UL NO. 465 | The SaaS Attack Vector, Project Stargate, and Undersea Cable Drones

Published Jan 26, 2025, 12:50 AM

also...Joseph goes independent, Perplexity's new search API, Stoicism's gift, and much more...

Subscribe to the newsletter at: 
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://twitter.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

See you in the next one!

Unsupervised Learning is a podcast about trends and ideas in cybersecurity, national security, AI, technology and society, and how best to upgrade ourselves to be ready for what's coming. All right. Welcome to unsupervised Learning. This is Daniel. All right. Episode 465. What do we have? So I spent like 20 hours over the past few weeks updating my homepage about page projects, Telos, a whole bunch of different stuff. Uh, predictions page, just a lot of new content on the website, which is a completely new looking website. Basically, the website was all on beehive, and now it's back in its natural home at regular. Daniel Mysa.com and the newsletters on newsletter.com. So yeah, go check that out. Highly recommend checking out two podcast episodes. I've been absolutely loving Dan Carlin on Alexander the Great. I'm. Yeah. I just love it. I'm so happy that he's back. I thought he actually got out of the game or retired or something, but this thing has from like June of 2024, so it's good news that he's back. I absolutely love getting history in this sort of way. He's describing history. It's also mostly biography based. I just love the whole thing. It's great. And I just listened to the acquired episode on TSMC and it made me buy more of their stock. I tend to buy stock from companies that they talk about, um, namely Costco and now TSMC. But, uh, yeah, really, really good episode. And my buddy Joseph Thacker has gone independent. So happy for him about this. He's now a full time bug bounty hacker and entrepreneur, and I really can't wait to see what he does this year in 25 security. So new research shows that the average employee creates a new SAS account every two Two weeks, which is creating massive security blind spots for companies. If I click on this link, um, yeah, it's pretty bad. It's pretty bad. Uh, definitely recommend checking this out if you are into app security, enterprise security, that kind of stuff. Uh, a lot of this data comes from the new, um, Verizon Dbir report found web applications were involved in 50% of security incidents, and 80% of breaches now involve compromised SaaS credentials. And that's according to CrowdStrike. Google just shared how they handle threat detection at a massive scale. They're doing some wild stuff around automation and response time. So standard response time is like days or weeks. And they're now doing it in just hours. And they're automating automating 97% of their detection work. So you got to imagine how much that actually is at Google. Microsoft's AI Red team published their findings from attacking over 100 AI I products. Sharing key lessons for identifying risks and vulnerabilities. Most interesting insight is that basic techniques like prompt injection usually work better than complex attacks. It makes sense. I mean, it is the main attack. In my opinion. Prompt injection is the thing that kind of makes this different than other types of security, because otherwise we're mostly talking about API security. When we're talking about AI security, it's threat modeling the entire data flow from the ingress point all the way to the different places it could be stored for, like second order attacks. And all of that is kind of similar. The thing that makes it different is like English being the language of attack and the fact that you could trick a Semi-intelligent processor, right? So parsers have always been vulnerable, but it's even more vulnerable now because you can trick it, right? It's a different kind of tricking. You could trick it using logic and stories and stuff like that. You could always trick passers, and that's kind of the game in security. But the types of attacks that you can do now are, are broader and more powerful with prompt injection. So I think that's the main avenue which which seems like it's what they found as well. Basic techniques like prompt injection work even better than complex attacks. Not quite the same point, but related. And DJI just announced that they're removing all geofencing restrictions from their drones in the US, which means you can technically now fly them anywhere, including airports, wildfires. Which one took down one of those big, uh, water planes and the white House? This can't be right. Like, how is this not going to get them TikTok? And by TikTok, I don't mean turned off for one day and turn back on. I mean, serious trouble. The new administration, along with Larry Ellison, Sam Altman and Masayoshi Son, launched a new AI project called Stargate, basically a new company and a $500 Billion dollar investment. That's half $1 trillion designed to make sure the US wins the AI war versus China. And the Pentagon is now using AI from companies like OpenAI and anthropic to help identify and assess threats faster. But supposedly they're being careful to keep humans in control of actual weapons for now. And Rachel Toback posted that it was her pleasure serving on the Cisa Technical Advisory Council, which has now officially been shut down. Trump dissolves the advisory committees, which is exactly what she was on, and that's now been shut down. And AI powered. Brad Pitt scam costs a woman £830,000, which I don't know how much that is in real money, but I think pretty close to $1 million might be over $1 million. It's something around there, and it was basically someone claiming to be Brad Pitt in a hospital, and you could see the AI. It wasn't super convincing, but things are a lot more convincing when you are lonely. Trump killed Biden's main AI safety executive order from 2023 that required companies like OpenAI to share safety test results with the government. And then he launched Stargate, which is about moving fast to beat China. So essentially that order was about moving slower and more carefully. And Stargate is about moving as fast as possible. And I'm pretty happy with this, actually, because, I mean, I'm worried about AI moving fast no matter what, but I'm more worried about AI in China moving fast while AI in the US moves slow. So that's where the priority is for me. NATO has launched Operation Baltic Sentry, putting 