# AI Defense, DeFi Hacks, and Security Strategy

**Podcast:** web3 with a16z crypto
**Published:** 2026-05-13

## Transcript

Anthropic has been out there talking about the devastation to be wrought by its product mythos.
The fact that people are so afraid of AI is completely backwards.
I have great respect for Anthropic, but I do think that there is a degree of doomsday marketing here.
The classes of harms that they think will be happening aren't happening.
It isn't that we were secure and now we're not.
It's we were never secure.
We just didn't know it yet.
If I had a thing and I heard it, it got happened.
The first thing I think is, man, I wish I used more AI to find the problems.
If there was no AI and they had a super genius hiding in a mountain in North Korea and he had 300 IQ and he's breaking everything with his giga brain power, that would be terrifying.
DeFi hacks has been running rampant throughout the industry over the past month.
What can people do to secure themselves?
Well, I think...
All right.
Hey, and welcome, everybody.
We're here with Eddie Lazarin, general partner at A16Z Crypto, and Matt Gleason, senior security engineer, also here at A16Z Crypto.
And today we're talking about the spate of DeFi hacks that has been running rampant throughout the industry over the past month.
There have been almost as many hacks as there are days in April, in April.
About $635 million lost in total.
What's going on?
This is a huge uptick in security incidents, in hackings, in money lost.
Why is this happening right now?
So in general, we've seen an uptick in general cyber activity throughout the beginning of this year.
So the impetus there being kind of more capabilities, also some geopolitical tension stuff.
And then we've seen market upticks after.
the US invasion in Iran, specifically at critical infrastructure and some financially motivated attacks.
And so this may just be kind of a fruition of kind of two lines of thinking, which is attackers have increased their own capability with some of the AI models, specifically, probably, honestly, the AI models hosted in China or hosted locally that are being released by China, as well as just geopolitical tensions being at such a fever pitch that more of our adversaries are more willing to be more brazen to kind of fight back, right?
It's a retaliatory effort.
It's very hard to say.
And that's because often the postmortem analyses of these hacks lack specific clues.
about the exact nature of the attackers.
It takes a lot longer than the month that we've had to get to the bottom of that.
And in some of the most sophisticated cases, they actually can clean up their tracks.
They can clean up behind them and make it even harder to figure out what's going on.
From what I understand in my network, the belief is that this relates to an intensification of activity related to the North Koreans.
Now, I doubt that that's all of these attacks.
But I think the most important part of what you're asking, Robert, the implication is, has something changed in technology?
Is something changed broadly that explains this as part of the result of a change as opposed to just like coincidentally hot month?
And that theme is that people are wondering whether attackers use of AI has supported these attacks.
Now, even then, it's hard to say because an AI attack looks like a human attack.
It's not like they knock down the door and you see them on the security camera.
What happens is you see some access logs and you see some code run and you see some files appear and some files disappear.
That's what these attacks actually look like.
And there's no significant difference really between a human being doing it or an ALM doing it.
But the worry is always that the increased sophistication of AI models means that it's easier for attackers to find and exploit.
vulnerabilities.
Truth be told, I'm tripping over myself because what I'm really trying to say is that it doesn't matter that it's AI or not.
It doesn't matter.
The bug was there before the AI found it.
Do you see what I'm saying?
Like Mark tweeted that, Mark's right.
Okay, that's the truth is that if there is an issue, the issue is that attackers maybe have adopted AI faster than defenders.
And so if I had to summarize in one sentence my recommendation to defenders, it would be massively increase your use of AI to red team yourself and find the bugs.
Start attacking yourself full speed.
Like deploy every tool you can and get every security expert you can get access to the latest, most sophisticated models to brutalize your company from every angle.
Because that's the only way to feel safer.
That's the only way to know, is to remove the bug.
Okay, so there's a hypothesis out here that maybe AI has gotten good enough to make this extremely easy for people to find and poke holes in existing protocols and tech stacks, and that defenders are not making the same use of that technology at this moment.
At least there's been some window where attackers have had the upper hand.
Yeah, potentially.
That's incredibly hard to substantiate, honestly.
That's at least what the zeitgeist seems to be conveying.
But in any case, it's kind of irrelevant.
Whether that's true or not, there is only one solution, and it is to radically increase the use of the latest tools to basically rethink security from first principles, because we can have it tested constantly in a more sophisticated way at all times.
That's interesting.
That's like a new type of thing.
