Researchers just found thousands of AI-built apps leaking medical records, financial data, and customer PII straight to the open internet. The scary part isn't that AI writes code — it's that it writes code just well enough that nobody asks questions.Frank Downs and Dustin Brewer break down the hidden cost of vibe coding: insecure-by-default software shipped to production, AI tools replacing the junior developers who'd grow into the people who fix it, and AI quietly wired into services you never consented to — including a dentist's chair that records every cleaning and sends it to an insurance-linked system.AI learned security from us. And we were never good at it.🎙️ Listen: https://legitimatecybersecurity.podbean.com/📩 Media/interview: admin@legitimatecybersecurity.comHosted by Frank Downs and Dustin Brewer.Chapters:00:00 The code works — that's the problem01:24 "Do you consider yourself a coder?"03:15 What AI actually learned to copy (us)04:58 Vibe-coded tools running in production05:19 3,380 exposed apps, 5,000 data leaks07:56 Who fixes it when the cyber team finds holes?08:26 The $1.5M QA cut that cost $6M09:35 AI talking to AI: nobody reads the code15:21 "Your password is God" — security never changed16:27 Should AI touch the live service?17:48 The dentist chair that records everything21:00 Where the line actually is (help desk vs. prod)24:20 AI monitoring employees & the gold-standard trap28:23 Always-on "streaming AI" is 5 years out29:25 The coming AI caste system30:34 Adversaries already use it (the Lego propaganda)33:14 We're about to lose every junior analyst40:15 The Twitter "efficiency" parallel41:35 Keep on cybering#vibecoding #cybersecurity #aisecurity #dataprivacy #shadowit #infosec #aitools #privacy #devsecops #surveillance

AI companies are running out of easy data — and the next target may be your private files, calendars, medical records, photos, and desktop activity.AI pioneer Dr. Jonathan Schaeffer joins Frank Downs and Dustin Brewer to explain why today’s AI tools are powerful, flawed, and increasingly hungry for personal data.In this episode of Legitimate Cybersecurity, Frank and Dustin talk with Dr. Jonathan Schaeffer, University of Alberta Professor Emeritus, AI pioneer, AAAI Fellow, entrepreneur, and founder of Synsara.They discuss why today’s chatbot boom is not the AI future many researchers imagined, why “hallucination” is the wrong word for AI errors, how AI companies depend on more and more data, and why desktop AI tools may create a new privacy boundary problem.The conversation also covers AI bias, manipulation, private data, local AI, regulation, data centers, environmental costs, and why solving AI’s safety and privacy problems should matter before the race to AGI gets even faster. Dr. Schaeffer’s key warning is that current AI systems do not understand the consequences of their answers, yet people increasingly treat them like trusted authorities.Media/interview: admin@legitimatecybersecurity.comAudio: https://legitimatecybersecurity.podbean.com/Chapters:00:00 — AI’s privacy problem is getting bigger01:27 — Jonathan Schaeffer’s AI origin story03:29 — Beating humans at checkers before Deep Blue05:48 — Why modern AI feels like the wrong future07:50 — Why “hallucination” is the wrong word09:01 — How “chat” created false trust10:32 — AI does not understand consequences13:52 — Why AI companies are desperate for data15:12 — Your private files are the real gold mine16:32 — The hidden cost of “free” AI tools20:44 — AI wants access to your desktop22:50 — The safety, security, and privacy problem24:05 — The AGI race is moving faster than safeguards27:07 — Why Jonathan built private local AI tools30:59 — The security risk nobody talks about32:31 — Why AI systems need audits34:21 — When AI answers become manipulation39:13 — Influence, rage content, and algorithmic persuasion42:21 — Why AI regulation cannot keep up46:05 — Canada’s failed attempt to regulate AI50:40 — Is it already too late?55:16 — What polar exploration teaches us about AI risk59:39 — Data centers, power, water, and responsibility1:03:18 — Jonathan’s life advice: fun beats money#ArtificialIntelligence#AIPrivacy#Cybersecurity#DataPrivacy#ChatGPT#AISafety#Privacy#TechPolicy#LegitimateCybersecurity#Synsara

