Who gets to decide who should be CEO of OpenAI? ChatGPT or the board? Plus a ransomware gang goes a step further than most, reporting one of its own data breaches to the US Securities and Exchange Commission.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
My Auntie Liz, she got burgled once before Christmas and the burglar apparently unwrapped all the presents around the tree and left them all thinking, these are shit.
I don't need some socks. Thanks though, Auntie Liz.
Smashing Security, episode 349. Ransomware gang reports its own crime and what happened at OpenAI with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 349. I'm Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 349. I'm Graham Cluley.
And I'm Carole Theriault.
Well, what was the pause for there, Carole? What was—
Do you always say that? Or do you say, my name is Graham Cluley?
I actually, you're, well—
It just, it was there's a weird audio cadence that changed.
I do normally say, my name is Graham Cluley. Yeah. That's right. But this time I said, I'm Graham Cluley.
I was expecting the music.
Da da My name is Graham Cluley. La-di-di!
And I'm Carole Theriault.
Carole, it's great to be back in the country. I was on my overseas mission last week, of course. I was at Black Hat MEA, where I bumped into friend of the show, Dan Raywood.
Mm-hmm.
Journalist, of course. He's currently writing for Dark Regions.
He's everywhere. I saw him on a plane coming back from Canada. Literally, we were getting on the plane.
You told me that, yes!
Yeah! I was on the plane, really hot and bothered, not happy, and then I just heard, "Carole Theriault!" I was oh, hi, hi. Then we had a nice Snapchat.
It was very nice. So hi, Dad.
Well, he's stalking me as well. He's stalking me too.
So, but anyway, he's now the owner of a lovely Smashing Security sticker, as are some other delegates from the conference who came up to me and said that they enjoyed the podcast.
And I did my usual trick of saying, which one of us do you prefer, me or Carole Theriault?
So, but anyway, he's now the owner of a lovely Smashing Security sticker, as are some other delegates from the conference who came up to me and said that they enjoyed the podcast.
And I did my usual trick of saying, which one of us do you prefer, me or Carole Theriault?
But regardless of their answer, I still gave them a sticker. So.
I love you guys.
High five. It was a crazy event, you know. It was a crazy event. On the last day, last afternoon, I was the MC of the event, doing my shtick.
And suddenly, huge thunderstorm, right?
Oh, I thought there was someone coughed. All right.
No, no, no. Enormous thunderstorm, torrential rain. And then the water started to come through the roof of this enormous conference centre.
Oh no.
And then the power went out.
Fuck.
And we were all evacuated. Thousands and thousands of people.
Oh my God. I would have died. I would not that.
A journey which normally takes 10 minutes to get back to the hotel in a car took an hour and a half because the roads were completely flooded because they don't have drains because they're not expecting this kind of weather.
Oh my God.
So, we should have canoed back. Anyway, dramatic end to the conference.
I'm glad you made it back. I had no idea.
Well, there you go.
I would have been on my own this week going, "Well, what do you think, Graham?" "Oh yeah, that's right." Glug, glug, glug, glug, glug, glug, glug. Should we kick the show off?
Let's do it.
Okay. But first, let's thank this week's wonderful sponsors, Kolide and Vanta. It's their support that helps us give you this show for free.
Now, coming up on today's show, Graham, what do you got?
Now, coming up on today's show, Graham, what do you got?
So you've hacked a company, now what? Ooh.
And I'm gonna talk about when company boards act like numpties. All this and much more coming up on this episode of Smashing Security.
So imagine the scenario. Imagine that you have hacked a company. You've accessed their data. You've committed the security breach, okay?
And what you probably want to do is you want to monetize the data in some fashion.
And what you probably want to do is you want to monetize the data in some fashion.
Right, so I've stolen all this glut of information. I wanna make some wonga off the stuff I've stolen. Yep, makes sense.
And there's different ways to monetize it. Maybe you could sell it to others. Maybe you could use the information which you've taken for fraudulent purposes.
Yep. Social engineering. Yeah.
And maybe if you've actually managed to convert it into money, you may think, well, what are we gonna do now?
You might even launder it through online casinos to get rid of all their money and maybe make some more money on the side.
You might even launder it through online casinos to get rid of all their money and maybe make some more money on the side.
No, it's to make it legal. That's the whole point, right? It's just to legalize the cash.
Yes, exactly. It covers your tracks and gives it to criminal, probably casino operation.
You could also do ransomware, right? Where you kind of say, you can have it back for a fee.
Right, exactly. And if you were trying to extort some money from an organisation, how do you apply those thumbscrews? You could leak the data online, which you've stolen. Right.
And say, if you don't pay up, we're going to put it on our dark website. You could contact journalists.
I've been contacted by ransomware gangs before, say, "Hey, hey, hey, look, we've got all the emails from this company and we found some really juicy stuff.
You could write about this." Sometimes I've had hacking groups do that with me.
And say, if you don't pay up, we're going to put it on our dark website. You could contact journalists.
I've been contacted by ransomware gangs before, say, "Hey, hey, hey, look, we've got all the emails from this company and we found some really juicy stuff.
You could write about this." Sometimes I've had hacking groups do that with me.
Do you say okay? Do you say okay or no?
No, of course I don't say okay. Of course I don't say okay. No, no, no.
But loads of journalists do, 'cause they need the clicks. So well done though, Graham, seriously, for having an ethical backbone. I had no idea.
You had no idea that I had any backbone at all. Well, I could do with the clicks, to be fair. To be honest, it would be good. But maybe I'm an idiot. I'm not sure.
No, you're not an idiot. You're not an idiot.
But yeah, I just don't like the idea of being an accessory in the crime. Right.
I'm so proud of you, actually. I'm glad you're my friend.
There you go. You know, I do feel like that, actually, quite strongly.
Sometimes when you've seen celebrities get hacked and photographs stolen, and then you see the mainstream media publishing them, and I think, well, hang on a minute.
Is that acceptable? I sort of think it isn't, really.
Sometimes when you've seen celebrities get hacked and photographs stolen, and then you see the mainstream media publishing them, and I think, well, hang on a minute.
Is that acceptable? I sort of think it isn't, really.
I'm with you.
So other things you could do, you could contact the customers of the hacked company describing how awful their security was.
