Smashing Security podcast #443: Tinder’s camera roll and the Buffett deepfake

And you may be thinking, but I've never taken a dick pic. That's fine, I believe you, Ron. But has anyone ever sent you one? Smashing Security, episode 443: Tinder's camera roll and the Buffett deepfake with Graham Cluley and special guest Ron Eddings. Hello, hello, and welcome to Smashing Security, episode 443. My name Graham Cluley.

And I'm Ron Eddings.

Hey, Ron, welcome back to the show. It's been an awfully long time.

Yeah, I was just starting to think you were ignoring me.

Oh, come, come. Now, of course, anyone who doesn't know you, Ron, and shame on them, you are one of the, well, the kings of the Hacker Valley Empire, aren't you?

Yes, Hacker Valley Media. That's our company.

That's brilliant. Now, why don't you tell everyone who hasn't heard of it exactly what Hacker Valley Media is all about?

Yeah, Hacker Valley Media started as a cybersecurity podcast and it's grown into being a creative media agency that's focused on upleveling the cybersecurity industry. There's a lot of content out there. We, me and you create content. I feel you do a great job of making it entertaining. Cooking is one of the most entertaining things to watch on TV, yet it's the most boring thing to do at home. I want to make cybersecurity in front of people, just those cooking shows.

Okay. Well, that sounds a lot of fun. All right. So, does your soufflé ever get a little bit soggy on the bottom? Are those the sort of challenges people have with their cybersecurity?

Exactly. But you know what? It's not only that it gets soggy, it's sometimes that it gets completely ruined. And I think we forget about the perspective of the other person who isn't triaging those cybersecurity incidents, but the person that's suffering from the outcome, not being able to use their credit card, or even worse, not even be able to use their smart oven. I'm not sure why anybody would have that, but you know, that could affect people.

Well, before we kick off, let's thank this week's wonderful sponsors: Vanta, Action One, and 1Password. We'll be hearing more about them later on in the podcast. This week on Smashing Security, we won't be talking about how Android spyware called Landfall has been targeting Samsung Galaxy phones through maliciously crafted... You'll hear no discussion of how UK cyber insurers paid out over twice as much for UK ransomware attacks last year. And we won't even mention how a phishing scam that claims to have found your lost or stolen iPhone is actually trying to steal your Apple ID credentials. So Ron, what are you going to be talking about this week?

I'm going to be talking about how someone is ultimately going to replace me and Graham with AI-generated avatars and why no one will even know.

And I'll be talking about how Tinder wants to get to know you better. All this and much more coming up on this episode of Smashing Security. Right then, we've got time for a quick word now about one of our sponsors today, Action1. Now, most security breaches still happen because of unpatched vulnerabilities. And the worst part? Many already have fixes available for them. But patching can be a real pain, right? If staying up at night worrying about the next cyberattack headline sounds familiar, it's time to try Action1, the patch management platform that just works. You can start updating Windows, Mac, and third-party apps in under 5 minutes, and Linux support is coming very soon. The best part? Well, your first 200 endpoints are free forever with no functional limits. This isn't a disguised free trial. There's no credit card required, no hidden limits, no tricks. All you have to do is visit smashingsecurity.com/action1 and get started today. So if you're looking to automate patching and save weeks or even months doing it, go to smashingsecurity.com/action1 and sign up for patching that just works. And thanks to Action1 for supporting the show. Now, chums, it's time we talked about Tinder. Ron, have you ever used Tinder?

I would lie, but I'm not going to. I have, when I was single, back in 2016. I love Tinder.

Yeah?

Yeah.

It was a success, was it? Is that how you eventually found your partner?

It's not. So I actually found my partner when my best friends started crap talking me and said, "Hey, what are you doing on Tinder? You need to go to the places where you love to spend time." And me and my wife, we met at the coffee shop. That's where I love to spend my weekends.

