Friday, April 18, 2025 — Meeting Recap

Dance, Tesla, and Hospitality Discussion

In the meeting, Shawn discussed various topics including a strong dance, a picture, and a train rolling in. He also mentioned a ticket to ride and a body set the floor. There was a discussion about a Tesla and its safety concerns, with some participants expressing their dissatisfaction with Elon Musk's handling of the issue. The meeting also touched on the topic of hospitality, with a mention of Greece. Towards the end, there was a conversation about a project involving a couple of guys from England.

Vulnerability Finders Share Bounty Experiences

In the meeting, Shawn welcomed everyone and introduced the special guests, Dustin and his daughters, Camille and Corinne, who are security vulnerability finders. The daughters shared their experiences of finding vulnerabilities in Google's Android Family Link and Google Chrome Chromecast, which led to them receiving bounties. They discussed their plans for investing the money and their future career aspirations. The conversation ended with a discussion about sending the daughters some swag as a token of appreciation.

AI Security Risks and Vulnerabilities

The group discusses their experiences with accidental hacking and early internet vulnerabilities. Tyler shares a story from their youth about unintentionally crashing a hosting provider by collecting passwords. Shawn recalls accessing the DMV database without authentication in the early days of networking. The conversation then shifts to the security challenges of AI agents and the Model Context Protocol (MCP). Tyler expresses concerns about machine identities having broad access, while Jay highlights the lack of centralized security standards for MCP. The group agrees that agentic AI poses significant risks, including potential data leaks and unauthorized changes to systems.

AI and LLMs in Security

In the meeting, Neil expressed his skepticism about the effectiveness of AI and LLMs, stating that he has yet to find one that is accurate and insightful enough to use. He questioned where others in the security space were finding LLMs that actually worked. Shawn shared his positive experience with an AI tool in the Whiz platform that provides a summary of an incident, which he found useful. Philippe discussed the potential dangers of LLMs reasoning over multiple tools and their ability to automate tasks. Tyler shared their experience with using LLMs at AWS to generate infrastructure as a code for simulation environments, which provided value by predicting attacker patterns and helping teams understand their behavior.

AI Surveillance and Marketing Acronyms

In the meeting, Ben discussed the use of AI for video surveillance, highlighting its ability to identify trespassers and deter them without human intervention. He also mentioned the potential for AI to search through recorded video and show specific events. Chris then opened the floor for new attendees to introduce themselves, with Marcello from Sailpoint joining the group. Paul expressed his concerns about the overuse of marketing terms and acronyms in the industry, while Tyler shared their perspective on the relationship between company size and the use of acronyms. The group also discussed the challenges of understanding new terms and the importance of learning in a no-dumb-question zone.

Developer Access to Security Tools

The group discusses various approaches to providing developers access to security tools and information. Shawn notes a trend of companies giving developers direct access to security platforms through role-based controls, citing examples of large organizations implementing this approach. Jay and Neil highlight the challenges of managing access for large numbers of users and the emergence of tools that aggregate data from multiple security platforms. The conversation also touches on early experiences with programming and hacking, with participants sharing anecdotes from their youth.