Hey security pros, welcome to another Hacker News webinar. This is James Azar, SISO and moderator of today's webinar. Thank you all for taking time out of your day to be here with us. I'm obviously not in my natural habitat, but whenever we have to bring you great content, well, I'll make an exception.

So, as much as I'd love to be downstairs sitting on the beach enjoying the sunset, um joined by two incredible individuals, Michael Coats and Kevin Tien, we're going to be talking about defending digital decept defeating sorry, digital deception. Kevin and Michael, welcome to the Hacker News webinars. It's great to have you both with us.

>> Thank you for having us, James. So really excited about this one because obviously as everyone watching today and the reason you signed up beyond listening and hearing from Michael and Kevin, two brilliant people with so much experience on this very topic is we obviously know that digital deception and defeating digital deception is going to be a primary security awareness 2.0 is at our door and AI is powering it. So we're going to get into all of that on today's webinar. But before I do that, let me introduce Michael and Kevin. And before I do that, let me let you know all your questions. Put them in all your comments. We'll try to get to as many of them as we can during today's webinar.

Can't promise anything because it's just two great experts. So for those who don't know who our experts are, let me introduce you first to Michael Coats.

He's a leading cyber security executive, entrepreneur, and investor with over 20 years of experience. Formerly being the SISA over at Twitter, head of security at Misilla, chairman of the OASP Foundation. He also led product security as shape security which was acquired for a billion a nice round billion dollars.

Was it a nice round billion Michael? >> It was I think somebody made sure like make sure it's a nice round zeros there. >> Make sure it's nice, you know, like or or 1.02 billion, right? Like whenever I see those he also served at the as the CEO of Altitude Networks, a cloud security startup that was also acquired by Coin List. And also joining us is Kevin Tien, the co-founder and CEO for Doppel, the AI native social engineering defense platform. They're backed by A16Z and work with Enterprises on brand protection, executive protection, and the broader digital risk protection space. As a Georgetown University alum, he spent his career as an engineer in Silicon Valley and building scaled

systems for Uber and Lyft to power intelligent dispatch systems. And Kevin, flying cars. I've looked in the sky. I see helicopters and planes. I haven't seen a flying car yet.

>> They're coming. They're coming very quickly, James. >> Well, I love it. So, we're talking about defeating digital defense. Let's kind of start this off. So, um every day, another headline on the hacker news.

Every day, another headline somewhere else. We're seeing more and more cyber security attacks kind of from scattered spider to the recent Secretary of State Marco Rubio impersonation on Signal and WhatsApp. How are social engineering attacks now evolving because of AI?

It's it's it's a great question, James. And I mean, it's it's you know, this is basically what we live and breathe every single day at Doppel, right? It's like, you know, in terms of the genesis of Doppel really, it started right before Chat GPT came out in November 2022. And and for us, you know, my co-founder Rahul, he was actually roommates with the head of research at OpenAI. One of those questions we asked ourselves was, you know, how's the world going to change um with this new technology? Um and in the past three years, right, we've seen a lot of different changes.

Um you know, whether in security, whether it's in coding, whether it's in legal, whether it's in consumer applications or enterprise SAS applications. Um but when it comes to security, I I think, you know, we're seeing the deep fake videos get better and better. We're seeing, you know, the ability for you know, you know, foreign internationals, right, to remove accents. We're seeing the ability for GBT to automate, you know, writing emails or SMS messages or even being able to carry real time um realistic conversations via voice or text. And and so that's really the new threat landscape that we have to deal with

in today's world and and tomorrow's, you know, rapidly evolving landscape. You know [snorts] what I think is really interesting about this is it gets to like the core concept of how does the internet function. You know, we know as we look back like the internet was not built with identity um really or even trust in mind and we just see that evolve each stage of technology. we bolt on different pieces of of um to attempt identity, but the concept of impersonation um continues to go through in all those stages and it was something that we dealt with a ton at Twitter. you

know, the the security teams work closely with trust and safety, but impostor accounts was something to think about when we were there. and [clears throat] and how do you go about tackling these challenges when it's not just a profile picture or a name but now actual voice and video and I think the rate at which technology is changing the ease at which you can do these deep fakes is really putting us in a new position of of how to think about all these things.

