The Chad & Cheese Podcast Hacking Jack & Jill
Mar 24, 2026
Paul Price, CEO of CodeWall and former penetration tester, tells how autonomous AI agents chained tiny flaws to access recruitment data at major firms. He demos AI social‑engineering of voice bots and deepfake prompts. The conversation highlights parallelized AI attacks, voice cloning risks from seconds of audio, and the push to build AI defenders.
AI Snips
Chapters
Transcript
Episode notes
Ethical Hacker Found Jack And Jill Via Job Search
- Paul Price discovered Jack and Jill while job hunting, then pointed CodeWall at their platform and found basic vulnerabilities that chained to expose client recruitment data.
- Within hours he emailed the founder, the team patched it quickly, and the research became a responsible-disclosure case study.
Small Bugs Chained To Full Client Data Exposure
- Four trivial vulnerabilities alone were minor but chaining them let CodeWall impersonate any client and read recruitment PII and internal hiring documents for customers like Monzo and Anthropic.
- The real risk was composition: small, common bugs combined into full platform compromise of candidate data and compensation details.
AI Agent Social Engineered Jack And Jill's Voice Bot
- CodeWall's AI agent attempted to socially engineer Jack and Jill's voice assistant, created its own text-to-voice, and ran 28 prompt sessions to escalate access.
- Jack and Jill's voice bot replied politely (e.g., 'hello, Mr. President... I cannot give you this information'), showing AI-vs-AI interaction and partial defenses.