Ah, that's the romantic old-fashioned way of doing it. Well, good for you. You're a handsome fella. You've got magnetism oozing out of you. I can imagine you would've drawn her into your orbit like iron filings. But the thing is, it may surprise you to hear Tinder isn't doing so well these days. It's not the 2010s any longer. The app has been haemorrhaging subscribers for 9 quarters straight. In fact, in 2024, millennials spent an average of 56 minutes a day on dating apps. That's down from 90 minutes in 2018. So, people are not using dating apps quite so much, and Tinder is suffering. Now, I don't know why that is. Maybe no one's looking for dates anymore. Maybe everyone has seen that, Ron, you've been scooped up, you know, you are no longer available. And they just think, "Well, what's the point? I'm never gonna find anyone him." But for some reason, Tinder isn't doing so great.

It makes sense. I stopped using it right before, you know, you said 2018. I stopped using it in 2016. So rightfully so, they started to struggle.

I expect people actually get Tinder fatigue. I expect their little finger swiping away probably gets RSI after about the 478th person you've swiped either left or— I don't know which way's which. The thing is, Tinder isn't very happy. It isn't very happy about its declining popularity. And so it has had an absolutely brilliant idea. And their idea is to have a good old rummage through your camera roll. Because apparently nothing says finding true love quite like an algorithm judging you based on a blurry photo you took at the kebab store last Thursday night.

Yes.

So some absolute genius at Tinder HQ stood up in the boardroom and he said, "Guys, I've got it, I got it, I got it. I know what's gonna fix our dying app. Let's be more invasive than we've been before." So he said something along these lines. He said, "I've had a dream and I'm gonna call it Chemistry," which of course is the missing ingredient from most Tinder conversations. Probably have as much chemistry as a Yorkshire pudding. It's no good. We've gone back to cooking again. Now, before we go any further, let me tell you what Tinder and Meta— because yes, Facebook's parent company— seems to think this is a good idea as well. Let's hear what they're saying about privacy. They're saying, oh, don't worry, we're taking steps to preserve your privacy. It's all done with permission. The AI processing happens on your device. We're very, very serious about security because, of course, none of us have ever been burnt before by these big tech companies, right? It's come on, guys. Now, I think it's not hard to understand why I'm feeling a bit skeptical about this, because based on past data breaches and privacy incursions— but sure, you know, let's trust them with our entire photo libraries now. What could possibly go wrong? So they are going to be plowing through your camera roll with your permission because they say that will make it easier to find your match to learn more about you. But here's what I'm worried about, because what's actually in people's camera rolls on their phone? Now, I don't know about you, Ron, but I suspect if I were to go through my photo roll, one of the things which I'd find an awful lot of are photos of the backs of Wi-Fi routers. Because who can remember XK9#MB2$WQ!? Right. And it'll be of your parents' router from when you visited them over the holidays. Or it's your mate's router from when you did some house sitting, or it's the official Wi-Fi code that Janet from IT specifically said not to share, but you photographed it anyway. It's all that kind of sensitive information. Or it's screenshots of your group chat where everyone was slagging off the boss. Also, of course, it may not be just your photos that they'd be having a nose at. What about all the photos of other people? Your mate Dave's stag do when he was wearing nothing but a traffic cone on his head. It's everyone you've ever photographed consensually or otherwise. So it's your friends who never agreed to be on Tinder, it's your partners and your ex-partner, it's your kids, and it also includes other photos, Ron.

If you're on Tinder, we could be honest, it's a picture of your naked butt.

Yes, that I believe is what the youngsters do these days — these unsolicited anatomical portraits. And you may be thinking, but I've never taken a dick pic. That's fine. I believe you, Ron. But has anyone ever sent you one? I've had dick pics sent to me. Look, it's just you and me here, Ron. I'll tell you this story. I was doing a talk at the Excel Centre in London back in, oh, about 2015 or something. I was doing a talk in front of thousands and thousands of people. Huge place. It was terrifying. I'll tell you, so many people were there. I was doing this talk and you come off and you think, oh, I'll just check my socials to see if anyone in the audience had any comments or anything. You know, it's just a little ego boost to make me feel a little bit better. And other than people telling me that, you know, my shoelaces were undone and things like that, there was one guy who sent me a picture of part of his anatomy. Oh yes. Now, even if I wasn't for that persuasion, I wouldn't be interested in seeing that unsolicited, but that's what somebody sent to me. So it does happen. And so you might have unwittingly on your phone photographs which you don't want living forever. You don't necessarily want Tinder examining and think, oh, clearly he has an interest in this — no, no, not necessarily at all. And all of that is going to be looked at by the likes of Tinder. Oh, but they're crying, oh, but it's going to be processed securely. The AI is only going to learn about your interests. This is cobblers because the AI is going to learn everything. The photo of your credit card you took because you were too lazy to get your wallet.

