AI-Built Apps Are Leaking Private Company Data

SpaceX IPO: Did You Just Fund a Spy Network?

The SpaceX IPO is being sold as rockets, innovation, and the future of space. But investors may have also bought into a private network with battlefield, intelligence, and surveillance potential. In this episode of Legitimate Cybersecurity, Frank Downs and Dr. Dustin Brewer examine what the SpaceX IPO really means when you look beyond rockets and stock hype. Starlink has already proven how powerful satellite internet can be in remote regions and war zones. Starshield raises an even bigger question: what happens when the same company building consumer satellite internet also builds national-security infrastructure? This is not a claim that SpaceX is spying on Americans. It is a question about capability, incentives, oversight, and public-market funding. If Starlink can shape connectivity in Ukraine and Russia, and Starshield is built for government and intelligence use, what stops similar infrastructure from becoming part of domestic surveillance, border enforcement, emergency response, law enforcement, or classified government operations? And if that happens, would ordinary citizens or retail investors ever know? Frank and Dustin discuss: * Why the SpaceX IPO changes the public-interest question * The difference between Starlink and Starshield * How satellite internet became a war-zone capability * Why private infrastructure can become public power * Whether investors understand what they actually bought * Why regulation always arrives after someone sticks their finger in the pencil sharpener * The uncomfortable line between innovation, profit, warfare, and surveillance Media/interview: mailto:admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Hosted by Frank Downs and Dr. Dustin Brewer. Chapters: 00:00 - Did SpaceX Just Become the Biggest IPO Ever? 01:06 - Why Everyone Loves Rockets 02:23 - Starlink vs. Starshield Explained 03:52 - Why Starlink Is Different From Old Satellite Internet 05:22 - The Good Side: Remote Access and Global Connectivity 06:41 - How Starlink Changed Modern War 07:21 - Drones, Jamming, Fiber Optics, and Satellite Links 08:44 - Should One Company Control Battlefield Connectivity? 10:46 - Is This Different From Traditional Arms Dealers? 13:22 - Why the IPO Changes the Question 14:45 - Lockheed, Palantir, Boeing, and Public Funding 16:59 - Did Investors Know What They Bought? 17:28 - The Elon Musk Factor and Private Decision-Making 18:52 - Rockets Are Cool — The Implications Are Harder 20:02 - The Hidden Cost of Powerful Technology 22:12 - Starshield and Government Intelligence Contracts 23:23 - When Safety Tools Become Tracking Tools 24:32 - Could Becomes Should: The Jurassic Park Problem 29:32 - Shareholder Value vs. Human Consequences 31:00 - Facebook, Terrorists, and “We Just Connect People” 35:32 - Why Regulation Exists 37:23 - Who Should Decide Who Gets the Network? 38:33 - Final Thoughts: Know What You Invest In #spacex #starlink #Starshield #cybersecurity #surveillance #ipo #privacymatters #nationalsecurity #techethics #legitimatecybersecurity #ai

