A.I. Safety Is So Back + Mythos Mayhem with Nikesh Arora + Hot Mess Express

Hi, I'm Juliette from New York Times Games and I'm here talking to fans about our games. So you play New York Times Games? Yes. Do you have a favorite?

Connections. It just scratches an itch in my brain. It's really out of the box thinking with that game. I play with my husband every night. I refuse to let him play it without me. He will always get the purple first. And I always get like the fun ones that he doesn't think about.

I love that it's like a real life connection while you guys play connections. Very sweet.

I promise I didn't play that.

Ha ha ha.

You can play all New York Times games at nytimes dot com slash games or on New

Uh Casey, will you record my audio book for me?

Yes, I would love to actually.

Okay, thanks. Yeah, because I got the briefing yesterday on what this would entail for me. Mm-hmm. Uh they want thirty six hours in the studio to record this audiobook.

That's wait, hold on. Eight, sixteen, twenty-four. That's over four days' worth. That's four and a half days of recording. That's like almost a full week.

I know.

Oh my god.

I know, but apparently people have, you know, a connection to us because of our voices, so they didn't want me using like an AI clone to do it.

Makes it you know what I really think that there there would be a case that I should do this because it would force me to read your book. You know what I mean? Like put me like then I really can't get out of it. Like I'm on the hook to read this thing for real. And uh so that might be the best way to do it.

You can insert your little like snotty wise cracks if you want. Like like Mystery Science Theater at

Yeah, a little a little extra commentary on the side like, oh, I see we're using that transition again.

Mm.

Oh boy, he really ended this whole thing with Time Will Tell. I um I would have suggested a different direction. Was this book edited? No wait, no?

I kind of actually want you to do it.

I'm Kevin Roos, a tech columnist at the New York Times.

Casey New from Platform.

This is a very safe train.

Well the big news this week is that President Trump headed to China with a cohort of American business executives. To have a series of meetings about Chinese trade policy and AI and other things with Xi Jinping and other leading Chinese officials.

Now is it true when they walked off the plane a bunch of H one hundreds fell out of the leg of Jensen Wong's pants?

Yeah. Ha ha ha.

I haven't heard that confirmed, but I'll look into it. I want to talk about this, but less through the lens of like sort of President Trump and United States trade policy than through this sort of larger shift that I think we've both observed over the past week or so, which is that after several years of kind of dismissing AI safety and

Yes, and while this is something that I think was honestly inevitable, it still has been jarring to see it happen because it seems like this administration has really turned on a dime when it comes to this subject.

Yeah, so let's talk about what's been going on and some of the data points that support the idea that the Trump administration is sort of changing its AI posture, at least has several different AI postures that it's considering. But first let's do our AI disclosures. I work for the New York Times, which is suing open AI, Microsoft and Perplexity.

And my fiance works at Anthropic.

So first there was this executive order or rumored executive order uh that my colleagues at the New York Times reported on last week. This would be a new executive order to create an AI working group that would bring together tech executives and government officials to potentially come up with new ways of overseeing or regulating AI. One of the potential plans being discussed is a formal government review process for new AI models before they are released.

Yes, and the reason that is notable, Kevin, is that on President Trump's first day in office in his second term, he canceled President Biden's executive order. On AI, which among other things included this a very similar kind of review process for new frontier AI models, right? Like the Biden people were very confident that we would one day get models that could be used to

It's so remarkable how fast the Overton window has shifted on this idea. I mean, as you just said, like during the Biden administration, during the SB ten forty seven fight here in California over this proposed AI bill. People in tech and on the tech right and sort of among the more libertarian crowd were incensed about the idea that the government might ask them to do pre-release testing of their models that they then submit the results of to the government.

Well, I think that basically, um it to to use a phrase you sometimes like to use, like the Trump administration's view of AI just did not survive contact with reality. Right. And that in a word, what has changed here is Mythos, the model that Anthropic now has released in a preview to a very small group that includes now many federal agencies.

Yes, mythos is the proximate cause here for a lot of this, but I think it's also worth talking about the various factions within the Trump administration that appear to be battling over control of this new AI regulatory push. There appears to be a turf four breaking out between the Center for AI Standards and Innovation or Casey.

Shout out to Casey.

uh, which is formerly known as the US AI Safety Institute. This was a group within the commerce department that was set up under the Biden administration. The Trump administration came in and basically they didn't like that this was, you know, they what they considered sort of a bunch of doomers. So they sort of made some changes, including to the name, but this is a group of AI researchers and safety experts who work in the commerce department who want to be involved in vetting new models.

And there is just something so funny about these people coming in and saying AI safety is such a stupid idea that we have to remove safety from the name of this institute and then one year later be like, um, well AI safety is really gonna be a focus for us from now on.