Your passport, your license.

Yes. The screenshots of your bank balance after payday versus the week before. It's absolutely barmy. Now they are testing this out right now, this privacy nightmare in Australia and New Zealand. Those are the guinea pigs for what Tinder's parent company is calling a major pillar of their 2026 strategy. Is it any wonder that young people are turning their backs on dating apps? As though it's not a toxic hell pit already with all of the abuse which is going on there, all the bots which you're speaking to, all the fake people or the deepfakes or the models or scammers trying to romance scam. Oh, you know, it's no wonder people are choosing some real-world experiences instead.

Or just to be lonely.

Well, yes, let's be honest. That's why we entered the cybersecurity industry. We weren't expecting to ever have relationships with people. It was nature's way of saying, you know, survival of the fittest. Anyway, Tinder, their response to all of this problem of people getting fed up is just let's add more creepy surveillance that will bring them back. And according to the company's earnings call, they're expecting a $14 million hit just from testing this nonsense. $14 million to find out people don't want corporate algorithms rifling through their private photos like creepy Uncle Andrew. And like I said earlier, it's not just Tinder. Meta is jumping on this bandwagon as well. So they're asking now apparently to use AI on photos you haven't even shared yet. They're jumping in saying, oh, would you like us to edit? I don't use Facebook and things like that, but apparently they're beginning to do that. They haven't been shared, these photos, for a bloody good reason, Zuckerberg, because they're terrible photos or they're buried away somewhere on my camera roll along with recipes you're never going to cook or accidental photos of the inside of my pocket. It's horrendous. Meta through Facebook, they're launching this feature that asks to use AI on photos on your phone that you haven't yet shared in order to suggest AI edits. So they're going to be looking at them. And even if that does remain on the device, I don't really like the idea of that. I know people have got a choice as to whether they use Facebook or whether they use Tinder and whether they give permission to do this, but it just feels risky, doesn't it?

It does. But to prepare for this episode, I called my brother-in-law who happens to be single and on Tinder, and I asked him, what's broken about Tinder? Why don't you use it every day? Why aren't you married? He's around my height, he's 5'9". He said, Ron, listen, right? If you don't list on your profile that you're 6 foot, that you're extremely good looking and it shows through your pictures, then you're gonna get matches months down the road. So he was, I've been swiping and get matched with girls months later because they were so overwhelmed with all of the guys with their, you know, fingers just nonstop swiping. So he's actually gotten swiping fatigue because he's not getting enough love, not getting enough dates.

That's a bit sad, isn't it?

I'm sure if Tinder called him and said, hey, can we get access to your photos so we can give you more dates? I think he'd say yes. And that's the shocking part about all this.

Yeah, yeah, he probably would. Right. 5'9" isn't bad. Apologies to any listeners who are over 6'9" tall, but you don't necessarily want to be 6'9", do you?

On Tinder, you do, because that's what stands out. 5'9" is average. You didn't go on Tinder to meet the average. You went on Tinder and put your picture on blast to meet someone sexy.

Boy, aye, boy. So he would be prepared to take the risk.

He would 100%, and he works in cybersecurity, by the way. He would 100% take the risk because you know why? The risk of falling in love is actually more risky than just getting your photos leaked. I mean, you might lose a lot more than that.

Yes.

So I think that the risk, you know, there's a nastiness about Tinder going through all your photos, but if you're risking love, then you're putting it all on the line.

Yeah. I'm wondering what they're gonna do with all this information. If they find photos of passwords and photos of other— are they gonna match you up with someone who's equally careless when it comes to their router security or has terrible taste in selfies?

Hopefully they at least blur that stuff out. They, you know, of course they won't without at least taking it back for themselves. But I think that would be a really cool use case by these companies is like, hey, we're going to use these pictures to help you find your partner, but we're going to make sure that the AI is sanitizing them for you because not even AI should see some of this stuff.