And to harden your security posture.
in all the conventional ways.
And for crypto-specific people, as far as I can tell, the vast majority of the issues have been conventional security issues, as in keys getting stolen, machines getting accessed when they shouldn't have been accessed, code being run in places that shouldn't have been run.
So there are sort of two points you're making.
One is, given that we live in this world, in this environment where the tools exist, they're out there, they cannot be taken away, what do you do about it?
And the answer is, you meet the threat.
with a defensive posture and strategy that is commensurate with the risks that are now out there.
And the other is the bugs were in there to begin with, and this would have happened.
It's just a matter of time.
And so maybe if all of this is just happening at once right now, it might look bad.
It might look scary, but it's just condensing kind of what might have happened anyway.
The vulnerabilities were there.
I can just reiterate that like someone's going to find the bug.
Who do you want it to be?
Better to be you than somebody else.
The fact that people are so afraid of AI is like completely backwards.
It's literally completely backwards.
Because if I had a thing and I heard it got hacked, the first thing I think is, man, I wish I used more AI to find the problems.
Man, I wish I tried to hack myself with the AI.
Like it moves the domain of control into yourself because you have access to those tools.
You know what would be really scary?
If there was no AI and they had a super genius hiding in a mountain in North Korea and he had 300 IQ and like a two foot wide cranium and like no one could use the guy and he's breaking everything with his giga brain power.
Do you see what I'm saying?
That would be terrifying.
How do you, because how do you defend against that?
Right?
But it's actually the opposite.
The tool that OpenAI is rolling out, like the cyber fine tune, the special 5.5 cyber.
They're going to let everybody use that eventually.
Like basically everybody who has even like a, you know, a defensible reason to use it.
And it's not going to cost you 5 million a year.
It's going to just cost you a normal, like anything else.
Like I think I have access to it and I'm paying like the 200 bucks a month.
That's the opposite of the giant guy in the cave.
That's like incredible.
You see what I'm saying?
You have no excuse.
You have the tool.
So you should be very encouraged.
And maybe there's another thing that's left unsaid is like, you know, people say there's always bugs and there's always exploits.
And that's true.
That's because it's nearly impossible to make software that is perfect.
But there is a distinction, even if it's hard to quantify, between software that has been heavily scrutinized and software that has not been.
That's what it means when there's like heavily audited software, like things like this.
There's degrees of verification.
There's degrees of confidence we can have.
The more AI there is and the better it is and the more powerful it is and the better it is specifically at hacking, the more confident and better you should feel about the software because you really can decrease the number of bugs in it for sure.
You can actually like materially do that and develop conviction that it has few bugs if enough effort is spent by enough experts and enough resources.
That's just a fact.
The discouraging thing, if any, is that The attackers are just more AI build than the defenders.
That's scary.
And that's certainly an argument that some people, including AI companies themselves, have been making.
You know, Anthropic has been out there talking about the devastation to be wrought by its product Mythos.
You know, should it get into people's hands?
And look, I have great respect for Anthropic, okay?
I'm not going to disparage Anthropic, but I do think that there is a degree of doomsday marketing here.
The classes of harms that they think will be happening aren't happening.
And then the harms that could be happening, maybe are happening, like the cyber stuff.
There's only one treatment, and it is to arm the defenders, in my view.
You might say, oh, well, don't you want to not have the bad guys get their hands on it?
the bad guys are going to get their hands on it eventually.
They're going to spend the money.
They're going to make one.
It's going to happen.
No one's going to stop it ever.
The only thing you can do is have it now and secure it now.
Because we can, thanks to the way cryptography works and thanks to the way cybersecurity works, we can design systems that are easier to defend than to attack.
Thankfully, nature allows us this luxury.
So let's lean into that.
That is a wake-up call if I've ever heard one.
Matt, what can people do?
given this state of affairs to secure themselves from a user perspective, sure.
And also from the protocol perspective, from a builder perspective, the people who are putting this technology out there.
So there's a few different points here, I think that are worth stating.
One is, of course, that we're kind of in for a painful transitionary period, and that we are in a place where we need to be kind of creating more securable environments.
So this is...
basically implementing patterns or implementing access restrictions that allow us to kind of more reasonably guard what we want to keep safe.
So typically for a company, this would be your production environment.
I think the first thing that's worth saying is like, there will be pain, but it will be pain before kind of a place where we are more secure than we have ever been.