They Send a Fake IT Guy to Hack Your Office

The hacker isn't a thousand miles away in a hoodie. He's standing at your desk in a polo shirt, holding a clipboard, asking to plug something into your computer. And law firms are the target. Frank Downs and Dustin Brewer break down the Silent Ransom Group — the crew skipping the phishing email and walking straight through the front door. In this episode of Legitimate Cybersecurity, Frank and Dustin dig into SRG (aka Luna Moth, aka Chatty Spider), a Conti offshoot now assessed — and corroborated by an FBI FLASH alert — to be running physical IT-impersonation attacks against law firms and other data-rich targets. They discuss why physical social engineering is suddenly back from the 1990s, the cyber-psychology that makes us trust a stranger with a lanyard, Dustin's casino fake-badge pen test, why law firms are such a rich target (trade secrets, M&A, criminal defense, HIPAA data), and the brutally simple fix most companies skip: trust but verify. The conversation also covers why "keyboard Frank" is a different person, the hospital HIPAA nightmares you've personally witnessed, and AI's role on both sides of the kill chain. The one thing to leave with: if an IT person shows up unannounced, it costs you nothing to call IT and confirm before you let Steven in. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Chapters: 00:00 — The hacker shows up at your door 00:36 — Mandiant + FBI: who Silent Ransom Group really is 02:39 — The cyber-psychology of "why physical works" 06:00 — War story: the student who ran from the front desk 08:00 — Cutouts, proxies, and unwitting accomplices 11:53 — Why physical access does damage instantly 12:09 — Law firms: the richest target set there is 15:46 — Mar-a-Lago, thumb drives, and the history of in-person hacks 19:08 — Tailgating past security (Dustin's seventh-floor proof) 20:58 — Trust but verify: the fix that actually works 26:26 — The societal norms bad guys exploit 27:02 — The casino badge: getting your face "known" 28:00 — The human is always the weakest link 29:41 — AI is only as smart (and hackable) as we are 32:12 — Keep on cybering #Cybersecurity #SocialEngineering #Hacking #InfoSec #DataPrivacy #LawFirms #PenTesting #AI #CyberAwareness #SilentRansomGroup #LunaMoth #PhysicalSecurity

AI-Built Apps Are Leaking Private Company Data

Researchers just found thousands of AI-built apps leaking medical records, financial data, and customer PII straight to the open internet. The scary part isn't that AI writes code — it's that it writes code just well enough that nobody asks questions. Frank Downs and Dustin Brewer break down the hidden cost of vibe coding: insecure-by-default software shipped to production, AI tools replacing the junior developers who'd grow into the people who fix it, and AI quietly wired into services you never consented to — including a dentist's chair that records every cleaning and sends it to an insurance-linked system. AI learned security from us. And we were never good at it. 🎙️ Listen: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] 📩 Media/interview: admin@legitimatecybersecurity.com Hosted by Frank Downs and Dustin Brewer. Chapters: 00:00 The code works — that's the problem 01:24 "Do you consider yourself a coder?" 03:15 What AI actually learned to copy (us) 04:58 Vibe-coded tools running in production 05:19 3,380 exposed apps, 5,000 data leaks 07:56 Who fixes it when the cyber team finds holes? 08:26 The $1.5M QA cut that cost $6M 09:35 AI talking to AI: nobody reads the code 15:21 "Your password is God" — security never changed 16:27 Should AI touch the live service? 17:48 The dentist chair that records everything 21:00 Where the line actually is (help desk vs. prod) 24:20 AI monitoring employees & the gold-standard trap 28:23 Always-on "streaming AI" is 5 years out 29:25 The coming AI caste system 30:34 Adversaries already use it (the Lego propaganda) 33:14 We're about to lose every junior analyst 40:15 The Twitter "efficiency" parallel 41:35 Keep on cybering #vibecoding #cybersecurity #aisecurity #dataprivacy #shadowit #infosec #aitools #privacy #devsecops #surveillance