Your ex may still have access to your accounts, your phone, or your private life — even after you changed your password.This episode explains how cyberstalking hides inside logged-in devices, shared biometrics, old account access, and security questions people close to you already know.On this episode of Legitimate Cybersecurity, hosts Frank Downs and Dr. Dustin Brewer break down real cyberstalking cases involving toxic exes, stolen images, account impersonation, hidden device access, and the overlooked settings that keep people exposed.Most people think the danger is “getting hacked.”But in toxic relationships, the real danger is often simpler: someone close to you already had the key.Frank and Dustin explain:Why changing your password may not log someone outHow old devices can stay connected to your accountsWhy shared phones, laptops, and biometrics create riskHow security questions can be abused by people who know youWhat warning signs suggest someone may be monitoring youWhere to get professional help if this is happening to youThis episode is part of our cyber safety series for people dealing with toxic relationships, stalking, harassment, and digital abuse.Media/interview: admin@legitimatecybersecurity.comAudio: https://legitimatecybersecurity.podbean.com/Chapters:00:00 — Your Ex, Walmart, or the State Agency Problem00:51 — Why Cyberstalking Is Now Everyday Life01:27 — Case 1: She Changed Her Password, But He Stayed Logged In03:39 — Why “Logged-In Devices” Are So Hard to Read05:20 — Don’t Share Accounts in Relationships07:28 — The Netflix / Hotel TV Problem08:20 — Why Access Tokens Keep People Logged In10:21 — Marriott, Hotel TVs, and Automatic Logouts11:41 — Case 2: Private Images Posted for 14 Years13:36 — The Law Slowly Caught Up14:41 — Photos, Trust, and Digital Leverage16:32 — Treat Your Phone Like a Toothbrush17:43 — Red Flags: When They Know Things They Shouldn’t20:20 — Case 3: He Added His Thumbprint to Her Phone22:28 — Why Biometrics Can Become Relationship Risk23:31 — Used Phones, Forensics, and Hidden Data28:27 — Don’t Let Someone Else Use Your AI Either30:49 — Security Questions Are Broken32:08 — Personal Cyber Hygiene Checklist34:18 — One Year of Legitimate Cybersecurity34:53 — Where to Get Real Help35:46 — Keep on Cyberin’#cyberstalking #cybersafety #digitalsafety #toxicrelationships #onlineprivacy #phonesecurity #cybersecurity #domesticabuseawareness #dataprivacy #legitimatecybersecurity

One could be hidden in your car, purse, luggage, or jacket — and it may cost less than dinner.Bluetooth trackers were built to find lost keys, but they can also turn nearby phones into a surveillance network.In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dr. Dustin Brewer break down how AirTags, Tile trackers, Samsung SmartTags, Find My-compatible devices, and other Bluetooth beacons can be abused for stalking, theft, and surveillance.They explain why these devices do not “call home” like GPS trackers, how nearby phones quietly report their location, why some safety alerts can fail, and what to do if you suspect someone is tracking you.This episode also covers real-world cases involving hidden trackers, vehicle sweeps, modded AirTags, stalkerware, smart clothing, and the broader problem of everyday devices becoming personal surveillance infrastructure.If you think you may be in danger, contact professionals who can help:National Domestic Violence Hotline: 1-800-799-7233Coalition Against Stalkerware: StopStalkerware.orgOperation Safe Escape: SafeEscape.orgMedia/interview: admin@legitimatecybersecurity.comAudio: https://legitimatecybersecurity.podbean.com/Chapters:0:00 — A $29 tracker could be on you0:46 — Why Bluetooth trackers changed personal safety2:55 — How AirTags actually track location5:18 — Why abusers use trackers instead of GPS7:18 — AirTags, Find My, and Apple’s safety alerts10:04 — Tile trackers and the limits of smaller networks11:38 — Samsung SmartTags and smart home tracking13:07 — Modded trackers and the speaker loophole14:31 — The ethics of tiny surveillance devices18:48 — Cars, phones, and surveillance double standards22:33 — Real cases where trackers led to violence24:27 — Pattern-of-life tracking in the real world26:48 — Flipper Zero, Bluetooth footprints, and NFC risks33:12 — What to do if you think you’re being tracked34:00 — Where to search your car for hidden trackers35:37 — Behavioral signs someone may be monitoring you37:23 — Smart clothing and Bluetooth tracking risks39:41 — Resources for stalking and domestic violence help41:09 — Final thoughts#cybersecurity #airtag #BluetoothTracking#digitalprivacy #Stalkerware#personalsafety #surveillance #smartdevices #legitimatecybersecurity

