Bloomberg Audio Studios, Podcasts, Radio News.
Hello and welcome to another episode of the Odd Thoughts podcast. I'm Tracy Alloway.
And I'm Jill. Why isn't thal Joe.
You know I have some uh prepper tendencies. Yeah, slightly prepper tendencies, Prepper adjacent.
I know you do, because my plan for when everything, when everything goes bad, is to bring my family over to your place.
So I'm relying on you.
Actually, that's fine. I actually figured that, and I've been building an extra store of supplies.
I'm gonna like send you a whole list of things my kids like to eat and stuff like that, just so that we're already Yeah, okay.
Well, one of the things I saw on a bunch of the prepper boards that I sometimes look at. I don't want people to think that I'm crazy about it, but I find it interesting. I find it interesting seeing how people's like insecurities manifest in physical stuff. But anyway, one of the things everyone was saying was you need to start taking cash out because of the situation in Iran, because we're all expecting a big cyber attack that's going to absolutely destroy the US financial infrastructure.
By the way, if I told you my idea for a business, like I've looked at prepper meals, like prepared meals, and they all look terrible. They do like a slightly high end version for yuppies I think would be really good, like something they you know, like.
Some nice I think it's a physical limitation on how good you can actually get, like dry food.
Scientist can do a lot of things these days. Anyway, let's talk about the actual issue at hand. Yeah, well, are you taking cash out?
I have it? I haven't yet. I'm relying on my store of gold and silver. That's right. But I think this raises a legitimate and actually very interesting topic, which is what do we know about Iran's cyber I guess facilities, skills, what could happen in those context? And then also everything that's going on with the world of AI, right like cyber securities, cyber hacking. It's changing really rapidly given this new technology.
Totally, I mean also just within the context of the war itself, setting aside hypothetical doom scenarios. There's a really interesting report in the Financial Times about Israel having been able to hack into all of the traffic lights in Tehran, almost unbelievable and shocking, but there's already within the war itself or even over the last couple of years, there was the pager attack that Israel had executed, and so yeah,
cyber is part of it. And the timing is wild here because speaking of AI, it was just on Friday. We're recording this March fifth. I'm not exactly sure the data is coming out, but a week ago basically there was the news the complete collapse of the Anthropic relationship with the Department of Defense or the Department of War. And so it's all in the mix right now, and how is AI actually going to change warfare? And one of the national security implications of AI and AI and hacking.
There is a lot in this sort of mix that's all happening right now.
Absolutely. The thing that really caught my eye was the story about a hacker using Claude to hack into like the Mexican government system. Did you see that?
That was really interesting because it seemed like the hacker extracted a bunch of information from Claude itself. You know, I'm pretty sure you cannot go to claud code and say, like, I want to break into the Mexican government website helped me, like build this app.
It won't do that.
It's trained to avoid malicious uses. But people find a way to jail break down. People find a way to sort of extract information from the AI itself that has in its training and so forth. And there's been examples of leaks where you know, people upload data to the AI and somehow other people see it. Anyway, there's a lot here that we have to learn more about.
We should talk about all of it, and we do, in fact have the perfect guest, someone who's been on the podcast before but it's been a while. We're going to be speaking with Matt Swish. He is the founder of ondb, which is a data infrastructure startup for agentiic AI. So honestly the perfect a legendary French hacker. I should have said that first. Matt, thank you so much for coming back on all lots.
Thank you very much. It's been I think it's been worth four years.
Yeah, I think it has been.
The Last time we spoke to you, you were still in Dubai, and now you're coming to us from Sweden and a very Gustavian looking background over there.
I think actually what we talked to is right after Russia's invasion of Ukraine. So I guess, yeah, wow, that has been almost every.
Time there's a war, we call you Matt.
But because war is so intermixed with cyber espionage, cybersecurity, hacking, and so forth, it's a natural natural time.
So for the benefit of people who didn't listen to the episode four years ago, can you just give some context around who you actually are and your sort of history in the hacking community, including you know, shadow brokers and the Wannacrey era and all that stuff.