Just one year ago, AirAsia, they got hacked by a ransomware gang called the Daixin team, and they lost personal data of 5 million passengers, all of their employees.
And normally that would be bad enough for a company, right, to have their data stolen.
Just one year ago, AirAsia, they got hacked by a ransomware gang called the Daixin team, and they lost personal data of 5 million passengers, all of their employees.
And normally that would be bad enough for a company, right, to have their data stolen.
Totally.
But something possibly actually has saved AirAsia from further attacks.
Something you probably wouldn't expect, because according to the hackers, the DaiChin team who came in, they said they were so irritated by the chaotic organisation of AirAsia's network and the absence of any standards that they refused to look at the data for a long time.
And they said the network protection was very, very weak.
And they basically announced, we're never going to hack them again because they're too much effort, because they're just so lousy, their security.
So it's worse actually than the data being leaked — you also got the hackers saying, "You're a complete joke, how you're running your computer security on your network." That's, I don't understand that.
Something you probably wouldn't expect, because according to the hackers, the DaiChin team who came in, they said they were so irritated by the chaotic organisation of AirAsia's network and the absence of any standards that they refused to look at the data for a long time.
And they said the network protection was very, very weak.
And they basically announced, we're never going to hack them again because they're too much effort, because they're just so lousy, their security.
So it's worse actually than the data being leaked — you also got the hackers saying, "You're a complete joke, how you're running your computer security on your network." That's, I don't understand that.
Okay, I don't get that at all. So you're stealing data and you're bitching publicly that the data was too easy to steal? What the fuck?
Too easy to steal, but also just disorganised.
They've also been hacked plastic surgeries and mental health clinics where the hackers have contacted patients threatening to release their details on their photographs, their pre-op photographs, or their mental health notes, unless they stump up the cash.
They've also been hacked plastic surgeries and mental health clinics where the hackers have contacted patients threatening to release their details on their photographs, their pre-op photographs, or their mental health notes, unless they stump up the cash.
I thought you said hacked plastic surgery, and I was imagining someone's face being somehow destroyed. I don't know. Okay, yeah, there's loads of bad things out there, Graham.
What's your point?
What's your point?
Or ways of applying pressure on an organisation to pay the ransom. But now, we are seeing something new.
Is it really new? Okay, I'm waiting. Okay, impress me.
Well, I think there's been threats of this before, but now it actually seems to be happening.
The ALPHV ransomware gang, also known as BlackCat, earlier this month they hacked a company called MeridianLink.
And MeridianLink provides services at some kind of platform for financial institutions. They've got some important customers who've got lots of wonga.
The ALPHV ransomware gang, also known as BlackCat, earlier this month they hacked a company called MeridianLink.
And MeridianLink provides services at some kind of platform for financial institutions. They've got some important customers who've got lots of wonga.
Okay, yeah, it's not a company I know of. I don't know any of this.
Yeah, yeah, because it's not a field we work in, right? But the ALPHV ransomware gang, they say that they didn't encrypt any files, which isn't that unusual these days.
Sometimes the hackers don't bother encrypting files, they just think, "We're just gonna steal your data 'cause we're gonna assume you've got backups.
Why bother encrypting your files, maybe tipping you off earlier as to what's happening?" Can we just give ourselves a hat tip there and just take a pause?
Sometimes the hackers don't bother encrypting files, they just think, "We're just gonna steal your data 'cause we're gonna assume you've got backups.
Why bother encrypting your files, maybe tipping you off earlier as to what's happening?" Can we just give ourselves a hat tip there and just take a pause?
Because for years, we banged on about having backups to everyone. We did it for at least 10 years. So well done, well done.
Well done, well done. Yes, exactly. So this gang, they exfiltrate data.
And according to the hackers, they said the next day MeridianLink found out what happened about the breach, but they didn't apparently do anything about it.
According to the hackers, they say they didn't put any security upgrades in place, they didn't patch themselves, and it was only when ALPHV posted on their dark web website, their leak website, about the breach that they then saw MeridianLink protect themselves against further attacks.
And according to the hackers, they said the next day MeridianLink found out what happened about the breach, but they didn't apparently do anything about it.
According to the hackers, they say they didn't put any security upgrades in place, they didn't patch themselves, and it was only when ALPHV posted on their dark web website, their leak website, about the breach that they then saw MeridianLink protect themselves against further attacks.
So this is a bit like I get robbed, they're still staking my joint, right, to see how I'll react. I don't fix the door or the broken window or anything. Don't do anything.
They get annoyed. So then they go to the local paper and tell everybody that they broke into my house and how crap it was or whatever, you know, that they have this data.
And then I go, okay, fine, I'll fix the door.
They get annoyed. So then they go to the local paper and tell everybody that they broke into my house and how crap it was or whatever, you know, that they have this data.
And then I go, okay, fine, I'll fix the door.
Yeah, I'll change the locks.
Maybe you're fed up with people coming in every night stealing your VHS recorder again, you know.
In the old days, when we worked at the company we worked at, no free advertising for anybody, I would come home occasionally at night, right?
I had a flat in Oxford Centre, and my front door would be wide open because I had forgotten to close it when I left.
Literally all day, that door was wide open, this huge door thing in a Victorian house, a little apartment. And no one walked in ever, no one stole anything. But somehow—
In the old days, when we worked at the company we worked at, no free advertising for anybody, I would come home occasionally at night, right?
I had a flat in Oxford Centre, and my front door would be wide open because I had forgotten to close it when I left.
Literally all day, that door was wide open, this huge door thing in a Victorian house, a little apartment. And no one walked in ever, no one stole anything. But somehow—
How do you know no one walked in? Maybe people did walk in.
I don't know, actually. They didn't steal anything.
Yeah, exactly. Because I had an aunt, my Auntie Liz. She got burgled once before Christmas, and the burglar apparently unwrapped all the presents around the tree.
And left them.
And left them all, thinking, "These are shit." I don't need some socks.
Thanks though, Auntie Liz.
Aw. Anyway, so they exfiltrated data, right?
Right.
And the company's now protected. But AlfV did not rest on its laurels there because they still want the company to pay up.
And they're thinking, well, you know, MeridianLink haven't been in touch. They're not negotiating with us, there's no dialogue going on, you know, why aren't they doing anything?