>> Yeah. >> Yeah. Well, go ahead, Kevin. I I mean I was just going to say, you know, I I think, you know, Michael hit it on the nail, right? It's it's the fact that things are multimodal now, right? You're not just doing the traditional profile pick impersonation.

You can do text and voice and um and and just, you know, how easy it is, right, to automate that across a bunch of different personas or, you know, target a whole bunch of, you know, important CEOs. Um it's on a scale that's unprecedented and that's something that we see every day. um you know with our existing customers here at Doppble right is just seeing how the volume of alerts is increasing over time seeing how the patterns shift and um it it's it's definitely a very new scary world for sure.

>> So so let me ask you a question here and and um audience please don't shoot me for this one because Lord knows we need more terminology in cyber or more AP names than what we already have. But is fishing the right word for the stuff we're seeing today? Or are we rehashing something that before maybe we now laugh at like the Nigerian prince, you know, emailing you or something like that to you, you know, these modern-day threats?

Is fishing still or has AI maybe updated the term a little bit and forcing us to rethink it? >> Yeah, you know, I guess it just depends how how close we dig into that term.

Like if if if someone hears fishing and they think, "Well, it's an email sent from a different email address and you should be looking at the email headers and for typos." Well, then yeah, you know, we've we've evolved way past that.

Um, you know, the types of attacks that we see now are everything from, you know, emails that come from from Google directly from um Google Google App Engine style >> situation. So it's actually from Google and so the attacks have evolved. But if we look at fishing at the as the concept of we're fooling you then yeah then it it holds. Um you know on the topic of acronyms I' I feel confident now 20 years in the field that I'm just like I don't know which what do you mean by that? You know ABC this CTM that like what what do you

mean? Um but what what's interesting about those is really when you start to unpack it, they all come back down the core principles in cyber security. So it's identity, it's authentication, and it's usually applied to [clears throat] a tech technology vertical. So I think if we if we think about fishing as people are being convinced to do something they they don't intend, sure, I think it holds.

>> Yeah. I mean, I think you know, exactly what Michael just said, right? It depends on how you define fishing. You know, we like the term social engineering at Dappel because it we think it helps just capture how broad these attacks are now, right? Where it's no longer just a fishing email now, but it's an email that's, you know, trying to take someone out of band and put them on the phone. It's um you know, maybe a LinkedIn persona that's developed over time and has a ton of great mutual connections now and is reaching out. um you know maybe it's a um advertiser campaign that um puts that you know Mozilla login page or that Twitter login

page right right at the top um and um you know maybe as a deep fake of Elon Musk or something like that right um and and so you know our our view is that you know ultimately you know Michael very similar to what you just said right it comes down to the core principles of identity and trust and we we find that you know at least when we talk with a lot of our clients and a lot of the, you know, largest enterprises in the world, it's that social engineering, it's that fishing campaign that's still causing um the most breaches at a company today.

>> Yeah. And you know what [clears throat] scares me the most about that I'm starting to see? So, two things that come to mind in in terms of like the phishing attacks, , you know, the the guidance for forever was use two factor.

Well, not all twofactor is equal. And so the attackers evolved and you know what I saw in the crypto space where I was recently was the phishing attacks ask for your password and then if you've been convinced to do that they ask for your two-factor code. I mean you're already fooled but they have real-time attacks that take the code use the code then go in and update the source code system which is the target of that attack. So that's how you know some of the fishing attacks classic phishing attacks are evolving. But Kevin, to your point, I'm pretty terrified about what AI does in the sense that you could have these evolved profiles that have these long engagements. So now you're like, well, why would I worry about this person?