So I've been in enterprise software for almost like twenty years, particularly cyber security, and my name appeared in a few of the different leaks because of various analysis that I've done of private information that was being leaked, but also a lot of attacks that happened that happened to target
critical infrastructure over the last ten years. And last time we were on the podcast, one of the things we talked about is does cyber really matter once you enter into a kinetic war, which is exactly what's happening now. And the main takeaway was once you start using missiles, most of these cyber elements are not really relevant because you would use cyber mostly to gather information and intelligence
to prepare an attack or to disorganize an enemy. You create confusion, but as we have seen now, you can use like drones that are like twenty thousand dollars and create more chaos that you would do with any sort of exploits.
I like how you're introduced as a legendary hacker and then you're like, oh, I've been twenty years in enterprise software.
I feel like this is like the uh, the wind of the premium.
It's like, you know, the casual and then fancy a dress up hacker and the like twenty years in enterprise software. But this is a really interesting point that you made this idea between Okay, mostly it sounds like when people imagined cyber attacks, they imagine what Tracy talked about in the beginning. Suddenly the entire financial infrastructure, like I just come to a haul of people worried about or there's
gonna be a blackout, et cetera. But in reality, or what we've seen so far, by and large, is that cyber in the context of war is still much more about data collection, espionage, and so forth, rather than these more like you know, the types of things you might see in a movie.
Yeah, exactly. I mean over the last like ten fifteen years, we've seen some like attacks like cyber attacks against a critical infrastructure you run talking like Aramco around like twenty twelve. They were just mostly like using what we call a wiper that was like a malware that was erasing the
hard drive of most of the machines. And then we obviously have the case of Stocksnet few years before, where it was a joint Israeli US operation against some of the nuclear centrals in Iran where some of the PLCs were targeted. But what we have seen over the weekend is some of the drones happened to target some of the Amazon data centers and that created so much instability because multiple of the zones have been down and I think two out of three and the third one is
still recovering days after. Because most of companies, either private companies or public companies not relying on the cloud, which is something that was not really the case before, and once you have some softw of centralization in terms of dependence,
so become an easy target. And most of government's AI companies, cloud companies do not really have twenty thousand dollars drones in their threat models, which is like something that's pretty new, but also confirms that Kinneti quals and have more impact.
So I take the point about cyber being perhaps more useful before a war when it comes to info gathering and things like that. But we have seen some deployment of cyber attacks in the past week or so. So we know Israel is attacking some cyber infrastructure in Iran, and we know that Iran has perhaps attempted some things, maybe not as successfully, but walk us through what we've actually seen so far.
So so far, we have seen an Israeli operation where one of the prayer app has been hijacked and so message was sent to the users, so it's more like to create confusion within people. Also the traffic Light operation to understand the position of some of the targets, but it's more used for like recaoning a In terms of destruction,
we didn't see anything significant. Even the government itself of Iran shut down most of the Internet for a lot of the users, and a lot of what we see on social media is the usual disinformation and misinformation campaign, especially now with AI. There is so much AI slob with like the videos, the text, the boats. That's becoming pretty common now, even when there is no war, So it's not really like really impactful. So it's more like
to create confusion than being actually destructive. And now we're differently entering in a stage where it's been extremely destructive. And I cannot remember the last time we've seen so many countries being targeted, which is pretty like a first I would say, in terms of like a war climate.
Can you talk about You know, people stare at their screens all day, and they fool themselves into thinking that they're quote monitoring the situation, et cetera, but mostly.
The projections here.
I don't delude myself, no, I like, actually like I sort of look at my screen and I know that I'm being inundated with contextless garbage and slop and propaganda and so forth. I'm curious how you monitor the situation actually, as someone who takes these topics seriously and doesn't just sort of become an overnight expert, you know, the day after bombings begin, Like how do you pay attention to
what matters? How do you actually know what's real and so forth, and avoid just sort of the delusion of staring at the screen and engaging with slop.
It's a good question because there's so much of it, so I think the default reaction is to ignore most of it, Yeah, unless it becomes really significant. In this case, I think it comes down to looking at the actual damage.
Many people from the military world, but also the intelligence community has been underestimating Iran capabilities exactly like people used to do with North Korea, and now North koreas some of the best hackers in the world when we see them like targeting financial institutions, whereas before they would not
do like much. So there is definitely like internal capabilities that are available, but there's so much noise now, Like you say, a lot of people are monitoring the situation giving that quote un quote like overnight expert opinions, and that's becoming a lot of noise. But I would say that in this particular case, we have heard of the imminent threat of Iran for around forty years, and that's also not really a new situation, so most of people
would have context around it. And even for the attack that happened last week, and many people were expecting them four weeks, especially as the continuation of what happened last summer.
