An Aquarium Hacked A Casino. Your House Is Next

AI-Built Apps Are Leaking Private Company Data

Researchers just found thousands of AI-built apps leaking medical records, financial data, and customer PII straight to the open internet. The scary part isn't that AI writes code — it's that it writes code just well enough that nobody asks questions. Frank Downs and Dustin Brewer break down the hidden cost of vibe coding: insecure-by-default software shipped to production, AI tools replacing the junior developers who'd grow into the people who fix it, and AI quietly wired into services you never consented to — including a dentist's chair that records every cleaning and sends it to an insurance-linked system. AI learned security from us. And we were never good at it. 🎙️ Listen: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] 📩 Media/interview: admin@legitimatecybersecurity.com Hosted by Frank Downs and Dustin Brewer. Chapters: 00:00 The code works — that's the problem 01:24 "Do you consider yourself a coder?" 03:15 What AI actually learned to copy (us) 04:58 Vibe-coded tools running in production 05:19 3,380 exposed apps, 5,000 data leaks 07:56 Who fixes it when the cyber team finds holes? 08:26 The $1.5M QA cut that cost $6M 09:35 AI talking to AI: nobody reads the code 15:21 "Your password is God" — security never changed 16:27 Should AI touch the live service? 17:48 The dentist chair that records everything 21:00 Where the line actually is (help desk vs. prod) 24:20 AI monitoring employees & the gold-standard trap 28:23 Always-on "streaming AI" is 5 years out 29:25 The coming AI caste system 30:34 Adversaries already use it (the Lego propaganda) 33:14 We're about to lose every junior analyst 40:15 The Twitter "efficiency" parallel 41:35 Keep on cybering #vibecoding #cybersecurity #aisecurity #dataprivacy #shadowit #infosec #aitools #privacy #devsecops #surveillance

AI Pioneer Warns: AI Wants Your Private Files

AI companies are running out of easy data — and the next target may be your private files, calendars, medical records, photos, and desktop activity. AI pioneer Dr. Jonathan Schaeffer joins Frank Downs and Dustin Brewer to explain why today’s AI tools are powerful, flawed, and increasingly hungry for personal data. In this episode of Legitimate Cybersecurity, Frank and Dustin talk with Dr. Jonathan Schaeffer, University of Alberta Professor Emeritus, AI pioneer, AAAI Fellow, entrepreneur, and founder of Synsara. They discuss why today’s chatbot boom is not the AI future many researchers imagined, why “hallucination” is the wrong word for AI errors, how AI companies depend on more and more data, and why desktop AI tools may create a new privacy boundary problem. The conversation also covers AI bias, manipulation, private data, local AI, regulation, data centers, environmental costs, and why solving AI’s safety and privacy problems should matter before the race to AGI gets even faster. Dr. Schaeffer’s key warning is that current AI systems do not understand the consequences of their answers, yet people increasingly treat them like trusted authorities. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Chapters: 00:00 — AI’s privacy problem is getting bigger 01:27 — Jonathan Schaeffer’s AI origin story 03:29 — Beating humans at checkers before Deep Blue 05:48 — Why modern AI feels like the wrong future 07:50 — Why “hallucination” is the wrong word 09:01 — How “chat” created false trust 10:32 — AI does not understand consequences 13:52 — Why AI companies are desperate for data 15:12 — Your private files are the real gold mine 16:32 — The hidden cost of “free” AI tools 20:44 — AI wants access to your desktop 22:50 — The safety, security, and privacy problem 24:05 — The AGI race is moving faster than safeguards 27:07 — Why Jonathan built private local AI tools 30:59 — The security risk nobody talks about 32:31 — Why AI systems need audits 34:21 — When AI answers become manipulation 39:13 — Influence, rage content, and algorithmic persuasion 42:21 — Why AI regulation cannot keep up 46:05 — Canada’s failed attempt to regulate AI 50:40 — Is it already too late? 55:16 — What polar exploration teaches us about AI risk 59:39 — Data centers, power, water, and responsibility 1:03:18 — Jonathan’s life advice: fun beats money #ArtificialIntelligence #AIPrivacy #Cybersecurity #DataPrivacy #ChatGPT #AISafety #Privacy #TechPolicy #LegitimateCybersecurity #Synsara

Your Ex May Still Have Access to Your Phone

Your ex may still have access to your accounts, your phone, or your private life — even after you changed your password. This episode explains how cyberstalking hides inside logged-in devices, shared biometrics, old account access, and security questions people close to you already know. On this episode of Legitimate Cybersecurity, hosts Frank Downs and Dr. Dustin Brewer break down real cyberstalking cases involving toxic exes, stolen images, account impersonation, hidden device access, and the overlooked settings that keep people exposed. Most people think the danger is “getting hacked.” But in toxic relationships, the real danger is often simpler: someone close to you already had the key. Frank and Dustin explain: Why changing your password may not log someone out How old devices can stay connected to your accounts Why shared phones, laptops, and biometrics create risk How security questions can be abused by people who know you What warning signs suggest someone may be monitoring you Where to get professional help if this is happening to you This episode is part of our cyber safety series for people dealing with toxic relationships, stalking, harassment, and digital abuse. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Chapters: 00:00 — Your Ex, Walmart, or the State Agency Problem 00:51 — Why Cyberstalking Is Now Everyday Life 01:27 — Case 1: She Changed Her Password, But He Stayed Logged In 03:39 — Why “Logged-In Devices” Are So Hard to Read 05:20 — Don’t Share Accounts in Relationships 07:28 — The Netflix / Hotel TV Problem 08:20 — Why Access Tokens Keep People Logged In 10:21 — Marriott, Hotel TVs, and Automatic Logouts 11:41 — Case 2: Private Images Posted for 14 Years 13:36 — The Law Slowly Caught Up 14:41 — Photos, Trust, and Digital Leverage 16:32 — Treat Your Phone Like a Toothbrush 17:43 — Red Flags: When They Know Things They Shouldn’t 20:20 — Case 3: He Added His Thumbprint to Her Phone 22:28 — Why Biometrics Can Become Relationship Risk 23:31 — Used Phones, Forensics, and Hidden Data 28:27 — Don’t Let Someone Else Use Your AI Either 30:49 — Security Questions Are Broken 32:08 — Personal Cyber Hygiene Checklist 34:18 — One Year of Legitimate Cybersecurity 34:53 — Where to Get Real Help 35:46 — Keep on Cyberin’ #cyberstalking #cybersafety #digitalsafety #toxicrelationships #onlineprivacy #phonesecurity #cybersecurity #domesticabuseawareness #dataprivacy #legitimatecybersecurity