20 autonomous boats in the Baltic Sea to protect undersea cables from Russian sabotage. I think this is excellent. But 2020 drones in the Baltic Sea. How much area do you have to cover? I imagine you can cover a lot because you can use radar above, Of a sonar below. I imagine they have lots of different ways to cover a lot of ground. I'm just saying it's a small number of boats and very large body of water. Palmer. Lucky's defense tech company. Andrew. Andrew. I'm going to call it. Andrew is building a massive 5,000,000 square foot weapons factory in Columbus, Ohio called Arsenal one, dropping close to $1 billion of their own money on this thing. I and tech companies are using your data to charge you more. FTC just released data showing companies are using your location, demographics, and even mouse movements to charge you different prices for the same products. Trump just announced Stargate. We already talked about that one. Perplexity just launched an API that lets developers build their real time AI search capabilities into their own apps. I'm already using this, so I'm not sure exactly if this is sonar that I was already using before, and they just now launched it. Not sure about that, but it is pretty cool because you're getting live data, right? It's not just an API call to a static database, or it's not just an API call to an LLM. It's the combination of a search engine with an LLM, with live data queries on top of it. So quite quite useful. Transformer two introduces Self-adapting language models. Sakana I just released a new approach that lets language models dynamically adjust their weights in real time based on the tasks that they're working on. TSMC has officially started making four nanometer chips at their new Arizona plant, which is a massive win for the US semiconductor manufacturing. I wonder how many people are thinking that Arizona is like plan A if China takes Taiwan? I love the fact that we are in this position. I mean, it would be horrific if this happened because it would still massively disrupt for years and years. It would massively disrupt chip production and basically technology production worldwide. If we were to lose the TSMC plant in Taiwan, like, it's not a easy hot swap. First of all, four nanometer is like old tech, and TSMC has been talking for a long time about how the staff in Arizona is nowhere near as good as the staff in in Taiwan. The tech isn't as good. It's not as as modern of a facility. It's like way behind. But but if China basically takes this piece off the board for the West, which is what Taiwan is and what the US is and what you know, the West is, if they were to take that off the board, it would be nice to be able to put a piece back on the board and do it inside of Arizona, inside of the US. That would be wonderful. And, you know, they would pump whatever administrations in power would pump, you know, a couple of trillion dollars into that, probably like immediately build two more plants, fully move tons of people from TSMC over to Arizona or wherever, and get this thing going properly. And speaking of TSMC, they had to temporarily halt chip production after a 6.4 magnitude earthquake hit the southern part of the island. And basically whatever was being made at the time, right, right at this tiny, tiny little scale. By the way, only five carbon atoms fit inside of one nanometer. That is the thing I learned from that acquired episode on TSMC. But yeah, basically, while these things were being made, while a bunch of chips were in production, this 6.4 earthquake hit. And earthquakes shake things. That's what they do. So they basically have to say, okay, anything being made at the time, most of it is probably garbage. And they kind of throw that out, which is probably very expensive. And then of course you have to make sure everything is fine before you start everything back up again. Zuckerberg just announced they're letting go of around 3600 people by February 10th, and they're planning to refill them with new hires. My read on this is that it's a constant cleansing and replacing of the workforce with what I call Alaskan boat crews. Fishing boat crews. Right. And I think after doing this for like a year, doing this a few times, the culture will be basically like a killer culture. It'll be like, look, we are here to work. We don't tolerate people who don't work. We will report you. You will get put on the naughty list and you'll get taken out. So what it does is it just encourages like this super aggressive, super high performance culture. And my prediction is that the stock is going to go up quite a bit. But don't take my word for that. Just uh, that's a random prediction I like to put into the world so that I can capture it and tell me when I get it wrong. Okay. Meta just released a new AI translation system called seamless that can translate speech between 36 languages while preserving the speaker's voice and emotional tone. Getting closer to the universal translator. Scientists have created a new laser measurement technique that can measure distances of over 100km with nanometer level precision, which is insane. It's basically the distance between two cities with the precision of 1/1000. One one. Oh, goodness. 1/1000 the width of a human hair. I didn't realize that was a nanometer. 1/1000. Holy crap. That's that's small. 1/1000 of a human hair can fit five carbon atoms. Interesting. RSS is making a comeback because it lets you get all the good stuff from social media without the algorithmic manipulation. And it got a link to mine. It's just Daniel RSS or. Feed RSS. There's lots of different ones. If you just do slash feed or slash RSS. It will take you there. GitHub actions fall short for complex projects. So somebody shares frustrating experience with GitHub actions breaking down a larger, more complex environments like Monorepos with multiple teams. Humans. Japan's elderly women choose prisons over loneliness. So a lot of women are choosing to do petty crimes, so they'll get thrown in jail where they get meals, health care and community. This is extremely depressing to me. How are we at this point that you've got these poor old ladies who don't want to commit crimes? And it's not really about the crimes. It's the fact that you would rather go to jail because you're that lonely. What are we doing? What are we doing wrong? Human connection is everything. U.S. worker job satisfaction hits a ten year low. A new Gallup poll shows American