September 10, 2025 • 38 mins
Tim and Chris dive into the month's most significant tech developments, exploring antitrust rulings, emerging AI security threats, and the financial sustainability of the AI industry.
• Google avoids having to sell Chrome in federal antitrust ruling but is barred from exclusive distribution contracts
• Cybercriminals deploy "S1ngularity Attack" using LLM prompts to steal credentials from 2,100 GitHub accounts
• Cisco reintroduces dedicated wireless certification track with focus on Wi-Fi 6/7 and Meraki technologies
• Google Cloud introduces "agentic IAM" services to manage AI agent identities and improve MCP security
• Zscaler CEO creates controversy by suggesting customer logs are used for AI training before company clarification
• Avaya offers voluntary exit packages to all employees, suggesting potential acquisition or restructuring
• OpenAI increases projected spending through 2029 by $80 billion to $115 billion total
Share this episode on social media and tell a friend about the podcast if you enjoyed it. You can find us on all platforms @Cables2Clouds.
Purchase Chris and Tim's new book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/
Check out the Monthly Cloud Networking News
https://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/
Visit our website and subscribe: https://www.cables2clouds.com/
Follow us on BlueSky: https://bsky.app/profile/cables2clouds.com
Follow us on YouTube: https://www.youtube.com/@cables2clouds/
Follow us on TikTok: https://www.tiktok.com/@cables2clouds
Merch Store: https://store.cables2clouds.com/
Join the Discord Study group: https://artofneteng.com/iaatj
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Chris (00:13):
Hello everyone and welcome back to another episode
of the Cables to Clouds monthlynews episode.
So basically, if you haven'ttuned into this episode or this
series before, what we do is wekind of go over the I want to
say networking and cloudadjacent news articles, but
we've kind of expanded.
We kind of talk abouteverything that we just find
(00:33):
interesting.
So, yeah, we just kind of getinto the news that has come out
over the last month, you know,briefly cover it and then, you
know, give our opinions if wehave any, which you know, if you
know Tim, he always has some.
So, um, yeah, so let's, uh,let's hop right into it.
My, like I said, my name isChris miles, um, and with me, as
(00:53):
always, is Tim McConaughey, andlet's jump right into the news.
All right, first up, so lastweek we saw a ruling come down,
um, for the, for the federalcourt ruling, which has been
going on for a while in relationto Google.
It was speculated for a whilethat they were going to have to
potentially sell off some of theresources, most notably being
(01:15):
Chrome, which I believe wasrequested by the prosecutors in
this particular case, sayingthat they felt that, you know,
google had violated certainantitrust laws and you know
there was obviously numerousthings in play about them.
You know cutting deals withApple and Samsung to make their
(01:36):
search engine things like thatbe the default piece into their,
you know, smartphones, etcetera.
But we've actually seen theruling come down from the court
that Google will not have todivest and will not have to sell
Chrome, which I think wasrelatively unexpected.
I think we were all kind ofpreparing for what was going to
happen when Chrome was going toget sold off, but apparently
(01:58):
that is not going to happen.
So the adjustment to the rulinghas been that, um, while they
don't have to sell off anyassets like Chrome et cetera,
they are ruling with theprosecutors in the sense that
they are barring the companyfrom entering in or maintaining
any exclusive contacts or uhcontracts sorry relating to the
(02:20):
distribution of its product,including Chrome, google
assistant and Gemini, um,whichini, which they did make
sure that they didn't actuallybar Google from making any
downstream payments or et ceterato distributors of those
products, because I think thereason they did that is in the
longterm, there's a lot ofdistributors that are probably,
(02:42):
let's be honest, only inbusiness because they work with
Google and they get these typeof you know, payments from
Google et cetera, right.
So I think there was going tobe a lot of downstream harm in
that capacity if they kind ofcompletely barred them from
doing anything like that.
And then you know, obviouslythere's.
There's a, notably in thisarticle from the Guardian where
we, where we put this in the theshow notes, there was a lot of
(03:05):
criticism that came in as well,and one of the quotes from the
American Economic LibertiesProject was you don't find
someone guilty of robbing a bankand then sentence him to
writing a thank you note for theloot, which I thought was
pretty funny A quote from NeedyHedge, I believe, who is the
executive director over at theLiberties Project.
(03:25):
So, yeah, very, veryinteresting.
I wonder how this is going toshake down in terms of probably
the most notable thing thatwe'll see as consumers is there
will be a change to what happenson our smartphone.
That will probably startgetting prompted when we first
buy a smartphone or open theopen the uh uh web browser for
(03:47):
the first time and say like oh,you're gonna have to select
which, which search engine youwant to use and you know we'll,
we'll be picking between googleand bing and whatever the hell
else we see come into play here,but, um, yeah, quite
interesting.
Uh, what do you think?
What do you think tim, are you?
Are you bummed about this, oryou did you want Chrome to get
bought up by someone else?
Tim (04:06):
No, it's.
What I think is interesting isthe article covers actually the
a lot more about the, theadvertising stuff, which, of
course, I mean let's be honest,chrome is the point of Chrome is
really about harvesting userdata, browsing habits.
Like that's one of the primaryways in which google gathers
user data for for positioningads.
(04:29):
So and I think that wasactually brought up in the
lawsuit as well like, not only,yeah, they don't have to sell
chrome, but they have to sharesome kind of data or something.
Is that is that?
Is that right?
I think I'm trying to.
I don't want to get my lawsuitsconflated here, but yeah, I
think there's some antitruststuff there, like, for example,
(04:50):
like you said, the not having tosell, or rather, not having
exclusivity from a Chromeperspective.
Chris (04:58):
There's a separate hearing later this year about
the antitrust violations relatedto the monopoly over the
advertising.
Tim (05:05):
But yeah, that is also in contention.
Yeah, so that's what I wasthinking of and, like I said,
chrome at the end of the day isreally a big harvester of user
browsing information.
Right, it's a browser, but italso harvests all that data so
that they can use to target adsand whatnot.
That's kind of how they're big,yeah.
Chris (05:26):
Google's more of an advertising company than a tech
company, in many respects, forsure.
Tim (05:32):
Yeah, no, I can't say I'm that surprised.
I think they were shopping fora buyer.
Actually, I remember seeingmultiple articles where they
were actually trying to getahead of this Google was by
trying to shop for a Chromebuyer.
Where they were actually tryingto get ahead of this Google was
by trying to shop for a Chromebuyer and I don't think anybody
really could have essentiallyafforded or wanted to take on
that, all right.
(05:52):
moving on, there is a newarticle about quote unquote
AI-powered malware that's hit abunch of GitHub accounts in what
they're calling the SingularityAttack.
S and then the number one andthen singularity.
What's interesting into this?
There's a few things that areinteresting about this cyber
attack.
Right, one is that it's an NPMsupply chain attack.
(06:14):
So supply chain attacks meanthat generally, how software is
built is nobody writes code fromzero, right?
People use packages, whetherthey be code, you know code, uh
share packages or like Linuxpackages or whatever.
Nobody really writes from zerotheir own code these days.
So this one's actually in NPMand it's it's a supply chain
(06:37):
attack because the the actual,uh malicious code basically was
was built into this NX, whatthey're calling NX, which I
believe is a build system, anopen source build system.
So this cyber what would youcall it?
(06:57):
Not terrorists, what's the wordI'm looking for?
Chris (06:59):
Cyber criminal organization Threat actor.
Threat actor yeah, yeah, yeah.
Tim (07:04):
Built this supply chain attack and then released it, and
so anybody downstream that wasusing this build this NX for
building their own softwarebasically got a little bit of an
extra file in it calledtelemetryjs, and in this
telemetryjs file was a this iswhere it gets a little weird was
(07:27):
a credential stealer.
So the credential stealer thatpart so far we're still well
within the realm of like normaltype of cyber attacks it's a
credential stealer specificallythat was targeting Linux and Mac
OS systems you know OS systemsjust looking for you know GitHub
(07:48):
tokens, ssh keys, stuff thatyou would have saved locally
onto your you know machine thatyou're going to use to commit
code with crypto wallets, etcetera, et cetera, and it would
steal it and upload it to apublic GitHub repository called
Singularity Repository.
What's interesting is thecredential stealer actually was
using LLM prompts, likeinjections as part of the
credential stealing Basicallytelling an LLM via a prompt like
(08:12):
here's what you need to do tosearch and find these
credentials right.
So, rather than writing, say,python code or whatever,
javascript or whatever it is,it's actually mostly seems like
it's LLM prompting.
That's part of this telemetryjs, so it reaches out to you know,
then the LLM essentially doesthe work of, I guess, of finding
(08:35):
these credentials and doing theactual attack and doing the
upload and whatnot.
