece of software that nobody notices for years. But now multiply that by every laptop, every login, every old service quietly running in the background of a company with 1,000 employees. That’s the job. It’s an endless number of doors nobody remembered to lock, a lot of them with custom things that are human-shaped, right? So all that, the principle or the configuration drift, the human error, that’s the normal threat. That’s what security teams have been dealing with for 20 years. What happens when the thing that finds those doors isn’t a person, but something built specifically to be terrifyingly good at it? Yes, we’re talking about AI. So good that one AI company decided it was actually too dangerous to release something they made. You read about it. That thing has a name. It’s called Mythos. And when we come back, I’ll explain exactly what it is and why the U.S. government just forced its own creator to shut it down. In April of 2026, Anthropic, the company behind Claude, announced something unusual. They built a new model called Mythos, and instead of releasing it to the public the way they normally would, they said it was… Well, they said they wouldn’t. They said it was too dangerous to release. You know? The world couldn’t handle it, the responsibility, the awesome responsibility that would go with using this thing. And it wasn’t because it was unsafe in some vague way. It was because it was deeply unsafe in a very known way. It turned out to be really good at finding security flaws in software. Anthropic had built a killer hacker app.

CBS Chicago: AI safety and research company Anthropic now says that it cannot release its latest AI model, and it’s because it’s, quote, “too powerful for the public.” The company is concerned that cyber criminals and even spies may abuse their new technology.

Beau: In testing, it found critical previously unknown vulnerabilities in basically every major operating system and web browser. Bugs that had sat there undiscovered for years, in some cases for decades. And it didn’t just find them, it could build a working exploit, an actual tool to break in, often within a day. So instead of selling access to it, Anthropic locked it down. Makes sense. Now, they only gave access to a small group of trusted partners, companies like Microsoft, Google, major banks, specifically so those companies could use it to find and fix their own weaknesses before everyone else found them first. And they called that project Glasswing.

We Have to Talk About Anthropic’s Mythos – Hard Fork/The New York Times/New York Times Podcasts‎⁨: Basically every big tech company that is not OpenAI or Meta is getting access to this model, but not general access, just access to do defensive cybersecurity testing, basically to go out and harden their systems and their infrastructure and their software before the general public can get its hands on this model.

Beau: But just a few weeks ago, the US government issued an order forcing Anthropic to cut off access to Mythos entirely for every foreign user anywhere in the world, including Anthropic’s own employees who weren’t American citizens.

CNN – Fareed Zakaria: Last Friday, the US government did something extraordinary. It effectively forced one of America’s leading artificial intelligence companies to withdraw its most advanced product from the market. Anthropic, the maker of the frontier AI model, Mythos, and its commercially available cousin, Fable, have been given little warning, and according to reports, roughly ninety minutes to comply.

Beau: Now, I personally don’t you think they should just sort of… Nobody should be using it, period. Or I guess I can see why they– But who gets to use it? That’s like, deciding who gets, you know, the antidote for a poison when everybody in a group has been bitten by the same snake. The government’s stated reason was that it’s a national security concern, something to do with the way of getting around model safety restrictions. Anthropic pushed back and says that they believe this is a misunderstanding, right? That, that the same capabilities the government is worried about are already available for other AI models that aren’t restricted at all.

CNN – Fareed Zakaria: The administration’s concerns are not frivolous. Anthropic appears to have made real mistakes. A Washington Post report suggested that it expanded access to Mythos beyond what officials believed had been approved and moved too slowly in responding to concerns about who was being allowed to use it. Intelligence agencies reportedly favored a tougher approach, but that is precisely why process matters. Senior administration officials have repeatedly criticized the company, saying it was woke and hired too many Democrats. President Trump has publicly mocked the company.

Beau: As of now anyway, as I sit here recording my voice, the fight is still playing out.