And they're thinking, well, you know, MeridianLink haven't been in touch. They're not negotiating with us, there's no dialogue going on, you know, why aren't they doing anything?
Are they prodding MeridianLink and asking for a dialogue?
Well, yeah, they're attempting to start a decent dialogue, a decent negotiation.
Find us on this forum.
Right. And they're not getting very far.
Right.
So they decide to take it upon themselves to tell someone else about the hack.
Not MeridianLink's customers, not MeridianLink's staff, but instead the US Securities and Exchange Commission.
Not MeridianLink's customers, not MeridianLink's staff, but instead the US Securities and Exchange Commission.
Ooh.
So Alfie submitted a form.
There's a place you can go on the SEC website where you can report companies who you believe have failed to, for instance, disclose a security breach within 4 days as stipulated in SEC rules.
SEC updated its rules in July, saying that you had to report a breach within 4 days.
There's a place you can go on the SEC website where you can report companies who you believe have failed to, for instance, disclose a security breach within 4 days as stipulated in SEC rules.
SEC updated its rules in July, saying that you had to report a breach within 4 days.
This is— oh my God, this is the kind of stuff that people policymakers never consider. How could you? So you've got some digital robbers reporting you for having—
Been robbed by them.
Yeah, for being robbed by them. Beautiful.
And not telling the authorities. And not reporting it, not reporting it within the time limit.
So they wrote, the hackers wrote on the SEC website, "We want to bring to your attention a concerning issue regarding MeridianLink's compliance with the recently adopted cybersecurity incident disclosure rules."
So they wrote, the hackers wrote on the SEC website, "We want to bring to your attention a concerning issue regarding MeridianLink's compliance with the recently adopted cybersecurity incident disclosure rules."
I love it.
"It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under Item 1.05 of Form 8-K within the stipulated four business days."
Oh my God. Written by AI, I can hear it. It's written— I will test this later.
So according to the rules, according to the new SEC rules, you have to report a breach within 4 days unless you can delay the disclosure if the US Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety, which I suspect it doesn't in this case.
Okay, okay. I'm going to say this is my immediate reaction of what they should do.
So they have to amend the law, and you need to identify yourself as the reportee for them to take it seriously.
So they have to amend the law, and you need to identify yourself as the reportee for them to take it seriously.
Oh wait, oh, I see. On the form, you have—
Yeah, you have to say, I'm Jo Smith.
Upload your passport. Upload your—
Yes.
Tell us your phone number. We'll verify it.
Otherwise we can't take it seriously, right? Because we need to go speak with you.
Ah.
We need to get more information first.
Maybe the hackers would fall for that.
Well, they wouldn't, but then they also wouldn't report you, 'cause now there's a sticky pickle, there's a catch-22, 'cause if they don't then take it seriously, you know, if they don't go after them, there could be a whole little mess, little squabble going online.
But hang on, isn't this a little bit like software as a service? Aren't the hackers actually doing a good duty for the company?
'Cause a company which has been hacked has got enough on its plate already.
How wonderful if the hackers then begin the process of reporting the breach to the authorities, like ringing up the ICO.
'Cause a company which has been hacked has got enough on its plate already.
How wonderful if the hackers then begin the process of reporting the breach to the authorities, like ringing up the ICO.
You're right, you're right. The SEC.
Can we say this comes off your list of items to do?
The SEC could start offering bug bounties to hackers to report companies that fuck up. There you go, yes, there you go.
Very well. You could do that as well, no.
So, so poor MeridianLink though. Tell me what happens.
So MeridianLink, they've now confirmed that they suffered a cybersecurity incident, but they say their investigations to date have not identified any unauthorized access to its production platforms.
Curious as to why they say production platforms.
Curious as to why they say production platforms.
Yeah, yeah, yeah, I know.
So has it been something else? And that it has suffered minimal business interruptions. It says, we have no further details to offer currently as our investigation is ongoing.
Of course, that's what you have to do for liability. You have to say, we don't know that anything's been stolen, that's why we haven't reported it, so we haven't done anything bad.
And the hackers, it's also forcing the hand of the hackers who are gonna go, "Look, we can prove that we've stolen stuff." But maybe also, what if this is a bluff?
What if the hackers have fuck all?
And the hackers, it's also forcing the hand of the hackers who are gonna go, "Look, we can prove that we've stolen stuff." But maybe also, what if this is a bluff?
What if the hackers have fuck all?
It could be. It's always possible, isn't it? Because it's not like if you steal the Mona Lisa, there's a gap on the wall.
But if you copy data, there's not always evidence that the data has been copied and exfiltrated, depending on how much network logging they have.
But if you copy data, there's not always evidence that the data has been copied and exfiltrated, depending on how much network logging they have.
That's the problem though. There's no ethical place to post that data.
And I don't mean to the public, all of us, but somewhere where they can kind of go, yeah, yeah, no, they've got stuff.
You know, in murder investigations, I listen to a lot of this crap podcasts about murders and stuff, right? You have to kind of prove, oh, I know stuff that the cops know.
And I don't mean to the public, all of us, but somewhere where they can kind of go, yeah, yeah, no, they've got stuff.
You know, in murder investigations, I listen to a lot of this crap podcasts about murders and stuff, right? You have to kind of prove, oh, I know stuff that the cops know.
Oh yes, because you know about the tattoo behind the ankle.
Exactly.
Only the murderer would know about that. So there's an extra little detail here.
Okay.
Which is Alfie have reported MeridianLink for a breach of these new SEC rules. I went and read the SEC press release about these rules.
Okay.
Which was published in July. According to that, these new disclosure rules only come into effect from December 15th, 2023. Oh.
So maybe that's a screw-up on the hacker's side.
The hackers have gone a little bit too early, but maybe a warning for other organizations as well that leave it a month.
They're listening.
They are. They're always listening.
They're listening right now and they're going, damn you, Graham Cluley. Damn you. Foiled our plans.
Maybe we'll see more of this in the future after December 15th.
Who knows?
Carole, what's your story for us this week?
Alrighty, we have a fast-moving story here. So apologies to those of you bored senseless by AI natter.
But today, this is less of a technology story and more of what's going to happen next. So buckle up. And we're recording this episode on Monday, 20th of November in the evening.