Yeah, so there are some people who believe that the vetting uh of frontier models should take place like in the intelligence community, among like the NSA and various other organizations. So there's some turf war there. There's also just like this interesting kind of posture war over like whether the kind of let it rip approach to AI development. Uh or as former AI Czar David Sachs uh put it, the let them cook.

So do do we know at this point who seems to be winning that battle? And do you think it matters to the average person which side gains the upper hand?

I do. I think there's obviously going to be some back and forth. We'll see when this executive order comes out. Like what they do about the the testing requirements and where they locate that. If it's like We're going to let the NSA do this or we're going to let Casey do this.

Yes, and nowhere is that schism more apparent than in the Pentagon, Kevin, where on one hand the Pentagon has designated Anthropic as a supply chain risk because it refused to amend its contract to enable any quote lawful use of its technology, as we talked about on the show for a few months.

It's truly wild.

I wanna be in the meeting where the person who has to remove Anthropic from the Pentagon sits down with the person who's installing Anthropic i into the Pentagon and just sort of uh he hear what those talks are like.

Yeah. So aside from the obvious sort of incoherence and maybe hypocrisy of these conflicting positions, like which side do you think is going to come out on top here?

Well, obviously I'm always gonna side with KC. I you know, KC is a great agency, uh great people over there. And I mean honestly, like they they were just set up to do this exact thing, right? Like When it was established under President Biden, the idea was these models are getting better. Pretty soon they're gonna be dangerous. We need to have a way of evaluating them before they are released.

Yeah.

Clearly unfortunate that the issue of AI safety has become polarized in the way that it did over the past couple of years, that sort of caring about safety, talking about safety became sort of like vaguely woke coded and people in the Trump administration thought it was like a bunch of hysterical liberals uh, you know, using fears of AI to like get heavy-handed regulation into place.

True, but I think the Trump administration was always out on a limb here in a really weird way. Like we have talked a lot recently about what the surveys show when it comes to the public opinion of AI in America. Republicans and Democrats are like largely allied in being like deeply skeptical of it and even, you know, uh outright hating it. And that's why you see so many Republican state legislators trying to pass laws to reign in AI, right? Like

Yeah.

Yeah.

Pants to Oh we'll come up with more, don't we?

We're getting there.

What?

Another thing here is that you are starting to see the issue of catastrophic or existential risk. uh floating up and and percolating on the right. This is something that people like Bernie Sanders have now been talking about on the left for a couple of months. But on Tuesday of this week, Ted Cruz was talking about catastrophic risk.

I mean, look, the the idea that uh a large language model might eventually get so good that it could like break into your computer and wreak havoc, like that was not a liberal view. Like that was just a view grounded in an observation of like the rate of improvement in the model. In truth, I am glad that they are are are reversing course on this. Um, and they're doing it before we've had a massive catastrophe.

Yeah, so there may be a catastrophe unfolding under our noses. We just don't know about it yet. Yeah.

Stay tuned for next week's episode.

Ha ha ha.

Um I wanna talk a little bit about this China trip and what if anything, we think that has to do with AI regulations. So there was some uh reporting in the Wall Street Journal last week that both the US and China have been considering a series of official discussions around AI. We know that AI is on the agenda for President Trump's meetings with Xi in China this week. And we also know that China has been looking to get access to mythos. There was a great story uh recently in the Times.

And we wanna give them the hard fork Hutzpa award for shooting your shot. If you work at a Chinese think tank and you think Dario Amade was about to hand you a mytho, like that is truly like I I aspire to your level of self confidence.

Listen, you miss a hundred per cent of the shots you don't take. So along with uh Jensen Huang, who finagled a last minute invite uh on Air Force One after there were news reports that he was not going to be going on this trip. Elon Musk, Tim Cook, and Dina Powell McCormick from Meta are also on the trip with Trump. What's going on here and uh how would you characterize the blunt rotation uh among those tech executives?

You know, I mean th this is a group of executives that are aligned with the Trump administration and they have all found in various ways that the more time you spend flattering President Trump, the more like tax breaks and other forms of relief your company gets. So I mean, th you know, this is exactly what we talked about expecting Tim Cook to do once he announced that he'd be stepping down as CEO.

Yeah, I think uh like I am just very unsure where all of this settles out because I can imagine, you know, Trump wanting to go to China and make a bunch of deals. And obviously Jensen Huang and NVIDIA want to be able to sell their chips in China. And so I can see them on one hand like giving some kind of expanded access to Chinese AI companies to get these American chips. But then I can also see them not wanting China to get access to models like Mythos. So I just I don't know how that resolves.

Day this is where it would be helpful to have a coherent strategy, but we don't, right? It's like the same administration that is like installing and uninstalling anthropic at the same time. is kind of having a similar level of confusion over in China, where it seems like the administration is just like highly susceptible to like blowing where wherever the wind is today.