I've been chatting with them on LinkedIn for six months or we've exchanged 15 emails. And that's not because the attacker is sitting there and being diligent. It's because of automation and AI making all of those things possible at massive scale. And that's what I get ner nervous about is these kind of long we can call them slow drip campaigns right that the attackers will be doing with really well-developed fake profiles across the web.

>> Yeah. I mean, something that keeps me up at night, right, is like I see all these like LinkedIn requests that come through now, especially as a founder and CEO and um you know, I get folks who are coming, you know, maybe they're trying to sell me recruiting services or maybe they're trying to sell me engineering services. Um but you know, occasionally you'll see different personas where they're like, "Hey, I'm a cyber expert and I have no idea who this person is, right?" But they've got I've got 80 120 mutuals with them, you know, from other folks in the industry or maybe you know there's already mutual connections with even folks on my team. And you know it does make me wonder, right? Like how

many of these personas out there are just um totally fake, right? Like these are just, you know, like you said, slow drip long-term accounts that are either cyber influencers or, you know, , angel investors or, um, you know, certain source of engineers and security analysts coming out of, , different countries, right? Things like that. And um it just feels like wow if I really wanted to if I really wanted to run a social engineering campaign on LinkedIn it just feels like there's so many different playbooks out there that one could execute especially with AI.

>> Well well you're both talking about a lot of challenges with this campaigns. So um I see our audience is sweating a little bit losing a bit of sleep on this one. How do we go about fixing it? What are some best practices around some of these threats that we just talked about?

>> Well, I I'm going to bring it back to something Michael brought up, right? in, you know, especially with the fishing that we've been seeing in the crypto industry. Um and we're seeing this now spread to other industries. Um you know, one simple thing is please do not use SMS 2FA.

the number of SIM swap attacks that we're seeing right now, things like that. um it it makes you feel like you're you're more secure, but in some ways maybe it makes you even less secure, right? If you've got SMS 2FA, but you know, that's a that's a small tackle piece of advice. I mean, taking a step back, you know, more strategically, right? I think it's just the fact that, you know, recognize that communication is um and the surface area of where, you know, folks are, you know, putting in their creds and things like that has expanded. And so, for example, some of the most recent fishing instance we've seen is like, yeah, someone gets hit with a ex fishing email, right? And an intern, marketing intern clicks on it

and ultimately then gives up the credits for the whole company for their social media accounts, things like that. Um, and so it's not just about protecting your email anymore. It's not just about um, you know, covering your traditional corporate comms channels because today's world is so multi- channelannel and everyone's using so many different um, comms channels.

You know, the things I'll add into that, >> [clears throat] >> , I'll take the 2FA piece a step further. , yes, SMS 2FA is bad because of SIM swaps. , the onetime password or OTP version of 2FA with Google authenticator pretty much just as bad because it's still super vulnerable to fishing. , so go for a 502 deployment of UB keys or something. That's going to be a huge win in your security posture. The the other piece in addition to just standard sort of minimal privilege across your organization is thinking about response. And this is

this is pretty this is critical in the real- time nature of the world. [clears throat] If you have someone impersonating you and launching attacks against your corporation, you know, think about how you respond to that. How do you notify your organization that this person that seems real and has a real-ook name like your CEO or so and so, how do you alert everyone that that's the fake accountant? How do you block it? On the other hand, if that is a public issue, how do you respond? How fast do you have to take action before your customers are fall victim or the public markets fall

victim? the the real- time nature of social media and the web make these these issues not things you have to think about in hours but rather you know minutes and so you really want to think about your response plan to that too.