Can you actually talk a little bit more about the data center attack? And because that's not cider really, I mean that's that's just a physical kinetic warfare against the data center. I was surprised how disruptive was that. I sort of would assume that cloud service providers that it's fairly liquid. Okay, one goes down, but you know, it can just be the same software, it can be run from numerous other clouds. But I saw that there were disruptions.
I saw Fortnite tweeting about the fact that some of their gameplay was impaired due to the attack on data centers. How disruptive have those attacks been? Because this is of course a very.
You know, that's whereinetic meatia.
Yeah, yeah, and there's a lot you know in the future, like thinking about hardening these data centers and as you say, like making them they're going to be increasingly targets for war. Like how disruptive was that?
Very good question? So I think one of the main takeaway is that it has been extremely successful. So, like we said before, like a Shahid drone is around twenty thousand dollars and they managed to shut down two of the zones of Amazon. Actually, even if you look at the official report from Amazon for like thirty six hours, they were just saying, oh, some objects struck the data centers before they actually expletely said they were drawn strikes.
So a lot of services that I've been using them have been targeted, so from like local applications from two banks because in a data center you are taking care of multiple different services, and even Versail had to reroute their data to Bombay and to exclude middle List as deployment. So even if you take the cost of most of like zero, the exploits that can go up to like
multimillion dollar attacks. If you are really aiming at districting things, the cost reward of using such an attack is really efficient. So you really enter into some sort of asymmetric conflict where you can just spend like some really old material and have way more impact than someone who's going to be like cutting edge and just trying to impress with like capabilities. Because at the end of the day, it does not really matter.
How do governments actually build up their cyber capabilities nowadays, Because I have this image in my head of maybe ten or twenty years ago, you know, they would recruit like a twenty year old such as yourself at the time, and they would be working in a dark room, that sort of thing, but then drinking red bull. Drinking red bull, that's right. But then you know, we had the boom in Silicon Valley and so you had competition from private companies. Now we have the boom in AI and again even
more competition from private companies. And at the same time, governments seem to be I guess, seeding some of their own skill set to potentially private companies like Anthropic and chat GPT and some others. Walk us through how I guess the development of governmental cyber capacity has actually shifted.
I mean something that didn't really change over the last years in terms of capabilities, Like I guess we all remember like these snodnnicks in twenty thirteen when we started to see more about the inside of capabilities from a government, including like domestic my surveillance, global surveillance, exploitation capabilities, And since then every other year we have seen an history of data being leaked that belongs to the government. So in a way, things have been changing a lot, but
not really much. Like most recently, there was a contractor from n Free Iris that was sentenced to eighty seven months sentence because they happened to sell zero the exploits to a Russian broker, and that's actual expert that belonged to the government because there was some sort of integrator. So we see like nation states or like governments like the US investing like an almost amount of money into offensive capabilities, but they also keep being burned by insiders.
A lot of those capabilities are also as strong as the internal coercion.
But I guess what I'm asking is, you know, if you're the Department of Defense or I guess now the Department of War, and you're thinking about developing in house capabilities versus partnering with a company like Anthropic, and we should talk about all the drama that's going on there, how are you balancing those decisions nowadays versus say, ten or twenty years ago.
Like my understanding is that now a lot of it is also like outsourced because they cannot really develop as many capabilities internally. So now like we have seen with Entropic that it had been used in the Maduro operation and then after that, like there was a per out from Entropic because they said it was violating their ethical like standard like policy, Yeah, standards. So I would say, now, something that's really changing like very fast is the incorporation
of like AI into tho's decisions. But as we all know, like AI can also hallucinate, so even Darly or the CEO of Entropics that it's definitely not in a state where it can be used for like fully autonomous decisions like that. So I would say, like the AI element would be like the main difference even we start to see it now for like exploit development or vulnerability discovery, but it's still too early to kind of like give
a definitive like opinion about it. But overall, I would say it's very similar.