Gloria Globman — CTO of Acclaimed Technical Services, former Senior Cyber Advisor at the US Embassy in Tokyo, US Navy veteran, and Presidential Rank Award recipient — joins Frank Downs and Dustin Brewer to translate what's really happening on your home network. Every smart device is a tiny computer with a camera, a microphone, and an internet connection, constantly talking to its manufacturer, the cloud, and other devices on your Wi-Fi. Many of them will never be patched again. Some of the manufacturers don't even exist anymore.In this episode we cover why mid-sized companies keep underfunding security until it's too late, how AI tools like Mythos and Zealot are compressing the patch window to almost nothing, why the upcoming TP-Link ban probably won't save you, and the simple home-router moves that actually do.If you've ever brought a personal phone onto the work Wi-Fi, set up a smart camera you've stopped thinking about, or assumed "the cloud" means it's somebody else's problem — this one is for you.🎙 Listen to the audio version: https://legitimatecybersecurity.podbean.com/📩 Media / interview requests: admin@legitimatecybersecurity.com👥 Hosts: Frank Downs and Dustin Brewer🎤 Guest: Gloria Globman, CTO, Acclaimed Technical ServicesChapters:00:00 The IoT problem nobody locks down00:36 Meet Gloria Globman — Tokyo, the IC, and 20 years of cyber02:10 Your smart devices are unlocked front doors03:51 Cognitive offloading: convenience until it isn't04:42 The aquarium that hacked a casino (MGM)05:17 Are IoT devices just printers 2.0?06:14 When personal phones meet corporate Wi-Fi08:35 Work moved home — security posture didn't09:19 Mid-sized companies and the 15–20% rule10:16 Why "not sexy" budgets keep getting cut11:24 Highest-impact moves: zero trust, segmentation, encryption12:16 Patch, patch, patch — and why AI changed the timer12:39 Mythos vs. Zealot: orchestrated AI attacks16:09 Microsegmentation for your actual house17:39 Why companies embrace BYOD anyway18:48 Why VDI never quite won22:18 Risk transference dysmorphia: "it's the cloud's problem"22:53 Botnets, dead routers, and the FBI cleanup23:24 Goodbye TP-Link — security move or theater?26:25 What the average person should actually do tonight28:21 Password managers, quantum, and MFA29:44 Gloria's one piece of life advice#cybersecurity #iotsecurity #smarthome #zerotrust #byod #HomeNetworkSecurity #infosec #dataprivacy #patchtuesday #legitimatecybersecurity