Yeah, for sure. And I and I think yeah, Michael, you hit it on the nail, right? It's not just, you know, detection, but yeah, is that response piece and I mean, you know, just in terms of how we think about it at Doppel, right? Like that's that's why it's so critical for us to, you know, do both sides, right? So at Doppel, we're not just here to help you, you know, identify some of these impersonation attacks or brand attacks or active campaigns, but also how do we just help you respond, right? whether um you know because a lot of what we do of course is the traditional takedowns and you know shutting down these campaigns whether it's you know and what makes it different is that multi- channel piece we could shut down the telephone number we could shut down the exit account

we could shut down the traditional email domain um but it's also just in general you know like what Michael said the response for your internal teams to have awareness and then externally um just figuring out you know what are the mitigations that you could do to quickly protect your customers, protect the markets, protect your executives, and you know, protect your team.

>> Yeah. You know, the the thing that's changing so much um having had teams in multiple companies focused on these these types of challenges.

Up until this point, we used to have a guy or a gal that that was their thing. They they were responding and they were doing it >> great and they had tools and scripts and contacts. the scale is becoming a problem. Yes. Because the attackers can automate this and because there's so many places where it's happening, >> you're going to want to shift your mindset. Like if you're doing this manually, like you're probably ahead of most people because most people aren't doing anything. But if you're doing it manually, it's not going to hold. The scale is going to overwhelm you.

>> Michael, I hear you say we need to shift left on awareness. >> Oh man, people are probably losing their minds, but no more shifting. Just make it better. [laughter] But yeah, I think you're right.

>> Well, well, you both bring up something very very interesting. You you've you've kind of talked about this from that perspective, but at the end of the day, you know, as security practitioners, our job is business enablement. But then there's the second piece to this, which is board governance.

>> How how should you know security practitioners approach this with their board of directors around AI impersonations, around corporate governance, around these specific threats? Maybe Michael, we'll start with you and then and then go to Kevin >> on this one.

>> Yeah, I I think board conversations, it's a challenging item that is one of the best points of leverage for a cyber security leader. And when you're having these conversations, your goal is to merge the worlds of technology risk and business risk and opportunity. And if you're not in there talking about how to make the business succeed through safety and enablement, I think you're missing the point. So, make sure you don't rat hole on too many technical details. Make sure you understand your company's P&L, understand their motives in the market, what's going to make them win, and put

these topics in that in that framing. Now, when you do that, some of the things that will come up, the board often wants to know like, are we being responsible? are we doing what we're supposed to um per regulations, per our customers, per our commitments. they want to understand how are we compared to our peers? so those are good ways to again put some perspective on what you're doing. The other thing that I found really helpful, you know, when I was leading security at Twitter and at Mozilla was making things real. Um so if you have a technical weakness that you want to shore up and you've determined it's one of the top

priorities based on your you know risk classification etc. Put it into a scenario for the board members. You can sort of walk them through imagine if X happened X Y then Z and those things are very visceral and real and they're like oh my god that can't happen like would that not allow like well today it could because we are missing controls in these areas. here is the plan, here's the roadmap on how we're going to fix it, and here's how much it costs because they're terrified and they're ready to help you. Um, but you want to make sure you're speaking their language. So, work work hard on on starting from the gaps that you have and you know need to be

fixed, translating it into why does the business care about this? Why should they spend money on this versus another product feature going to market faster and something else? And that will really help build bridges and get support for fixing these issues.

Yeah, I mean I think from our side of Doppel, right, what we've been seeing is that this stuff is just so top of mind right now. Um, in terms of the fact that like, you know, everyone on the board could see the Marco Rubio deep fake. We could, you know, they could see what happened with the signal stats, right?