Well, talk to us about exploit development, because I know that you can't just go to cloud code and say, like, I'm working on zero day mailware attack, help me figure this out. But you know, I also know that there are some very talented people who pride themselves in being able to jail break AI and illicit outputs that the
labs do not want their AIS to produce. So do you have a sense how just within the pure like hacker community, AI is being employed today for these purposes or what they're able to get out of these tools.
It's a good question. So, like we started to see people leveraging like AI for like bug discovery, which actually is becoming like pretty good. I think even Entropy published an article explaining how cloud can be used for the discovery into smart contracts and how it found some bugs automatically. And I think even recently there really is something called cloud for security that was aiming at doing cod assessment. But now we're entering in is like interesting paradigm shift
where the cost of software is going towards zero. So if you're a company and if your cost of building software is becoming less and less, it's also hard to convince people that auditing software for security reasons is going to be more expensive than developing the actual software. So I think that's one of those shifts we're going to see.
But when can you explain positive lives Mark, what did you mean by that? It's going to be hard to convent.
If you can have like to allocate budgets for building a product, So you have most of the budget that's usually allocated for like your software engineers to build the software, and then you do some code review afterwards to make sure there's no vulnerabilities before it gets released to the public, but securities risk is usually like pretty high. You cannot just rely on like EI tools, at least not at the moment. Maybe in a year from now it's going
to be possible. So it's going to be like really interesting to see how it's going to like do like a market shift because now with cloud code, and as a famous Vibe coder, Joe, I'm sure you know that the cost of building software is approaching like zero if you just look on the timeline.
Are you actually on this note, are you a believer in the SaaS apocalypse? Because obviously there's the argument that, well, now everyone can just create their own software fairly easily
using natural language. But on the other hand, if you are a big corporation or presumably a government you're going to want to have you're going to still want to buy software from an external provider given some of the security concerns, given that it might not necessarily make sense for various reasons, management reasons, perhaps recreate an entire software business in house.
So I'm definitely biased on that. But as someone who thinks that the cost of software is going towards zero, and as someone who is like watching the software costs like collapsing. One of the things that we realize is that data is the only durabel asset in the AI economy. That's why we decided to work on the bid the current startup I'm working on, because like that's the only thing that's really going to have value long term if agents need something to transact or like to take the decision.
Because even if you look in terms of like in any context, you know, if agents are designed to think autonomously, you need to have enough information to take those decisions whenever you're going to have your reasoning loops. So software itself, if you just build it, is pretty static, whereas like the urgentic like feedback loops are more dynamic. But what
changes the contexts that take decision on. So definitely, like Salz business are going to have our time because if anyone, including the Shopify CEO, can just rewrite an MRI software in one afternoon just to like look at his back MRIs, you can imagine like how destructive it's going to be, like by the end of this year. I think the only thing we haven't seen yet is like enterprise AI agent. So so far I would say, like since Christmas, people are most still playing around trying to find like a
proper use case. We see a lot of like consumer like AI agent like open Cloth that really met like agents more mainstream, but we really haven't seen yet enterprise AI agent. So as everyone is kind of scared of being replaced for their jobs, we haven't really seen in like actual like AI agents replacing entire departments or full
on like employees. So we have seen some disruption around like software engineering, mostly to make like software engineering more efficient, especially in terms of like development with shorter timelines, but we haven't seen yet like proper like enterprise agents.
How do you define an AI agent?
So my view of an AI agent and I like to remind people like what an AI agent actually is. At the moment, most of AI agent is just like a piece of God usually written in Python or in type script. That's just doing a bunch of cards to like entropic PENAI and running in a loop and taking decisions and calling like third party tools like MCPS or web searches. So that's mostly what an AI agent is. We tend to think of AI agent as a completely
different persona. But at the end of the day. It is just like a piece of software that's running as a service on a machine or on a server. So from a security standpoint, which is pretty interesting, it's just like another service. So like software, but people really like to think of it in another way.
Well, just so like I'm from the security standpoint, I mean, one of the exciting aspects of AI agents is that they can work autonomously. Right, you set a task and it can go out and find what it needs to do, and it says like, Okay, this didn't work, I'm gonna try it's gonna try this thing. It's gonna try this thing. I need to connect to this web service to get this information, et cetera. The downside of AI agents is
precisely the same. The downside of AI agent says that they could do whatever they want to do and if it accidentally deletes a bunch of files because it thinks that's what's necessary to execute the task.
