Back to Podcast Digest
0xSero··25m

Cyber Security in the Age of AI - How Mythos and LLMs change the internet

Watch on YouTube →

TL;DR

  • LLMs turn old cyberattacks into adaptive systems — the creator argues that attacks like DDoS are more dangerous when AI agents can react in real time to defenses like domain changes, DNS shifts, and other mitigation steps instead of running as dumb scripts.

  • Privacy is collapsing because AI can finally make sense of the internet’s mess — his core point is that the real historical limit was never lack of data but lack of intelligence to process it, and tools like Grok plus OSINT frameworks now connect usernames, photos, GitHub accounts, family details, and work history into a usable profile.

  • A single username can expose far more than people think — using his own X account as a demo, he shows Grok pulling together location, follower count, job clues, the fact that he’s a dad, his GitHub, website, and contribution graph, then warns that governments and organized attackers can do this at much larger scale.

  • Attackers can use personal details to automate targeted intrusion — he gives the simple but sticky example of pet names from Instagram or Twitter becoming password guesses, with AI agents collecting those clues and feeding them into password-cracking or credential-stuffing workflows.

  • Open-source security tools plus LLMs lower the skill floor for hacking — he points to Ghidra from the NSA and Burp Suite from PortSwigger as powerful tools that models are already good at using, which means beginners may soon be able to reverse engineer binaries, fuzz software, and probe websites without deep expertise.

  • His practical advice is ‘defense in depth’ for your digital and physical life — he recommends reducing public traces, flooding the internet with inconsistent personal data, checking your own exposure with OSINT tools, filing GDPR takedown requests, hardening your home network, and thinking seriously about household security because doxxing and swatting are becoming cheaper.

The Breakdown

From old-school bug bounties to AI-powered attacks

He opens by saying cybersecurity has been personal for him since his own bug bounty days, and he remembers how hard offensive work used to be. The big shift, in his view, is that LLMs can now interact with tools and the web at scale, so anyone with enough budget, GPUs, or state backing could run hundreds or thousands of agents at once.

Why DDoS gets nastier when the bots can think

He uses the classic DDoS example to show the difference between yesterday’s “script kiddie with rented AWS boxes” and today’s agentic attacker. The point isn’t just volume — it’s adaptability: an LLM can look up DNS changes with tools like MXToolbox, follow a moving target, and keep attacking instead of failing when the defender shifts infrastructure.

The privacy doomer case: your internet exhaust is enough

This is where his tone gets darker: he says he’s become a “privacy doomer” because people have already posted too much for too many years. Photos on Instagram or Facebook can carry metadata, timestamps, devices, places, buildings, and relationship clues, and once AI can harvest and connect those fragments, your old posts become a profile kit.

OSINT, pet names, and the mechanics of targeted hacking

He walks through the Ocean/OSINT framework as the first stage of a real attack: identify the victim, map their accounts, and learn how they live online. His example is memorable because it’s mundane — if your passwords are built from pet names and your pets are all over social media, an attacker with time and AI can gather those details, generate guesses, and keep hammering until something opens.

He points Grok at himself and gets a profile back

To make it concrete, he feeds his own X username into Grok and asks it to dig deep. The output is basic in spots but still unsettling: location, follower count, premium status, work themes, the fact that he’s a dad, his GitHub, projects, collaborators, website, and broader online footprint — enough to show how little friction there now is in building a dossier.

The Soviet Union analogy: the data was always there

One of the stickier moments is his reference to Nexus by Yuval Noah Harari and the Soviet Union’s information problem. His takeaway is that states and institutions have long had oceans of data and incentives to use it, but not the intelligence needed to process it — now they do, and that changes the balance completely.

Defense in depth now means your house too

He shifts from digital privacy to personal security and says the goal is no longer invisibility but making yourself expensive to target. His advice spans fake or inconsistent social metadata, fewer photos, GDPR takedowns, spreading money across places, protecting children’s routines, and physically hardening your home because AI-assisted doxxing, swatting, and harassment are getting cheaper.

Reverse engineering, jailbreaks, and the coming skill-floor collapse

In the final stretch, he demos how models can be context-primed past refusals and then pivots to tools like Ghidra and Burp Suite. His warning is that experts already using these tools just got a power-up, but the bigger change is that motivated amateurs — inspired by all the “models are good at hacking” marketing from companies like Anthropic — may soon be able to find and chain exploits across everything from websites to baby cams to cars.