Yeah. I mean, I am generally not all that optimistic about the government's ability to regulate technology in a way that is timely and relevant. And I hope I'm wrong here, but I just I I think that we will See this sort of incoherence and contradiction until there is like some big event that kind of forces everyone to like sit up straight.

I mean my question is will this be a case of the same AI safety minded people Who were dismissed for the past couple of years by the Trump administration be proven right again in the future when it turns out that China did use access to American technology to build mythos or better level models. And will there be any regrets, you know, that we sort of paved the way for them to do that? I mean but you know, I I I don't think it's unlikely.

Yeah. It's interesting though. Like I had a conversation with a federal official recently, like in the last couple of weeks. Where this person was basically telling me that AI is just a normal technology, sort of taking the line that we've heard again and again from the people who

For sure. And you know, I what I hope that we will see in the coming months is more and more cooperation. Like the whole reason that we had that series of AI action summits over the past few years was to try to get more cooperation among the Western powers with this stuff. And then last year the US sort of came in and said, That's over. The US is winning the AI race and y and you can uh l like it or learn to live with it, basically. Right.

Yeah, and I I remember that AI Action Summit. I didn't go to this the most recent one in India, but the one in Paris before that I remember it was just like Oh, we're just not gonna talk about any of this. Like we're just not gonna talk about the dangers that this technology might create because we're so invested in this sort of accelerationist posture. So how far we've come, uh, and yet we are still in the very early innings of this.

It make you wonder what would have happened if the Trump administration had just been listening to Hard Fork a year ago. Could they have saved themselves some trouble here?

It's possible.

My take is this is a rare bit of good news when it comes to AI regulation, right? Like I am somebody who's been worried about AI safety for a long time. And one of the main reasons I've been worried about it is that our government has uh seemed to have this feeling of like, let's just see what happens.

And do you think there's any way that this turns out to backfire? I mean I'm I'm just remembering like people wanting social media to be regulated and then when the Trump administration started doing things

Yes, I am very sympathetic to those who believe that this is uh could amount to a kind of prior restraint on free speech and that there is the risk that there are, you know, members of the Trump administration will effectively say

Yeah, I I think I'm landing at a pretty similar place where I'm like I'm a little worried that this regulatory push from the right. is going to be confused and maybe too sudden and there's going to be some sort of overreaction that ends up with something more like the sort of censorship that you mentioned. But I I

I am...

Glad that after many years of kind of denying that this technology was important. Uh that it would become as good as the people at the lab said. Um, that our government at least appears open to the idea that maybe they need to just step in and do something here. I'll take the little wins where I can get them.

That's what I'm saying. When's the last time we talked about a win on this show?

We'll talk to Palo Alto Network CEO, Nikash.

Some songs that I've written I started on the piano that happened with All I Went For Christmas is You.

If you couldn't tell, that is Mariah C. Carrie. I'm John Caramonica, one of the critics behind the New York Times' 30 Greatest Living American Songwriters Project. We interviewed some of the songwriters on our list, including Taylor Swift, who hasn't sat for a video like this in a long time. These are not ordinary conversations. You're gonna watch these videos and learn about intimate approaches to craft in ways that you rarely have access to.

My mom had got me this notebook and I was just writing it really small because I didn't want anybody to

Okay, Jay-Z's teenage notebooks. I need to see. Watch all the video interviews for free and check out the entire 30 Greatest Living American Songwriters project at nytimes.com/slash 30 Greatest or And let us know if you agree with our picks.

Well, Kevin, is it just me or every time you look at the tech news, do you see some new cyber attack that seems to have befallen some company or another?

Yes, this is my experience of social media over the past two weeks. I log in, I see uh s three posts from companies about how they've discovered more bugs in a twenty four hour window than in the previous, you know, eighty years of their company's history. And then everyone's reposting that with just like it begins or it is over or hide your kids.

Yes, just to name a few of those, Mozilla was one of those companies saying that it had pushed four hundred and twenty-three security bug fixes in April alone, compared to an average of about twenty-two per month uh throughout twenty twenty five. Uh Google announced on Monday that for the first time ever its threat intelligence group had identified an attacker using a zero day exploit that the group believes was developed with AI. So that's kind of a grim milestone.

Yes, so we have talked about Claude Mythos preview, the model that Anthropic uh did not release widely, but released to A select group of companies and open source maintainers. And today we're actually gonna talk to someone who has used Mythos and who has been on the front lines of this frantic sprint to secure the infrastructure of modern life.

Yes, our guest today is Nakesh Aurora. Nakesh is the CEO and chairman of Palo Alto Networks, the largest cybersecurity firm in the world, which supports more than 70,000 customers, including the vast majority of the Fortune 100. And as you mentioned, Kevin Palo Alto was among the organizations given early access to Claude Mythos as well as GPT 5.5 Cyber.