AI Pioneer Warns: AI Wants Your Private Files

AI companies are running out of easy data — and the next target may be your private files, calendars, medical records, photos, and desktop activity. AI pioneer Dr. Jonathan Schaeffer joins Frank Downs and Dustin Brewer to explain why today’s AI tools are powerful, flawed, and increasingly hungry for personal data. In this episode of Legitimate Cybersecurity, Frank and Dustin talk with Dr. Jonathan Schaeffer, University of Alberta Professor Emeritus, AI pioneer, AAAI Fellow, entrepreneur, and founder of Synsara. They discuss why today’s chatbot boom is not the AI future many researchers imagined, why “hallucination” is the wrong word for AI errors, how AI companies depend on more and more data, and why desktop AI tools may create a new privacy boundary problem. The conversation also covers AI bias, manipulation, private data, local AI, regulation, data centers, environmental costs, and why solving AI’s safety and privacy problems should matter before the race to AGI gets even faster. Dr. Schaeffer’s key warning is that current AI systems do not understand the consequences of their answers, yet people increasingly treat them like trusted authorities. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Chapters: 00:00 — AI’s privacy problem is getting bigger 01:27 — Jonathan Schaeffer’s AI origin story 03:29 — Beating humans at checkers before Deep Blue 05:48 — Why modern AI feels like the wrong future 07:50 — Why “hallucination” is the wrong word 09:01 — How “chat” created false trust 10:32 — AI does not understand consequences 13:52 — Why AI companies are desperate for data 15:12 — Your private files are the real gold mine 16:32 — The hidden cost of “free” AI tools 20:44 — AI wants access to your desktop 22:50 — The safety, security, and privacy problem 24:05 — The AGI race is moving faster than safeguards 27:07 — Why Jonathan built private local AI tools 30:59 — The security risk nobody talks about 32:31 — Why AI systems need audits 34:21 — When AI answers become manipulation 39:13 — Influence, rage content, and algorithmic persuasion 42:21 — Why AI regulation cannot keep up 46:05 — Canada’s failed attempt to regulate AI 50:40 — Is it already too late? 55:16 — What polar exploration teaches us about AI risk 59:39 — Data centers, power, water, and responsibility 1:03:18 — Jonathan’s life advice: fun beats money #ArtificialIntelligence #AIPrivacy #Cybersecurity #DataPrivacy #ChatGPT #AISafety #Privacy #TechPolicy #LegitimateCybersecurity #Synsara

Your Ex May Still Have Access to Your Phone

Your ex may still have access to your accounts, your phone, or your private life — even after you changed your password. This episode explains how cyberstalking hides inside logged-in devices, shared biometrics, old account access, and security questions people close to you already know. On this episode of Legitimate Cybersecurity, hosts Frank Downs and Dr. Dustin Brewer break down real cyberstalking cases involving toxic exes, stolen images, account impersonation, hidden device access, and the overlooked settings that keep people exposed. Most people think the danger is “getting hacked.” But in toxic relationships, the real danger is often simpler: someone close to you already had the key. Frank and Dustin explain: Why changing your password may not log someone out How old devices can stay connected to your accounts Why shared phones, laptops, and biometrics create risk How security questions can be abused by people who know you What warning signs suggest someone may be monitoring you Where to get professional help if this is happening to you This episode is part of our cyber safety series for people dealing with toxic relationships, stalking, harassment, and digital abuse. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Chapters: 00:00 — Your Ex, Walmart, or the State Agency Problem 00:51 — Why Cyberstalking Is Now Everyday Life 01:27 — Case 1: She Changed Her Password, But He Stayed Logged In 03:39 — Why “Logged-In Devices” Are So Hard to Read 05:20 — Don’t Share Accounts in Relationships 07:28 — The Netflix / Hotel TV Problem 08:20 — Why Access Tokens Keep People Logged In 10:21 — Marriott, Hotel TVs, and Automatic Logouts 11:41 — Case 2: Private Images Posted for 14 Years 13:36 — The Law Slowly Caught Up 14:41 — Photos, Trust, and Digital Leverage 16:32 — Treat Your Phone Like a Toothbrush 17:43 — Red Flags: When They Know Things They Shouldn’t 20:20 — Case 3: He Added His Thumbprint to Her Phone 22:28 — Why Biometrics Can Become Relationship Risk 23:31 — Used Phones, Forensics, and Hidden Data 28:27 — Don’t Let Someone Else Use Your AI Either 30:49 — Security Questions Are Broken 32:08 — Personal Cyber Hygiene Checklist 34:18 — One Year of Legitimate Cybersecurity 34:53 — Where to Get Real Help 35:46 — Keep on Cyberin’ #cyberstalking #cybersafety #digitalsafety #toxicrelationships #onlineprivacy #phonesecurity #cybersecurity #domesticabuseawareness #dataprivacy #legitimatecybersecurity