Unsupervised Learning With Daniel Miessler

Marcus and I debate AIs capabilities from nearly polar opposite ends. He thinks it's basically autocomplete, and I think it's the most important tech we've ever built as humans. It was a fantastic, and very civil conversation, so thanks to Marcus for that, and we're already planning on Part 2. This two-hour discussion covers:

UL NO. 486: STANDARD EDITION: Fully Automated AI Malware (Binary and Web), My Debate with Marcus Hutchins on AI, The 'Did You Notice?' Psyop, The METR AI Metric for Longterm Tasks, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-486 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

STANDARD EDITION: Netflix RCE, My Current AI Stack, All-in on Claude Code, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-485 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

UL NO. 484: STANDARD EDITION: OpenAI's Malicious AI Report, Disappointed with WWDC, AI's First Actual Science Breakthrough, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-484 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

A Chrome 0-Day, Meta Automates Security Assessments, New Essays, My New Video on Hacking with AI, Ukraine's Asymmetrical Attack, Thoughts on My AI Skeptical Friends, The Dangers of Winning the Wrong Game, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-483 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Sponsored by Vanta. Vanta takes the busywork out of GRC so you can focus on what actually matters—improving your security, not chasing compliance. https://ul.live/vanta This isn’t just another AI podcast. It’s about the deeper shift that’s happening in cybersecurity—away from individual tools and dashboards, and toward real-time, comprehensive world models of what we’re trying to protect or attack. I'll walk through how I came to this idea, what it means for security assessments, red teaming, vuln management, and beyond—and why context, not AI, is the actual revolution.

AI Finds an 0-Day!, Postman Leaking Secrets, High Agency Mental Model, My Unified Entity Context Video, Github MCP Leaks Private Repos, Google vs. OpenAI vs. Apple on AI Vision, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-482 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

What really happened at RSA 2024? Daniel Miessler and Jason Haddix break it down. Fresh off a whirlwind RSA week, Daniel sits down with Jason Haddix (Arcanum Information Security) to talk about what mattered—beyond the show floor noise. From off-site innovation summits to real-world AI implementation, this deep dive covers: -Where the real innovation happened (hint: not on the show floor)-Key takeaways from the OpenAI and Airbnb AI Security events-Jason’s talk on AI pentesting methodology and the Prompt Injection Taxonomy -The future of cybersecurity moats and the risk of AI-native disruption -Why agents aren’t the main character—data is -DARPA's AIxCC competition and the rise of Cyber Reasoning Systems -Challenges with evals, autonomous security workflows, and VDP backlash -Behind the scenes at RSA: puppies, parties, burnout, and brutal honesty They also explore content creation, the future of platform-native context, and why being opinionated (with receipts) matters more than ever in

➡ Get full visibility, risk insights, red teaming, and governance for your AI models, AI agents, RAGs, and more—so you can securely deploy AI powered applications with ul.live/mend In this episode, I speak with Bar-El Tayouri, Head of AI Security at Mend.io, about the rapidly evolving landscape of application and AI security—especially as multi-agent systems and fuzzy interfaces redefine the attack surface. We talk about: • Modern AppSec Meets AI Agents How traditional AppSec falls short when it comes to AI-era components like agents, MCP servers, system prompts, and model artifacts—and why security now depends on mapping, monitoring, and understanding this entire stack. •  Threat Discovery, Simulation, and Mitigation How Mend’s AI security suite identifies unknown AI usage across an org, simulates dynamic attacks (like prompt injection via PDFs), and provides developers with precise, in-code guidance to reduce risk without slowing innovation. •  Why We&rs

In this episode, I break down what I believe is the emerging structure of the AI-powered world we're all building—consciously or not. I call it the “Four A’s”: Assistants, APIs, Agents, and Augmented Reality. This framework helps make sense of recent developments and where it’s all headed. I talk about: 1. Digital Assistants That Understand and Optimize Your LifeYour DA (like “Kai”) will know your goals, preferences, health, schedule, and context—and proactively optimize your day, from filtering messages to planning meals or surfacing relevant information in real time. 2. APIs and the Real Internet of ThingsEverything becomes an API—from businesses to people to physical objects. Your assistant interacts with these APIs to act on your behalf, turning the world into a navigable ecosystem of services, tools, and resources. 3. Agents and AR Bringing It All TogetherAgents act autonomously to complete multi-step goals, and AR glasses will display their outputs c

In this episode, I walk through a Fabric Pattern that assesses how well a given model does on a task relative to humans. This system uses your smartest AI model to evaluate the performance of other AIs—by scoring them across a range of tasks and comparing them to human intelligence levels. I talk about: 1. Using One AI to Evaluate AnotherThe core idea is simple: use your most capable model (like Claude 3 Opus or GPT-4) to judge the outputs of another model (like GPT-3.5 or Haiku) against a task and input. This gives you a way to benchmark quality without manual review. 2. A Human-Centric Grading SystemModels are scored on a human scale—from “uneducated” and “high school” up to “PhD” and “world-class human.” Stronger models consistently rate higher, while weaker ones rank lower—just as expected. 3. Custom Prompts That Push for Deeper EvaluationThe rating prompt includes instructions to emulate a 16,000+ dimensional scoring system, using exp