Tal: Even before Mythos, you have the Opus 4.6, and then you have Mythos, and then you have other things. So they found, like 170 vulnerabilities in Firefox or something like that. The CTO of Firefox, you know, he took a look and they fixed it eventually, but he took a look and said, “Oh, nothing is really too sophisticated. We, I mean, like, if we had a few people running the PT, I mean, nothing that a human being cannot find.” And I’m like, “Dude, is that really your answer?” I mean, no, your answer should be like, no, that’s great. We have something that, you know, like, is a machine speed-finding us the issues, and who cares if it is something that a human being can find or not? So everyone cares if you fix it, I mean, on time, and you don’t, you know, like, and you don’t want to keep it already vulnerable.

Beau: Why do you think that was his take? Why do you think that was his take about, you know, humans could have found it?

Tal: Because he wanted to say that probably any scanner is still not advanced enough to think like, not like a human. Okay? Like to be even superior than a human being. That’s what I believe.

Beau: So you think he was saying like that human threat actors are still the real concern?

Tal: Yeah, he kind of, he says, okay, like it’s still… And don’t get me wrong, I mean, today using AI, phew. Wow. I mean, like, instead of, you know, like, sitting in a network for, and wait, you know, for month, for years, I can do it now in hours, days or weeks. Like, that’s what I can do in order to get all of my information. But I didn’t like his approach to, you know, like kind of comparison of the findings that it’s like, you know, like human can find it. I mean, who cares?

Beau: So her theory is that a human could have found this response. And it’s less about the facts and the finding and more about the kind of professional reflex, not wanting to concede that something automated just outpaced a team of specialists. And whether or not that’s a fair read of their motivations, I think the broader point survives the disagreement. The question, “Could a person have found this?” is the wrong question to be asking. The right question is, “How fast did we fix it?” That’s Tal’s question, right? That’s the mission. If AI can find all of these vulnerabilities that need to be fixed, obviously, AI can hack those very same things. And we are now in a world where we have to assume that Anthropic is not the only one with a killer app.

Tal: Correct. And let me tell you something even more, you know, that should raise some concerns. When you install Claude, I mean, even if you are not going to code, okay? Even you, you install Claude to use the chat, okay, when you install by default Claude, the default setting of Claude are not secure. They don’t use the sandbox. They have a world-readable permission to their state directory. They have like, if you want, you can enable easily, you know, like the co-work without any limitations. There is no restrictions on the plugins and the permissions and so many things that comes by default. It’s not only Claude, it’s also for Codex. The problem that happened is that people are… people just want to do things, right? And then they just install, and then they just do something, and no one understands the implications, and no one understands that if you have one device that has AI misconfiguration, it is way more severe than you have a regular misconfiguration, because AI misconfiguration can exponentially grow. I mean, and every attack, every attack in the world involves configuration drift. Every attack in the world. It maybe doesn’t start with the configuration, but it evolves, it involves it. So AI can definitely grow to a monster that you do not have any controls.

Beau: I wanna be precise about what Tal is describing because AI misconfiguration can sound abstract, but it’s not. It’s the same print spooler problem from before, a setting no one checked. But the difference I guess, is that this unchecked thing now has the ability to take actions on its own. So while no one’s looking, things may be happening. Files can be read, code can be run, plugins installed. The blast radius of one bad default isn’t just one open door or a blown open door, right? It’s a world with no doors. I think a lot of employers would be shocked to know how many of their employees, especially the remote employees, are creating, where they’re on their own Wi-Fi, are creating agents to do their work. What have you found on that score?

Tal: Whether it is a very strict location, it’s not as easy, okay, to do it. Obviously startups, you know, like, software companies, yes. Whether it is bigger companies, they have their own limitation. Usually the device that they use, the work device is very hardened. And here is the but, usually the browser is not as hardened, and by default you can do so many things on the browser that just skips the permissions on your device completely. And I say the sky’s not the limit, it’s the starting point right now, you know, like to do anything you want. And most of the applications are already in the browser, you know, so you can just control other applications with browser, with AI.

