On this week’s show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire’s lawn and ends with Grok happily doxxing real people, mapping out stalking “strategies,” and handing out revenge-porn tips.

Then we go inside the Louvre heist, where thieves in hi-vis and a hire van waltzed off with the French crown jewels in broad daylight, exploiting our assumptions about what “looks normal” – the same kind of bias we’re now baking into security AIs.

Plus, Graham chats with Rob Edmondson from CoreView about why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable.

All this, and more, in episode 447 of the “Smashing Security” podcast with Graham Cluley, and special guest Jenny Radcliffe.

Host:

Graham Cluley:

Guest:

Jenny Radcliffe:

Episode links:

• Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware – The Record.
• US Posts $10 Million Bounty for Iranian Hackers – Security Week.
• Infostealer has entered the chat – Kaspersky.
• Dave Portnoy posts a photo of his lawn (including a manatee-shaped mailbox) – Twitter.
• Elon Musk’s Grok AI Is Doxxing Home Addresses of Everyday People – Futurism.
• Elon Musk’s Grok Is Providing Extremely Detailed and Creepy Instructions for Stalking – Futurism.
• How the Louvre thieves exploited human psychology to avoid suspicion – and what it reveals about AI – The Conversation.
• Outrageous (TV series) – Wikipedia.
• Outrageous trailer – YouTube.
• Man charged with theft after allegedly swallowing Fabergé pendant in jewellery store – The Guardian.
• Free Microsoft 365 Tenant Security Scanner – CoreView.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

Sponsored by:

• Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Horizon3.ai – Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.
• CoreView – Benchmark your Microsoft 365 tenant security against the Center for Internet Security (CIS) controls.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Join Smashing Security PLUS for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

---