So this all started Friday last week. So a mere few days ago, Sam Altman, he's the front man for OpenAI. He got some unexpected news.
Now, you probably know that this company was co-founded by Mr. Sam Altman, and that was thanks to the financial help from Elon Musk himself, early days.
But today, this is less of a technology story and more of what's going to happen next. So buckle up. And we're recording this episode on Monday, 20th of November in the evening.
So this all started Friday last week. So a mere few days ago, Sam Altman, he's the front man for OpenAI. He got some unexpected news.
Now, you probably know that this company was co-founded by Mr. Sam Altman, and that was thanks to the financial help from Elon Musk himself, early days.
This is the ChatGPT company, is that right?
This is the ChatGPT company, exactly. And now, largely thanks to Microsoft's $10 billion investment back in January, they've been moving at a clip so dizzyingly fast.
Basically, ChatGPT is the bell of the AI ball. That's the best way to say it, or was until 48 hours ago when all hell broke loose in the upper boardrooms of OpenAI.
So here's what I've managed to piece together. So I've had to read a number of articles, I'd say about 20, right?
To get the chronological order of all the little tidbits that I wanted to cover.
Basically, ChatGPT is the bell of the AI ball. That's the best way to say it, or was until 48 hours ago when all hell broke loose in the upper boardrooms of OpenAI.
So here's what I've managed to piece together. So I've had to read a number of articles, I'd say about 20, right?
To get the chronological order of all the little tidbits that I wanted to cover.
Okay, I know nothing about this. Tell me what's going on.
Okay, so I wake up Friday and according to the piece in New York Times, Sam Altman, 38, was invited to a video meeting with the board at noon on Friday.
And the previous night he was at an event in Oakland, California, where he was talking with people about art and AI and how they're gonna respect artists and how that's all gonna be a tricky thing, but we'll manage.
And the previous night he was at an event in Oakland, California, where he was talking with people about art and AI and how they're gonna respect artists and how that's all gonna be a tricky thing, but we'll manage.
And he was at Bletchley Park a couple of weeks ago, wasn't he? He was everywhere. He was with Kamala Harris and Rishi Sunak. You know, there was that big meeting about AI ethics.
He's like Princess Diana of the AI world. He is everywhere and everything, getting all the right messages. Well, this is— No, he's not.
He's not at all. He's not at all.
Of course not. So, anyhow, okay, so this is the next morning, and he gets the invite to the meeting.
So, Sam's logging on to the video meeting, you know, and he's not sure what the agenda is. Well, he soon finds out because he's immediately fired.
And this is all according to the president of the board, Greg Brockman, who apparently, despite being the president and on the board, not invited to the meeting.
And minutes later, minutes later, the board published the blog post.
So, Sam's logging on to the video meeting, you know, and he's not sure what the agenda is. Well, he soon finds out because he's immediately fired.
And this is all according to the president of the board, Greg Brockman, who apparently, despite being the president and on the board, not invited to the meeting.
And minutes later, minutes later, the board published the blog post.
A blog post saying what?
So the blog post is titled OpenAI Announces Leadership Transition.
And I have just a few select quotes because there's lots of we're great, we care about everybody, lots of good stuff.
But basically, the board of directors of OpenAI that acts as the overall governing body for all AI activities today announced that Sam Altman will depart as CEO and leave the board of directors.
Mira Murati, the company's chief technology officer, will serve as interim CEO effective immediately. Okay, that's in paragraph 1.
And I have just a few select quotes because there's lots of we're great, we care about everybody, lots of good stuff.
But basically, the board of directors of OpenAI that acts as the overall governing body for all AI activities today announced that Sam Altman will depart as CEO and leave the board of directors.
Mira Murati, the company's chief technology officer, will serve as interim CEO effective immediately. Okay, that's in paragraph 1.
Okay, so why are they getting rid of him?
Ha, good question. So does this answer your question? Quote, "Mr.
Altman's departure follows a deliberate review process by the board which concluded that he was not consistently candid in his communications with the board, hindering its ability to exercise its responsibility abilities.
The board no longer has confidence in his ability to continue leading OpenAI." So it doesn't really answer the question because you want to know what happened.
Altman's departure follows a deliberate review process by the board which concluded that he was not consistently candid in his communications with the board, hindering its ability to exercise its responsibility abilities.
The board no longer has confidence in his ability to continue leading OpenAI." So it doesn't really answer the question because you want to know what happened.
Sounds juicy, doesn't it? You kind of want to know some details as to what's—
So I'm reading this like, oh my God, oh my God, oh my God, right? So hours later, the company's president, Greg Brockman, he's also quitting out of solidarity.
He's like, "I'm done, I'm out of here."
He's like, "I'm done, I'm out of here."
He's the guy who didn't get invited to the meeting. He didn't get the Zoom invite.
That's why he's pissed off. That's why he's throwing away his company that's currently worth something like $80 billion or something, you know, after the next round.
So this is the darling of the tech world, and they just dumped their co-founder and CEO on his ass.
And this was a surprise to all because many maintain this guy's done loads to generate enthusiasm for language models like ChatGPT. He's been everywhere and done all the talks.
And the question on everyone's lips after hearing the news was, "What happened?" But Sam was tight-lipped. All the papers were probably calling him nonstop going, "Why? Why?
What happened? What do you have to say?" And he didn't respond to anyone that I saw. And so were the board. And so was the ex-president, Brockman.
He said a few words, but nothing exciting.
So this is the darling of the tech world, and they just dumped their co-founder and CEO on his ass.
And this was a surprise to all because many maintain this guy's done loads to generate enthusiasm for language models like ChatGPT. He's been everywhere and done all the talks.
And the question on everyone's lips after hearing the news was, "What happened?" But Sam was tight-lipped. All the papers were probably calling him nonstop going, "Why? Why?
What happened? What do you have to say?" And he didn't respond to anyone that I saw. And so were the board. And so was the ex-president, Brockman.
He said a few words, but nothing exciting.
Oh, for goodness' sake. Can't they not just tell it? This sounds really juicy.
It's coming, Graham. No matter who you are, right? If you're unceremoniously dumped like this, also very publicly with a blog afterwards.