AI is no longer just answering prompts — it is imitating dead relatives, profiling shoppers, and helping companies decide what people pay.That matters because the same hidden data systems behind convenience can reshape grief, prices, privacy, work, and trust without clear consent.In this episode of Legitimate Cybersecurity, Frank Downs and Dr. Dustin Brewer break down a disturbing wave of AI and surveillance stories: AI avatars of deceased loved ones, Maryland’s move against surveillance pricing, Washington’s restrictions around public access to ALPR data, Virginia’s precise geolocation data ban, deepfake CEO scams, remote hiring impersonation, and employee webcam monitoring.The big question: When AI can imitate people, price you individually, and watch you at work, what does consent even mean anymore?Media/interview: admin@legitimatecybersecurity.comAudio: https://legitimatecybersecurity.podbean.com/Chapters:00:00 — AI avatars of dead loved ones01:19 — Grief, deception, and consent02:48 — When an AI “person” is not really a person04:00 — Frank’s Afghanistan story and withheld grief07:14 — The problem with resurrecting people through AI09:16 — AI ghosts, Benjamin Franklin, and Disney presidents10:58 — Maryland moves against surveillance pricing12:37 — When dynamic pricing becomes predatory14:38 — Market pricing vs. personal profiling15:35 — Washington limits access to ALPR data18:10 — Virginia bans precise geolocation data sales21:30 — Location data, pricing, and individual targeting22:56 — Deepfake CEO scams and wire-transfer fraud24:17 — The “three-finger test” for deepfakes26:04 — Remote hiring scams and AI impersonation28:23 — Laptop farms, proxies, and scam infrastructure29:56 — Employee webcam and microphone monitoring34:30 — Final thoughts: stay dressed at work#ai #cybersecurity #privacy #surveillance #dataprivacy #Deepfakes#geolocation #SurveillancePricing#remotework #legitimatecybersecurity

A new AI is being framed as a tool that can find zero-days fast and even “hack its way out” of containment.If that claim is real, defenders, developers, and everyday users are about to feel the consequences.On this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer are joined by Jason Casey, CEO of Beyond Identity, to break down the panic around Anthropic’s “Mythos” discussion, what AI can actually do for offense and defense, and where the marketing may be outrunning the real-world risk.They dig into whether this is a true cybersecurity turning point, or the latest example of the industry turning fear into momentum. They also explore how AI is already reshaping blue team work, governance, detection, and security operations.Plus: hacked smart vacuums, trackable e-ink nails, wearable surveillance, and why convenience keeps creating new attack surfaces nobody asked for.Media/interview: admin@legitimatecybersecurity.comAudio: https://legitimatecybersecurity.podbean.com/Chapters:00:00 The new AI panic begins00:59 What “Mythos” is supposed to do02:17 Is this a real threat or brilliant marketing?07:12 Will this change security budgets and priorities?10:11 Why cybersecurity leaders amplify moments like this13:58 How AI actually helps blue teams21:49 Rules, patterns, and better AI detection23:59 The idea of an AI “security factory”31:50 Beyond Identity’s new governance layer35:30 Hacked vacuums, smart nails, and wearable tracking45:00 Final takeaways#legitimatecybersecurity #artificialintelligence #cybersecurity #anthropic #claude #aisecurity #zerodayjay #blueteam

A new lawsuit alleges LinkedIn may have been collecting data from inside users’ browsers in ways most people never expected.If that is true, this is not just normal tracking. It is a much more invasive look into how websites can profile you behind the scenes.In this episode of Legitimate Cybersecurity, Frank Downs and Dustin Brewer break down the class-action allegations against LinkedIn, explain browser extension detection in plain English, and talk about why so many people are fed up with paying for platforms that still treat their identity like a product. They also walk through what this kind of tracking could reveal about you, why regulation keeps falling behind, and what everyday users can do right now to limit exposure online.📩 Media/interview: admin@legitimatecybersecurity.com🎧 Audio: https://legitimatecybersecurity.podbean.com/Chapters:00:00 LinkedIn is spying on you?00:37 What this new lawsuit actually alleges01:34 Why this one feels different03:32 Why people are so fed up with LinkedIn06:04 What websites can already learn about you08:23 How browser extension detection works10:13 Why this feels so invasive14:51 What you can do to protect yourself18:11 Browser vs app: which gives companies more access?20:46 Consent, ethics, and hidden tracking26:56 Will regulation ever catch up?28:15 Final thoughts#linkedin #privacy #BrowserTracking #cybersecurity #dataprivacy #onlinetracking #surveillance #digitalprivacy #technews #legitimatecybersecurity