Yes. And Nikesh is one of the people I think who is best positioned to see the effects that these models are having on cybersecurity because they do work so broadly across industries. They're also a big government contractor. So I'm just really interested in what he thinks is different about this new class of models.

Yes, and something I appreciate about Nakesh is that in an industry where there is a lot of hype because of course the more scared that a cybersecurity executive can make you, the more likely you might be to buy their software. Uh, Nakesha is somebody who I think tries to maintain an an even keeled approach here and not to ring alarm bells where none are needed. But that said, I do think that he is uh quite concerned about some of the things that he's seeing.

Well let's bring him in.

Nick Hash Rora, welcome to Hard Fork.

Thank you for having me.

I want to just start with your account of what it feels like to run a major cybersecurity company right now. Casey and I have talked with people at these companies for many years, usually because something terrible has happened. And I feel like the vibe we get is like this is the worst, most dangerous time ever in cybersecurity. What is your subjective experience as someone who's been in this field for a long time?

I'm a little more perhaps relaxed than what you're trying to ascribe that people come here to tell us is the worst moment. Historically, what's happened is in the last seven years you've seen the time from somebody breaching an organization and being able to extract, well say, crown jewels, has been measured in days. Unfortunately, with the emergence of AI, the arrival of advanced technologies, that time frame has shrunk down to minutes.

So your company recently put out a report on some patches that you all have made to your own systems. Yes. Um you disclosed twenty six Critical exploits covering 75 issues, and you said that's against a typical baseline of under five.

Yeah. Meaning that they discovered like five times as many in a competition.

Yeah, so is like is that pretty standard for what kind of spike you all are seeing in exploits or discovered exploits as a result of mythos and similar models?

So the what we've discovered, some of the newer models that have come out in the last few weeks, perhaps a month or so, is that the most important thing is that the most Yeah, models are getting very good at coding. Well, guess what? As the models start to understand what good code looks like, they also start developing and understanding what bad code looks like. So if you point this model and say, okay, now look through all this code repository I have and find me bad code, it will.

I'm trying to get a sense of the scale of this issue because I feel like within the past few weeks I've heard a lot of stories like the one you just described about your own company. You know, Mozilla has been publishing blog posts about discovering hundreds of bugs, you know, over a period where maybe previously they only would have discovered a couple of dozen.

That's a great question, Casey. I think and th that that's what should keep us up at night, right? Because not every organization has resources to fix code that could have been written 20 years ago. Now the good news is that Pretty much most of the cyber defenders have had access to the models. They understand the scale and enormity of the problem to some degree.

Yeah. I wanna understand a little bit more about the defense side of this. Now that you have access to the this mythos model, there's been a lot uh written about it. It's the subject of much uh debate at the highest levels of power. And I kind of don't just want to ask like What is it like to use it? Does it feel different than using like Claude Co you know, like if you've used another anthropic product, does it feel kind of the same? Or just like what what is it like to use mythos?

Uh in the beginning it was not that um impactful because when you're looking for a bad code, it's gonna find everything. Remember, I mean it's thirty percent of false spot. Right. So it's not like always gonna get the right thing, but unfortunately we gotta go test every one of them out to see which is real. But what became more and more fascinating is the more context we gave it, the better it became.

Well, you show it a piece of code, it doesn't know what to be what the code is trying to achieve. Right. Right. So you have to give it context saying, well, this code.

So you're not just pointing it and say, Go, go test this firewall and tell me what you find. You're actually like giving it some instructions beyond that.

You have to give it context in terms of what is the purpose of the code, what does it do, what is what is normal behavior supposed to look like. Then you have to give it more context in terms of other threat research. Like the models don't have all the threat research in the world. We sit on hordes of threat data saying this is how

You you mentioned using both Mythos and and GPT five point five cyber. I'm curious, like in your mind, how comparable those models are. Like are they in the same class or is one different than the other?

You know, the most fascinating part is that They both found different things. Which tells you that based on their grounding, their training, whatever they're use being used to train at. One of some of them were one of them was better at certain things, the other one was better at some other things. But it just tells you that there is still a lot that's gonna get found.

I mean, one thing that's stuck out to me as I was reading some of your blog posts and and your sort of postmortems about your experiments with mythos is like If a cybersecurity company is finding five to seven times more vulnerabilities using this model, like the average bank, the average insurance company,

But to say nothing of Kevin's personal website.

My personal website, I mean, we're gonna be looking at many multiples of that, right? Or or is it the case that everything is so centralized and runs through just a few platforms that like the average institution is not as screwed as I think they are?

Um I wouldn't say the average C I think look, there's a lot of work that needs to be done. It's not just good at finding vulnerabilities. The other thing we also found as part of our testing.