So like I'm curious, Like from a security.
Standpoint, like I mean, we've already seen examples of people getting private information exposed or as I mentioned, and the example of deleting a bunch of information. Is this like a new way to think about the security threat model. The fact that the capability and the downside are one and the same.
It's the same.
It's sort of like hallucinations, right, the ability to like create an output, and it also you know, is hand in hand with the ability to create a wrong output, a false output, and so you know, the ability to do to act on its own is also the ability to destroy on its own. Is this sort of like a novel threat model or a novel paradigm in thinking about enterprise security.
From an enterprise security standpoint, it is pretty much the same thing in the sense of like if you're building software, you can just really like patch software afterwards and stuff, because you never it never ends. Like secrety might be like built in, and you need to have like a safe design from the beginning. What we have seen now is like whenever people do something argenttic, they just give like all permeisterns up from yeah, which is like probably
the worst thing you can do. And if you're an enterprise, as you can imagine, if you just give like all permissions to an agent, it just becomes Murphy's Lows. If something bad can happen because you give it access to it will happen. So you're going to see like more dataks for sure, because there's no safety by design in those like architectures or like those like agents, which is in terms of reliabilities and like exposure would be like very similar to what we have seen over the last
like ten twenty years. But you know, if people are ignoring what has been done in terms of software security for the last twenty years, that's why we're going to have a lot of problems. And I think we're probably going to start to see like people, especially in enterprise, like pushing back a lot because there's compliance that needs to be like, you know, like answer to, so you cannot just give like full access to like you know, your agent.
Speaking of the long arc of history, one thing I really wonder is you've obviously been in this space for a very long time at this point. Can you describe how you think your own career and I guess coding experience would have been different if you were, say, starting out now in twenty twenty six versus I guess you would have started out in like the late nineties or early two thousands, maybe even before that, yeah.
Mid two thousands. Well, I would say, like, what has changed is back even like we even we've up going to like the two thousands, Like back in the snow and days when the global surveillance program was being exposed, like a lot of people were really like scared of it and scandalized by it and push back and people really cared about privacy was like now we're entering in a new arc where very few people care about privacy.
Where you see like the CEO of Entropy being asked why he refused to work with the US government and he says, well, they wanted to do a domestic surveillance program, so that's against or like a safety like chart. So there's this all aspect of people relationship with data, which I guess is very different in terms of software off you see like now you can write more things, anyone
can write anything. But I think we're still in this weird adequate software phase where we know what AI can do, but it cannot really do anything more or anything less. Yet you haven't seen like the actually or like use cass for it. Because it's obviously like very exciting and it feels like a lot of it is very different from before, but we don't really have like any evidence
of how it's really helping in national security. I know it's been helping people who have been analyzing like Epstein's emails because there's a lot of data and that makes it faster. But in terms of like real use case, I don't think like it feels like the current world is very different than before, but there's so much noise and so much like slop all over that in a way it is pretty similar. I don't know if that makes sense.
Well, I mean does your company is o n dB dot AI, So you must think that it's going to be used or they you know, or that there's clearly something there actually tell us about I'm actually really I'm on your website right now. It looks really interesting because it's something I've been thinking about. But you must have some vision for like where it's going and that there will actually be significant demand for these services.
Sure. I mean, like I was saying, like I think now we've like anything that's urgentic building software, which is like the main use case so far for AI is going to make software like going to zero, so the cost of building software is going to.
So that's real.
So like say, like there's in your view, there's no question that already AI. I mean talk about use it's a pretty big use case right there, bringing the cost of building software to zero.
Yeah, I mean, like even if you look at the offer of cloud code, he said that you didn't write like cod since November, So like a lot of people are like this, you know, even us internally, like we definitely like use cloud code a lot. But if software is going to zero, like what's left in terms of like the internet layers. So our conclusion is that data is the only thing that's going to be like timeless in the AI economy, so building like a layer for that.
Especially now there's like all those innovations around like payments and stable coin that you can use to actually like pay like anything online. So we think like, okay, if you have like issues like entropy or like opening I just scrapping Internet and using like public internet, so you may as well find ways of charging like boats or
agent for your data. So at least you can have this new like revenue unlock that's going to emerge in these new economy because I think a lot of the traditional like economic model, like for instance, like we said like with SaaS are going to be like disrupted a lot.
