Microsoft's Secret Weapon: The GDID That Caught 'Scattered Spider' Teen

Presented by Thinkst Canary: https://thinkst.canary Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents. Three Buddy Problem - Episode 104: We discuss the return of Anthropic's Fable 5 from export-control suspension with guardrails so aggressive that spelling "exploit" gets you downgraded. Plus, a debate on AI frontier labs killing businesses at scale, and OpenAI offering equity to the US government. Also, buried on page nine of a 'Scattered Spider' arrest indictment: Microsoft's never-before-detailed GDID device identifier, a persistent Windows fingerprint with massive implications for OPSEC, privacy, and APT tracking. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 Cold open: Heat wave in Washington DC 3:45 Fable 5 returns after the 15-day timeout 5:21 "Refined classifiers" and the downgrade-to-Opus mess 8:23 Codex vs. Claude: real-world malware analysis test 12:41 Who are the guardrails for? Defenders locked out 19:13 What even is a "jailbreak assessment framework"? 21:37 Two theories: failed PR vs. killing a thousand startups 24:59 Could the labs build kernels or a whole OS? 31:38 Bureaucracy is the moat 36:09 Can AI actually run an attack? (Spoiler: 14 detections) 47:01 OpenAI offers the US government a 5% stake 58:16 Scattered Spider arrest and Microsoft's GDID revelation 1:12:02 OPSEC fallout: how APT groups adapt to device telemetry 1:27:18 UFO update, shout-outs from Seoul