When Mythos was first announced, there were a lot of people uh who were very skeptical. They said, Oh, this is just marketing hype or anthropic doesn't have the compute to serve this model, which is why they're only releasing it to a select group of companies. Um, a month or so later, uh, do you still hear that kind of thing from people in your industry that maybe this isn't the sort of apocalyptic moment that Anthropic and others have said?

Yeah, I I look at it slightly from a longer term perspective. I think what the midsurce model showed is what the art of the possible is going to be in the future. Once we are compute unconstrained or we have better models in the future which are trained better. So it should sort of give us a window into what's coming. I think which is very useful. I I think that's a bit of a you know

Speaking of how we fix this, so for decades cybersecurity has operated uh using this sort of uh ninety day dis uh responsible disclosure window, right? I find something, I find a bug, I sort of privately notify you, but you know, in 90 days, you know, I'm gonna go public with this, so you better get your act together and fix it. And companies often do take 90 days or longer to sort of implement those bug fixes.

Look, I think the the principle of the ninety day window is to allow the owners of the product or the piece of software or piece of code to have enough of time to investigate, to fix it and make sure their customers are secure. I think the 90-day window is going to shrink, as he has rightly articulated. How much does it shrink? Still up for debate. How long do we have? Like, think about it for what we just did, right? We announced this morning that we've patched.

And I can tell you he will go like six months without installing the mandatory updates. I'm not even kidding.

Delay, delay, delay.

Yeah.

I mean, I am starting to see more of those just in my products and I'm getting more requests to update. system software. Is that mythos related? Like is no seriously. Like I'm I'm wondering to myself every time I see I'm like, oh, what did Mythos find now? So it's like, are we starting to see as consumers evidence that some of these systems are needing to be patched more frequently?

I think there is going to be, as I said, there is going to be the cleansing of the vulnerability backlog that has been built over the years. So you will most likely s experience in the next three to six months, if you're an enterprise, you'll experience in a lot more boxes that you buy. You buy servers.

But it sounds like it is a just a good time to install those software updates when you get those.

I haven't recommended it with that.

One persistent question about these kind of models is whether they favor attackers or defenders. So I guess I'm just gonna put that question to you. Like, is this technology better for people who wanna break into systems or people who want to safeguard systems? And if you had attackers and defenders with an equal model, who would win?

It's a great question.

Classic Batman versus Superman.

Yeah.

Remember, it's an unbalanced fight to start. We have to be right a hundred percent of the time. The bad guys can be right once. So it's an uneven playing field from that perspective. So the model, if you can find you five vulnerabilities and you can exploit one of them, It's a win for them and a loss for us. It doesn't matter if we protect you on the other four. We don't get eighty percent grade for protecting the other four. We get zero because it was able to find something to breach it.

Is there a sector of the economy that you're most worried about when it comes to cybersecurity and the new capabilities of the AI systems?

You know the the challenge always is the companies which use technology where their core business is ninety five percent something else and the five percent part is technologies and you can take that to mean small businesses, you can take that to mean sort of core industrial manufacturing output type businesses where they're not spending as much time thinking about the technology. They're busy digging for gold or building infrastructure for something else.

hospitals.

Exactly, so.

So you're worried about the the non tech businesses that may not have as many resources or as many engineers work

I'm not worried about financial institutions. They have more engineers than I do. So they will go rally against it, they'll put the resources to to work and they've been they've been protecting themselves for a very long time. They understand the implications of these things. So it's like

Yeah. Hmm. I mean, like for the moment, like d do you sort of breathe a sigh of relief that these models are not generally available or do you think they could be released and it wouldn't be that big of a deal?

Well as I exactly have been released, right? Both Opus four point seven cyber and open AI's five point five have both been released with cyber capabilities and guardrails.

Not mythos.

it perhaps goes towards your conversation about constraints is that MITSOS runs in ultra mode. Ultra mode is a compute consumptive mode which allows the model to persist for much longer than the flash mode that most models are released.

is it can just work for a lot longer, spend a lot more confusion.

That's right. That's right. Then other people. And the persistent allows the daisy chaining to happen much more effectively, right? Because it's trying different techniques, trying to see which one's most likely to work. So that's what causes the daisy chaining to happen in a more effective fashion. So that's why

So is it a good thing that like the average person doesn't have access to that right now?

I think so. I think every company should have a chance to be able to fix these things in the meantime. But again, I don't know what the aver who the average person is in this case, right? Is every company out there an average person then they should have access to it because they have to fix their stuff. You mean the average bad person?

Basically, I mean I'm just like thinking about, you know, all of these cyber attacks that we've seen just over the past couple of weeks and I'm assuming that they do not have access to a mythos level model and so I'm just ask asking myself like well what what if they did?