So there is a completely new market around help people are going to consume data, and I think people would just be ready to pay like more to have eigh quality data because the more noise there is, the more you want to make sure that the data access to
is going to be like valuable and real. So yeah, even from a security standpoint, you know, like once you build like an infrastecure layer, you can have these like built in security to make sure that the data you give back or the access like for the interface that you define is actually secure. Because even if you look at Opencloth for instance, one of the top skill was malware. So like people just like living into like wild West,
but they just run everything. So it's us anticipating that enterprise is going to look very different and they won't just run like anything they find online.
Yeah, you know, this is one of the things that I've encountered in my Vibe coding for is is that one of the annoying things is Okay, you want the agent to like go out and grab some information or clear some database or whatever, and then it's like okay, like let me know when you've gotten an API, They're like okay, come back and get and then you have to go to a website, and then you have to get out your credit card and you have to set up an account, and then you get an API key
and then you copy and paste it and so forth, and that's very annoying.
I want.
What I want is for the agent to just be able to go there say, oh, you know, like let me just pay you with some stable coins, et cetera. Just go out and get the information on its own without having this human in the loop. But it also occurs to me, and this is something that I've asked about with others, which is that like, once I'm just like entirely operating in the terminal and the agent just
going out and scraping information for me, et cetera. Like why do we even have a free public internet anymore? And so like I'm curious, like whether the direction of the Internet and information in general is just entirely like you know, paying micro transaction or fees for data consumption so that the data then arrives in some usable form in the terminal that I'm operating.
Yeah, no, I think you're You're raising some really good points. We need to talk after you can be design.
You know, it's going to hack the ati I can be, I can be a consultant.
No I hate having to deal with all these API key is why am I still using?
You're like completely right, Yeah, I told you're famous code. It's like but like the US case, you're describing noise like it makes entire sense. That's why, like we position ourselves kind of like as a trusted like provider, where like instead of having to go like everywhere to get data, you know, you have like this single point and unified access a bit like open Router for AI models, but
for provids. Because if you think about it, when you use like cloud now in your terminal, like the level one is basically you asking the model itself for information, but as we know, like the model maybe like a few months old and doesn't have access to the information.
So like the second level is the agent like cloud god or a cloud for this top or like cha gip doing web searches, and that's just them looking on the internet doing like Google search, etc. But that's still not giving you access to like the actual relevant data that you would need, where for instance, you would have like those APIs and stuff. So like the level after
that is basically access to private information. So on private information, usually the one that's valuable, like in the case of Bloomberg, for instance, Bloomberg has a lot of extremely valuable information, but you can only have access to it through the terminal once you have the subscription, or like any SaaS services if you think of like SaaS platform at just like some fancy UI where you can like browser database, but the data that's valuable is just in the database directly.
So if you have access to those APIs and we not have to create like one million subscriptions left and right, because there's already like someone who's doing the integration for that kind of like as a programmatic like API marketplace.
But the integration now is like much easier, and especially if you trust it because now what we have seen or so it's like whenever use autos tools, they make you install like MCPS, but more and more people are like moving away from mcps, they're just using like skills because like you just said, we start to spend more
time into the terminal. So like the terminal and anything that cila is becoming like a natural interface for like agents even for humans because you don't need to try to understand those like fancy UI and ux, you just say, like, Okay, I want to do it, ABC just do that. So I think it just makes more sense to have like this interface for it, and like, like you said, you know, like otherwise it's just like it becomes too complicated.
Just on this note, can we talk a little bit about I guess institutional knowledge of code because I remember one of the things that happened in the early days of AI development. I mean not that early. I think it was like twenty seventeen or something, back when Facebook's AI lab still existed. What was that called again, Like the acronym was fair or something. Yeah, they had like
a little Facebook like experimental lab. Anyway, they invented a bunch of chatbots, and the chatbots started talking to each other in pretty much incomprehensible language, but like they clearly
understood what each other were saying. And so I'm just wondering if you extrapolate that to AI generated code, could we have a situation where the models are constantly iterating on themselves, They're constantly talking to each other, and so we end up with a system that becomes very very difficult for human engineers and coders to actually understand.