Beau: In March of 2026, a piece of widely used open source software called LightLLM– it’s a tool that routes traffic between different AI providers, it’s the plumbing that sits between an app and whatever model it’s using– that software, LightLLM, okay, it was bound to happen, right? It was compromised. For about 40 minutes, anyone who installed or updated during that window pulled down code with a built-in credential stealer. That’s a hack, capable of grabbing cloud keys, SSH access, even moving laterally inside company networks. Okay, that’s the nightmare. And if you don’t know what any of those abbreviations or terms or words are, it just means that for 40 minutes, there was a skeleton key, kinda. ‘Cause LightLLM sits underneath so much AI infrastructure. I think reportedly something like tens of millions of downloads a month. The damage wasn’t contained to one company. At least one organization, a company called Merkor, later confirmed that they were affected with reports of data being stolen and an extortion attempt that followed. So a lot of companies will say you can use Gemini, but you can’t use OpenAI or ChatGPT, or you can use Claude, you know, but they’re mutually exclusive. Or they’ll just buy a contract, an enterprise contract with one of them. But people are using the other stuff on the side. Isn’t that a problem?

Tal: Yeah. It’s not…exactly. It’s not only the Gemini, it’s not only the Claude, and it’s not only whatever, the Microsoft Teams or Copilot. Yeah. It’s way more than that. It’s like people, they’re, people write their own agents. People use LLMs that might be malicious LLMs. People have their MCPs, and people don’t understand right now what’s going on. It’s like kind of in front of them, but not in front of them because they have no idea what to do with it, and some cannot even see it. So it’s bigger than I have Claude, I allow Gemini, I do this. No, it’s bigger than that.

Beau: In front of them, but not in front of them. I guess, I mean the risks are not hidden in some sophisticated undetectable way. Most companies don’t have visibility to see what’s already sitting right there in their own system. So when a company tells you that they’ve locked all this down Tal, do you believe them?

Tal: They are trying to limit as much as they can. I mean, for example, I have a company that says, “Yeah, I completely blocked anything that is not Microsoft Teams.” And then we saw that they have, you know, like too many, too many, you know, Claudes and a few Open Claw, you know, in their environment. Then, no, what do you mean? I completely, you know, like I closed it. And then, no, that you didn’t. I mean, not only that it’s there, it’s very active. So people think that they have control, but there aren’t as many solutions they, that not only will tell you what is it that you have, but will take control over those.

Beau: And it’s the same problem. It’s not just about a bad policy, it’s just knowing whether your policy is true. You know, you can say, “We don’t allow this,” or, “This never happens,” but like, is that true? So that’s the threat. Configuration drift, shadow AI, agents no one approved. Which raises the obvious question, why not lock it all down? Ban personal devices. Sorry, I know this sounds extreme, but just from a security point of view, ban personal devices. Problem solved, right? Nope. There’s a reason most companies don’t do that, and it’s not because they don’t care. What’s the resistance you run up against when you make these kinds of suggestions to them?

Tal: So it depends what levels of control we are talking about. So some companies would say, “We don’t allow even to bring your own device. I mean, it’s okay to connect with the phone only with, only on the allow list apps that we approved, and we are open to phones,” which is, you know, probably like email, Slack. And they are very strict on the end user device that they get. Okay?

Beau: Yeah. I mean, you picture something like the television show Severance, right? Where they, you know, everything stays in a locker, they go in an elevator, they’re in a different space. It’s completely clean.

Tal: Yes. I mean, again, they think it is clean until they get a different, you know, until, they see that isn’t, that it is not. So some companies would say, yes, you … This is what you are allowed to use. I mean, like, some companies are not even allow people to use, let’s say, Android. They only allow iPhone because they checked everything against iPhone, and for them, iPhone is okay. And some companies they say, no, you get everything from you. You get a phone, you get a laptop, and you only deal with this, with these two devices. That’s all. So it changes from one company to another, I have to tell you. Like, that’s the reality.