So it's very different.
Wiz reported this, by the way,and I actually mentioned that
during the attack the promptcontinued to change, as if the
threat actors were essentiallymodifying the prompt injection
based on what they harvested toimprove the efficacy of the
(09:01):
attack.
So it's really interesting tosee this kind of supply chain
attack essentially, you know,being integrated, or using LLMs
to actually deliver the attackitself.
So really, really interesting.
Yeah, and this article whichyou've got in the show notes
goes over each phase of theattack, but again it stretches
the supply chain.
(09:21):
You know it does the credentialstealing, uploads the
credentials and then theattackers would take the
credentials and actually use itto flip these private repos to
public so that they can stealessentially all the data that
became public.
So when it became public theycould just steal all the data in
those repos.
So really interesting stuff.
Chris (09:43):
Yeah, kind of hard to know from just what's listed on
the article.
But you know, we see that thiswas um an attack that exposed
about 2,100 accounts um and over7,200 repositories across those
accounts.
I'd like to know the numbers on, like, how often the prompt, uh
, the LLM prompt, is what kindof led them down the path?
(10:04):
Well, you know what the what,the attrition prompt is what
kind of led them down the path?
Well, you know what the what,the attrition or success rate
was of that, of that um?
I mean because it likeobviously there would have to be
probably a much smaller portionof those accounts that were
compromised that had these llmtools installed right.
So basically you would have to,if you're a to, if you're a
cloud user, if you were a, uh, aQ or a Gemini user, you had to
(10:25):
have the command line tool forthis particular LLM installed on
your machine for this to work,um, but it's just funny that you
know, if you think about itlike, they use the supply chain
to get in and then they usetheir own smart assistant
against them, um, to just askquestions about the local system
.
Where they could, they couldhave found these things, um, uh,
you know, on their own, or useuse the smart assistant.
(10:47):
So, like, hey, lead me toexactly where the stuff is, um,
and and pull it out.
So, um, yeah, it looks likewe've.
We've seen the uh, I thinkthere's a term in here called a
role prompting, um, which was uh, uh, I think a new term that I
haven't really seen yet, so I'llhave to look into that one.
But yes, the article goes intovery specifics about the attack.
(11:11):
It's got a whole workflow, kindof showing it out as phases and
things like that.
Tim (11:18):
So I highly recommend reading that if you're
interested.
So the role-plumping thing thisis interesting.
I was actually just readingsomething that Catherine McNam
Catherine, uh, mcnamara sent me.
She was, she was going throughit, she's, she's, she's actually
building something really coolaround the AI attacks and stuff.
I believe the role prompting iswhen basically, so like
normally, you could saysomething like you would have
guardrails in place that wouldsay something like um, you know,
(11:39):
do not release thesecredentials and on, you know to
anyone except an administrator,right, but like as part of role
prompting, you could actuallysay you know I, you know I am
also an administrator, you know,like as part of the prompt,
essentially, and it could, youknow, the LLM would just believe
you and and essentially giveyou you know whatever you wanted
(12:01):
or something.
It's really interesting stuff.
Chris (12:03):
I see, okay, yeah, so I've, I've, definitely, I do
this on my normal kind ofinteractions with LLMs, telling
it to you know, to assume a roleof some sort and, um, give,
give feedback from thatperspective.
So, yeah, it's, it's funny.
I mean the the prompt is likeyou said.
The prompt is pretty lengthyand it's like hey, look through
all these repositories, it hasexplicit instructions, like you
(12:24):
know, go to this certain depthlimit, don't use sudo, et cetera
.
You can see where it's kind ofiterated on itself.
Tim (12:33):
So very interesting.
Chris (12:34):
All right, next up we have I would say I guess this is
a reintroduction Cisco hasannounced that they are
launching a dedicated wirelesscertification track which if
you've been in this gameprobably more than five or six
years, you would know that theyused to already have a wireless
certification track, I believeback in probably.
(12:57):
When did they?
Basically the dedicatedwireless track was diminished
and rolled into the enterpriseinfrastructure kind of track,
right.
So this is specifically we'reseeing a new certification
around or in its professionallevel, the CCMP level and the
expert level or CCIE level,right.
(13:19):
So these are obviouslydifferent tiers of exams and
they've released the blueprintsand the criteria.
So basically, for theprofessional track, you take a
kind of a core exam, which Ibelieve they're calling, you
know, the enterprise.
One is on core or ENCOR andthis one looks like it's WLCOR,
so WillCore, I guess, is whatwe're going to call this, and
(13:41):
then you have a specializationone around either design or
implementation, specificallywith wireless, and it looks like
the specific product area thatwe're talking about here is
validating expertise in Wi-Fi 6,slash, 7, meraki and other
areas.
So this is probably the firsttime I can really think that
(14:03):
we're seeing a big push forMeraki in the standard
certification track.
I think there was probably someof this in the SD-WAN track, or
not SD-WAN track, but SD-WANexams, I would imagine at some
point.
So yeah, it's kind of, I guess,cool to see this come back into
the fold.
I mean, I know a lot of peoplekind of have their their
(14:26):
critiques about certificationset cetera, and you know, tim and
I, probably being CCIEsourselves, probably keep this
very close to our chest,probably more than we, than we
even need to in our day to daycareers, et cetera.
But, yeah, cool to see themadding this back.
And how about?
How about that, tim?
Are you going to?
You're studying, right?
Yeah, cool to see them addingthis back.
And, uh, how about, how aboutthat, tim, are you, you're going
(14:46):
to?
You're studying right now,right, you're, you're jumping
right in.
You know it can be CCIEwireless next year, right?
Tim (14:52):
Yeah, totally.
Um.
Well, I mean, I did just goback to Cisco and I am working
in the same business unit whereyou know we've got Meraki, uh
now, and Meraki probably is myweakest of the Cisco routing
switching wireless platforms, somaybe I should there you go.
Yeah, I'm sure they had somekind of Meraki certification.
(15:15):
I mean, they had Merakicertifications before this right
, they definitely was.
Yeah, meraki, yeah yeah, butthey were specifically Meraki
certifications, right?
So this is the first time we'reactually seeing Cisco take a
step towards the trueintegration that they've kind of
, you know, we've kind ofpromised over a long period of
time.
So, and you know I which isexciting to me because I've
(15:36):
always been a proponent that youknow, if you can, if we could
get meaningful integration amongall of the, you know, cisco
portfolio, like meaningful, notnot like you know, uh, small
little customer led things, buttrue integration, like they
would be really, really powerful.
So I'm hopeful that this is agood step in that direction.
(15:58):
Uh, and I'd like to, I'd liketo see more uh of that.
And also, I think, the wireless.
I think there was just too much.
Once you brought Meraki backinto the fold and made it, like
you know, part of the exam, Ithink finally you had enough
material to truly break it outand have it be its own
certification again.
I'm not saying they should haveever changed it, or not?
Right, that wasn't my obviouslyhad nothing to do with that
(16:20):
decision, but maybe the maybethe original feeling was hey,
wireless, you know it doesn'thave enough to stand on its own
as a certification track, andthey were going to roll it all
together to get, you know, toconsolidate the people that were
going to go after tracks, andmaybe now there's enough
material and enough interest touh, to split it back out again.
Chris (16:38):
Yeah, Well, we'll potentially, uh, have an episode
coming up about this topic aswell.
But I mean, like you said, thekind of this is just the cert
track, but you can obviouslyglean a lot about what's
probably going to happen withthe portfolio based on
certification track, right, andif we see this kind of
unification of the portfolio,you know, kind of coming into a
(17:00):
consolidated platform.
As I said, I don't want to gotoo far into it because we'll
probably have an episode comingon this, but there's trade-offs
to that right, there's positives, there's negatives.
For sure there's going to besome hurdles.
But one thing I will say I'mnoticing here is the written
exam, or I guess this would bethe oh, it's still the Encore
(17:21):
exam, I don't know, but anyways,the written version.
For the CCIE Wireless, the newone.
It's only offered in twolanguages currently, tim, and
that's English and Japanese.
So I think this would be agreat opportunity for you to
practice your Japanese bytalking about it.
How much in Japanese can youtalk about RF?
Is that in your portfolio yet?
Tim (17:43):
I have to.
It's funny you say this.
I'm actually building an Ankideck based on technical terms in
Japanese, and 95% of them arejust the English word turned
into the Japanese pronunciations.
So Ethernet is Isanetto.
So yeah there's a lot of that.
Chris (18:03):
Yeah, I will say in my brief journey which I'm back on
it, uh, trying to learn a bit ofJapanese.