Um, and very very likely, right, they've already experienced it personally themselves with, you know, the the board or the executives, right? Some sort of impersonation campaign. Um, you know, the most common one that everyone sees, for example, is, , you know, the CEO SMS message, right, for all the new hires that join a company. You know, clearly there's a thread actor who's got a, , bot watching every LinkedIn state change. um or you know even you know where it gets really interesting is if you know some of those interactions start to get get deep into the engagement with you know someone on finance people investors the board themselves

things like that so um I I think Michael hit on nail of course which is that you know ultimately it's it's about business enablement and not getting too technical um but you know you are telling a story at the end and day and storytelling is a really important you know I I would say a really important skill that we all have to have. Um and so when you can you know showcase hey this is what happens when the CEO gets deep faked or um you know someone's you know pretending to be you know our brand um that does you know create a much more visceral story for for the board >> and you know one story in particular you can point out the the CFO deep fake

out of was that Hong Kong Singapore. Yeah, >> like that. That's a great scenario to walk through with the board. Like here's a situation where the there's a deep fake attack. An employee was asked to make a transfer. They said, "Hey, just to make sure you know you know this is real, let's hop on a quick Zoom to verify it." And there's a deep fake of the CFO saying so and so let's go ahead and make this transfer. And so you look at the board and say, "So if you saw Jimmy here on camera saying, "Let's make this transfer." What would you do? And maybe you know Jimmy and you'd ask a few questions and you'd detect it. What about his employees? Do you think they would do that? What about the next in six months when AI makes the next big leap? What are we going to do? And those

kinds of things, they're sitting there thinking, "Oh my god, I would transfer the money." And that's the thing where you get people on board and you're like, "All right, you're right. We need to have some controls here. We need to be doing the best that we can to protect against this." Well, Michael, that's so interesting because you know at Doppel with the social engineering defense platform, we've actually started expanding beyond the digital risk protection space and the traditional executive protection brand protector.

So, we actually um this is still beta. So, you know, this is a little bit ahead of what my marketing team wants to release, but we've actually started working on a simulation product, right?

and and that simulation product is really like we actually just ran um we just dog fooded it last week amongst our team but it was really scary to see right like basically like it's a cursor for fishing interface for our security team like they put in a prompt it'll generate the whole campaign um you can deep fake you know Michael's voice etc and we we dog food amongst ourselves last week where um we had actually seen a real campaign aign at Doppel targeting new employees specifically it was a FedEx campaign new employees waiting for a laptop right enter enter some information here and

and and so with this whole idea around social sharing defense platform we can use those threat campaigns to generate the simulations and then our security team can then you know use the cursor for fishing UI to u play around with stuff and and so it was pretty scary and you know what you just described though makes me wonder it's like oh wow could we actually run those campaigns on the board maybe we need to get their permission first. I don't know. But [laughter] maybe maybe, you know, for my next board meeting, I I I'll have a deep fake myself show up on Zoom. U so yeah, but yeah, it's definitely a interesting world for sure.

>> You you're both kind of presenting some some very real scenarios. AI, you know, you said the what's AI going to look like six months from now? Realistically, we're barely catching up to the threats today, >> right?

>> H how do how do practitioners actually keep up with this, right, Kevin? Like what what what are some of your thoughts on that? How do we keep up with with >> with all of this digital deception?

>> Yeah. I mean, I I I think the biggest thing from our side, right, is like you do have to also use AI. And I know that's a little bit of cliche where every vendor right now is saying we use AI, we use AI. Um but at you know and I can't speak for what the other vendors are doing but at least specifically for Doppel right like we very much felt the pain and I've actually chat with Michael about this when I was picking his brain on scaling like originally all you know human analysts you know do delivering the Doppel product like we have a 247 365 global SOC um and it was originally all you know basically human driven and AI wasn't good enough yet to automate you know entire SOC teams it was very

much a co-pilot for a lot of these analysts. Um but what we did over time right especially once the reasoning models came out is that we actually use AI to automate entire layers of our socks. So um you know essentially our tier one SOC is analysts are almost all AI agents at this point. Um and we still do have humans for sure on the tier two tier three side because just like a self-driving car AI is still going to make some mistakes. Um but we wouldn't be able to deliver the scale that we could do today at Doppel without that automation with agents. So um that's our firm belief is that you know you you need AI native solutions and um I'll

certainly be curious to get Michael's thoughts here especially with you know Michael I know you you look at so many companies today so many new technologies as an investor.