workers are more checked out than they've been in a decade. Decade? What? 2015. Only 31% saying they're engaged at work. You know, you know my spiel. I'm not going to go into it. Sweden is reversing its 2009 all digital education initiative by bringing back printed textbooks. A comprehensive study in Texas from 2012 to 2018 found that undocumented immigrants commit violent and drug crimes at less than half the rate of native born citizens and property crimes at just 25%. The rate of non know at the rate of native born citizens. So dangerous crime basically half and property crime only 25% as often. FTC just released a report showing UnitedHealth and other major health care companies are marking up cancer drugs by over 1,000%. Medicare just added 15 more drugs to their price negotiation list, including Ozempic and Wegovy. Scientists discovered Greenland sharks are the longest living vertebrates on Earth. Some potentially being as old as like 600 years old. Ideas Stoicism's gift. The greatest gift that stoicism has given me personally is the ability to enjoy something I still have, as if I no longer have it. It is the ultimate frame. The greatest gift that stoicism has given me is the ability to enjoy something I still have, as if I no longer have it. Discovery. SSH. SSH into throwaway Docker containers. Basically, it's an open source tool lets you instantly spin up a disposable Docker containers via SSH for quick testing and development. And it got a bunch of my buddy Joseph Thatcher's favorite lists. And, uh, UL was lucky enough to make it on there a couple of times and the list was quite long, so worth taking a look at. In fact, I'm going to click over there. So best AI app cursor. Best model cloud sonnet. Best red team company Hayes Labs, right? So these are some of the things that he put in their command line tool. Yeah. Fabric. That's one of our mentions. Google bug bounty I jailbreaking resource. So lots of cool ones over here. What I wish I knew before quitting my job. So Michael Douglas shares his raw experience of how quitting his job to work on his own turned out way harder than expected. I post this because I'm always talking about the counter narrative of how, oh, you got to go independent. You got to do it sooner than later. I just want to make it clear that there is a counter narrative here. You do have to be careful. You've got to get oriented and you do have to be careful, is basically what I'm saying. Michael Box shares a really practical framework called hypothesis sheets, for validating B2B startup ideas before committing to them and the recommendation of the week. Try something different with your meditation for the next few weeks. Make a list of the relationships and other good things you have in your life, which are things like your husband, your wife, your particular particular kid. You have a close friend. The fact that you aren't hungry or cold at the moment. And now imagine that that thing or that person is gone. But as per your meditation, really, really imagine it. Like put yourself in that mental mode if that thing is really not in your life anymore. Imagine what you would do next. What does a day look like? Imagine watching TV. Imagine brushing your teeth. But without that person on the planet. Then wake up and realize that they are still here. This is a really, really powerful thing. And lots of different stoic teachers taught this, and I soaked it in from Marcus Aurelius. But when I was doing my stoicism stuff, I must have been like 2018, 2019. I probably read like 5 or 10 books around stoicism, including like summaries and a whole bunch of source material. And I just got this lesson drilled in over and over is like, Realize what you have. I also learned this in the army after being very, very cold and really appreciating things like a warm bed and, uh, and Burger King. Honestly, kind of a kind of a stupid example, but I wasn't even in combat. I mean, I was just out in the in the nasty stuff in, like, Kentucky freezing my balls off. And it was bad. It was really bad compared to being back at the base. And, you know, in normal life, like most people lead. So just imagining, like, right now I won't go too far into this, but like right now it annoys me that there are several things in my life right now in my environment and just around me. The fact that I have this microphone, the fact that I'm looking at a computer screen. It annoys me that there's a list of hundreds of things that if I didn't have them, I would wish I had them. I have pictures on my wall here in my house of the view of Earth from Mars. It's a tiny little speck, and I like to walk by. The reason I put him up is because I like to walk by and look at this picture and be like. Or a picture of the sun from Mars. It especially though looking at the Earth like the pale blue dot picture. I've got one of those as well. I love looking at it, imagining that we've been jettisoned off the planet like I'm in a prison colony. I've been kicked out of Earth, and I'm looking at it from Mars. And I'm just wishing. I'm just wishing I could go to that one Mexican restaurant. I could hang out with my friends. I could get a Starbucks. There's no more Starbucks. I'm in prison on Mars. I will never have another Starbucks again. And I will tell all my friends every time I meet them in the prison yard on Mars how cool Starbucks was. Am I actually a huge fan of Starbucks? Not really. I do like the vibe. I like how it smells in there. I like, you know, it's got a vibe to it. I like to go in there and work. The point is, whatever you don't have is the thing you want the most. And there's a there's a list of 100 of those things that I have right now that are just amazing. And the most important ones are actually relationships. And I think everyone's figured this out by now. But stoicism reminds me to take inventory and to imagine yourself without those things. And I recommend you you try this practice as well. And the aphorism of the week A rational person can find peace by cultivating indifference to things outside of their control. A rational person can find peace by cultivating indifference to things outside of their control. Naval Ravikant. Unsupervised learning is produced on Hindenburg Pro using an SM seven B microphone. A video version of the podcast is available on the Unsupervised Learning YouTube channel, and the text version with full links and notes is available at Daniel Miessler newsletter. We'll see you next time.