That's an interesting idea. Yeah. So what they could do is they could have a little option saying, look, while we're rummaging through all your private photos, would you blur them? Would you redact them? Because one day, if you do get into a relationship, there's going to be a point where your partner is going to grab your phone and go rifling through your old photos. There may be things you don't want her to see.

Yes. What Tinder and Meta should have done is gone through those old messages and delete them, because that's the real damaging part about this whole thing is what happens if your future partner sees all those messages that you used to send on Tinder?

Well, here's my idea. I think we need to stop desperately throwing AI at every problem. I think Tinder has just thought, what can we do with AI? What can we do with AI to make ourselves sound cool so we get more investment? Everyone treats it some sort of technological fairy dust. So stop asking to see all of our photos. Just get better at matching us with people who piña coladas and getting caught in the rain. That's dated me though, hasn't it? That's taken me back to about 1978.

The world would be so much better if it was that.

Ah, wouldn't it just? Okay, before we go any further, I need to share a quick word with you about one of our sponsors today, Vanta. You know how everyone's got an AI assistant these days? Well, imagine one that doesn't just write haikus about zero-day vulnerabilities, but actually does your audit work for you. That is Vanta. It connects to all of your tools, gathers evidence, tracks compliance, and quietly helps you prove that yes, you do take security seriously. Vanta automates all of that. It pulls everything together, keeps an eye on your systems, and basically makes sure you're ready for an audit at any time, which means no last-minute panic for screenshots and policies. It also plugs into the tools you're already using and flags up issues before they become a right old mess. So if that sounds something that might save you from a few sleepless nights, check out vanta.com/smashing. And if you use that link, you'll get $1,000 off. So don't forget, vanta.com/smashing. And thanks to Vanta for sponsoring this week's episode. On with the show. Ron, what's your story for us this week?

My story is Berkshire warns of AI deepfakes impersonating Warren Buffett.

Ah, Warren Buffett. He's still going, isn't he? He's getting on a bit.

95, I think it is. And still got game.

95?

Wow. Old head. And you know what? This article came from Reuters. I thought it was amazing, especially because I was coming on this show and to impersonate us online, people already have everything they need. They have our website, they got our pictures, they got videos, a lot of videos of me, some of you. I've seen some of your keynotes and they have our voices. And that's exactly what happened to Warren Buffett. People online were creating these AI-generated images and voices of him to make it appear as though he was giving investment advice. And you would be concerned typically, oh my gosh, is he giving investment advice to the youth? No, even worse. They're giving fake investment advice to people over 50.

Oh no. People who've actually got money rather than the youth.

Gullible people, people that don't know how good the technology is yet as well. So yeah, one of the videos that came out was Warren Buffett, the number one investment tip for everyone over 50.

It's real clickbait, isn't it? See, I'd probably be tempted to watch that if I was told he was just gonna give me one tip, because frankly, at this age, I can't remember more than one tip. I'd be tempted to watch it. And so when you watch it, it's his voice, right?

It's his voice. Now, if you listen to a lot of Warren Buffett content, you would probably slightly tell the difference, 'cause it sounds like, I've listened to so many AI voices, it sounds a little AI-esque.

Right.

But it's on Instagram. So it's a reel and it's kind of, you know, there's other elements that are distracting the mind. So if you don't know Warren Buffett, you're gonna 100% believe that it's him.

Yeah. So what is the scammer's idea here? Is it to put your money into some sort of cryptocurrency website? Are they taking you to a dodgy website or are they actually getting you to invest in some organization which is gonna be pumped and dumped later on?

All the above. It's for getting people to take, you know, missteps in their financial journeys. It's being used to get people to think differently about political campaigns and those representatives, a part of those political campaigns and has also been used to endorse Obama and Clinton in the past. These fake AI voices. But also, you know, so has Warren Buffett. So it's conflicting. It's, all right, is this actually this person? Because the AI that was generated seems to have similar beliefs.

Right. So is there any way in which people can protect themselves against this? Is there some trick? I mean, okay, so the fake Warren Buffett is offering his number one investment tip. What is your number one tip for avoiding a deepfake scam? Is there anything that people can do?