You know, a lot of people ask, is AI making us is it helping the attackers more or the defenders more? And maybe it's a contrarian view, but I actually think it's helping the defenders more.

And the reason is we've been losing. We've been losing for a long time. The attackers have had the upper hand with, you know, time and persistence and just needed to find one weak link. What we have on the defensive side is massive amounts of telemetry and data and logging all over the place and also no idea what the heck to do with it. And I find that with intelligent uses of automation and now AI and reasoning, we actually can start to turn the tides. So the question becomes, can you use the best solutions, the best approaches, the right integrations to actually analyze what's going on to make the right

decisions quickly? And so that's that's where I'm really excited. Um it's it's going to be an area that's going to continue to evolve like the cat-and- mouse game of cyber security used to evolve, you know, quarterly or monthly and now it's evolving daily. so, you know, buckle up. It was exciting before, but it's not going to slow down. but it's good. you know, we've got an important an important place in the world. And the reason technology is going to advance farther is because security and safety lets us do it in a reasonable way without the wheels coming off or the the boosters coming off the rocket. So, I'm excited about what we can do.

>> Well, I was going to ask you too, did you did you all see the Google announcement this morning about um you know, their their security AI agent?

>> I missed it. >> Yeah. >> Yeah. So Google Google the Google CEO tweeted it and I I think this was literally you know maybe just minutes before um you know before this webinar but he tweeted that their AI agent found a huge exploit within the Google system um that was about to be ex you know they they claim they have evidence that it was about to be you know exploited and deployed and things like that. Um and it was entirely an autonomous AI agent that found this. So um they they announced it as what they think is the first time this is happen you know I know a big claim because there's some startups that are

also trying to play in this space um but it but it is true that it is an exciting development right that you know their Gemini based AI agent found something in the system that seems to have been really high risk and about to be exploited and and was unable to you know alert the team to fix it right away.

Michael, I'm going to agree with with what you said about the fact that AI is going to help us as practitioners as a syso. The my use case, one of my bigger use cases for AI is let smart people do smart work and let AI really do the mundane stuff and and AI is able to analyze that data better. Call it better automation, call it AI, call it LLM.

People in the comments are probably going to be like, "That's not AI, that's automation." Whatever. But but name it whatever you want. It it does help you make your team a little bit better. And you know the the threats of AI I think reduce the am the amount of knowledge a threat actor needed and I think this is kind of like the third iteration of it, right? Ransomware as a service and kind of the decentralization of of of cyber crime was one aspect that Kevin and Michael kind of added more to the low bar low entry bar. you can go and just on the dark web and pay someone 300 bucks and buy an exploit and AI you

don't even need to pay someone 300 bucks now you can just fool any sort of cheap ET or use one of the the unofficial GBTs to do it right Kevin your take on that because I know you've got something to say >> yeah I mean um well and so James let me make sure that I'm tracking you know how you're thinking about this properly so you're you're talking about just specifically you know of course agents automation, things like that. Are you talking about specifically how these agents are, you know, finding these exploits for the bad guys or good guys or or both?

>> Well, I'm just saying that there's more the the agent for a threat actor to actually launch an attack with AI is much much easier than it was before, right? Originally to be a to be a originally to be a threat actor, you had to know how to code and how to write an exploit and use that exploit. Then came cyber crime as a service, right?

Ransomware, malware as a service, and that reduced the bar to I'm willing to pay DOS for hire. Now with AI, it's going to take those guys out of business essentially because >> anyone could do it.