Beau: But when you get a true believer and they say, “Okay, Tal, I want to make ours, make us as hard to hit as possible. We are developing a new kind of satellite that runs on kidney beans, and we don’t want anyone to find out first. So we need to be as, you know, completely secure.” And you say, “Okay, great. You have to buy all new tech, and here’s the devices that you need to buy, and it’s gonna cost you X amount.” Do they– Do the true believers just do it, or do they push back?

Tal: It is always down to is it worth it? You know, like I pay X, but is it kind of worth it? You know, like what happens exactly like if I got, you know, attacked or breached, like I’m going to pay 10X, I’m going to pay the same X. And it’s all about risk all the time, risk calculation. And to be honest, some of them, like specific I would say defense or things that, people that are developing something that is super important. Like if we will take healthcare for example, unfortunately they don’t have extra money, right? So I mean, they don’t have enough staff, they don’t have enough money, so they will probably will not do it, right? You are talking about also state local. So you’re talking about specific organizations, maybe about specific tech, maybe about specific financial, maybe about specific defense. So these companies are a bit more open. Some companies are already do it, right? Like, and the people that are not or they are trying to have their own air-gapped, you know, like network. It comes to a question of risk all the time. Is it worth it? That’s all.

Beau: Risk calculation. Okay. I know it sounds dull, but I think this is kinda interesting. Is it worth it? That’s a whole industry really reduced to one quiet math problem that happens in a boardroom somewhere, completely invisible to the rest of us, but that calculation only works if you can actually put a number on both sides of it and then make a decision. And even then, like, you kinda suck, right? I mean, think about it. That’s sort of a sucky thing. Anyway, cost of a lockdown, that’s easy. That’s a line item. That’s a vendor quote. Cost of not doing it, that’s a guess, an average, a maybe. But there’s a third variable in that equation that doesn’t show up on a spreadsheet at all, because you can buy every device, you can lock down every phone, air-gap every network you want, and none of it matters if the breach doesn’t come through one of those many open doors. If it comes through a person, somebody already inside, eh, you still lose.

Tal: At the end of the day, people have money, okay? And if you just try to buy them with something, they can do so many awful things. Even they can even sell their family just to do something to get money and that’s a problem. Some of them are soldiers in the intelligence forces, and they got money from Iran to do some stupid stuff like, you know, like-

Beau: Or just spy.

Tal: Yeah. But again, even today, the most sophisticated, eventually attacks, I mean, despite the fact that they involve misconfiguration, they also involve insiders and- That’s when we go back to, you know… I mean, I don’t want the world to be eventually full of robots and that they will replace us. I believe that… I mean, I don’t think that the world is going to any place that is good so far. From what we all see, I mean, again, like it’s not something that will be ending soon, but the robots, I don’t want them to replace us, you know, anytime soon, but I mean, it’s not what I see. There is always pluses and minuses, and if you want to be really good in attacking places, whether it is country versus country, whether it is, you know, group or individuals and going…I mean, towards something bigger, but most probably they will use someone and they will gather enough information in order to get, you know, you, me, I mean, anyone else, you know, someone that they really want to… I mean, like, their target. You see it unfortunately.

Beau: So what are the chances that a big hacking syndicate or state-sponsored hacking operation has not already tried to infiltrate Anthropic and OpenAI and all the rest of them to try and get an insider who’s on their payroll giving them information? What are the chances that’s not already happening?

Tal: It happened. It happened. It happened. I mean 100%. I mean 100%. Like, and of course China is trying to mimic their own Anthropic, like for sure. Like it’s, yeah, it happened.

Beau: So you have spies that are getting paid $500,000 a year plus whatever they’re getting to spy.

Tal: I mean, I’m pretty sure it’s, yeah, I’m pretty sure it happens like…

Beau: Yeah.