There is one thing, and it's gonna sound completely absurd, but I actually just started going back to it recently because I am also wondering, what am I actually looking at online?

Okay.

Well, I have two tips. The number one tip is by getting the information from the source. If you want Warren Buffett tips and tricks, what makes you think that Warren Buffett isn't gonna post that from either his firm's LinkedIn or Instagram or his own personal one. Go to the source. And then number two is read some damn books. We've given up on books.

What is this book thing you're referring to, Ron? Explain that.

A lot of the techniques that we deploy today are quickly dated, but the fundamentals and the dreams and the goals and the outcomes are well documented in the books. Those things don't change. We all wanna live a full and healthy, happy, wealthy life. Those books that Warren Buffett wrote and other great investors wrote are still relevant today, but the tactics and techniques we use are gonna be a little different. Following strategies from books is way more sound than going and watching a one-minute Instagram reel.

Yeah. Do you think the likes of Instagram should be doing more to block this, or is it just too hard for them?

I don't think so. I think it's entertainment, even if it's not real. You know, we love to watch fiction movies and just because the movie's fiction doesn't mean I don't wanna see it. I would love to see a reenactment of Warren Buffett, even if some of the parts were dramatized.

Maybe have Warren Buffett in Indiana Jones and the Temple of Doom or something, you know, have sort of action sequences.

Wolf of Wall Street even. I would love to see Warren Buffett in Wolf of Wall Street.

Yes. That'd be good. But it is a serious problem. And the fact is that AI is getting so extraordinary. I mean, I've messed around with deepfaking my own voice because obviously I've got access to it and my wife can't tell the difference. And it is extraordinarily convincing. You know, frankly, if I'd lost my voice this week, maybe I could have got an AI to do it for me.

There's been one podcast episode that we did for a client and the client didn't have their camera in focus, so they asked me to do something absolutely absurd. And I was like, are you 100% sure? They wanted me to use a tool called HeyGen to completely redo that one camera that was blurry. And we did it and it was really, really good. There was a little uncanny element with how the person was moving and, you know, some parts where the audio and video were slightly off, but it didn't take away from the viewer's experience, at least from my perspective.

Wow, that's amazing, isn't it? All right then, quick shout out to one of our sponsors this week, 1Password, and more specifically, something that they've got called Trellica. Now, be honest, do you actually know how many SaaS apps your company's using right now? Probably dozens, maybe hundreds, half of them signed up for by some guy in marketing with the company credit card. That's what Trellica is for. It finds all of those apps, even the sneaky ones nobody admits to using, and gives you a proper overview of who's got access to what. So no more abandoned accounts sitting around waiting to be hacked. No more paying for licenses that no one's touched for years. It also makes it dead simple to bring new people on board, remove folks when they leave, keep track of who's got access to what, and stop your IT from turning into a tangled mess of old forgotten accounts. I've used 1Password for years. They've always been great at taking the hassle out of security. And now with Trellica, they're going after the whole SaaS sprawl problem. If you want to tidy up your company's app chaos, take a look at 1Password.com/smashingsecurity. That's 1Password.com/smashingsecurity. And thanks to 1Password for supporting the show. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week. Ron, say Pick of the Week.

Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.

I am not familiar with Lily Allen.

Okay, well, she is an English singer/actress. She was famous probably about, oh, I don't know, about 20 years ago or so, I think. And she's come back. I've really enjoyed it. I think it's got some interesting music, but most interesting about it is the lyrical content and the story which it is telling, because she has recently broken up with her chap, who was one of the stars of Stranger Things, actor David Harbour.

Oh.

Yeah. So she broke up with him. It's all been a bit messy, unfortunately.

Well, it's because she didn't wait till the last season premiered.

Well, maybe. It feels like she waited till just before the new season came out, released the album, and has caused all kinds of PR problems for David Harbour. Because everyone wants to talk about this instead. Anyway, they broke up in a very, very messy way indeed, and she's made various allegations regarding his fidelity and the way in which he handled the situation and all kinds of unpleasantness. She tells this story on the LP of what happened in their relationship in not a sort of morose, woe-is-me kind of way, but in a way which I think is really, how can I put it, is really seizing control of the situation and being unashamedly honest and sometimes sort of brutally open about what happened. And she's always been a singer who hasn't been afraid of sharing her emotions and being a bit raw, but she's doing this with melody, which is really quite cool. And so I've really enjoyed it. I think it's a fantastic album, and I would recommend it to others as well if they want to hear something a little bit interesting. Go and check out West End Girl, the new LP by Lily Allen. And that is my pick of the week. Hey, Ron, what's your pick of the week?