Yeah, or if they did that, they'll find a way to attack companies much faster.

Yeah.

I don't think the nature of the attacks change. I don't think the nature of the outcomes change. Most likely they will be used to leverage ransomware, perhaps cause economic harm if you're looking at it from a nation state perspective. So I think the the entire set of fundamentals of how the bad actor industry works is not gonna change. What it does change is the pace and the volume perhaps of attacks are going to be made possible because the availability of these models.

I want to talk a little bit about what, if anything, an average uh person can do here. Um I I myself am the subject of an ongoing phishing attack where um

Almost like it

Uh I mean I I hope so. Um but basically almost every day uh somebody tries to get me to like reset my X password uh from an email address that has nothing to do with X dot com And because I'm looking at my emails on the desktop, that's very easy for me to see and I'm not fooled, you know, congratulations. But that's

That's me. I've been trying to steal.

How could you? But I also believe that like within six months or a year, one of those emails is gonna come in and it's just gonna look way more convincing. Right. It's just gonna figure out a way to trick me.

Like I think one of the things my frustration has always been that if you think about it, we have much better cybersecurity solutions in the enterprise world.

Mm. Well like an any particular controls come to mind that you'd like to see out there?

think about the email, right? I mean you're telling me is it is it hard for the email provider to figure out that this is not an X email address? Like we should there'd be these P same guys are building AI, right? These guys are building AI just gonna anticipate what we want and do it for us. So somebody just needs to it.

That that's that's s sort of funny. I mean, like for what it's worth th so you know, this is like my paid Google workspace for my my my work account. And uh like you're you're absolutely right. Like it seems like a very simple classifier that Google makes to just be like, hmm, this probably isn't coming from X dot com.

How are your engineers feeling about all this? I mean, I imagine they're working a a lot these days. Are they excited because there's this new tool, new set of tools available to them? Are they stressed out'cause all of a sudden their workload just got five times bigger? Like what is the mood? Yes. All of it.

think about it. If you're a technologist, this is a phenomenal time to be doing this, right? They the the the amount of opportunity to learn, the amount of opportunity to understand. uh some of the people are fearful. I'm like how how is this thing gonna work? And you can find I think every emotion you can think of is probably in every engineering team out there. We have 9,000 plus technical people. I think it's not just the tool in front of us.

Totally.

Yeah. Yeah, and for all of my objectionable tweets over the years, I would like to just formally say that was my open club. Acting autonomously. There we go. So are you personally like running any of these insecure like are you running open claw? Are you experimenting with this stuff just from like a I need to understand the landscape perspective?

on a on a segregated device which has no connection to many of my things, which makes it totally useless, by the way. She can't even book a meeting in my schedule because I does not have access to my schedule. It can respond to an email on my behalf because it doesn't have access to my email. So I'm still

Yeah.

Tone it down.

Yeah.

Yeah.

Yeah. Is it changing your hiring plans at all? I mean you employ thousands of cybersecurity engineers and researchers. Yes. You may need fewer of those people in the future? No.

I need more. I think this is the fallacy out there, right? The fallacy is that Organizations are gonna get thirty, forty, fifty, sixty percent more productive from a development perspective and a testing perspective, so we need less people. The problem is every technologist that you talk to has a feature request list which is longer than their arm and typically people have product roadmaps that are six to twelve months out. Why is that? Because they don't have enough people.

Hm. They're not just spending that salary money on tokens instead.

Look, I think that the interesting part is I was saying this earlier, I was speaking somewhere else, and then and the part we don't realise that We're dealing with a tsunami of a desire to transform. I think we're in a decade-long transformation of business ahead of us. Imagine like you have new technology. My CFO would never come and say, I want to use AI to transform my team. He wants to transform his team and see if he can do it much more efficiently, but he wants AI.

I have to say I don't think anyone wants to be interviewed by the the AI assessor. That's not a good vibe, you know?

I don't know.

Would you want to be interviewed like for a job by a AI?

I think AI is most likely going to be better at assessing my domain skills than a human being.

Really?

Yes. If you're trying to f hire a good coder, if you're trying to hire somebody who knows a gentic air really well. I mean sitting and talk to them is not gonna get me a better answer if they can sit and code and deploy open claw in front of me. It's like I'll literally have done that interview. It's like the guy says, Well, I'm really conversant to the eye. I'm like, Really? That's cool. I'm like, what have you done? For it's like, Well, I I built myself an agent. I'm like, show me.

It's an asshole.

Yeah, girlfriend. Actually I shouldn't show you that.

Yeah.

Yeah.

So w now we have an HR problem. Um well Nikash, thanks so much for coming in. Really great to talk to you and good luck out there.

Fascinating.

Please tell Mythos to spare our families in the coming uprising.

Yeah.

Time for the Hot Mass Express.

