Three Buddy Problem LLMs writing exploits, engineers losing skills, and a case for the generative OS
Apr 3, 2026
A deep dive into a complex ransomware incident and how attackers exploit Fortinet gear. They debate whether ransoms should ever be paid and how gangs price demands. The conversation probes LLMs writing exploits and the risk of engineers losing core skills. A provocative idea for a generative-first operating system and ways to tame dependency sprawl round out the tech-heavy discussion.
AI Snips
Chapters
Books
Transcript
Episode notes
Ransomware Case Rooted In Fortinet Exploits
- Costin Raiu described a complex ransomware incident that began with unpatched Fortinet appliances and included stealers, leaked credentials, and ransomware escalation.
- He walked through three remediation goals: find the initial intrusion, map attacker activity/backdoors, and attempt data recovery via cryptographic flaws or law enforcement-obtained keys.
Don't Pay Ransoms Without Fixing Root Causes
- Advise victims to avoid paying ransoms because payment reinforces poor hygiene and creates incentive for repeat extortion.
- Instead, invest in backups, patching (e.g., Fortinet), password managers, and improved endpoint defenses to prevent recurrence.
LLMs Are Democratizing Exploit Creation
- Juan Andres Guerrero-Saade argues LLMs are already transforming vulnerability research, enabling automated discovery and exploit generation at scale.
- He and Ryan point to Nicholas Carlini and Patček's thesis that this flood will lower exploit costs and expand targets to routers, printers, and IoT.
