Won’t Fix Episode 7: With Jeremy Philip Galen of Charlemagne Labs

Won’t Fix Episode 7: With Jeremy Philip Galen of Charlemagne Labs

My guest today is Jeremy Galen, founder of Charlemagne Labs. Jeremy spent twelve years at Meta working in privacy, safety, and security — most recently five years as a product manager in trust and safety, focused on machine-learning content enforcement, account access, impersonation, and plagiarism. He left to start Charlemagne Labs, a New York startup building what he calls a "digital bodyguard" — an on-device AI assistant, Agent Charley, that steps in before a worker clicks a dangerous link or pastes sensitive data into a chatbot. The company's research recently landed in Meta's safety report for its frontier model, Muse Spark, where Charlemagne's benchmark measured how capable leading AI models are at multi-turn social engineering. His core argument is that the old "think before you click" model of security is broken, and that risky digital behavior should be treated less like a moral failure and more like a public-health and system-design problem. Learn more about Jeremy and the company at https://charlemagnelabs.ai/ [https://charlemagnelabs.ai/] Listeners who sign up for the Pro plan can get 6 months for free if they use the promo code ROB2026. Key Highlights: * Selling consumer security software is a non-viable market because consumers buy what they want, while businesses buy what they need. * The open internet operates as an active battlefield where users face direct threat vectors from sophisticated foreign adversaries. * Falling for social engineering scams is entirely situational, rather than a reflection of an individual's intelligence. * Real-time, automated AI interventions are far more effective at enforcing digital hygiene than relying on static digital literacy training. * Over 90% of modern cybersecurity incidents originate from human risk vectors where an individual is directly targeted or manipulated. Chapter Timestamps: 00:00 Introduction and Guest Background 1:02 Career Transition and Startup Journey 2:33 Consumer vs. Business Security Market Analysis 3:56 Personal Motivation and Scam Prevalence 5:09 Social Engineering Sophistication and Victim Blaming 8:01 Big Tech vs. Startup Challenges 13:59 Fundraising Reality and Survivor Bias 18:05 Digital Hygiene and AI-Powered Protection 22:06 Privacy-First Architecture and Local Models 28:18 Democratizing Security and Luxury Concerns 31:59 Meta Collaboration and Industry Standards 35:16 Founder Advice and Problem Selection 38:08 Company Information and Target Market Resources & Links: Rob Leathern (https://www.linkedin.com/in/leathern/ [https://www.linkedin.com/in/leathern/])

Won't Fix Episode 6: With Tate Jarrow, Founder & CEO of Rebound

Tate Jarrow is the Founder and CEO of Rebound (https://trustrebound.com [https://trustrebound.com/]), a consumer anti-scam company. Before founding Rebound, Tate was an Army infantry officer and Airborne Ranger, and then a Special Agent at the U.S. Secret Service. At Google, he helped start a company called Beacon through the Area 120 incubator, which was then acquired into Google One. Key Highlights: * What Rebound is building: "Antivirus but for scams" — software that sits on a user's device across macOS, Windows, iOS, and Android, sees what the user sees, and alerts when it detects an inbound scam. Currently in alpha, heading into paid beta within the month, with general availability targeted for summer. * Why now: Normal people have zero real defense against scams. Law enforcement don't have resources for individual cases, and platforms are hard to reach for recovery. Existing consumer cybersecurity is rooted in 20-year-old problems (antivirus, credit monitoring) and isn't built for AI-powered, personalized, scaled attacks. * “You can't arrest your way out of cybercrime”: Cyber criminals run transnational organizations as businesses with P&Ls, so the real lever is changing the economics. * Google: Tate started in legal/investigations chasing cybercrime actors on Google platforms, got frustrated by the gap between business incentive and what could actually be done. Two of his Area 120 teammates are now on the Rebound team. * Scam overconfidence: Tate shares that a GASA study found the #1 predictor of being scammed is confidence that you can spot one — overconfidence is the actual risk factor. Every demographic gets hit. * Regulation and data: US regulation is 20 years behind. The real risk now is social engineering powered by leaked addresses, phones, emails, and contacts. He wants companies held accountable for the social engineering risk they create, not just PII in the narrow legacy sense. * "Caring guardians": People in tech are the de facto security help desk for their parents, friends, and families. Rebound is building features so a tech-savvy family member can have visibility into risk across the people they care about — plus in-app trust verification (one-click identity check) for the "is this actually my friend messaging me?" problem. Chapter Timestamps: 00:00 Introduction and Background 1:26 Rebound's Mission and Product Overview 3:39 Technical Implementation and Current Status 4:45 Motivation Behind Consumer Protection Focus 7:45 Google Journey and Area 120 Experience 14:59 Law Enforcement Perspective on Cybercrime 18:30 Evolution of Cybercriminal Organizations 21:07 Current State of Consumer Protection 30:04 Regulatory Environment and Government Role 37:25 Community Protection and Cross-Platform Challenges 43:00 Product Vision and Future Plans Resources & Links: Rebound (https://trustrebound.com [https://trustrebound.com/]) Tate Jarrow (https://www.linkedin.com/in/tatejarrow/ [https://www.linkedin.com/in/tatejarrow/]) Rob Leathern (https://www.linkedin.com/in/leathern/ [https://www.linkedin.com/in/leathern/])