Did you know that India is the biggest adopter of crypto globally? And that Estonia offers online voting in all its elections? I'm Kathryn Benholt, host of The World, a new daily newsletter from the New York Times. I spent twenty years reporting from more than a dozen countries, and it occurred to me one day, you know, what kind of newsletter would I like to read? I don't live in the US.

Well, Casey, we've got a train to catch today. The Hot Mass Express is here.

The Hot Mass Express is of course our segment where we take a look at the various calamities befalling people in and around the tech industry and at the end of discussing them decide what kind of mess was this?

What's uh what's pulling up to the station today? You just love the sound effect.

Our first story today comes from the verge. Oh, and this is truly the end of an era. Venmo is starting to test a big redesign of its apple. And as part of the changes, Kevin, it will be implementing a major new privacy feature. The onboarding process for new users will set their posts to only be viewable by their friends by default instead of being public. And this is very sad for me because for years now, every time I've opened up Venmo to um, you know, pay a friend.

So you know, as a nosy person who loves to gossip, I am sad about this story because you know, it was always fun to see which of your random phone contacts had been paying their fractional share of the rent or back for dinner. Uh people put various jokey things on their transactions, you know, illicit drug deal, uh foreign arms uh trade, et cetera. And it's just sad that we won't get to experience that.

Also, you know, the uh public by default Venmo transactions gave us many great stories over the years, including Joe Biden's. Secret Venmo, uh, which was a BuzzFeed story. Uh JD Vance had a public Venmo that Wired reported on. Matt Gates' Venmo payments uh were part of a federal inquiry into his payments to women, according to the New York Times. So I guess all of us investigative reporters are gonna have to find a new easy way of writing a story, Kevin.

Yeah, now the only baffling uh security breach uh from these apps is that Telegram still does notify you when one of your phone contacts joins. And I always love to screenshot that and send it to people and be like crypto or drums? What is it this week?

So what kind of mess is this Venmo mess?

This is unfortunately a cleanup, not a mess. This this used to be a very hot mess and uh now, you know, belatedly it is getting cleaned up.

Fair enough. RIP. Let's see what u s coming down the tracks. Oh well, this was interesting, Kevin, and uh ties in closely to something that you've written about recently. Amazon has started to widely deploy its in-house mesh claw product in recent weeks, which allows employees to create AI agents that can connect to workplace software and carry out tasks on a user's behalf.

I believe you invoked Goodhart's law about what happens when a target becomes a measure. Uh it's or a measure becomes a target. Thank you so much for that. Yes, and I imagine that at the famously frugal Amazon they are loving this era of people just spending a bunch of random tokens to move up the leaderboard.

Here's the thing. Uh I've talked to a lot of you know Amazon employees over the years. Tokens are the only thing at that company that is free. You wanna you want a diet coke from the vending machine? Get out your wallet.

So these guys finally find something free and now they're getting in trouble.

Yeah. The good news is they have unlimited tokens. The bad news is they can only use them on mesh claw.

Yeah, I'm gonna say that this is actually a hot mesh. That's what kind of uh mess this is.

Very good.

Next up, Kevin. This comes to us from 404 Media. And boy, did I see this clip in about 14 different places over the past week. Students boo commencement speaker after she calls AI, quote, the next industrial revolution. You see this one? Yes. Yes, so May 8th, commencement speaker Gloria Caulfield, who's the vice president of strategic alliances at Tavistock Group.

Here's my thing. Yeah. Students are allowed to feel however they want about AI. Yeah.

But if you b

Boo the commencement speaker for suggesting that AI is a big deal. I want to see your Chat GPT history. If you have used AI to write your

to help you with your problem sets in any way for your academic work, you are not allowed to boo it at commencement. That is my rule.

I don't know. I think these students were fine to boo. I mean, you know, Ms. Caulfield was, after all, addressing the College of the Arts and Humanities. Who I'm guessing is probably not the group of students at the university that are most excited to see AI come into their lives.

So here's here's the thing that I'll say that is sincere. I think this I think people are radically underestimating uh how mobilized young people are against AI right now. I see this every time I go to a college to talk to students. They there's like a a small group of them who are like running open claws and and very excited. And like 80% of them are like, I hate this.

Yeah. So look, if you have to give a commencement speech within the next few months, a highly relatable situation that many of our listeners will be in, now you know. Yeah. Careful, careful how you talk about AI. Yeah. Okay. Kevin, our next story comes to us from the good folks at Variety. Dua Lipa has filed a fifteen million dollar lawsuit against Samsung for using her face to sell TVs. And this one is honestly a pretty incredible.

What kind of mess is this?

This is a true hot mess because the T V could have exploded. Now, do you want to read one?