I'll be there later this year,so I should probably know how to
speak some of it.
It's amazing how much of theWestern words have just been
added in, and just add a littleaccent on it Basket the body you
know Well.
Tim (18:21):
I mean there's a.
It's a verbally what they calla verbally impoverished language
, meaning there's a.
It's a verbally what they calla verbally impoverished language
, meaning there's a.
There's a limited amount ofsounds that you make in in that
language and so, yeah, when theyadapt another language's word,
it has to fit within the youknow the blocks, if you will.
Chris (18:39):
So, yeah, it's interesting anyway, just
everything just sounds kind oflike camel case, like you're
kind of yeah a little bit, I cansee that yeah, okay Coming up
next, so this is interesting too.
Tim (18:53):
We got really some really interesting security focused
articles.
Actually, we found some reallygood stuff this month.
So Google Cloud is now updatingits network security for the
agentic age, so they're not thefirst to do this.
Oracle, apparently, was thefirst to start with what they're
saying is MCP model contextprotocol security integration.
Of course, this article isabout Google, so we're
apparently was the first tostart with.
What they're saying is MCPModel Context Protocol security
(19:13):
integration.
Of course, this article isabout Google, so we're going to
focus there.
I am curious, though.
After this, I'm actually goingto go look up and see what
Oracle did.
But so Google Cloud has revealedquote unquote various AI driven
security features for theplatform, with AI agents and
identity key themes among theseannouncements.
Now, this is really cool.
So they're introducingsomething they're calling
(19:36):
agentic IAM services around AIagents and models.
So something that we've talkedabout a few times, probably on
the podcast, is that this bravenew world of AI lacks a lot of
security controls, and one ofthe biggest ones is this kind of
open standard that is MCP, forexample, or even just AI talking
(20:00):
to systems and this lack ofidentity associated with like,
okay, well, who are you?
Who are you that's reaching outand talking to things?
So this Google Cloud's IAMservice is designed to
automatically provision agenticidentities across all agent
development runtimes whilesupporting a range of
credentials authorizationpolicies has already, like,
(20:30):
taken off this idea of ofhanding essentially not coding,
but like creating via the, theAI, uh, what I would say like
integration, uh, or, or how youinteract with AI.
You're creating these agents togo essentially and giving them
direction and details about whatthey should be able to do, and
they go off and autonomously dothese things, which obviously
(20:55):
causes a huge security problemwhen the agent is able to access
things that maybe the personwho wrote the agent should not
necessarily be able to access,and that's been a problem.
And so Google's idea is we'lldo IAM, which I've never liked
identity management.
But I mean, if you're going todo IAM, which I really I've
never liked, identity service,identity management but I mean,
if you're going to put if you'regoing to do it anywhere, though
(21:17):
.
Agentic IAM is a really goodidea, Right.
So I am curious to see I guessit's going to be.
It's probably going to workjust like IAM does for users,
right, when an agent will haveto adhere, have a policy
attached to it or some kind ofpermissions or something.
And it's not 100% clear in thearticle and again, the articles
(21:37):
in the show notes, like all ofthe articles we cover, are going
to be.
But GCP is using the SecurityCommand Center, the SCC, seeing
new capabilities for MCP as well.
So, remember, MCP is this openstandard of how to AI agents
interact with resources and,like the MCP is kind of a front
(21:57):
end for that, and you know sobecause of the way MCP is built.
It's kind of an open standardand anything open can be
exploited without security.
So it says it doesn't get intovery big much detail in the
article that I've seen Justsaying like, hey, we're
(22:20):
introducing things like datasecurity, posture management,
which you know it's a greatsounding tool, but it doesn't
really get into what it actuallydoes, Things like that about
how it's going to handlesecurity for MCP.
So I think we're really goingto have to see some rubber
meeting the road on how Google'sactually going to do this, but
it is good to see the CSPs youknow, Oracle and now Google are
(22:41):
taking this concept of MCP andagentic AI identity, and
therefore security tied toidentity, more seriously.
Chris (22:50):
Yeah, obviously great step forward, Like we've.
We've.
We've heard the kind ofcriticisms in the market and
we've made jokes on the showabout this.
You know the, the whole, youknow what is the S in MCT stand
for.
It's security type thing, right.
But the thing is, while this isgood, I must say I don't
(23:13):
necessarily love that the onusfor the security is falling to
the provider or kind of the, the, the who's exposing the MCP
here because it's not built intothe protocol, right, like it
sounds like everyone's going tohave potentially their own
implementation, which I willadmittedly know, or admit that I
(23:35):
don't know a ton about MCP andhow it operates under the hood.
I know it's relativelysimplistic, which is kind of
what's good about it.
But the fact that theseproviders are kind of
responsible for integrating thesecurity and you know, identity
has its own kind of quirks aboutit, right.
But the fact that that falls onthem doesn't leave me feeling
(23:57):
warm and fuzzy necessarily.
I'm glad it's there, but Iwonder if we're going to be
looking at these kind of bespokeiterations of it for a while.
Inherently, protocols shouldjust be secure, right?
I mean Kubernetes probably dida great example of this, where
there's this concept ofeverything, should use MTLS.
(24:18):
I know, in production that'snot exactly how that always
operates, but there's inherentsecurity that's at least
encouraged from there.
But MCP we're at this kind ofinfant stage where that's not
even really in the forefront.
It's just like, oh, use it.
It's amazing, blah, blah, blah.
But you know, when we're talkingabout enterprise scale and we
literally just were looking atsomething where, you know, an
(24:41):
LLM prompt was being used toextract data from things like
this, you know what's to say.
This couldn't happen on anagent that has these kind of
temporary credentials as well,right?
So on an agent that has thesekind of temporary credentials as
well, right?
So it's a, it's a great stepforward.
I just wish that someone couldtake a step back at you know
kind of the bigger picture typething and implement security,
(25:02):
which I should probably do alittle more research on, on
whether or not Anthropix lookedat this, cause I know they were
kind of the ones that broughtthis to market.
But yeah, that's my two centsthere.
Yeah, that's fair, all right,next up, we'll make this a quick
one.
We just thought this was kind offunny.
So the Zscaler CEO, jay Chaudhry, has basically made a comment
(25:26):
recently in the public eyetalking about how, you know,
zscaler is obviously very wellknown in the you know sassy
space, sse space, um, ztna typething, um, so they have a very
uh large customer base acrossthe planet, um, and he'd made a
comment about how they wereusing these kind of trillions or
(25:47):
billions of uh customer logs totrain their internal AI models
et cetera.
Right, so that immediately kindof saw major criticisms come in
and request for kind of moreinformation because people
thought they were, you know,having their data being used to
(26:08):
train internal models withoutspecifically I'm assuming giving
what's the word consent to doso.
Right, and then we saw theyimmediately came out and
clarified that customer data isnot used in our AI training,
right, so I imagine the log datathat they're getting, they
probably are putting intosomething, just as probably
Cisco, many, many big vendorsout there Everyone's doing that,
(26:29):
right, putting into somethingjust as probably Cisco, many,
many big vendors out thereeveryone's doing that Right.
But you know, they just forgotto leave out that part where
they they say they scrubbed thedata of any kind of PII or
anything like that.
So these, I feel like you know,the vendors should be able to
use the customer data thatthey're, that they're, I should
say, anonymized customer data,to kind of make the products
(26:52):
better, et cetera.
They just need to kind of becareful around these scenarios,
and we can see here that youknow, when the CEO comes out and
says something and doesn'tclarify, they're immediately
going to get slapped on the hand.
So yeah, I just thought thisone was was kind of funny.
How do you feel, tim?
Tim (27:08):
I mean, yeah, Right.
So so do you remember when youhave to opt in to stuff like
that?
Like you know, yeah, I want youknow, like the little checkbox,
I want my data to be sent toimprove the customer experience
on all these apps and stuff.
My assumption is that that'sjust part of the licensing.
Yeah, that's just part of thelicensing now for these.
(27:29):
I'm sure Cisco's the same.
Like you said, everybody who'staking the data is using it for
something, so there's got to besome legal cover for that.
But I do think it's funny thatthe CEO got on an earnings call
and was talking about how allthese customers are helping us
train our wonderful AI and thenext day they had to issue some
(27:50):
emergency thing saying whoa,whoa thing saying whoa, wait,
we're not using customer data.
We're scrubbing everything.
And it's not, you know, it'sall anonymized metadata.
So, yeah, open mouth, insertfoot there.
Chris (28:04):
Yeah, we all do it sometimes.
I just realized I went out oforder here so I was.
That was supposed to be one ofTim's articles, but that's fine,
I'll roll into the next one andthen we'll.