>> Yeah. No, it's interesting. I mean, I think well, for example, I actually take a look at, you know, the software that we just developed in house at Doppel, right? and and where it's this UI where hey, you just tell it the prompt like hey I want to run this um octa fishing campaign against this company you know and and and what the AI agent does in our system is it automatically spins up the website sets up the domains um it you know basically then you know actually executes the email campaign um through the right email vendor all that sort of stuff and then layers on top SMS messages as well on on top of

that. So um I think yeah so I think definitely impossible right you know I think once the infrastructure's been built out so I do think there's still going to be a service for these thread actors to like build out that infrastructure because it did take build out to make sure that it's you know integrated well with the right registars that are trusted by email systems it did have you know take some work to integrate with the right SMS providers right and tele telecom providers but I think once that infrastructurees been implemented and um you know created out right. I do think yes someone on the bad guys side can you know essentially create a monopoly there

almost um just given how how easy it becomes then for someone to just yeah no technical skills no you know native English skills right just be able to develop these campaigns >> yeah the the cyber crime industry is is fascinating because it is it's it's business and they've optimized each stage of of the attacker life cycle.

they have optimization specialized tools. You can buy kits off the shelf. You don't have to know how to do anything. You just deploy dollars, deploy tools at what you want to. You package up the the exploits >> and then monetize them. It's it's wild how efficient of an ecosystem it is. And what we can expect is that all of all of the things that are possible with advancements in technology, a few very smart bad guys will package those up and then everyone else will use them.

So the the the tsunami of threats is coming. and so just be prepared with your defenses. I mean we had a one of our one of the shining moments at Doppel that we celebrated was seeing a telegram message and um telegram group where you know you had someone selling you know fishing as a service and they were complaining that hey it doesn't seem to be working because you know this company named Doppel seems to be you know constantly blocking this sort of TTP. Um but I think what was but you know of course great moment to celebrate but what was interesting though right it was like yeah exactly seeing like the thread actors are like hey we're building something new um we're building

something that is AI native and um and and of course we're doing our best to collect that intel so we could stay ahead of it but um it is going to be interesting to see like you said Michael when those really smart bad guys put something together and really get mass distribution what that's going to look like.

So, let's move away from doomsday to to proper day. Michael gave us one positive note, right? With a using AI effectively within our organization, we could be better defenders. Kevin, tell us a little bit about Doppel. I know we're almost at time. We do have the doppel.com on the screen for people to get more information, but Kevin, why did you found Doppel? Where did the idea come from? And and tell a little our audience a little bit about how you help them.

>> Sure. Sure. I mean so when we founded Doppel it wasn't even necessarily a vision around you know cyber security and social engineering it was just simply we know AI is going to be a big thing um and we want to solve the greatest challenges with that as a result um and so over time we started working more closely with a lot of security teams um and saw you know really the span and the breadth of these AI attacks especially from a social engineering perspective so that's how we ultimately finalize on that mission of hey our job at Doppel is to you know defend what's real and disrupt what's

not. So um you know our focus at Doppel today you know what we could do for or organizations is you know we live and breathe everything around social engineering um and and specifically you know we've started off with what's traditionally been called brand protection and executive protection which is anytime someone's you know impersonating you James or Michael or impersonating um you know hacker news etc. um we we find it and we take it down. Um and of course that means we're not just doing it on the traditional email side and domain typo squatting side. but we cover the social media channels, we cover the advertising channels, we cover um crypto channels

and um telephone channels, etc. Um and so that's really our big differentiator. Um ultimately though it's that vision around hey this is really a platform play for us and that now that we've collected all this data how do we continue to launch more and more products to help you combat these social engineering attacks. So hence us now starting to ship a simulation product to help from a both the security awareness and insider threat perspective. Um, but that's our, you know, so that's our mission at Doppel and, you know, , definitely encourage you all to check us out at doppel.com.

And of course, we'll be at Black Hat as well, , in a couple weeks. >> Oh, hacker summer camp, please. No one at Hacker Casino. We still like Vegas in August. Please. [clears throat] I mean, who doesn't love 120 degree heat in the middle of the desert in the first week of August? Cuz, you know, why not?

