In September 2022, a teenager broke into one of the world’s most valuable tech companies without writing a single line of exploit code. He bought stolen credentials on the dark web, flooded a contractor’s phone with authentication requests for over an hour, then sent a WhatsApp message pretending to be IT support. That was enough. Once inside Uber’s network, he found admin credentials sitting in a PowerShell script on a shared drive — and from there, he had access to everything: AWS, Google Workspace, Slack, bug bounty reports, and internal dashboards. He announced his success by posting on the company’s own Slack channel. This is the story of the 2022 Uber breach, MFA fatigue, and what it means that a phone call is still one of the most effective hacking tools ever invented.

Support the show

What if your AI assistant could be turned against you by an email you never read? In 2024, Anthropic released the Model Context Protocol - a universal standard for connecting AI assistants to email, code repositories, databases, and cloud infrastructure. Within months, researchers began finding something alarming: AI agents with this kind of access could be hijacked by hidden instructions embedded in the very content they were asked to process. No stolen credentials. No exploit code. Just words that the AI read and obeyed. This episode explores the emerging security frontier of AI agents and MCP servers - the real CVEs, the documented incidents, and why the security community is paying very close attention.

Anthropic described its own upcoming model as posing unprecedented cybersecurity risks - then accidentally leaked that description. Cole Drayden sits down with former federal threat intelligence analyst Marcus Hale to work through what Mythos actually is, what it can do, and what happens when that capability reaches the wrong hands.

On March 31st, a misconfigured build file exposed 512,000 lines of Anthropic's Claude Code source code to the world. Cole Drayden sits down with AI systems security consultant Dr. Elliott Vance to unpack what leaked, what it reveals about autonomous AI, and why this moment may accelerate the field faster than anyone expected.

On March 31st, 2026, a security researcher found that Anthropic had accidentally shipped the
complete source code of Claude Code - its flagship AI product generating $2.5 billion in
annualized revenue - in a public npm package. A missing configuration entry. A public cloud
storage bucket. Within hours, the code was mirrored across GitHub 41,500 times. A clean-room
rewrite called claw-code became the fastest-growing repository in GitHub's history, crossing
100,000 stars in under 48 hours. Anthropic then accidentally blocked 8,100 legitimate developer
projects while trying to contain the damage. This is a breaking news special episode. Details
are still emerging. We cover what is confirmed, what is unknown, and what it means for the AI
industry.

In November 2014, thousands of Sony Pictures employees arrived at work to find grinning red skulls on every computer screen. What followed was twenty-two days of leaked films, exposed emails, executive humiliation, and a geopolitical standoff that ended with the President of the United States calling out a foreign dictator by name. This is the story of the most destructive cyberattack ever launched against an American entertainment company - who did it, how they did it, and what it means for every organization operating in a world where a nation-state can decide you are a target.

Support the show