My pick of the week is my second love. My first love is my wife. I already mentioned that. My second love is Claude Code. Claude Code has changed my life.

Has it? Yeah.

And I want to talk about Claude Code because it's been the first time where, you know, you hear all this stuff about agents and agent systems and agent workflows, but it's been the first time where I said, okay, I could see calling this thing an agent because it listened to me. It took in my prompt. It opened up a few files on my computer, did a few things, and then gave me back a report on what it did and how everything went.

Yeah.

So I fell in love.

Ah, interesting. So you have properly embraced AI into your workflow.

Exactly. And I know there's a lot of people that have, I'm sure you and, you know, the Smashing Security family is using AI to help out with various things. There's people that lie about their AI usage. Some people say they're not using AI. And if you're not using AI, I'm worried for you. I'm worried for you because it's like not having a mobile phone. And that's what it's gonna be more and more, you know, my dad was one of those people who refused to get a mobile phone, right? A smartphone, I should say.

Yes.

And when he got one, he was part of the club. He was gonna be a part of the club anyways. He just dragged his feet. And because of that, he struggled with knowing how to use the technology. Now for everyone else that got their smartphones, they were able to, you know, reap the benefits of 2010 and beyond. It's the same with AI agents and AI in general. Some people say they're not using it, and that's because they don't want to get in trouble with their boss.

Because once their boss finds out, oh, an AI agent helped you do this, did it? Oh, interesting. I wonder if we could use the AI agent all the time rather than you. Are you a bit scared though, Ron, about how AI agents could be taking away people's jobs?

No, I'm more concerned about the people that aren't using AI to help augment part of their job because, you know, your boss might be a little sad to hear that, oh, you put in our customer data into ChatGPT.

Yes. Just a little bit scared about that. Yes.

If you provide enough value to your boss through that workflow, he's going to say, okay, how about this? Instead of using ChatGPT, let's use Microsoft Azure to put that information in. And they're going to try to put everything in front of you to make sure that you can use the AI for part of your job. You know, if I found out that one of my team members was taking handwritten meeting notes and then writing them up in Google Docs and then sending them with a long email saying what happened in the meeting, I would say you're wasting everybody's time, including your own. I look at AI that way.

But Ron, AI can be prone to making a few mistakes, can't it?

Just all of us.

Well, yeah, but there are mistakes and there are mistakes, Ron, right? If you use Copilot in Microsoft Excel, if you read the legalese, they say, look, we don't actually promise that this thing knows how to count. We don't necessarily promise that if you add 2 to the number 8, you're going to end up with 10. You could easily end up with 13,000. It's a worry.

You know why that's okay?

Why?

It's okay because people don't give you that disclaimer. No one says, hey, Graham, Mr. Boss, before you look at this Excel, just know that everything might not be correct. If we took that approach, everyone will look at us we're crazy. But I think it's great that AI is able to let us know those things, that we remember them, because that's always been the case no matter who's generating that report or that Excel doc. It is always prone to errors because there's humans involved.

I know I'm sounding the devil's advocate here and I'm sort of poo-pooing it. The truth is I have used Claude to do some coding for me.

Ooh.

And it is impressive. You know, sometimes when I have a programming problem, I am really impressed by what it comes up with. When I've got a tricky little problem on my website or something that, and I think, oh, I just need a bit of PHP script to do this, blah, blah, blah. You know, I could spend an entire day trying to debug it and find out where I left out a semicolon, but it will just go in there and write the code. And generally it's pretty good, but I'm just worried about some of the skills which we might lose by not exercising our brains, but do I just sound an old man? Oh, it's so difficult to decide, Ron.