I have been dumped in the past, but never with a blog afterwards. So I would be disappointed if there was a blog and it still didn't tell me why I'd been dumped.
I think everyone deserves to be told why they're done, right? I once dumped a girl because she didn't know who the Beatles were.
I think everyone deserves to be told why they're done, right? I once dumped a girl because she didn't know who the Beatles were.
I met her. Yes, that's true. It is true. He's not lying. The other thing is we're not even talking about the staff who are going, "Where's our boss?
Where's the figurehead of everything?" There's 700 of them, right? And they want to know the details.
So when they ask, they're told that there was a breakdown in communications between Sam and the board. Thanks, guys. Really? Thanks. I would say actually, no shit, thanks.
Where's the figurehead of everything?" There's 700 of them, right? And they want to know the details.
So when they ask, they're told that there was a breakdown in communications between Sam and the board. Thanks, guys. Really? Thanks. I would say actually, no shit, thanks.
Carole, have you found out what the reason is or not? Are you just teasing me along here? Have you found out what the actual reason is?
You're going to follow my story. So sit back. I told you to buckle up. That means zip it. So how come they were able to do this?
How come the board were even able to just fire the CEO who is a member of the board? And it's because it's a capped profit subsidiary.
So Sam Altman himself, the CEO or ex-CEO, did not directly own shares.
And this board does not have the typical incentive of maximizing returns for shareholders, but they have a fiduciary responsibility or duty to create safe artificial general intelligence that is broadly beneficial.
Okay. They were able to sack Sam without blinking and just saying, you know, he wasn't keeping us informed.
It was maybe a bit dangerous, but they're now having to say it wasn't dangerous. It's not dangerous, but it's kind of, we had to get rid of him. So this is why it's so exciting.
Let's pivot again because we have Microsoft who have sunk $10 billion, not $10 million, $10 billion.
How come the board were even able to just fire the CEO who is a member of the board? And it's because it's a capped profit subsidiary.
So Sam Altman himself, the CEO or ex-CEO, did not directly own shares.
And this board does not have the typical incentive of maximizing returns for shareholders, but they have a fiduciary responsibility or duty to create safe artificial general intelligence that is broadly beneficial.
Okay. They were able to sack Sam without blinking and just saying, you know, he wasn't keeping us informed.
It was maybe a bit dangerous, but they're now having to say it wasn't dangerous. It's not dangerous, but it's kind of, we had to get rid of him. So this is why it's so exciting.
Let's pivot again because we have Microsoft who have sunk $10 billion, not $10 million, $10 billion.
I bet they're pleased.
Into OpenAI.
They've spent $10 billion on this company, and now the two people who were heading it up have left. Well, that was a good investment, wasn't it?
They must have had a proper heads up, right? They must have been called and told, "Look, guys, guys, guys, this guy's not good. We gotta, you know, do you agree?" Do you think?
Do you want to know when they found out?
Do you want to know when they found out?
Same time everybody else did.
One minute before the blog post went live. What a kick in the ass.
"Just so you know, we're about to publish a blog."
"Oh, we've just done it." "Oh, it's published." And the employees, right? Well, they're not getting answers that they want, so they start quitting.
Some of them quite senior, at least 3 senior researchers, including the director of research at OpenAI, says sayonara to OpenAI. This is all on Friday. Okay, this is one day.
Some of them quite senior, at least 3 senior researchers, including the director of research at OpenAI, says sayonara to OpenAI. This is all on Friday. Okay, this is one day.
It's a bit like when we left that company, Carole, when we both left and there was an avalanche of other people who came out with us, wasn't there? There was a cavalcade of people.
No, there wasn't. No, there was no—
No, there wasn't. No, there was no—
We did put out a blog when we left.
Well, yeah, we published a blog article, but—
They didn't want us to publish a blog article.
No, they didn't. But no one came with us, did they? No one came with us.
Well, you came with me, actually. Oh, yeah.
Okay. That's true.
Uh-huh.
Yeah. Loyal.
So, next day, we wake up to see Sam Altman, saying he's in talks with OpenAI's board about returning to the company. Oh. Yeah.
And he even posted a photo of himself in the OpenAI offices wearing a guest visitor badge and has the line, "First and last time." Right.
And he even posted a photo of himself in the OpenAI offices wearing a guest visitor badge and has the line, "First and last time." Right.
Yeah.
Complicated.
So it's beginning to sound a bit like a publicity stunt now.
Well, you know, you have all these plans, you have these employees, and yet you have the board that spat you out in public in a humiliating way and you want to go and have chats?
But then on the same day, there's also gossip that Altman, Sam Altman and Brockman were going to go launch their own initiative.
And he also pokes the board on X/Twitter saying, if I start going off, the OpenAI board should go after the full value of my shares. Snigger, snigger, because I don't have any.
But then on the same day, there's also gossip that Altman, Sam Altman and Brockman were going to go launch their own initiative.
And he also pokes the board on X/Twitter saying, if I start going off, the OpenAI board should go after the full value of my shares. Snigger, snigger, because I don't have any.
Oh, I see.
Right? So this morning, this morning, this is now Sunday, what do we hear?
Sam Altman and Greg Brockman have decided to accept roles leading the brigade at Microsoft's Advanced Research Lab.
Because Microsoft probably said, "Well, we have the right to do this as the board." Basically said, "Look, hey guys, you have an open job here."
Sam Altman and Greg Brockman have decided to accept roles leading the brigade at Microsoft's Advanced Research Lab.
Because Microsoft probably said, "Well, we have the right to do this as the board." Basically said, "Look, hey guys, you have an open job here."
"Just come on in." Presumably they're not going to give another $10 billion to these two guys again, are they?
Well, OpenAI are also shuffling things about because Mira Murati, who is the interim chief since Friday, is now being replaced by Emmett Shear. He's the former CEO of Twitch.
Lower ranks in OpenAI, the employees, are also scrambling.
More than 550 of OpenAI's 700 employees signed a letter saying that the board have to quit because otherwise, if they don't resign, they may just get up and go and work for Microsoft because Microsoft has said to them, don't worry, there are jobs for all OpenAI staff if they want to join the company.
Lower ranks in OpenAI, the employees, are also scrambling.