We'll have Tim round it outwith our with our last one, um.
So this one is um.
I must say this one kind of issad to see, um, a bit of a
(28:27):
bummer Um.
So apparently Avaya um is, ifyou're familiar with Avaya is
typically a unifiedcommunications vendor doing a
lot of you know,telecommunications handsets, you
know conferencing-type products, things like that.
They've apparently told oroffered, quote-unquote everyone
(28:50):
at company a voluntary exitpackage to essentially leave the
company and it sounds likethey're, you know, gearing up
for something, whether that behopefully not something like you
know bankruptcy or something,but I would imagine they're
probably going to get scooped upby another vendor of some sort
and just kind of folded into alarger portfolio.
(29:12):
I say this one's sad becausethis is Avaya, is a kind of a
company that I think of thatlike they just stuck to UC,
right, they were just focused onunified communications.
They never really ventured toofar out.
They probably had otherproducts and you know they
didn't stray too far from that.
I mean, who knows, maybe theyhad stuff that absolutely failed
(29:32):
and fell on its face that Ijust don't know about.
But, um, you know, I was.
I definitely my first jobs, uh,in the tech industry were
working at call centers, and Iwas.
I was on a via handset many,many times in my life.
Um, so this one's just kind of,uh, just kind of sad to see
that we potentially could lose agiant like this.
(29:53):
But what about you, tim?
Did you have any at your callcenter?
Were you using Avaya handsetsor were you using something else
?
Let's see.
Tim (30:00):
I'm trying to remember actually.
So I was for a couple of yearsI worked at Cox Communications
call center in Chesapeake,virginia, as a tier two
high-speed internet rep.
So I don't remember if it wasavaya or not.
It might have been.
It's been so long now that Idon't remember.
But I mean, yeah, avaya is likeone of those uh, you know
(30:22):
household names, if you will,for anybody who's been in the
industry for for a good bit oftime.
And of course they've fallenoff.
You know, they never really got, they never really got into the
as a service business andthat's probably what ended up
killing them because, like allcollab, these days it's pretty
much delivered as a service,right, so it's it is.
I mean, it is what it is, right.
So it's kind of like it feels alittle bit like novell or
(30:44):
something you know, gettinggetting the axe.
Chris (30:48):
It's probably due for it at this time, but but you know
it's just kind of a bummer.
But yeah, so if you're a Gen Zlistener, we used to have these
things that sat on the desk withus.
That were actual telephones.
You'd pick up the handset andpress numbers on it.
It was crazy.
Tim (31:04):
Very archaic.
Yeah, or you'd turn the dial onthe phone.
Chris (31:13):
That was Avaya's fault.
They never released a retrorotary type phone.
Tim (31:18):
Rotary, that was a rotary phone.
Chris (31:20):
That would have brought them back into the limelight.
Tim (31:23):
Yep, it's not too late, guys, it's not too late.
All right, last one, and thisone isn't going to be long at
all.
It's just one of those thingsyou're like okay, because it's
so obvious.
So this one's from Reuters.
Openai has sharply raised itsprojected cash burn through 2029
to $115 billion, as it quoteunquote, ramps up spending to
(31:49):
power the artificialintelligence between behind
popular chatbot, uh, chatgpt.
So this forecast is 80 billiondollars higher than the company
had previously expected.
Um, what do you?
I?
I just, I keep seeing I keepthinking of the sam altman means
which I see all the time.
It's like come on, bro agi isso close.
Just another $80 billion.
(32:11):
What do you want to say there?
Purportedly they'requote-unquote trying to control
sorting costs by developingtheir own data centers, chips
and facilities to power thetechnology.
So I'm curious does this meanthey're getting away from
(32:31):
Microsoft hosting?
Basically at this point, isthat, is it the honeymoon fully
over?
Um, I don't know.
Chris (32:34):
I mean, we're putting all this money into building data
centers, right that's?
Uh.
It would only make sense thatthat they would probably cut out
the middleman, um, to pay forsome of it.
But yeah, it's only 80 billiondollars more than what was
originally projected.
I don't know how you can bethat off, but, um, you know I'll
cut them some slack eventually.
(32:54):
This thing is going to beprofitable, guys.
It's going to be.
It just has to.
Tim (32:58):
Yeah that's the thing, though.
It has to, and, but everybody'slike, oh, it has to, the roi is
coming.
The roi is coming.
I wonder if the roi isn't, likeyou know, one of those long con
things where you you're playingthe game, where you're waiting
for all the people with actualexpertise to like, leave the
workforce and the people thatare left have to rely on ai
(33:19):
because that's what they know,and then you've got a captive
audience like that's the onlyroi I can actually figure, I can
actually see on any kind ofhorizon for this whole thing.
Chris (33:29):
Right thing is too man it's like it's hard to gauge
because obviously me and youwork within the tech sector, so
we're probably a little bit moretapped in than you know kind of
the normal day-to-day consumerof this stuff.
And, um, you know, I mean I'mI'm friends with a lot of people
that you know work.
You know non-tech, normal typejobs and some of them are
(33:49):
artists.
Um, you know non-tech, normaltype jobs and some of them are
artists.
You know things like that.
And I will say, when it comes togenerative AI and kind of the
promises, they fucking hate it,like they despise the shit and
they want it to be eradicated inevery sense of what they do.
(34:10):
So, like you know, I'm kind ofI'm kind of straddling it a bit
where, like I like using it forkind of enhancing what I'm doing
and making it more structuredand helping me get over small
hurdles, but like some peopleabsolutely despise this shit,
man.
So it's really hard to kind ofgauge when, either you know it,
(34:30):
it skyrockets and becomesprofitable or like people just
get so sick of it and like justcompletely turn away from it and
you know, I don't know if we gointo another depression or what
happens, but like fuck man, yougotta do something, because the
the money can't last forever,right?
Tim (34:45):
so at some point you either find yeah, you find the golden
ticket item that ai enables.
That wasn't around before AI,or the whole bubble, or the VC
hype bubble pops, which really,I think, is what's really
happening at the end of it.
We have VCs that hype somethingso that it'll get sold to more
VC.
You know, like it's just like a.
(35:06):
You know it's like it's dildosall the way down.
You know, I don't know what tosay.
So I don't know and I agree, Iwas talking to someone who was I
talking to today about thewhole People are also using the
whole thing wrong too.
Right, like, instead of going tothe cloud and saying, you know,
build me a website or something, what they, you know, do what
(35:27):
AI is really good at, take abunch of data, take, like ai is
really good at, take a bunch ofdata.
Take, like a bunch of documentsand like books and whatever,
and like, feed that to your aiassuming it doesn't already have
it because god knows but uh,and then tell it like, okay,
give me the insights out of itthat, like are useful, so that
I'll have to go read 400 000pages of documents, right, and
(35:47):
then I'll use that and I'll makesomething from, yeah, that
thing that you gave me.
Yeah, I will say.
Chris (35:54):
Just last comment I'll make is um, I did, I was given
to, I was given early access byuh, through an, through an
invite of one of our, one of ourmutual friends, Nick.
Um, I'm not even going to tryto say Nick's last name, he's
from.
Tim (36:07):
Georgia.
Chris (36:08):
Um, not the Georgia in America, the Georgia in Europe,
and his last name is verycomplicated so I won't try to
say that.
But yeah, it gave me an invitecode to Perplexity AI's browser,
which is called Comet, and itbasically it's basically just
like a, almost a wrapper on yourexisting browser that you want
to use and it has the AI agentbuilt in and will kind of scrub
(36:29):
everything.
You did the minimal testingthat I've done so far.
I wanted to find a use case forit.
I did actually, you know, I wasliterally just going to vendor
documentation websites, went towent to Fortinet's, went to
Cisco's, went to a few others,and I was basically just like
pulled up the agent while on thedocs page and it's like help me
configure the dot one X, youknow, on something simple, help
(36:53):
me configure, you know, uh, anAmazon, uh, transit gateway, et
cetera.
Um, the results I got prettygood, not gonna lie.
Um, and if that, if, ifanything, if we get out of this
something that immediatelyscrubs vendor documentation and
gives you a how to, uh, you know, a mop, a method of procedure,
then that's a win.
(37:13):
That's the ROI.
Is there, baby?
We're here.
Tim (37:17):
That's right, we have arrived.
It only took 10, $20 trillion.
Chris (37:21):
Yeah, dude 20 trillion, and I'm, you know, slightly
happier, but you know, all right.
Uh, with that we shouldprobably go ahead and wrap up
and if, if you made it to thispoint in the episode, you must
have enjoyed something.
So we sincerely thank you forlistening.
If you can, please do sharethis with a friend, tell
somebody post about it on socialmedia.