Won't Fix Episode 5: With Platformocracy's Jonathan Bellack

Jonathan spent thirty years inside the machine — product leadership at DoubleClick, executive roles at Google, and a founding role at Harvard's Applied Social Media Lab. A year ago, Jonathan started writing Platformocracy, a newsletter with a simple, uncomfortable thesis: tech companies didn't set out to govern us, but they do now. Billions of people are subject to rules they didn't vote for, enforced by systems they can't see, with no meaningful right of appeal — built, in many cases, by people who genuinely wanted to do the right thing. We talk about how that happened, what it looks like from the inside, and the question that may define the next five years: what happens when AI floods every platform with infinite synthetic content, and the only thing standing between us and the noise is an algorithm the noise was engineered to exploit? Key Episode Takeaways: * The Governance Illusion: Tech platforms have evolved into unelected global governments that impose top-down rules on billions of users who have zero democratic input or meaningful right of appeal. * The Category Mistake: Treating platforms strictly as private businesses that can refuse service ignores the reality that they host deeply rooted human communities where "exiting" the platform means abandoning essential real-world relationships. * Decomposing Social Media: Effective regulation requires breaking "social media" down into three distinct product categories—media consumption, community networking, and creator relationships—because a blanket approach fails to address the unique harms of each. * Shifting the Regulatory Burden: Instead of forcing mass identity verification, regulators should require platforms to accept enhanced safety obligations and standardized parental controls if they choose to profit from serving children. * Inverted Safety Baselines: Unlike heavily regulated sectors like automotive or food hospitality, tech platforms operate on a model where they maximize user safety only up to the point that it threatens their profit margins. Episode Highlights: 00:00 Introduction 1:43 The Challenge of Corporate vs. Community Framing 2:54 The Evolution from Community Management to Corporate Governance 20:48 Age Verification Concerns and Technical Challenges 24:47 Historical Context and Generational Perspectives 27:46 AI, Anonymous Accounts, and Platform Integrity 37:19 AI's Potential for Improved Parental Controls 42:40 Regulatory Approaches: Enhanced Obligations for Serving Children 45:18 Profit vs. Safety Standards in Tech Industry 50:43 Procedural vs. Substantive Law in Platform Governance Links: Read Jonathan's newsletter: https://www.platformocracy.com [https://www.platformocracy.com/] Jonathan Bellack [https://www.linkedin.com/in/jbellack/] Rob Leathern [https://www.linkedin.com/in/leathern/]