More than 550 of OpenAI's 700 employees signed a letter saying that the board have to quit because otherwise, if they don't resign, they may just get up and go and work for Microsoft because Microsoft has said to them, don't worry, there are jobs for all OpenAI staff if they want to join the company.
Carole.
What? I'm talking very loud. I can tell I'm shrill. I'm sorry, listeners. I'm sorry.
Carole, you haven't told me yet why they got rid of him.
Well, the staff say the process through which you terminated Sam Altman and removed Greg Brockman from the board has jeopardized all of this work and undermined our mission and company.
Your conduct has made it clear you did not have the competence to oversee OpenAI. 550 employees wrote that, signed to that note.
Your conduct has made it clear you did not have the competence to oversee OpenAI. 550 employees wrote that, signed to that note.
Okay, well, look, I get that.
Mm-hmm.
But why did they fire the guy? What was the problem? What did he do? Do you know or not?
They tell the board in the letters—
Carole, do you—
Carole! Carole! No, no, I have one more thing to say before we have this conversation.
Get this: one of the board members who is obviously being targeted by this employee onslaught of saying, "Resign, you fuckers," also signed the letter.
Oh, he's quoted as saying, "I deeply regret my participation in the board's actions. I never intended to harm OpenAI.
I love everything we built together, and I will do everything I can to reunite the company." So I'm just saying, hand me the toffee popcorn. Am I right?
Get this: one of the board members who is obviously being targeted by this employee onslaught of saying, "Resign, you fuckers," also signed the letter.
Oh, he's quoted as saying, "I deeply regret my participation in the board's actions. I never intended to harm OpenAI.
I love everything we built together, and I will do everything I can to reunite the company." So I'm just saying, hand me the toffee popcorn. Am I right?
I'll hand you the toffee popcorn when you tell me why he was actually fired.
Every single journalist who are much more powerful than me have tried to get that answer, and so far we do not know.
Well, you know what?
What?
You've all made a big mistake, because it's easy to find out. Why he was fired.
Okay.
All you have to do is ask ChatGPT.
It's not up to date that way unless you pay.
We're not prepared to pay for this breaking news.
Maybe one of our listeners, one of our listeners is going to be a monthly subscriber to ChatGPT 4. Please let us know what they say.
I wonder if some of these crazy responses from the OpenAI board were not actually human responses, but people thought, oh God, I've got this boring board job.
I don't know what to do today. I'll ask ChatGPT to tell me what I should do today and what decisions I should make. This is the AI taking control right here, Chris.
This is the AI pushing out the man.
I don't know what to do today. I'll ask ChatGPT to tell me what I should do today and what decisions I should make. This is the AI taking control right here, Chris.
This is the AI pushing out the man.
Maybe it's a PR stunt and they've actually got ChatGPT to do all these communications. What would you do if you were Greg Brockman at this stage?
What would you do if you're Mira Murati and they're just building up their whole drama? Who knows? It's crazy. But this is the belle of the ball. Right?
This is Pamela Anderson— What was that beach show she was on when she was running around? Baywatch. Baywatch. Tripping and breaking her ankle. Okay? That's how big this is.
Pay attention. It's probably old news now that you're listening.
What would you do if you're Mira Murati and they're just building up their whole drama? Who knows? It's crazy. But this is the belle of the ball. Right?
This is Pamela Anderson— What was that beach show she was on when she was running around? Baywatch. Baywatch. Tripping and breaking her ankle. Okay? That's how big this is.
Pay attention. It's probably old news now that you're listening.
Interesting mixed metaphor that you're making here between a fairy tale about Cinderella and Pamela Anderson in Baywatch, a show which most of our listeners don't even remember.
She is Canadian. Bitcoin.
Oh, well, all right.
Dear to my heart. Thank you to Smashing Security sponsors Vanta, where you can shortcut compliance without shortchanging security.
Expand the scope of your security program with Vanta's market-leading compliance automation.
Vanta's 5,000+ global customers report saving over 300 hours in manual work and up to 85% of cost for SOC 2, ISO 27001, HIPAA, GDPR, custom frameworks, and more.
And with Vanta's 200+ integrations, you can easily monitor and secure the tools your business relies on.
From the most in-demand frameworks to third-party risk management and security questionnaires, Vanta gives SaaS businesses of all sizes one place to manage risk and prove security in real time.
As a special bonus, Smashing Security listeners get a whopping 20% off Vanta. Just go to vanta.com/smashing. That's vanta.com/smashing.
If you work in security or IT and your company has Okta, this message is for you.
For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees.
Hackers absolutely love exploiting vulnerable employee devices and credentials. But imagine a world where only secure devices can access your cloud apps.
Here, credentials are useless to hackers, and you can manage every OS—even Linux—from a single dashboard.
Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world.
You can just start using Kolide.
Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log into your cloud apps.
Visit kolide.com/smashing to watch a demo and see how it works. That's k-o-l-i-d-e.com/smashing.
Expand the scope of your security program with Vanta's market-leading compliance automation.
Vanta's 5,000+ global customers report saving over 300 hours in manual work and up to 85% of cost for SOC 2, ISO 27001, HIPAA, GDPR, custom frameworks, and more.
And with Vanta's 200+ integrations, you can easily monitor and secure the tools your business relies on.
From the most in-demand frameworks to third-party risk management and security questionnaires, Vanta gives SaaS businesses of all sizes one place to manage risk and prove security in real time.
As a special bonus, Smashing Security listeners get a whopping 20% off Vanta. Just go to vanta.com/smashing. That's vanta.com/smashing.
If you work in security or IT and your company has Okta, this message is for you.
For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees.
Hackers absolutely love exploiting vulnerable employee devices and credentials. But imagine a world where only secure devices can access your cloud apps.
Here, credentials are useless to hackers, and you can manage every OS—even Linux—from a single dashboard.
Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world.
You can just start using Kolide.
Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log into your cloud apps.
Visit kolide.com/smashing to watch a demo and see how it works. That's k-o-l-i-d-e.com/smashing.
And welcome back. We're going to start our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like.
It doesn't have to be security-related necessarily. Hmm, mine might be. Yours is security-related?
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like.
It doesn't have to be security-related necessarily. Hmm, mine might be. Yours is security-related?
Maybe a little bit, a tiny bit, tiny bit.