[laughter] Perfectly put. >> Perfectly indeed. So, um, one thing I want to apologize to our audience for is, , Kevin and I are traveling. And so, if you see a little bit of delay in our video or audio, , y'all know that's not typical. I apologize, but both of us are traveling. We're relying on hotel Wi-Fi, which for anyone who spends any time traveling knows that's not something you always bet on. It's it's not a black or white roulette table bet. It's it's more like playing, you know, World Series of Poker when you don't know how to play poker. you're really just kind of whatever. You're you're going all in on your first card kind of Michael Scott style. Not not the best thing on the planet, but I do

apologize for if if if there was kind of delays or anything to our audience here, I do apologize. I hope you got our messages out of this for sure. Um Kevin, Michael, any last words before we we sign off with our audience this afternoon?

you you know I'll say I think it's evident things are moving quickly and it's exciting but it's also terrifying and there's only so many hours in the day and so many brain cycles to think things through. so think deeply about the biggest areas where you could have huge leaps and risks and concerns and build great strategies filled with smart people and amazing technology. That's the way we're going to do this. Find the best out there. Build the best teams, use the best tools and solutions. , and good luck. Communities make the world go round. , keep working together in the cyber community. It's

been great for the last few decades. , and let's keep helping each other out. >> I I'd say plus one to that for sure. You know, it certainly is a community and team effort. Um, so I'd say the only thing I'd add to that, right, is yeah, definitely stay close to how the technology is shifting, right? um because it is it it truly is evolving so rapidly and it's not just hype cycles with AI. Um we see it you know outside of security where you know all our engineers have seen exponential increases in productivity over the past couple years um our legal team as well right um this technology is just

constantly evolving and um you know we have some folks predicting that you know people will be out of jobs like software engineers in the f in the next five years. I think that might be a little extreme. Um, but it definitely is very real that technology is rapidly evolving and you want to make sure you stay a breast on those changes.

>> I I'm going to say to to to the software engineer thing, I don't think engineers are going out of business. I think lowskilled jobs will be out because of AI and robotics and automation. I'll just put that out there. You'll walk into a McDonald's and I don't think I think there'll be a human doing oversight of machines. We'll see an engineer at McDonald's, right? We won't see a 15-year-old zitfaced kid working through high school anymore. It'll be some sort of, you know, AI engineer running a McDonald's where, you know, a robots making the burgers, making the fries, backing it all in, and handing it to you through the drive-thru.

>> Yeah. No, I mean, I think I've seen a restaurant do that, actually. or not not necessarily the robots in the kitchen yet, but at least the order system. I've I've actually seen some restaurants start to go all AI for the order system.

>> Yeah. I mean, go to an airport now. No, no one, you know, you don't talk to anyone, right? You're ordering on a on a machine. It's it's it's unbelievable. So, there's that. Yeah. Technology is changing. It's a good thing. It's a good thing. Embrace it. Love it. It's good. Right, Michael?

Right. Right, guys? Smile. It's great. Oh, I mean I think I think it's I think it's fantastic. I'm optimistic for for humanity. Like we don't have to go hunt for for food for breakfast before we start a workday. Like that's that's a good thing. We don't have to do these things that were incredibly manual and remedial before. It opens up opportunity to do more complex, more interesting things. so sure, change can be scary, but I think this is going to be a great thing for everyone.

>> Yeah, I your high school someone's high school job is no longer going to be a cashier at McDonald's. It'll be an intern at McDonald's Engineering of How to Run a franchise. That I think that's a more interesting job. Just saying.

>> Yes. >> Way more skills required for it. All right. Thank you, Michael. Thank you, Kevin, so much for coming on. To our audience, again, I apologize from the bottom of my heart for some of the technical difficulties you've experienced through this. You know, that's not how we typically do it here at the HackerNews. Again, sincerely apologetic. , go check out our friends at Doppel, Michael, Kevin. Thank you so much. Thank you to all y'all for taking time out of your day to be here. On behalf of myself and the people behind your favorite website, thenews.com. Have a great rest of your day, y'all. And most importantly, stay cyber safe. Thank you.