Because the fact of the matter is these vulnerabilities, again, just to reiterate, have always existed.
They were always there.
You just needed a determined attacker who was informed enough to choose to exploit them.
We happen to have people with motive who are determined and people with capabilities, both AI-enabled as well as just their own, who have decided to kind of take it upon themselves to do harm.
As the defenders catch up, we're going to see environments that are going to look like the most well-hardened environments, and they're going to be essentially everyone.
because things are getting cheaper to build, things are getting cheaper to implement.
The way we sift through ideas is a lot faster and cheaper.
Like we have ways of navigating through this, but we're all just going to kind of need to learn how to do it.
There is some change that needs to be made for everyone.
One is, of course, use the AIs to find your problems, right?
If the attackers are using it to find your problems, the defenders can use it to find their problems.
We're using the same AIs.
You actually have an advantage to the defender because you know more about your environment.
You have more visibility.
And if you get caught, it isn't a big deal.
You just go, okay, cool.
We'll just keep going.
So what do people do now?
You basically embrace the fact that we're transitioning how we approach problems.
We're transitioning the amount of security you need to have in your organization.
And we're transitioning the expectations you need to have with your own security teams or your development teams or your IT teams, the people who are performing the security stuff.
They don't have an excuse for not knowing certain aspects of security because they can just go ask the omniscient AI and get the answer for themselves, right?
They can kind of have conversations with it.
They can use it to enable themselves to be better.
And so like everyone needs to be better.
And through being better, I think we're going to deploy much better environments.
It's just how long that takes is the question.
What is the scale of this transition?
I mean, the history of...
technology and warfare, there have been innovations that have caused really wide-sweeping societal changes.
You know, you had the invention of the stirrup, and then all of a sudden people had to batten down and create castle fortifications.
The nature of warfare, of attack and defense changed.
And then you got the invention of gunpowder and cannons, and all of a sudden fortifications and walls were not quite as useful as they had once been.
Where are we at with this transition that we're undergoing right now, where we have these tools that allow you to have such scale and speed matched up against the way our systems work as is today.
This is a great example of something where quantity has its own quality.
There has always been large groups of giga brains thinking about breaking systems and defending them.
I mean, in the history of the internet, particularly the last 30 years of the internet.
I think the difference is just the intensification.
but not the intensification of the breaking energy.
That is what we're kind of talking about with AI is like the ability to figure out where the problems are quickly and act on exploiting them and so on.
But the most important factor to me is actually the intensity of how everything else is wired into the internet and wired into devices.
As more and more important things become connected to the internet.
then the consequences and therefore benefits and therefore stakes of compromising them escalates, which means proportionately more resources need to be expended on defending them and are also expended by the attackers in trying to exploit them.
So it's an intensification.
Bringing AI into the story is just further intensification of the defense and of the offense.
So I don't see it as like a categorical change.
That's why a lot of the actual recommendations, you know, we're not really getting super technical on this podcast, but if you go into the recommendations that technical experts make, they're not profoundly different in any way.
It's the same stuff.
It's like the different passwords.
Make sure permissioning in your organization is very fine grained and no one has unilateral access to key systems.
Try the latest tools on mitigating supply chain attacks.
These are all things that are all just parts of the same intensification.
So I don't see a huge structural change happening right now, except I see a rapid deployment of the new tools by the attackers and by the defenders.
Yeah, I think comparing it to weapons or armaments is a little weird.
Because I don't think this is itself a thing that...
does the attacking, right?
Like we're doing the attacking the same way we used to.
We're doing the things the same way we used to.
It'd be more synonymous with like going from like a torch, right?
Something that's lit with fire and has limited visibility to going to a flashlight or spotlight.
We're like, oh man, I just like turn that thing on and I can see everything in front of me, right?
It's granting superior visibility to people to be able to see what is.
Because again, It isn't that we were secure and now we're not.
It's we were never secure.
We just didn't know it yet.
And so we just went from going around in the forest with a torch to someone just rolled up and shot a spotlight in front of us.
And now we can see where all the bugs are.
It's just more of a visibility amplifier.
It's the thing that gives you more context of what is going on and allows you to process more information faster.
It just allows you to look at more things than you used to be able to before.
We've spent a good deal of time talking about the nature of AI, but what does this all mean for DeFi, for on-chain finance, and for the future of crypto?
It's funny.
I think crypto has such a headwind narratively here.
And it's because I know a lot of traditional organizations that are worried about hacks and worried about all this.