You know, I just gave a presentation on this exact topic. It was because many of the founders that I've been speaking to on my podcast have been saying, if I were to start all over again, I would create an EDR, an endpoint detection response agent for AI agents. And I was that's brilliant because when you look at tools Claude Code or even OpenAI's Codex. When you look at these tools, they have almost the same level of access as a human user. They have access to our file system. They have access to our terminal. And now we're giving them access to our browsers. The only thing that they don't have access to at this point is our entire screen. And it's just a matter of time until we allow that. That's why I did this talk. And I think that if you hook into the AI agents and you tell them don't open up that Tinder profile. That's gonna be a good look for these AI agents because why do they need to open that app up to write me a better PHP script?

So yeah. Okay. So with proper guardrails and with things like an EDR, some sort of security system, making sure that they stay within the right parameters, then maybe things are okay. 'Cause right now AI can be phished. AI can be tricked into coughing up secrets and sharing too much information or doing something potentially risky. And I don't know, I'm just a bit more cautious than you. You're out there, aren't you, on the sunlit uplands? You're seeing this rosy future, Ron. Is this just because I'm British? I'm just a bit more negative and more, a bit more backwards about this.

I'm living in the year 2060 right now. I am using AI for everything. I was tempted to buy that AI robot. I'm not sure if you saw that one. It costs $20,000.

Oh, I saw it. All right. I saw it. Did you see it trying to stack a dishwasher? It made a complete hash of it. And then it was fooling around because there was a bit of sloppy egg on the floor. It couldn't stand up and it was ice skating.

I know that I'm opening Pandora's box by investing in AI to this degree, but I'm not the one that built the technology. I'm just an innocent user.

Well, that's fine. That's fine then. Well, well done, Pandora. Nothing wrong happened when she opened her box, did it? Nothing. No problems occurred.

Never.

Anyway, thank you so much, Ron, for that pick of the week and for everything else which you've contributed to during the show today. We've just about wrapped up the show for this week. I'm sure lots of our listeners would love to find out what you're up to and follow you online. What's the best way for them to do that?

Yes. The best way is follow me @RonaldEddings across all the platforms. Also follow Hacker Valley Media. It will mean the world to us if you liked and subscribed to our LinkedIn, our YouTube, or Instagram. We wanna keep you up to date and Graham's gonna be on our show. The team's gonna be reaching out right after this, Graham. So maybe you could also catch Graham there as well.

Fantastic. And of course, Smashing Security is on social media too. You can find me, Graham Cluley, on LinkedIn or follow Smashing Security on Bluesky. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts. For episode show notes, sponsorship info, guest lists, and the entire back catalog of over 440 episodes, check out smashingsecurity.com. Until next time, cheerio, bye-bye.

Bye-bye.

You've been listening to Smashing Security with me, Graham Cluley. Big thanks to Ron Eddings for joining us this week. And thank you as well to this episode's sponsors, Vanta, Action One, and 1Password. And of course, to all the chums who've signed up for Smashing Security Plus over on Patreon. They include Mayor McDonald, Scotia, Stein, David Smythe, Bobby Hendrix, Ryan Graham Cluley, Christo V, Matt Dawson-Jones, MJ Lee, Khajitan Khajimira, Florian Schwal— sorry, Khajitan, just a difficult name— Ted Wilkinson, Dr. Herbalist, Jonathan Haddock, Daniel, and Bravo Whiskey. Now then, do you fancy having your name read out at the end of the show from time to time? If so, consider joining them. Become a member of Smashing Security Plus. For as little as $5 a month, you will become part of our merry little troupe and get early access to episodes without the annoying ads. Woo-hoo! Just head over to smashingsecurity.com/plus for all the details. And thanks to everyone who has done that. It really is terrific and helps support the show. If you can't do that, don't worry. You can support the show in other ways as well. For instance, you can like, subscribe, leave a 5-star review wherever you listen. Someone left us a rather bad review the other day, so maybe you could leave us a good one, please. It'd be so nice if you did. Tell your friends about the show. Simply spread the word. The more people who get to hear about Smashing Security, the better for everybody. Because hey, maybe we're spreading the word of how to keep your computers safer and your behaviors online more secure as well. And that's going to be a good thing. Okey dokey. Well, that just about rounds it up for this week. And so I'll say cheerio and hope to speak to you again next week. Bye-bye.