Tal: I will be surprised if it wasn’t here, but it’s here. [inaudible]

Beau: And the funny thing is they’re getting, all of these places are recruiting people that are very skilled, intelligent, high-functioning people, and that’s exactly who also usually turns coat and becomes a spy.

Tal: Yeah, and maybe it’s not- Maybe people are not talking about it enough, but it happens. And it happens unfortunately I would say more often than we think.

Beau: Every other angle we’ve talked about in this episode, the misconfigured print spooler, the insecure default settings, the AI LLM no one approved, the agentic AI, even the Tetris database, those are all in theory, fixable things. You write better defaults, you write better code, you build better visibility tools, you close the gap like Tal does for a living. But you can’t patch a person who’s decided the money’s worth it. You can’t say, “Oh, sorry, hackers, no more hacking. Hackers, stop hacking.” You can’t. It’s not gonna– That’s not the way the world works, and that is finally the big problem here. Tal, thank you so much for joining me today. I really appreciate your insights, and I look forward to talking to having you back.

Tal: Thank you so, so much for having me.

Beau: Now it’s time for our Tinfoil Swan, our paranoid takeaway to keep you safe on and offline. I’m gonna say something that is just deeply unpopular, but here it is. If you’re using an LLM at work, if you’re using Claude or, I didn’t say it first because I think it’s best I just said it first because I, because whatever. I’m not gonna say anything else about it. ChatGPT, Perplexity, Gemini… If you’re using any of these, well, are they the ones that your company has approved? Because if they’re not the ones that your company has approved, then I’m gonna make a radical suggestion, and that is stop. Stop doing it. Now, even if they are the ones that your company’s approved, I want you to do the basic stuff, okay? I want you to make sure that the AI platform is not using your content to train on, and most likely your, most likely your CISO has already figured that one out for you. But regardless, if you’re a smaller company, that may not be the case, and here’s why. Because you’re gonna be putting sensitive information into it and you have no visibility into what’s happening with it. So just, if you can go in Incognito mode or ghost mode or whatever it’s called, do that, and absolutely 100% always make sure it’s not training on your data. That’s it. Thanks for listening. Stay safe out there and see you next week. What the Hack is produced by me and Andrew Steven who also edits the show. What the Hack is brought to you by DeleteMe. DeleteMe makes it quick and easy and safe to remove your personal data online and was recently named the #1 pick by New York Times’ Wirecutter for personal information removal. You can learn more at DeleteMe if you go to joindeleteme.com/wth. That’s joindeleteme.com/wth and if you sign up there on that landing page, you will get a 20% discount. I kid you not, a 20% discount. So yes, color me phishing, but it’s worth it.

Learn More:

SHARE THIS EPISODE
Hundreds of companies collect and sell your private data online. DeleteMe removes it for you.

Our privacy advisors: 

  • Continuously find and remove your sensitive data online
  • Stop companies from selling your data – all year long
  • Have removed 35M+ records
    of personal data from the web
Special Offer

Save 20% on any individual and
family privacy plan
with code: WTH

What the Hack Podcast
Dive into the latest episode of ‘What the Hack?’, your go-to podcast for real stories, shocking cybersecurity breaches, and mind-blowing digital hacks.
Want more privacy
news?
Join Incognito, our monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.
Icon mail and document

Exclusive Listener Offer

What The Hack brings you the stories and insights about digital privacy. DeleteMe is our premium privacy service that removes you from more than 750 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.

As a WTH listener, get an exclusive 20% off any plan with code: WTH.

Listen to Recent Episodes

This Week On What the Hack: How Hackers Are Using AI

Episode 258
June 30, 2026
46 MIN

This Week on What the Hack: Army Romance Scams

Episode 256
June 16, 2026
42 MIN

This Week on What the Hack: Scammer Tactics

Episode 255
June 9, 2026
95 MIN