It's hard to quantify the damage.
Right.
You just hear like information leaked.
OK, how bad is that really?
But the grand scope of the damage is hard to say.
And it's still really bad, but it's mushier.
But stealing like hundreds of millions of dollars or 50 million or even just a million is so salient and so specific.
And crypto is so public and so transparent that crypto's transparency makes it more evident when things have gone wrong.
And a lot of the damage in conventional hacks is hidden.
And in fact, corporations have a very strong interest in avoiding people seeing it to avoid backlash and scandal.
So crypto has a unique disadvantage narratively when it comes to security issues.
And that's unfortunate.
But I actually don't think of this as a crypto-specific issue.
I think it's exacerbated as a result of crypto's visibility.
I think that's an incredible point.
I mean, if you combine it, Matt, with your point about how AI is more like a flashlight or a spotlight, it's just that the environment that you are shining light on happens to amplify that light many, many times over when we're talking about something as public and transparent as crypto versus something a little bit more shadowy and in the dark, like the corporate world.
I don't want to sound conspiratorial.
That sounded very conspiratorial.
Shadowy is dark.
Yeah, but I don't know why.
I mean, you're right.
I mean, yeah.
Sort of is.
So, I mean, you said, what are the consequences for DeFi?
Well, I think DeFi has always had a lot of pressure on it to be secure.
That has been true from the very, very, very beginning.
That remains the case.
And it should increase and it ought to increase.
I think DeFi protocols need to be...
unbelievably paranoid, among the most paranoid on earth, because they're offering people something very powerful, right?
This self-custody.
And if you're giving people this incredible power to control it yourself, to be your own bank, to hold your own money, well, you can't get messed up.
Your users can't.
There's a hundred things to worry about there.
With great power comes great responsibility.
I think DeFi will adapt.
I think the tools are getting better to be more secure, like we've been saying, not worse.
And I think in its ideal form, DeFi is still more secure.
A really important idea to get out is that of the hacks that I looked most closely at over the last 30 days, many of them would have been mitigated by more decentralization, not less.
More decentralization, not less.
In other words, the decentralization part wasn't the bug.
The bug was that they were unexpectedly more centralized than many people believed.
And the proof is in the response.
Like with almost every crypto adjacent hack I've seen, the response has something to do with, well, let's get more parties involved and decentralize and remove single points of failure.
I'm saying like different designs require different trade-offs.
We have not learned that decentralization is bad.
What we've learned is that inadvertent single points of failure is bad, which is a thing that we've always known.
And so the point you're underscoring, yeah, is that decentralization can actually enhance your defensive posture.
Absolutely.
Maybe you two could help me get a sense for how much of this is social engineering versus chaining together technical software exploits.
Those things usually go hand in hand.
So we don't have the full postmortem for a lot of these.
My impression is there has been a substantial amount of social engineering for most of these.
If I had to sketch the shape, I almost want to draw on the whiteboard here, like the shape of a hack.
based on my experience.
It is a series of little problems that are woven together in such a way that like 10 of them together, whatever, you know, four of them, 23 of them in sequence, all adds up to a huge problem.
Right?
Like that's how they add up.
It's like it's tiny little cracks that all come together.
And then before you know it, the whole thing explodes because just they found the way in.
They found the way in with all this little weaving thing, weaving through a bunch of small issues.
In other words, you are trying to gradually open and expose your ability to exploit a company or exploit a project or exploit a user.
And social engineering is a great tool to get a little edge in one dimension.
It's like...
If only I was on this user's laptop, then I could blah, blah, blah.
And then once I'm there, then I could do blah, blah, blah.
And then I could convince another user to do blah, blah, blah.
You can see how it might be click one little email, then get on a device and then rely on a weak thing.
And then this email thing and then blah, blah, blah.
You weave them all together.
It's a huge problem.
So in almost every attack, I have seen social engineering be a component and potentially a counterfactually necessary component.
As in, if there was no social engineering, that attack couldn't have been possible.
But then again, because of this large chain nature, you can design a system so that social engineering makes it harder to pull off an exploit, right?
It's much harder to socially engineer two people than it is one.
Social engineering for people and then breaking a system that requires multiple signatures and then requires a time delay and then requires a blah, blah, blah is even harder.
So to answer your question, it is almost always a part of the mix.
I see what you're getting at.
It's sort of like the more you decentralize control and these access points, maybe the safer you are.