What have you?
(37:41):
Linkedin, twitter, blue Sky,etc.
I must say all the good stuff Isaid about LinkedIn like 6-7
months ago as it being probablythe best social media platform,
it's immediately made me regret,saying that it's all gone to
shit.
Man, it's so bad now.
(38:01):
So you know, post it whereveryou want.
We're still on the hunt forwhat is the best social media
platform.
It seems to change all the time.
But, yeah, you can find us onall the socials, at Cables to
Clouds and with that, we'll seeyou in two weeks with a great
episode on something we don'teven know what it is yet, but
(38:21):
it'll be exciting, it'll belovely, we're so excited.
Tim (38:25):
We'll talk to you next time .
Chris (38:26):
I'm ready See you guys to see this.
Hello everyone and welcome back to another episode
of the Cables to Clouds monthlynews episode.
So basically, if you haven'ttuned into this episode or this
series before, what we do is wekind of go over the I want to
say networking and cloudadjacent news articles, but
we've kind of expanded.
We kind of talk abouteverything that we just find
(00:33):
interesting.
So, yeah, we just kind of getinto the news that has come out
over the last month, you know,briefly cover it and then, you
know, give our opinions if wehave any, which you know, if you
know Tim, he always has some.
So, um, yeah, so let's, uh,let's hop right into it.
My, like I said, my name isChris miles, um, and with me, as
(00:53):
always, is Tim McConaughey, andlet's jump right into the news.
All right, first up, so lastweek we saw a ruling come down,
um, for the, for the federalcourt ruling, which has been
going on for a while in relationto Google.
It was speculated for a whilethat they were going to have to
potentially sell off some of theresources, most notably being
(01:15):
Chrome, which I believe wasrequested by the prosecutors in
this particular case, sayingthat they felt that, you know,
google had violated certainantitrust laws and you know
there was obviously numerousthings in play about them.
You know cutting deals withApple and Samsung to make their
(01:36):
search engine things like thatbe the default piece into their,
you know, smartphones, etcetera.
But we've actually seen theruling come down from the court
that Google will not have todivest and will not have to sell
Chrome, which I think wasrelatively unexpected.
I think we were all kind ofpreparing for what was going to
happen when Chrome was going toget sold off, but apparently
(01:58):
that is not going to happen.
So the adjustment to the rulinghas been that, um, while they
don't have to sell off anyassets like Chrome et cetera,
they are ruling with theprosecutors in the sense that
they are barring the companyfrom entering in or maintaining
any exclusive contacts or uhcontracts sorry relating to the
(02:20):
distribution of its product,including Chrome, google
assistant and Gemini, um,whichini, which they did make
sure that they didn't actuallybar Google from making any
downstream payments or et ceterato distributors of those
products, because I think thereason they did that is in the
longterm, there's a lot ofdistributors that are probably,
(02:42):
let's be honest, only inbusiness because they work with
Google and they get these typeof you know, payments from
Google et cetera, right.
So I think there was going tobe a lot of downstream harm in
that capacity if they kind ofcompletely barred them from
doing anything like that.
And then you know, obviouslythere's.
There's a, notably in thisarticle from the Guardian where
we, where we put this in the theshow notes, there was a lot of
(03:05):
criticism that came in as well,and one of the quotes from the
American Economic LibertiesProject was you don't find
someone guilty of robbing a bankand then sentence him to
writing a thank you note for theloot, which I thought was
pretty funny A quote from NeedyHedge, I believe, who is the
executive director over at theLiberties Project.
(03:25):
So, yeah, very, veryinteresting.
I wonder how this is going toshake down in terms of probably
the most notable thing thatwe'll see as consumers is there
will be a change to what happenson our smartphone.
That will probably startgetting prompted when we first
buy a smartphone or open theopen the uh uh web browser for
(03:47):
the first time and say like oh,you're gonna have to select
which, which search engine youwant to use and you know we'll,
we'll be picking between googleand bing and whatever the hell
else we see come into play here,but, um, yeah, quite
interesting.
Uh, what do you think?
What do you think tim, are you?
Are you bummed about this, oryou did you want Chrome to get
bought up by someone else?
Tim (04:06):
No, it's.
What I think is interesting isthe article covers actually the
a lot more about the, theadvertising stuff, which, of
course, I mean let's be honest,chrome is the point of Chrome is
really about harvesting userdata, browsing habits.
Like that's one of the primaryways in which google gathers
user data for for positioningads.
(04:29):
So and I think that wasactually brought up in the
lawsuit as well like, not only,yeah, they don't have to sell
chrome, but they have to sharesome kind of data or something.
Is that is that?
Is that right?
I think I'm trying to.
I don't want to get my lawsuitsconflated here, but yeah, I
think there's some antitruststuff there, like, for example,
(04:50):
like you said, the not having tosell, or rather, not having
exclusivity from a Chromeperspective.
Chris (04:58):
There's a separate hearing later this year about
the antitrust violations relatedto the monopoly over the
advertising.
Tim (05:05):
But yeah, that is also in contention.
Yeah, so that's what I wasthinking of and, like I said,
chrome at the end of the day isreally a big harvester of user
browsing information.
Right, it's a browser, but italso harvests all that data so
that they can use to target adsand whatnot.
That's kind of how they're big,yeah.
Chris (05:26):
Google's more of an advertising company than a tech
company, in many respects, forsure.
Tim (05:32):
Yeah, no, I can't say I'm that surprised.
I think they were shopping fora buyer.
Actually, I remember seeingmultiple articles where they
were actually trying to getahead of this Google was by
trying to shop for a Chromebuyer.
Where they were actually tryingto get ahead of this Google was
by trying to shop for a Chromebuyer and I don't think anybody
really could have essentiallyafforded or wanted to take on
that, all right.
(05:52):
moving on, there is a newarticle about quote unquote
AI-powered malware that's hit abunch of GitHub accounts in what
they're calling the SingularityAttack.
S and then the number one andthen singularity.
What's interesting into this?
There's a few things that areinteresting about this cyber
attack.
Right, one is that it's an NPMsupply chain attack.
(06:14):
So supply chain attacks meanthat generally, how software is
built is nobody writes code fromzero, right?
People use packages, whetherthey be code, you know code, uh
share packages or like Linuxpackages or whatever.
Nobody really writes from zerotheir own code these days.
So this one's actually in NPMand it's it's a supply chain
(06:37):
attack because the the actual,uh malicious code basically was
was built into this NX, whatthey're calling NX, which I
believe is a build system, anopen source build system.
So this cyber what would youcall it?
(06:57):
Not terrorists, what's the wordI'm looking for?
Chris (06:59):
Cyber criminal organization Threat actor.
Threat actor yeah, yeah, yeah.
Tim (07:04):
Built this supply chain attack and then released it, and
so anybody downstream that wasusing this build this NX for
building their own softwarebasically got a little bit of an
extra file in it calledtelemetryjs, and in this
telemetryjs file was a this iswhere it gets a little weird was
(07:27):
a credential stealer.
So the credential stealer thatpart so far we're still well
within the realm of like normaltype of cyber attacks it's a
credential stealer specificallythat was targeting Linux and Mac
OS systems you know OS systemsjust looking for you know GitHub
(07:48):
tokens, ssh keys, stuff thatyou would have saved locally
onto your you know machine thatyou're going to use to commit
code with crypto wallets, etcetera, et cetera, and it would
steal it and upload it to apublic GitHub repository called
Singularity Repository.
What's interesting is thecredential stealer actually was
using LLM prompts, likeinjections as part of the
credential stealing Basicallytelling an LLM via a prompt like
(08:12):
here's what you need to do tosearch and find these
credentials right.
So, rather than writing, say,python code or whatever,
javascript or whatever it is,it's actually mostly seems like
it's LLM prompting.
That's part of this telemetryjs, so it reaches out to you know,
then the LLM essentially doesthe work of, I guess, of finding
(08:35):
these credentials and doing theactual attack and doing the
upload and whatnot.
So it's very different.
Wiz reported this, by the way,and I actually mentioned that
during the attack the promptcontinued to change, as if the
threat actors were essentiallymodifying the prompt injection
based on what they harvested toimprove the efficacy of the
(09:01):
attack.
So it's really interesting tosee this kind of supply chain
attack essentially, you know,being integrated, or using LLMs
to actually deliver the attackitself.
So really, really interesting.
Yeah, and this article whichyou've got in the show notes
goes over each phase of theattack, but again it stretches
the supply chain.
(09:21):
You know it does the credentialstealing, uploads the
credentials and then theattackers would take the
credentials and actually use itto flip these private repos to
public so that they can stealessentially all the data that
became public.