A $29 Tracker Could Be Following You Right Now

One could be hidden in your car, purse, luggage, or jacket — and it may cost less than dinner. Bluetooth trackers were built to find lost keys, but they can also turn nearby phones into a surveillance network. In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dr. Dustin Brewer break down how AirTags, Tile trackers, Samsung SmartTags, Find My-compatible devices, and other Bluetooth beacons can be abused for stalking, theft, and surveillance. They explain why these devices do not “call home” like GPS trackers, how nearby phones quietly report their location, why some safety alerts can fail, and what to do if you suspect someone is tracking you. This episode also covers real-world cases involving hidden trackers, vehicle sweeps, modded AirTags, stalkerware, smart clothing, and the broader problem of everyday devices becoming personal surveillance infrastructure. If you think you may be in danger, contact professionals who can help: National Domestic Violence Hotline: 1-800-799-7233 Coalition Against Stalkerware: StopStalkerware.org Operation Safe Escape: SafeEscape.org Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Chapters: 0:00 — A $29 tracker could be on you 0:46 — Why Bluetooth trackers changed personal safety 2:55 — How AirTags actually track location 5:18 — Why abusers use trackers instead of GPS 7:18 — AirTags, Find My, and Apple’s safety alerts 10:04 — Tile trackers and the limits of smaller networks 11:38 — Samsung SmartTags and smart home tracking 13:07 — Modded trackers and the speaker loophole 14:31 — The ethics of tiny surveillance devices 18:48 — Cars, phones, and surveillance double standards 22:33 — Real cases where trackers led to violence 24:27 — Pattern-of-life tracking in the real world 26:48 — Flipper Zero, Bluetooth footprints, and NFC risks 33:12 — What to do if you think you’re being tracked 34:00 — Where to search your car for hidden trackers 35:37 — Behavioral signs someone may be monitoring you 37:23 — Smart clothing and Bluetooth tracking risks 39:41 — Resources for stalking and domestic violence help 41:09 — Final thoughts #cybersecurity #airtag #BluetoothTracking #digitalprivacy #Stalkerware #personalsafety #surveillance #smartdevices #legitimatecybersecurity

An Aquarium Hacked A Casino. Your House Is Next

Gloria Globman — CTO of Acclaimed Technical Services, former Senior Cyber Advisor at the US Embassy in Tokyo, US Navy veteran, and Presidential Rank Award recipient — joins Frank Downs and Dustin Brewer to translate what's really happening on your home network. Every smart device is a tiny computer with a camera, a microphone, and an internet connection, constantly talking to its manufacturer, the cloud, and other devices on your Wi-Fi. Many of them will never be patched again. Some of the manufacturers don't even exist anymore. In this episode we cover why mid-sized companies keep underfunding security until it's too late, how AI tools like Mythos and Zealot are compressing the patch window to almost nothing, why the upcoming TP-Link ban probably won't save you, and the simple home-router moves that actually do. If you've ever brought a personal phone onto the work Wi-Fi, set up a smart camera you've stopped thinking about, or assumed "the cloud" means it's somebody else's problem — this one is for you. 🎙 Listen to the audio version: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] 📩 Media / interview requests: admin@legitimatecybersecurity.com 👥 Hosts: Frank Downs and Dustin Brewer 🎤 Guest: Gloria Globman, CTO, Acclaimed Technical Services Chapters: 00:00 The IoT problem nobody locks down 00:36 Meet Gloria Globman — Tokyo, the IC, and 20 years of cyber 02:10 Your smart devices are unlocked front doors 03:51 Cognitive offloading: convenience until it isn't 04:42 The aquarium that hacked a casino (MGM) 05:17 Are IoT devices just printers 2.0? 06:14 When personal phones meet corporate Wi-Fi 08:35 Work moved home — security posture didn't 09:19 Mid-sized companies and the 15–20% rule 10:16 Why "not sexy" budgets keep getting cut 11:24 Highest-impact moves: zero trust, segmentation, encryption 12:16 Patch, patch, patch — and why AI changed the timer 12:39 Mythos vs. Zealot: orchestrated AI attacks 16:09 Microsegmentation for your actual house 17:39 Why companies embrace BYOD anyway 18:48 Why VDI never quite won 22:18 Risk transference dysmorphia: "it's the cloud's problem" 22:53 Botnets, dead routers, and the FBI cleanup 23:24 Goodbye TP-Link — security move or theater? 26:25 What the average person should actually do tonight 28:21 Password managers, quantum, and MFA 29:44 Gloria's one piece of life advice #cybersecurity #iotsecurity #smarthome #zerotrust #byod #HomeNetworkSecurity #infosec #dataprivacy #patchtuesday #legitimatecybersecurity