➡ Secure what your business is made of with Martial Security: https://material.security/ In this episode, I speak with Patrick Duffy from Material Security about modern approaches to email and cloud workspace security—especially how to prevent and contain attacks across platforms like Google Workspace and Microsoft 365. We talk about: • Proactive Security for Email and Cloud PlatformsHow Material goes beyond traditional detection by locking down high-risk documents and inboxes preemptively—using signals like time, access patterns, content sensitivity, and anomalous user behavior. • Real-World Threats and Lateral MovementWhat the team is seeing in the wild—from phishing and brute-force attacks to internal data oversharing—and how attackers are increasingly moving laterally through cloud ecosystems using a single set of compromised credentials. • Customizable, Context-Aware Response WorkflowsHow Material helps teams right-size their responses based on risk appetite, e

AI is changing cybersecurity at a fundamental level—but how do we decide what to build, and when? In this episode, I outline a structured way to think about AI for security: from foundational ideas to a future-proof system that can scale with emerging threats. • Rethinking Human Workflows as Intelligence PipelinesBy mapping tasks into visual workflows, we can pinpoint exactly where human intelligence is still required—and where AI agents are most likely to replace or enhance us. • Using AI to Understand and Manage Organizational StateI introduce the concept of AI state management: building systems that track your current and desired security posture in real time, and using AI to bridge the gap—automating insights, decisions, and even actions across your environment. • Building a Cyber Defense Program Inspired by Attacker PlaybooksInstead of waiting for threats, I propose a new framework based on attacker capabilities—what they wish they could do now and in the near futur

The conversation around AGI and ASI is louder than ever—but the definitions are often abstract, technical, and disconnected from what actually matters. In this episode, I break down a human-centered way of thinking about these terms, why they’re important, and a system that could help us get there. I talk about:  • A Better Definition of AGI and ASIInstead of technical abstractions, AGI is defined as the ability to perform most cognitive tasks as well as a 2022 U.S.-based knowledge worker. ASI is intelligence that surpasses that level. Framing it this way helps us immediately understand why it matters—and what it threatens. • Invention as the Core Output of IntelligenceThe real value of AGI and ASI is their ability to generate novel solutions. Drawing inspiration from the Enlightenment, we explore how humans innovate—and how we can replicate that process using AI, automation, and structured experimentation. • Scaling the Scientific Method with AIBy building systems

➡ Build, run, and monitor workflows with Tines at: tines.com In this episode, I speak with Matt Muller, Field CSCO at Tines, about how automation and AI are transforming security operations at scale. We talk about: • Tines' Mission to Eliminate Manual Security Work Through Automation How Tines helps security teams streamline incident response and workflow automation without needing to write code, saving time and reducing burnout. • Applying AI to Security Operations and Analyst Workflows How AI is used in phishing analysis, threat intel reporting, and data transformation—integrated safely into workflows using tools like Workbench with private LLMs. • Tines Workbench and the Future of Agentic AI How Workbench combines chat with deterministic automation to help analysts take action securely, and how Tines is exploring agentic AI to take automation even further. Chapters: 00:00 - How Tines Automates Security to Solve SOC Burnout07:19 - The AI Arms Race: How Attackers and Defenders Are Evolvi

STANDARD EDITION: Signal OPSEC, White-box Red-teaming LLMs, Unified Company Context (UCC), New Book Recommendations, Single Apple Note Technique, and much more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

➡ Allow what you need, block everything else with ThreatLocker: threatlocker.com In this episode, I speak with Slava Konstantinov, ThreatLocker's MacOS Lead Architect, about their zero-trust approach to endpoint security and their latest cybersecurity innovations. We talk about: • ThreatLocker’s Zero Trust Approach to Cybersecurity:How ThreatLocker enforces a default deny security model, ensuring only explicitly allowed applications and actions can run, reducing attack surfaces and unauthorized access. • Key ThreatLocker Products and Features:How ThreatLocker’s solutions—Application Control, Storage Control, Ring Fencing, Network Control, and ThreatLocker Detect—help organizations enhance security through granular policy enforcement. • New & Upcoming ThreatLocker Features:How new solutions like Patch Management, Web Control, Insights, and Cloud Detect will provide even greater security, automation, and compliance for businesses managing complex IT environments. Chapt

STANDARD EDITION: 28 Open Cyber Jobs, Real-world AI Propaganda Poisoning, MCP Explained, Cline vs. Windsurf, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member for the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessleBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

In this episode, Daniel Miessler explores how to supercharge your macOS workflow with Raycast, transforming everyday tasks into lightning-fast, AI-powered actions. He talks about: Raycast as a Universal Launcher:Daniel explains how Raycast replaces traditional launchers like Spotlight and Alfred, offering an all-in-one shortcut to apps, files, and bookmarks for unparalleled efficiency. Quick Links and Custom Searches:He demonstrates how quick links streamline navigation by replacing outdated bookmarks and enabling custom search commands that let you bypass the browser for faster access. Integrated Utilities and Window Management:Discover how Raycast consolidates everyday tools—from color pickers and process killers to custom window arrangements—ensuring that all your essential utilities are just a keystroke away. Advanced AI Integration:Learn how Raycast’s innovative AI commands integrate with platforms like ChatGPT and Fabric, allowing you to interact with, summarize, and analyze web conten