Won't Fix Episode 4: With Indicator's Craig Silverman

Craig Silverman is an award-winning journalist who has spent more than 15 years researching and reporting on the manipulation of our information environment. He is currently the co-founder of Indicator, a media outlet dedicated to exposing digital deception and teaching digital investigative and OSINT (open-source intelligence) techniques. Prior to launching Indicator, Craig was a national reporter at ProPublica, where he focused on investigating digital platforms and online manipulation. Before that, he served as the media editor for BuzzFeed News, where he pioneered innovative approaches to exposing digital disinformation and media manipulation. Key Episode Takeaways: * The Industrialization of Deception: Digital manipulation has shifted from lone actors into a massive, industry backed by venture capital and brutal supply chains, including Southeast Asian "scam compounds" that merge human trafficking with high-tech fraud. * The "Manufactured Organic" Loophole: Brands are now using "clipping" and industrial-scale UGC campaigns to generate billions of views through paid creator networks that mimic authentic posts. * An Incentive to Cheat: The current digital economy creates a "race to the bottom" where deceptive or violative content often sees higher engagement and lower costs than honest ads. * Ad Revenue Cannibalization: By failing to police undisclosed marketing, social platforms are letting a shadow ad economy thrive that actively drains budgets away from their own official, trackable ad businesses. * Deterrence Through Public Examples: Instead of trying to automate everything, platforms could flip the script by making high-profile, public examples of agencies that openly brag about their deceptive tactics on social media. Episode Highlights: 00:00 Introduction and Background of Craig Silverman 01:21 Early Collaboration and Scam Evolution 04:27 Indicator Media's Mission and Approach 08:29 Undisclosed Marketing and UGC Campaigns 13:21 Scale and Enforcement Challenges 20:51 Platform Cannibalization and Business Impact 28:29 AI Labeling Audit Results 34:15 Community-Based Detection and User Skills 39:17 Affiliate Marketing Case Study 46:48 Systemic Incentive Problems 49:13 Conclusion and Resources Links: Craig Silverman [https://www.linkedin.com/in/craigjsilverman/] Indicator [https://indicator.media] Rob Leathern [https://www.linkedin.com/in/leathern/]

Won't Fix Episode 3: With KTLYST Labs' Assaf Kipnis

Assaf Kipnis spent years hunting financially motivated bad actors on Meta's e-crime team and in Google's Ads Trust & Safety org. He now runs KTLYST Labs, where he's building the threat intelligence tooling he always wished existed inside big platforms. We get into the practical realities of scam fighting — what's actually changed in the AI era, what hasn't, and why so much of the industry's effort gets aimed at the wrong targets. About the guest: Assaf Kipnis is the founder of KTLYST Labs. Previously: Meta e-crime, Google Ads Trust & Safety, ElevenLabs, LinkedIn threat intel. What We Cover: * Why AI isn't reinventing scams — it's just adding a more convincing final layer to playbooks that have existed for years. * The asymmetry problem: bad actors run conferences, sell each other tools, and share playbooks on Telegram, while defenders can't share findings across teams at the same company. * A case study in what actually works — how changing product, policy, and operations together pushed a misinformation-for-profit ring off the platform in a week. * Why "accounts taken down" is a near-useless metric, and the "learned futility" it creates inside big trust & safety orgs. * The Swiss cheese model of abuse prevention, and why chasing a single silver-bullet solution keeps companies chasing their tail. * Where regulation has teeth (banking) and where it's mostly performative (social media), plus the cross-platform gap no one is addressing. * How AI is changing investigative work — compressing a week of open-source research into two hours — and why that makes entry-level talent pipelines a real concern. Episode Highlights: 00:00 Intro 01:06 Professional Background and Career Journey ‎ 03:47 AI's Role in Scaling Rather Than Changing Scams ‎ 07:05 Adversary Collaboration vs. Defender Silos ‎ 09:02 The Frame Rate Discovery Example ‎ 10:26 KTLYST Labs and Operationalizing Threat Intelligence ‎ 12:40 AI's Impact on Investigation Work ‎ 15:15 Career Entry Points and AI's Impact on Junior Roles ‎ 20:38 The NextTag Affiliate Program Attack ‎ 23:00 The Misinformation Campaign Investigation ‎ 27:52 The Limitations of Location-Based Solutions ‎ 30:30 The Futility of Single-Solution Thinking ‎ 33:47 The Reality of Platform Defense Goals ‎ 34:50 Government Regulation and Enforcement Challenges ‎ 40:31 The Problem with Takedown Metrics ‎ Links: Assaf Kipnis [https://assafkipnis.substack.com/] KTLYST Labs [https://www.ktlystlabs.com/] Rob Leathern [https://www.linkedin.com/in/leathern/]