Okay. Okay. All right, this next one comes to us from our colleagues at the New York Times. eBay rejects GameStop's$55 billion takeover bid. Last week, GameStop offered$55 billion to eBay in an unsolicited takeover attempt. Uh according to some interviews, they appeared not to have$55 billion, which uh would put a damper on their plans. This week, eBay officially said no to the GameStop offer, calling it quote. Нідер кредит нор атрактив.

There you have it. You know, this one is an interesting um story from the world of what I like to call companies that I can't believe still exist. I don't know what's happening on eBay. I don't know what's happening GameStop. But what I do know is uh these companies probably don't belong together, Kevin.

Yeah, I find this f fascinating because it is just like the internet brained CEO of GameStop is this guy Ryan Cohen who's like you know, sort of rose to prominence during the meme stock mania of like twenty twenty and twenty twenty one. And now you can just do whatever you want. If you're the CEO of a company, you can just say, we're gonna buy a company that's like five times bigger than us. How? Shame on you for asking.

I mean, is it unreasonable given their history to expect that he they could have announced this and GameStop stock could have gone through the roof and all of a sudden they would have had fifty-five billion dollars by eBay? Yeah. But that didn't happen.

Well, if they had done this deal in typical GameStop fashion, they would have uh offered about half of what the market value for eBay was. Because it's used and probably doesn't even work on your console anymore.

I like jokes that you'll only get if you have returned a video game to

Listen, for our younger listeners, uh there used to be a time when you could walk into GameStop with a box of old video games that you wanted to get rid of and they would offer you between fifty cents and one dollar for each video game.

All right. This is the sort of mess where we're explaining the joke. Okay. Okay, so we've got a few more items, Kevin. So Shein and Timu are fighting it out in UK courts, Kevin, as Sheehan has accused Timo of quote astonishing levels of copyright infringement, and Timu accused Shein of waging quote an aggressive and relentless battle.

The fast fashion brands are fighting.

They fighting.

I have i there's no one I'm rooting for in this fight. I've never bought an item of clothing from either of them. Um but it is very funny that two of the brands who have made their uh sort of entire existence ripping off The clothing from more established purveyors are now fighting each other about which one's ripping off the other one. Yeah.

Truly a situation where is there a way they both could lose and learn a hard lesson about intellectual property? Yes. We're rooting for. Next up! Oh, favorite story of the week, Kevin. And I imagine you heard about this one. People are seriously pissed that Grindr outed them with its latest Madonna advert. Did this happen to you? No. Okay. So this issue stems from the fact that Madonna has been doing this big campaign inside of Grinder to promote her upcoming album, Confessions on a Dance Floor.

Yeah.

Truly one of the most misconceived ad campaigns in recent history. Wow.

Yeah. That's so wild. It's like if they put you two's songs of innocence on your phone, but it just outed you to your family.

Yeah, the song was You're Gay. That was the that was the song. This thing, here's the thing: this is a dangerous mess. It is not all For people to be outed to people in their immediate surroundings. So shame on Grinder, they really should have known better.

Yes. Push notifications should be illegal.

All right, and one more one more car coming down the train tracks here, Kevin. This is from the Elon OpenAI trial this week. Sam Altman was on the witness stand Tuesday and testified that at one point Elon thought he should run OpenAI. Sam asked him, Hey, what do you think would happen to the company if you died? And according to Sam, Elon replied, I haven't thought about it a ton, but maybe control should pass to my children?

Question mark, question mark.

Mark, question mark. So what do you think? Do you well let me just ask it this way Do you think we would be better off if OpenAI was a hereditary monarchy controlled by the Musk clan?

I I do. I I I think that really is the idea you know, we always talk about what is the ideal governance structure for A GI. Yeah. I think we can all agree that it would be best if uh, you know, Elon's twenty seven ha children were involved somehow.

Or just you know, I don't know, they pick one at random at you know, one one is probably I don't know, eleven years old and rides a skateboard around town. They're like, All right, kid, you run AGI now, best of luck. So uh yeah, that continues to be a legal mess.

Yeah, I the whole trial has just been fascinating to me, less because I care about the actual like l legal issue on on trial and more because it has just produced all these in amazing and incriminating files from like the early days of open AI, including all of their Texts and emails and messy dramas. I live for it.

Yeah, I mean d look, it's very hard to run a successful company without a lot of executives saying a bunch of really stupid things and writing them down. Like that we just see it over and over again. Yeah. Yeah. So let that be a lesson to us. Yep.

Hot Mess. And that is it for the Hot Mess Express. Thank you to all of this week's passengers and best of luck with your messes.

Try to stay on the right side of the tracks.

Hey, before we go, one request. We want to hear what it's like for people who are undergoing major career changes in response to AI. So, for example, if you have recently left a computer or desk job to do something more manual like HVAC installation or tree trimming, we would love to hear how it's going. So anything in that realm.