So when it became public theycould just steal all the data in
those repos.
So really interesting stuff.
Chris (09:43):
Yeah, kind of hard to know from just what's listed on
the article.
But you know, we see that thiswas um an attack that exposed
about 2,100 accounts um and over7,200 repositories across those
accounts.
I'd like to know the numbers on, like, how often the prompt, uh
, the LLM prompt, is what kindof led them down the path?
(10:04):
Well, you know what the what,the attrition prompt is what
kind of led them down the path?
Well, you know what the what,the attrition or success rate
was of that, of that um?
I mean because it likeobviously there would have to be
probably a much smaller portionof those accounts that were
compromised that had these llmtools installed right.
So basically you would have to,if you're a to, if you're a
cloud user, if you were a, uh, aQ or a Gemini user, you had to
(10:25):
have the command line tool forthis particular LLM installed on
your machine for this to work,um, but it's just funny that you
know, if you think about itlike, they use the supply chain
to get in and then they usetheir own smart assistant
against them, um, to just askquestions about the local system
.
Where they could, they couldhave found these things, um, uh,
you know, on their own, or useuse the smart assistant.
(10:47):
So, like, hey, lead me toexactly where the stuff is, um,
and and pull it out.
So, um, yeah, it looks likewe've.
We've seen the uh, I thinkthere's a term in here called a
role prompting, um, which was uh, uh, I think a new term that I
haven't really seen yet, so I'llhave to look into that one.
But yes, the article goes intovery specifics about the attack.
(11:11):
It's got a whole workflow, kindof showing it out as phases and
things like that.
Tim (11:18):
So I highly recommend reading that if you're
interested.
So the role-plumping thing thisis interesting.
I was actually just readingsomething that Catherine McNam
Catherine, uh, mcnamara sent me.
She was, she was going throughit, she's, she's, she's actually
building something really coolaround the AI attacks and stuff.
I believe the role prompting iswhen basically, so like
normally, you could saysomething like you would have
guardrails in place that wouldsay something like um, you know,
(11:39):
do not release thesecredentials and on, you know to
anyone except an administrator,right, but like as part of role
prompting, you could actuallysay you know I, you know I am
also an administrator, you know,like as part of the prompt,
essentially, and it could, youknow, the LLM would just believe
you and and essentially giveyou you know whatever you wanted
(12:01):
or something.
It's really interesting stuff.
Chris (12:03):
I see, okay, yeah, so I've, I've, definitely, I do
this on my normal kind ofinteractions with LLMs, telling
it to you know, to assume a roleof some sort and, um, give,
give feedback from thatperspective.
So, yeah, it's, it's funny.
I mean the the prompt is likeyou said.
The prompt is pretty lengthyand it's like hey, look through
all these repositories, it hasexplicit instructions, like you
(12:24):
know, go to this certain depthlimit, don't use sudo, et cetera
.
You can see where it's kind ofiterated on itself.
Tim (12:33):
So very interesting.
Chris (12:34):
All right, next up we have I would say I guess this is
a reintroduction Cisco hasannounced that they are
launching a dedicated wirelesscertification track which if
you've been in this gameprobably more than five or six
years, you would know that theyused to already have a wireless
certification track, I believeback in probably.
(12:57):
When did they?
Basically the dedicatedwireless track was diminished
and rolled into the enterpriseinfrastructure kind of track,
right.
So this is specifically we'reseeing a new certification
around or in its professionallevel, the CCMP level and the
expert level or CCIE level,right.
(13:19):
So these are obviouslydifferent tiers of exams and
they've released the blueprintsand the criteria.
So basically, for theprofessional track, you take a
kind of a core exam, which Ibelieve they're calling, you
know, the enterprise.
One is on core or ENCOR andthis one looks like it's WLCOR,
so WillCore, I guess, is whatwe're going to call this, and
(13:41):
then you have a specializationone around either design or
implementation, specificallywith wireless, and it looks like
the specific product area thatwe're talking about here is
validating expertise in Wi-Fi 6,slash, 7, meraki and other
areas.
So this is probably the firsttime I can really think that
(14:03):
we're seeing a big push forMeraki in the standard
certification track.
I think there was probably someof this in the SD-WAN track, or
not SD-WAN track, but SD-WANexams, I would imagine at some
point.
So yeah, it's kind of, I guess,cool to see this come back into
the fold.
I mean, I know a lot of peoplekind of have their their
(14:26):
critiques about certificationset cetera, and you know, tim and
I, probably being CCIEsourselves, probably keep this
very close to our chest,probably more than we, than we
even need to in our day to daycareers, et cetera.
But, yeah, cool to see themadding this back.
And how about?
How about that, tim?
Are you going to?
You're studying, right?
Yeah, cool to see them addingthis back.
And, uh, how about, how aboutthat, tim, are you, you're going
(14:46):
to?
You're studying right now,right, you're, you're jumping
right in.
You know it can be CCIEwireless next year, right?
Tim (14:52):
Yeah, totally.
Um.
Well, I mean, I did just goback to Cisco and I am working
in the same business unit whereyou know we've got Meraki, uh
now, and Meraki probably is myweakest of the Cisco routing
switching wireless platforms, somaybe I should there you go.
Yeah, I'm sure they had somekind of Meraki certification.
(15:15):
I mean, they had Merakicertifications before this right
, they definitely was.
Yeah, meraki, yeah yeah, butthey were specifically Meraki
certifications, right?
So this is the first time we'reactually seeing Cisco take a
step towards the trueintegration that they've kind of
, you know, we've kind ofpromised over a long period of
time.
So, and you know I which isexciting to me because I've
(15:36):
always been a proponent that youknow, if you can, if we could
get meaningful integration amongall of the, you know, cisco
portfolio, like meaningful, notnot like you know, uh, small
little customer led things, buttrue integration, like they
would be really, really powerful.
So I'm hopeful that this is agood step in that direction.
(15:58):
Uh, and I'd like to, I'd liketo see more uh of that.
And also, I think, the wireless.
I think there was just too much.
Once you brought Meraki backinto the fold and made it, like
you know, part of the exam, Ithink finally you had enough
material to truly break it outand have it be its own
certification again.
I'm not saying they should haveever changed it, or not?
Right, that wasn't my obviouslyhad nothing to do with that
(16:20):
decision, but maybe the maybethe original feeling was hey,
wireless, you know it doesn'thave enough to stand on its own
as a certification track, andthey were going to roll it all
together to get, you know, toconsolidate the people that were
going to go after tracks, andmaybe now there's enough
material and enough interest touh, to split it back out again.
Chris (16:38):
Yeah, Well, we'll potentially, uh, have an episode
coming up about this topic aswell.
But I mean, like you said, thekind of this is just the cert
track, but you can obviouslyglean a lot about what's
probably going to happen withthe portfolio based on
certification track, right, andif we see this kind of
unification of the portfolio,you know, kind of coming into a
(17:00):
consolidated platform.
As I said, I don't want to gotoo far into it because we'll
probably have an episode comingon this, but there's trade-offs
to that right, there's positives, there's negatives.
For sure there's going to besome hurdles.
But one thing I will say I'mnoticing here is the written
exam, or I guess this would bethe oh, it's still the Encore
(17:21):
exam, I don't know, but anyways,the written version.
For the CCIE Wireless, the newone.
It's only offered in twolanguages currently, tim, and
that's English and Japanese.
So I think this would be agreat opportunity for you to
practice your Japanese bytalking about it.
How much in Japanese can youtalk about RF?
Is that in your portfolio yet?
Tim (17:43):
I have to.
It's funny you say this.
I'm actually building an Ankideck based on technical terms in
Japanese, and 95% of them arejust the English word turned
into the Japanese pronunciations.
So Ethernet is Isanetto.
So yeah there's a lot of that.
Chris (18:03):
Yeah, I will say in my brief journey which I'm back on
it, uh, trying to learn a bit ofJapanese.
I'll be there later this year,so I should probably know how to
speak some of it.
It's amazing how much of theWestern words have just been
added in, and just add a littleaccent on it Basket the body you
know Well.
Tim (18:21):
I mean there's a.
It's a verbally what they calla verbally impoverished language
, meaning there's a.
It's a verbally what they calla verbally impoverished language
, meaning there's a.
There's a limited amount ofsounds that you make in in that
language and so, yeah, when theyadapt another language's word,
it has to fit within the youknow the blocks, if you will.
Chris (18:39):
So, yeah, it's interesting anyway, just
everything just sounds kind oflike camel case, like you're
kind of yeah a little bit, I cansee that yeah, okay Coming up
next, so this is interesting too.
Tim (18:53):
We got really some really interesting security focused
articles.
