669: Adam Engst (TidBITS): Slack Impersonation Malware, Anthropic's Mythos, and Why You Need a Personal AI Defender

Adam Engst (TidBITS) discusses a malware incident in a long-running public “Slack Bits” group where a bad actor impersonated Glenn Fleishman via a duplicate Slack display name, tricking him into downloading an info-stealer, prompting Engst to consider shutting down the 1,400-member community. The conversation shifts to Anthropic’s Mythos and Project Glasswing (as covered by TidBITS security editor Rich Mogull), which reportedly found long-standing bugs (including in OpenBSD and FFmpeg), raising concerns about AI-accelerated vulnerability discovery, defender/attacker asymmetries, costs and compute barriers, and impacts on zero-day markets. They also cover Apple’s iOS signing and update/upgrade distinctions, why Apple supports macOS differently than iOS, broader distrust in institutions, social media’s advertising/algorithm problems (including Section 230), bots and AI-driven phishing, and the idea of local, user-controlled AI agents to help protect individuals online.

00:00 Welcome Back Adam Engst

00:20 Slack Impersonation Scare

02:15 Cleaning Up a Public Slack

03:40 Mythos and Glasswing Explained

05:19 AI Bug Hunting Reality Check

08:25 Red Team Blue Team Asymmetry

09:50 Compute Costs and Access Barriers

12:19 Trust Ethics and Regulation

17:50 Personal AI Security Agents

23:34 Zero Day Markets and Exploit Kits

25:40 iOS Signing and Update Windows

27:13 Why Macs Get Longer Support