Now, I'm sure there are caveats to that, but the point stands that if there are many walls in between you and the exploit, the more walls there are, the better you're off.
There's been a meme in security for, I think it's like 20 some years now.
It goes like this.
Social engineering.
colon, because there's no patch for human stupidity.
It is a bit crass, but it is kind of the truth.
It is hard to formulate technical controls around individuals within a company.
It is and will continue to be the main way people get into things.
By the numbers in terms of impact for the DeFi hacks, it's almost certainly almost all of it sources social engineering somewhere in the attack flow, right?
Probably the way they got access.
In some cases, the way they got everything, like the entire thing is social engineering.
We see other activity as well.
So there are hacks that aren't related to social engineering, but they're typically very small and not super impactful.
But any of the heavy hitters you've heard about were typically like a key was compromised or a set of keys was compromised using social engineering as kind of the main first step.
And so social engineering continues to be the strongest thing that people use.
And it will continue to be there until, of course, we figure out how to have the AI scarred people.
Because guess what?
That is the patch.
Yeah, I was going to say kind of a, if you'll let me say kind of a sci-fi idea, Robert, is like human beings have been prompt injectable since their original development.
And it's unlikely we're going to be able to improve that.
We use all types of trainings.
We use all types of human feedback mechanisms to refine the humans and to make them less vulnerable to obvious types of social engineering attacks.
But it's hard to do because human beings are so non-deterministic and so unpredictable and hard to measure and hard to instrument.
So they are very challenging to put in the core loop of a system, which is why you have to put multiple of them.
Because it turns out we've discovered that...
adding multiple humans into a cybernetic process and requiring consensus among those human beings in sort of an ensemble setup is less prone to catastrophic error.
That's like a way to put it, right?
AIs, although they are goofy now and are prompt injectable and are flawed, are way better at design.
Because first of all, it's gotten a lot harder to prompt inject an AI.
Like it's possible still for sure.
But it requires some clever new techniques that are developing, right?
But an AI can still be instrumented very heavily.
And it can be guarded very, very, very heavily.
And it can be measured very, very carefully.
And you can push it through the same attack scenario billions of times and see exactly how it responds to hundreds of thousands, if not millions of styles of attack.
That's a thing that is happening now.
We are learning to do that now.
And so you'll be able to get your conviction around an AI's likelihood of being socially engineered, prompt injected much sooner than you will for a human being.
So in the end, probably not that long from now, it's going to be better to combine AI models and cryptography and other designs than to rely even on a person to keep a system secure.
I think that that's a real possibility, not for all systems, but for some things.
Who knows?
I'm just kind of gesturing at something that's a little fuzzy to me, but it's on the horizon regarding social engineering.
I like your framing of people as being prompt injectable.
And I think we should turn our attention to injecting some defensive prompts into the people who are listening to this and give them some idea about what they should do to combat it.
What can or should they do to stay safe?
I mean, just for users, I'll say improving the quality of your cognitive security should be a top priority today.
I mean, I'm not trying to make people stressed out, but you should basically assume that you're under attack at all times.
Really, really, right?
Just be completely paranoid.
Don't go outside.
Spam calls, spam messages.
You know those people are trying to take your money and they're trying to harm you.
So just applying the same thing to everything.
You know, someone sends you an email, someone sends you a link, someone's asking you to send some money, whatever.
Someone's trying to get some information from you.
Just assume that just because of how deeply interconnected we all are across the whole world, anyone can reach anyone at any time, basically.
You should just kind of assume that you're under attack.
And therefore, you should develop an intuition for what behaviors are dangerous and which ones are safe.
Obviously, giving people passwords, giving people keys, giving people logins, incredibly dangerous.
That should be obvious that that's totally dangerous.
Clicking on links, somewhat dangerous.
Going to websites that someone texted you, some weird URL, pretty obviously dangerous.
Installing software.
especially last minute because the Zoom's not working and you really need to install it right now.
As happened earlier as we were trying to get this going.
Yeah, should be scary, right?
Installing software is scary, right?
So like, I think like the youngest generations kind of learn this pretty quick and they learn not to trust the digital form of the proverbial man selling ice cream or handing out ice cream out of his truck or whatever.
Like you just learn if someone texts you with a job opportunity.
No, they do not have free ice cream for you.
They are trying to hurt you.
And the same goes for engineers at companies.
They want to hurt you.