Actually, we found some reallygood stuff this month.
So Google Cloud is now updatingits network security for the
agentic age, so they're not thefirst to do this.
Oracle, apparently, was thefirst to start with what they're
saying is MCP model contextprotocol security integration.
Of course, this article isabout Google, so we're
apparently was the first tostart with.
What they're saying is MCPModel Context Protocol security
(19:13):
integration.
Of course, this article isabout Google, so we're going to
focus there.
I am curious, though.
After this, I'm actually goingto go look up and see what
Oracle did.
But so Google Cloud has revealedquote unquote various AI driven
security features for theplatform, with AI agents and
identity key themes among theseannouncements.
Now, this is really cool.
So they're introducingsomething they're calling
(19:36):
agentic IAM services around AIagents and models.
So something that we've talkedabout a few times, probably on
the podcast, is that this bravenew world of AI lacks a lot of
security controls, and one ofthe biggest ones is this kind of
open standard that is MCP, forexample, or even just AI talking
(20:00):
to systems and this lack ofidentity associated with like,
okay, well, who are you?
Who are you that's reaching outand talking to things?
So this Google Cloud's IAMservice is designed to
automatically provision agenticidentities across all agent
development runtimes whilesupporting a range of
credentials authorizationpolicies has already, like,
(20:30):
taken off this idea of ofhanding essentially not coding,
but like creating via the, theAI, uh, what I would say like
integration, uh, or, or how youinteract with AI.
You're creating these agents togo essentially and giving them
direction and details about whatthey should be able to do, and
they go off and autonomously dothese things, which obviously
(20:55):
causes a huge security problemwhen the agent is able to access
things that maybe the personwho wrote the agent should not
necessarily be able to access,and that's been a problem.
And so Google's idea is we'lldo IAM, which I've never liked
identity management.
But I mean, if you're going todo IAM, which I really I've
never liked, identity service,identity management but I mean,
if you're going to put if you'regoing to do it anywhere, though
(21:17):
.
Agentic IAM is a really goodidea, Right.
So I am curious to see I guessit's going to be.
It's probably going to workjust like IAM does for users,
right, when an agent will haveto adhere, have a policy
attached to it or some kind ofpermissions or something.
And it's not 100% clear in thearticle and again, the articles
(21:37):
in the show notes, like all ofthe articles we cover, are going
to be.
But GCP is using the SecurityCommand Center, the SCC, seeing
new capabilities for MCP as well.
So, remember, MCP is this openstandard of how to AI agents
interact with resources and,like the MCP is kind of a front
(21:57):
end for that, and you know sobecause of the way MCP is built.
It's kind of an open standardand anything open can be
exploited without security.
So it says it doesn't get intovery big much detail in the
article that I've seen Justsaying like, hey, we're
(22:20):
introducing things like datasecurity, posture management,
which you know it's a greatsounding tool, but it doesn't
really get into what it actuallydoes, Things like that about
how it's going to handlesecurity for MCP.
So I think we're really goingto have to see some rubber
meeting the road on how Google'sactually going to do this, but
it is good to see the CSPs youknow, Oracle and now Google are
(22:41):
taking this concept of MCP andagentic AI identity, and
therefore security tied toidentity, more seriously.
Chris (22:50):
Yeah, obviously great step forward, Like we've.
We've.
We've heard the kind ofcriticisms in the market and
we've made jokes on the showabout this.
You know the, the whole, youknow what is the S in MCT stand
for.
It's security type thing, right.
But the thing is, while this isgood, I must say I don't
(23:13):
necessarily love that the onusfor the security is falling to
the provider or kind of the, the, the who's exposing the MCP
here because it's not built intothe protocol, right, like it
sounds like everyone's going tohave potentially their own
implementation, which I willadmittedly know, or admit that I
(23:35):
don't know a ton about MCP andhow it operates under the hood.
I know it's relativelysimplistic, which is kind of
what's good about it.
But the fact that theseproviders are kind of
responsible for integrating thesecurity and you know, identity
has its own kind of quirks aboutit, right.
But the fact that that falls onthem doesn't leave me feeling
(23:57):
warm and fuzzy necessarily.
I'm glad it's there, but Iwonder if we're going to be
looking at these kind of bespokeiterations of it for a while.
Inherently, protocols shouldjust be secure, right?
I mean Kubernetes probably dida great example of this, where
there's this concept ofeverything, should use MTLS.
(24:18):
I know, in production that'snot exactly how that always
operates, but there's inherentsecurity that's at least
encouraged from there.
But MCP we're at this kind ofinfant stage where that's not
even really in the forefront.
It's just like, oh, use it.
It's amazing, blah, blah, blah.
But you know, when we're talkingabout enterprise scale and we
literally just were looking atsomething where, you know, an
(24:41):
LLM prompt was being used toextract data from things like
this, you know what's to say.
This couldn't happen on anagent that has these kind of
temporary credentials as well,right?
So on an agent that has thesekind of temporary credentials as
well, right?
So it's a, it's a great stepforward.
I just wish that someone couldtake a step back at you know
kind of the bigger picture typething and implement security,
(25:02):
which I should probably do alittle more research on, on
whether or not Anthropix lookedat this, cause I know they were
kind of the ones that broughtthis to market.
But yeah, that's my two centsthere.
Yeah, that's fair, all right,next up, we'll make this a quick
one.
We just thought this was kind offunny.
So the Zscaler CEO, jay Chaudhry, has basically made a comment
(25:26):
recently in the public eyetalking about how, you know,
zscaler is obviously very wellknown in the you know sassy
space, sse space, um, ztna typething, um, so they have a very
uh large customer base acrossthe planet, um, and he'd made a
comment about how they wereusing these kind of trillions or
(25:47):
billions of uh customer logs totrain their internal AI models
et cetera.
Right, so that immediately kindof saw major criticisms come in
and request for kind of moreinformation because people
thought they were, you know,having their data being used to
(26:08):
train internal models withoutspecifically I'm assuming giving
what's the word consent to doso.
Right, and then we saw theyimmediately came out and
clarified that customer data isnot used in our AI training,
right, so I imagine the log datathat they're getting, they
probably are putting intosomething, just as probably
Cisco, many, many big vendorsout there Everyone's doing that,
(26:29):
right, putting into somethingjust as probably Cisco, many,
many big vendors out thereeveryone's doing that Right.
But you know, they just forgotto leave out that part where
they they say they scrubbed thedata of any kind of PII or
anything like that.
So these, I feel like you know,the vendors should be able to
use the customer data thatthey're, that they're, I should
say, anonymized customer data,to kind of make the products
(26:52):
better, et cetera.
They just need to kind of becareful around these scenarios,
and we can see here that youknow, when the CEO comes out and
says something and doesn'tclarify, they're immediately
going to get slapped on the hand.
So yeah, I just thought thisone was was kind of funny.
How do you feel, tim?
Tim (27:08):
I mean, yeah, Right.
So so do you remember when youhave to opt in to stuff like
that?
Like you know, yeah, I want youknow, like the little checkbox,
I want my data to be sent toimprove the customer experience
on all these apps and stuff.
My assumption is that that'sjust part of the licensing.
Yeah, that's just part of thelicensing now for these.
(27:29):
I'm sure Cisco's the same.
Like you said, everybody who'staking the data is using it for
something, so there's got to besome legal cover for that.
But I do think it's funny thatthe CEO got on an earnings call
and was talking about how allthese customers are helping us
train our wonderful AI and thenext day they had to issue some
(27:50):
emergency thing saying whoa,whoa thing saying whoa, wait,
we're not using customer data.
We're scrubbing everything.
And it's not, you know, it'sall anonymized metadata.
So, yeah, open mouth, insertfoot there.
Chris (28:04):
Yeah, we all do it sometimes.
I just realized I went out oforder here so I was.
That was supposed to be one ofTim's articles, but that's fine,
I'll roll into the next one andthen we'll.
We'll have Tim round it outwith our with our last one, um.
So this one is um.
I must say this one kind of issad to see, um, a bit of a
(28:27):
bummer Um.
So apparently Avaya um is, ifyou're familiar with Avaya is
typically a unifiedcommunications vendor doing a
lot of you know,telecommunications handsets, you
know conferencing-type products, things like that.
They've apparently told oroffered, quote-unquote everyone
(28:50):
at company a voluntary exitpackage to essentially leave the
company and it sounds likethey're, you know, gearing up
for something, whether that behopefully not something like you
know bankruptcy or something,but I would imagine they're
probably going to get scooped upby another vendor of some sort
and just kind of folded into alarger portfolio.
(29:12):
I say this one's sad becausethis is Avaya, is a kind of a
company that I think of thatlike they just stuck to UC,
right, they were just focused onunified communications.