Well, I say it doesn't have to be necessarily. I mean, it's you who say it shouldn't be. I don't know why you put it down my throat then. Well, I'm just— I find it rather, you know.
Anyway, my pick of the week this week, I don't know how many of our listeners are following British politics, but—
Anyway, my pick of the week this week, I don't know how many of our listeners are following British politics, but—
I'm not, so you can inform me.
If you think the goings-on at OpenAI are a complete shitshow, watch British politics.
Is this about Cotswolds Dave?
No, well, it was connected to David Cameron, our former Prime Minister, who was an MP in the Cotswolds long ago. He's now become — well, he's been ennobled to the Lords.
He's now Lord Dave of Chipping Norton, he is now.
And he is going to be our Home Secretary, although not actually answerable to the House of Commons because he won't be showing up there because he's not an MP.
Anyway, that's all come about because Suella Braverman has been fired as Home Secretary. You can look into exactly what she did wrong.
Well, you can see the latest thing that she did wrong which upset Prime Minister Rishi Sunak.
Now, I'm not going to get very political here, but my pick of the week this week is a Twitter account called Rate Your Resignation Letter.
And what they do is they analyse, and it's quite often been the resignation letters of politicians, to give them basically a score.
Score for their grammar, a score for any insults, any sort of mistakes that they've made, just having a pop basically at the quality of the resignation letter.
Now, Suella Braverman's resignation letter was quite a hoot because — What is it? Oh yes, oh yes.
He's now Lord Dave of Chipping Norton, he is now.
And he is going to be our Home Secretary, although not actually answerable to the House of Commons because he won't be showing up there because he's not an MP.
Anyway, that's all come about because Suella Braverman has been fired as Home Secretary. You can look into exactly what she did wrong.
Well, you can see the latest thing that she did wrong which upset Prime Minister Rishi Sunak.
Now, I'm not going to get very political here, but my pick of the week this week is a Twitter account called Rate Your Resignation Letter.
And what they do is they analyse, and it's quite often been the resignation letters of politicians, to give them basically a score.
Score for their grammar, a score for any insults, any sort of mistakes that they've made, just having a pop basically at the quality of the resignation letter.
Now, Suella Braverman's resignation letter was quite a hoot because — What is it? Oh yes, oh yes.
Is it in the show notes? Can I look at it?
Yes, yes, I've linked to it in the show notes. You can go and read her resignation letter.
And this has caused a cavalcade of other politicians to question the suitability of Rishi Sunak to be Prime Minister, including someone called Dame Andrea Jenkins MP.
And she has written a letter of no confidence. And this was a work of art.
Dame Andrea Jenkins has written the most extraordinarily badly written letter that I think I've ever, ever seen. She's a big fan of a previous Prime Minister, Boris Johnson.
I'm looking at her letter now.
And this has caused a cavalcade of other politicians to question the suitability of Rishi Sunak to be Prime Minister, including someone called Dame Andrea Jenkins MP.
And she has written a letter of no confidence. And this was a work of art.
Dame Andrea Jenkins has written the most extraordinarily badly written letter that I think I've ever, ever seen. She's a big fan of a previous Prime Minister, Boris Johnson.
I'm looking at her letter now.
Okay, so the one signed the 13th of November. She says, "Dear Sir Graham." Is that why you chose this story?
No, no, it's written to Sir Graham Brady, the chairman of the 1922 Committee. This is what you do if you want the current leader of the Conservative Party to be ousted.
Enough MPs have to write complaining.
So what I particularly enjoy is she's a big fan of Boris Johnson, and some of her sentences appear to have missed out verbs, or she's got a little bit distracted by the end of the sentence.
So for instance, she says, "Yes, Boris, the man who won the Conservative Party a massive majority, was unforgivable enough." And I think she meant to write, "the ousting of Boris was unforgivable enough." So she appears to be saying that Boris Johnson was unforgivable enough.
Enough MPs have to write complaining.
So what I particularly enjoy is she's a big fan of Boris Johnson, and some of her sentences appear to have missed out verbs, or she's got a little bit distracted by the end of the sentence.
So for instance, she says, "Yes, Boris, the man who won the Conservative Party a massive majority, was unforgivable enough." And I think she meant to write, "the ousting of Boris was unforgivable enough." So she appears to be saying that Boris Johnson was unforgivable enough.
I wonder if some third party may have gotten their hands on this before it was sent out. If she didn't press the return button on her own? There could have been changes in — no?
It was posted on her Twitter account, as is the custom.
But there are a huge number of errors and grammatical flaws, and you just think, oh my God, wouldn't you have spent a bit more time writing this letter?
Anyway, the ResignWell website, the Rate Your Resignation Twitter account, is an account which looks at people's resignation letters and then gives them a score.
And points out grammatical errors. And I quite enjoy it because, my goodness, there's not that much to enjoy in British politics at the moment.
But there are a huge number of errors and grammatical flaws, and you just think, oh my God, wouldn't you have spent a bit more time writing this letter?
Anyway, the ResignWell website, the Rate Your Resignation Twitter account, is an account which looks at people's resignation letters and then gives them a score.
And points out grammatical errors. And I quite enjoy it because, my goodness, there's not that much to enjoy in British politics at the moment.
But this is such a wanky thing that is so British, right? To go through and go, "Actually, they don't know how to use a past participle. Did you see?" So yeah, that's what this is.
But it is good fun. I enjoy it too. I've lived here long enough. I know how to roll with this.
But it is good fun. I enjoy it too. I've lived here long enough. I know how to roll with this.
I love it. Okay. That's my pick of the week. Carole, what's your pick of the week?
My pick of the week is a book, which I experienced as an Apple audiobook, and it is called The Future by Naomi Alderman. Yeah, it's brand new. I think it's just hit the shelves.
I've just finished it, and it is a teeny tiny bit security related because at the heart of the story there's some techie jiggery-pokery afoot.
But the whole thing is more taking a stab at how the near future could pan out if we don't pay a bit more attention to what's going on.
So basically you've got 3 tech trillionaires, right? You've got this, a CEO of a hybrid of Facebook and ex-Twitter called Fantail. You've got the CEO of Anvil, that's Amazon.