Very appropriately for the timing of this conversation, I got logged out of all of my active sessions on X today for suspicious activity and behavior.
So yeah, I'm feeling the heat over here as well.
All right.
Well, any final pleas or advice for people to leave off with?
Even if it's temporary?
make an internal red team for a little while and try to break yourself.
Like think about how your project is going to get wrecked.
Think about how your company could get wrecked.
Think about the scariest thing that could possibly happen.
And then ask someone on your team to do it.
Ask someone on your team to try to fish, try to take control of people's devices, try to trick people into installing things, try to, you know, escalate permissions without other people's sign off.
You know, run through the scenarios.
Well, what if people take over our website?
What if we get a email from a trusted vendor and the vendor was compromised and they emailed us a trick and a well-meaning person inside of our company clicked it?
What would happen, right?
Run through those exercises.
And then even better, ask an AI to do it too.
Ask an AI how to be more thorough.
There are going to be some really great products, I'm sure, this year.
that do exactly this.
Like you ask them, attack the hell out of every employee on my company and figure out how to break it.
Right.
But you know, until those products become available, try to do it yourself.
You're going to learn a lot.
That would be my plea.
Matt, how about you?
I mean, have the people who have access to the most sensitive stuff you own go through and like examine how from their position they would be able to like, attack the company.
Red team, but just have everyone do it.
And then if they're curious on, oh, could you do this thing?
Ask the AI, hey, AI, would this be feasible?
You don't have to do the exploit, but you can get pretty good answers on feasibility of certain types of attacks, feasibility of certain types of activities, and what you would do.
Because ultimately, the way a hack is going to be performed is one of these people is going to accidentally get something on their computer.
And then from there, it's going to be perpetuated and go through their environment.
And so just take the people you're afraid of getting hacked and tell them, if you get hacked, what can you do to our environment?
What's the worst things you could do?
And then try to figure out how to mitigate those things through better controls, restrictions of access.
dual authorization or multi-party authorization, just all sorts of techniques.
But yeah, have everyone take a role in this and figure out how to secure stuff.
If I were to add something, I would really just say, one, pass keys are great.
If you can migrate to pass keys as the way you authenticate into things, it just makes you a lot more robust to phishing patterns.
Just by its design, it uses cryptography instead of something you're just typing in words, right?
It's way better.
And then the second one is we actually have a really cool thing now.
We have a very patient rubber ducky style thing that will talk back to you and kind of like not judge you for, you know, asking stupid questions.
If you see something and you're like, man, I don't know if I should click this.
You know, you can always ask the AI.
It's not going to judge.
It might.
give you the wrong advice sometimes, but at the very least, you're taking some time to kind of step away from the problem to calm down because most phishing campaigns will rely on panic.
I mean, it's such a good point, Matt.
Like that actually reminded me of something I did this week.
Like this is a real thing that happened to me.
I needed to urgently validate that an email I received was actually sent to me by the sender, like the correct domain.
And so I've validated DKIM signatures before and like check that email.
I've done that.
But like, I kind of like forgot whatever, you know, I'm in a rush.
So I just took the whole body and I just pasted it into Codex.
And I just said like, I'm scared this is a suspicious email.
Validate the DKIM signature now.
And not only did it do that with like real code, it actually wrote a little CLI program and did it like right there.
But it also even looked up like how old the domain was.
It's crazy.
It did research on the sender.
It found that that sender had recently changed domains and that there was actually a redirect on the old domain.
It did like a whole investigation.
And because I think it's unlikely that an attacker would have also compromised my codex login, that is a possibility, right?
But like, I think that's unlikely.
That made me feel really good and I trusted it.
It convinced me.
You know what I'm saying?
I was confident in that email.
And of course, everything ended up okay.
But you see, you should use these tools at your disposal.
Use the tool, send the screenshot, copy the thing, send it, explain what's going on and say, how could someone be attacking me like this?
Am I getting screwed right now?
What is happening right now?
You know, and they'll actually give you a really good, like a super respectable answer.
And you don't have to be embarrassed and they work for you.
It's pretty amazing.
That's such a great example of turning the tables.
So it's not just, you know, you're under attack, but here's how you can use it for defense.
All right.
Well, you've heard it from our security gurus, Eddie and Matt.
Thank you both so much for giving people some stuff to chew on.
People, please take this seriously.
Use the tools available to you and at your disposal to protect yourselves because the attackers are out there and they are coming.
Thank you both for your time.
Thank you.