Yeah, I mean I think what we're gonna stop to is like humans, you know, like us are going to move towards like creating like margdon files as like a programming language. So everything is just going to be like normal like language, but for the machine itself obviously. Yeah, I remember that video that is like gibberish like voice transfer thing. Well, if you think about it, it's not that much different from voice to text in that sense. And at the end of the day, just like bits
like being transferred. Because even like whenever you connect on a web page, you know, like you write it in text, but behind it just like bites that being a change. So agents still need to agree on the protocol that they're going to use, and not necessarily an encryption format,
but an encoding format. So once you know what it is, you know, it just becomes like like a reverse engineering problem or like a foreign sake problem where you're just like, okay, like this is what's being used when THOSS packets are being sent. You know, let me just decrypt it once you know the protocol, you know. Like that's so I don't think we're going to end up in a situation where like we would have like no idea of it, because you're always going to have like people who are
like pretty good like reverse engineers. But at the same time, you're also going to have like aah assistant who's going to help you to like reverse engineer those things. So in a way, even if it happens like you are not like alone with your red bull and you I know AI agents, we're all gonna have AI agents. So that's also like the reality of things. So we're far from just like the Clippy plugin that we used to have in Microsoft Office, or you can have this like
CLI interface. We just give like commands and then it's led that into like Okay, I understand what I need to do, you know, and that's it. No.
I love like interacting with just the CLI now, And like every time I have to go to the web, it feels like some sort of failure. I'm like, I have to go to this brace website, yeah, and I just like want the information right there on the black screen talking, you know, communicating back and forth in English background.
You know, that's like feeling familiar for you.
You know.
Something I think about is I imagine that there's a lot of like crusty old Linux and Unix programmers who are like, oh, this code is this isn't high quality code that the AI that the chat pods produced.
This is slop code. It needs all.
Kinds of fixing and so forth. From your perspective, is the code itself of good quality or of improving quality? How just the lines of code itself from your standards is a good stuff?
Yeah, it's pretty good then even when it's bad. You just said it okay, like this is bad. You know, like just do it better. You know, like if you're using like negative rewards, you know, if you say okay, like this piece of code is garbage, you know it's gonna understand better because you kind of give like a strong emotion where it's like if you say, oh it's okay, you know it's be like okay, like whatever. You know, if it's okay, it means it's passing, like the the
Eddequo test. Okay, that's their badge. You write it.
And I always do this so if I ask about for something, I will always say, like after the first version, like do better and just see what it comes up with, and just try to iterate this is.
This is tough because you're talking when you're talking in English the brain deludes itself into thinking that you're talking to or when you're talking in human language, any language, the brain deludes itself you feel like you're talking to a person, so you have to be nice.
Well, then I feel like I don't have that problem.
But then I feel like I like I don't want to say, oh, this is garbage. I don't But from your perspective, it's actually sort of important to to be firm with the bot, and you get better results by being more sharp with it.
Yeah, because it's the equivalent to the negative world. Like just like positive world. If you if it does something, you say, okay, like that's great, that's exactly what I tried to explain. Then it's like okay, like that's like a reference point. Was Like if it starts to go on a tangent, you just say like, oh, that's completely like out of the line, redo this, like why are
you doing this? You know, like the more explicit you are, the better it's going to understand how far these from the requirements.
Well, I just have to get better, you know, sort of conflict avoidant, and I like very nice to people.
So I just still says please and thank you. So I just bask doesn't get them.
So yeah, that's right.
So I have to I just have to be like, no, this is trash, this is garbage. You totally we're all dumber for having seen this code. Okay, this is good to know.
I mean it's a good point. You know, like those like AI companies that are recording all the prompts, you know, yeah, if they're keeping it, if there's retention around it, you know, like we know the open the eye is keeping them, you know, like they can get sophy. Is so your importance it? Yeah, so like who knows, you know, like in years from now, if there's like full on like autonomous like robots managed by the Department of War because they think it's lowful so.
We all get social scores based on our Yeah, these thoughts creep into my head on ironically where it's like at some point is there's going to be some am I going to regret having?
I don't know? They I they were there in my head.
Truly a brave new world, Matt. Just one last question for me, but going back to cybersecurity and the current situation with Iran, what are you on just the lookout for, like what would peak your interest the most to see in that particular space.