And you have the CEO of Medlar, which is kind of a Microsofty Apple World's most profitable personal computing company. And they have made in-case plans.
And what I mean by that is if the world goes AWOL completely, these 3 VVVIPs can be safe, right? Because they have lavish bunkers dotted around the world.
I've just finished it, and it is a teeny tiny bit security related because at the heart of the story there's some techie jiggery-pokery afoot.
But the whole thing is more taking a stab at how the near future could pan out if we don't pay a bit more attention to what's going on.
So basically you've got 3 tech trillionaires, right? You've got this, a CEO of a hybrid of Facebook and ex-Twitter called Fantail. You've got the CEO of Anvil, that's Amazon.
And you have the CEO of Medlar, which is kind of a Microsofty Apple World's most profitable personal computing company. And they have made in-case plans.
And what I mean by that is if the world goes AWOL completely, these 3 VVVIPs can be safe, right? Because they have lavish bunkers dotted around the world.
Okay, so it's how they're going to survive when the world goes to shit. So they'll be cryogenically suspended or they'll be blasted into space to set up life on a new planet.
Yeah, the book is actually more about how do you get enough advanced warning that you're going to be able to get the hell out of Dodge if the hammer hits.
So everything starts going crazy, everything starts melting down around you, how can you leave in your very posh, I don't know, whatever, Porsche or, you know, a posh car and not be hammered by people who are going crazy.
But you need an advanced warning system.
So they say, why don't we create a program that triages all the world's data and risk points with a view of predicting the world's end ahead of time so we have enough time to jet off to our fully stocked for decades luxurious safe house while the rest of us fight for survival Mad Max style.
So this is kind of the narrative of the book, and it's interwoven with backstories and childhood experiences of all our kind of protagonists.
So everything starts going crazy, everything starts melting down around you, how can you leave in your very posh, I don't know, whatever, Porsche or, you know, a posh car and not be hammered by people who are going crazy.
But you need an advanced warning system.
So they say, why don't we create a program that triages all the world's data and risk points with a view of predicting the world's end ahead of time so we have enough time to jet off to our fully stocked for decades luxurious safe house while the rest of us fight for survival Mad Max style.
So this is kind of the narrative of the book, and it's interwoven with backstories and childhood experiences of all our kind of protagonists.
Is this a funny book, Carole?
Is it a comedy? No, it's not.
No, no, it's not.
No, no, no, it's not funny, but it is thoughtful. I found it very thoughtful, and I found it smart, and I found it engaging. The Guardian did not. They kind of slated it.
Her previous novel was called The Power, and that won the Women's Prize for Fiction. I haven't read that yet, but I will now. But I think it's a shame The Guardian didn't get it.
I think she brings a lot of interesting topics, topics that our listeners will like. But Graham, this is not a book for you because it's kind of complicated.
Her previous novel was called The Power, and that won the Women's Prize for Fiction. I haven't read that yet, but I will now. But I think it's a shame The Guardian didn't get it.
I think she brings a lot of interesting topics, topics that our listeners will like. But Graham, this is not a book for you because it's kind of complicated.
There's no pictures.
And you need to focus. Yeah. You just need a lot of focus.
There's a lot of threads, and I think you would just get really frustrated and go, "Ah, this is not for me." But it was right up my street.
So if you like my pick of the weeks, this sounds like it's up your wazoo. Check it out. It's called The Future by Naomi Alderman. And that's my pick of the week.
There's a lot of threads, and I think you would just get really frustrated and go, "Ah, this is not for me." But it was right up my street.
So if you like my pick of the weeks, this sounds like it's up your wazoo. Check it out. It's called The Future by Naomi Alderman. And that's my pick of the week.
Well, that just about wraps up the show for this week. Next week, we're going to have a bumper show, aren't we, Carole?
Mm-hmm. We've got a lot of content.
And we've got a guest as well who's going to be joining us because we haven't had one for the last couple of weeks. And that's always fun.
A brand new guest we've never had on before. Fingers crossed they show up.
You can follow us on Twitter @SmashingSecurity, no G, Twitter allows to have a G. And you can also look up Smashing Security on Reddit.
And to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Overcast.
And to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Overcast.
And high fives to our episode sponsors, Fanta and Kolide. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 348 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 348 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye.
Bye.
What are you doing Thursday night, Krop? Thursday night, November the 23rd, BBC Four. They're showing a colorized re-edit of the first ever Dalek story. Doctor Who, The Daleks, 1963.
John's been watching these.
John's been watching these.
He's— because the BBC have put— I can't believe this hasn't been one of your pick of the weeks yet. Or was it?
I'm saving up for it.
I'm saving up for it. He started watching from season 7.
Oh, of the classic old series?
Yeah, yeah, he started because they're all up there now.
Season 7's brilliant. John Pertwee's first series.
Exactly, exactly. That's what he said. John Pertwee, he's the best Doctor Who. That's what he said. But yeah, he started at 7:07. They're all up. They've put them all up on iPlayer.
Oh, it's a wonderful thing. No, it's good. Yeah, it's good stuff. Good stuff. All right, see you next week.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- Hackers Use Online Casinos to Gamble Mountains of Cash They Steal from Victims – 404.
- AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC – DataBreaches.net.
- SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies – US Securities and Exchange Committee.
- OpenAI announces leadership transition – OpenAI.
- The Fear and Tension That Led to Sam Altman’s Ouster at OpenAI – The New York Times.
- Emergency Pod: Sam Altman is Out at Open AI – The New York Times.
- What We Know About Sam Altman’s Ouster From OpenAI – The New York Times.
- Ousted OpenAI C.E.O. Makes Plans for New Artificial Intelligence Company – The New York Times.
- Microsoft Hires Sam Altman Hours After OpenAI Rejects His Return – The New York Times.
- In the battle to bring ousted founder Sam Altman back to OpenAI, Microsoft and Satya Nadella hold the trump cards – Fortune.
- Rate your resignation letter – Twitter account.
- Suella Braverman’s resignation letter – Twitter.
- Analysis of letter by Dame Andrea Jenkyns – Twitter.
- Thread about letter from Dame Andrea Jenkyns – Twitter.
- The Future by Naomi Alderman review – The Guardian.
- The Future by Naomi Alderman – Harper Collins.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