They never really ventured toofar out.
They probably had otherproducts and you know they
didn't stray too far from that.
I mean, who knows, maybe theyhad stuff that absolutely failed
(29:32):
and fell on its face that Ijust don't know about.
But, um, you know, I was.
I definitely my first jobs, uh,in the tech industry were
working at call centers, and Iwas.
I was on a via handset many,many times in my life.
Um, so this one's just kind of,uh, just kind of sad to see
that we potentially could lose agiant like this.
(29:53):
But what about you, tim?
Did you have any at your callcenter?
Were you using Avaya handsetsor were you using something else
?
Let's see.
Tim (30:00):
I'm trying to remember actually.
So I was for a couple of yearsI worked at Cox Communications
call center in Chesapeake,virginia, as a tier two
high-speed internet rep.
So I don't remember if it wasavaya or not.
It might have been.
It's been so long now that Idon't remember.
But I mean, yeah, avaya is likeone of those uh, you know
(30:22):
household names, if you will,for anybody who's been in the
industry for for a good bit oftime.
And of course they've fallenoff.
You know, they never really got, they never really got into the
as a service business andthat's probably what ended up
killing them because, like allcollab, these days it's pretty
much delivered as a service,right, so it's it is.
I mean, it is what it is, right.
So it's kind of like it feels alittle bit like novell or
(30:44):
something you know, gettinggetting the axe.
Chris (30:48):
It's probably due for it at this time, but but you know
it's just kind of a bummer.
But yeah, so if you're a Gen Zlistener, we used to have these
things that sat on the desk withus.
That were actual telephones.
You'd pick up the handset andpress numbers on it.
It was crazy.
Tim (31:04):
Very archaic.
Yeah, or you'd turn the dial onthe phone.
Chris (31:13):
That was Avaya's fault.
They never released a retrorotary type phone.
Tim (31:18):
Rotary, that was a rotary phone.
Chris (31:20):
That would have brought them back into the limelight.
Tim (31:23):
Yep, it's not too late, guys, it's not too late.
All right, last one, and thisone isn't going to be long at
all.
It's just one of those thingsyou're like okay, because it's
so obvious.
So this one's from Reuters.
Openai has sharply raised itsprojected cash burn through 2029
to $115 billion, as it quoteunquote, ramps up spending to
(31:49):
power the artificialintelligence between behind
popular chatbot, uh, chatgpt.
So this forecast is 80 billiondollars higher than the company
had previously expected.
Um, what do you?
I?
I just, I keep seeing I keepthinking of the sam altman means
which I see all the time.
It's like come on, bro agi isso close.
Just another $80 billion.
(32:11):
What do you want to say there?
Purportedly they'requote-unquote trying to control
sorting costs by developingtheir own data centers, chips
and facilities to power thetechnology.
So I'm curious does this meanthey're getting away from
(32:31):
Microsoft hosting?
Basically at this point, isthat, is it the honeymoon fully
over?
Um, I don't know.
Chris (32:34):
I mean, we're putting all this money into building data
centers, right that's?
Uh.
It would only make sense thatthat they would probably cut out
the middleman, um, to pay forsome of it.
But yeah, it's only 80 billiondollars more than what was
originally projected.
I don't know how you can bethat off, but, um, you know I'll
cut them some slack eventually.
(32:54):
This thing is going to beprofitable, guys.
It's going to be.
It just has to.
Tim (32:58):
Yeah that's the thing, though.
It has to, and, but everybody'slike, oh, it has to, the roi is
coming.
The roi is coming.
I wonder if the roi isn't, likeyou know, one of those long con
things where you you're playingthe game, where you're waiting
for all the people with actualexpertise to like, leave the
workforce and the people thatare left have to rely on ai
(33:19):
because that's what they know,and then you've got a captive
audience like that's the onlyroi I can actually figure, I can
actually see on any kind ofhorizon for this whole thing.
Chris (33:29):
Right thing is too man it's like it's hard to gauge
because obviously me and youwork within the tech sector, so
we're probably a little bit moretapped in than you know kind of
the normal day-to-day consumerof this stuff.
And, um, you know, I mean I'mI'm friends with a lot of people
that you know work.
You know non-tech, normal typejobs and some of them are
(33:49):
artists.
Um, you know non-tech, normaltype jobs and some of them are
artists.
You know things like that.
And I will say, when it comes togenerative AI and kind of the
promises, they fucking hate it,like they despise the shit and
they want it to be eradicated inevery sense of what they do.
(34:10):
So, like you know, I'm kind ofI'm kind of straddling it a bit
where, like I like using it forkind of enhancing what I'm doing
and making it more structuredand helping me get over small
hurdles, but like some peopleabsolutely despise this shit,
man.
So it's really hard to kind ofgauge when, either you know it,
(34:30):
it skyrockets and becomesprofitable or like people just
get so sick of it and like justcompletely turn away from it and
you know, I don't know if we gointo another depression or what
happens, but like fuck man, yougotta do something, because the
the money can't last forever,right?
Tim (34:45):
so at some point you either find yeah, you find the golden
ticket item that ai enables.
That wasn't around before AI,or the whole bubble, or the VC
hype bubble pops, which really,I think, is what's really
happening at the end of it.
We have VCs that hype somethingso that it'll get sold to more
VC.
You know, like it's just like a.
(35:06):
You know it's like it's dildosall the way down.
You know, I don't know what tosay.
So I don't know and I agree, Iwas talking to someone who was I
talking to today about thewhole People are also using the
whole thing wrong too.
Right, like, instead of going tothe cloud and saying, you know,
build me a website or something, what they, you know, do what
(35:27):
AI is really good at, take abunch of data, take, like ai is
really good at, take a bunch ofdata.
Take, like a bunch of documentsand like books and whatever,
and like, feed that to your aiassuming it doesn't already have
it because god knows but uh,and then tell it like, okay,
give me the insights out of itthat, like are useful, so that
I'll have to go read 400 000pages of documents, right, and
(35:47):
then I'll use that and I'll makesomething from, yeah, that
thing that you gave me.
Yeah, I will say.
Chris (35:54):
Just last comment I'll make is um, I did, I was given
to, I was given early access byuh, through an, through an
invite of one of our, one of ourmutual friends, Nick.
Um, I'm not even going to tryto say Nick's last name, he's
from.
Tim (36:07):
Georgia.
Chris (36:08):
Um, not the Georgia in America, the Georgia in Europe,
and his last name is verycomplicated so I won't try to
say that.
But yeah, it gave me an invitecode to Perplexity AI's browser,
which is called Comet, and itbasically it's basically just
like a, almost a wrapper on yourexisting browser that you want
to use and it has the AI agentbuilt in and will kind of scrub
(36:29):
everything.
You did the minimal testingthat I've done so far.
I wanted to find a use case forit.
I did actually, you know, I wasliterally just going to vendor
documentation websites, went towent to Fortinet's, went to
Cisco's, went to a few others,and I was basically just like
pulled up the agent while on thedocs page and it's like help me
configure the dot one X, youknow, on something simple, help
(36:53):
me configure, you know, uh, anAmazon, uh, transit gateway, et
cetera.
Um, the results I got prettygood, not gonna lie.
Um, and if that, if, ifanything, if we get out of this
something that immediatelyscrubs vendor documentation and
gives you a how to, uh, you know, a mop, a method of procedure,
then that's a win.
(37:13):
That's the ROI.
Is there, baby?
We're here.
Tim (37:17):
That's right, we have arrived.
It only took 10, $20 trillion.
Chris (37:21):
Yeah, dude 20 trillion, and I'm, you know, slightly
happier, but you know, all right.
Uh, with that we shouldprobably go ahead and wrap up
and if, if you made it to thispoint in the episode, you must
have enjoyed something.
So we sincerely thank you forlistening.
If you can, please do sharethis with a friend, tell
somebody post about it on socialmedia.
What have you?
(37:41):
Linkedin, twitter, blue Sky,etc.
I must say all the good stuff Isaid about LinkedIn like 6-7
months ago as it being probablythe best social media platform,
it's immediately made me regret,saying that it's all gone to
shit.
Man, it's so bad now.
(38:01):
So you know, post it whereveryou want.
We're still on the hunt forwhat is the best social media
platform.
It seems to change all the time.
But, yeah, you can find us onall the socials, at Cables to
Clouds and with that, we'll seeyou in two weeks with a great
episode on something we don'teven know what it is yet, but
(38:21):
it'll be exciting, it'll belovely, we're so excited.
Tim (38:25):
We'll talk to you next time .
Chris (38:26):
I'm ready See you guys to see this.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.