I think now in that particular space because I'm one of those people who think it's related to the Epstein files, you know, like it's just more about like getting more Epstein Files related stuff to see if there is like
more connections to it, you know. So I think that would be the only thing that would kind of be like digital that we like spike my interest because now we have seen you know, like just those like all drones can do like so much damage, and that Iran demonstrated that they can be like really precise with the attacks.
So now I think it's more about seeing like which direction it's going to go to and how long it's going to last, which is like the big question mark because there's so many other components, like the energy sector, you know, like how is it We have seen the price of like memory like increasing like a lot. So now now if they're starting to block like the Detroit of almost you know, like like what's gonna happen to like the cost of data centers and like memory and
AI in general. You know, like we're going towards on one side, you know, we're going towards like the cost of tokens and insurance going down, but that may also like bring the cost up. You know, So if you're gonna use like AI for like your next generation wars, but if your enemy can just like increase your cost of token and insurance, what does that even mean? Like do you even need AI in the first place? Is
it even relevant? So I think there's this all like asymmetric like warfare that's going to happen that we really haven't seen yet, and I think that's gonna be like really interesting. But at the same time, there's so much noise and so much so many things happening at once that it's becoming like extremely like hard to focus and just like extract. But that's pretty ready.
But yeah, definitely feels like that tough, tough choices potentially coming for half Alock as your token costs go up. Matt, it was so wonderful to reconnect again. Thank you so much for coming back on odd lots And yeah, you'll have to get back to Joe about those APIs.
Yeah, I'm happy, let's let's.
Do Yeah, bring me on as sounds good.
Take care of Matt.
Thanks Matt, Joe.
Always good to catch up with.
No super interesting It's incredible how much has happened right now at this particular nexus, especially obviously the anthropic stuff.
But I you know, it's interesting.
You know, you think about cyber warfare and you think about, okay, we're going to hack into a system and take out critical infrastructure. But another thing you can do is just attack a data center correctly, just.
Send a drone to the data center. I thought that was really interesting. That sort of like we got very used to thinking about cyber as like this thing that exists only in code, in code, but now you have this like new front of kinetic warfare where the two like really intersect.
Yeah, they do really intersect, and yeah, these are like huge national security vulnerabilities. And he pointed out, I mean certainly today, but you know, was this in anyone's threat model thinking about the risks to it? You know, the cheapness of drones the ability to take them out super interesting. Also just this idea like yes, you know, obviously again as your observation, the point we think of like cyber attacks, like we're going to take out this whole thing, but
in least in the warfare context. His point like most of it is like before the war et cetera, the sort of information gather spy, spy craft and so forth prior to the actual the actual attacks.
But it is interesting to see Israel in particular use some cyber attacks as a sort of sewer of chaos. Definitely in Iran. I can't imagine what it's like to actually be on the ground there at the moment for many reasons, but like you imagine just being there worried about your physical safety, and then the traffic lights aren't working as well.
Well, right, and also just think like wait, there's cameras everywhere or how much is being recorded? Like create like a sense of like paranoia among everyone about everything.
And also the interesting thing obviously this is very topical in markets, but the SaaS apocalypse idea Matt in particular, seemed pretty bearish on the outlook for existing software companies, I guess, and I did think his comments about what that would mean for security budgets within organizations were pretty relevant and worrying. Absolutely, all right, shall we leave it there, Let's leave it there. This has been another episode of
the Odd Thoughts podcast. I'm Tracy Alloway. You can follow me at Tracy Alloway.
And I'm Jill Wisenthal. You can follow me at the Stalwarts, follow our guest Matt Sweish, She's at m swish Fellow or producers Carmen Rodriguez at Carmen Arman, Dash o'l bennett at dashbot, ands at Kale Brooks. And for more odd Laws content, go to Bloomberg dot com slash Oddlage for the daily newsletter and all of our episodes, and you can chat about all these topics twenty four to seven in our discord Discord dot gg slash odd Lots.
And if you enjoy odd Lots, if you like it when we talk about the intersection of kinetic and cyber warfare, then please leave us a positive review on your favorite podcast platform. And remember, if you are a Bloomberg subscriber, you can listen to all of our episodes absolutely add free. All you need to do is find the Bloomberg channel on Apple Podcasts and follow the instructions there. Thanks for listening.