UL NO. 467 | Why You Should Care About AGI (And a Definition)

Plus: DeepSeek's open database, Using o3 with Fabric, Chinese backdoors in health monitors, and much more...

Author

Daniel Miessler
February 04, 2025

Hey there!

  • An absolutely must-see/listen conversation about National Security, AI Agents, NVIDIA, TSMC, and more. Basically if you’re watching AI / ChipWarsTM you want to catch this. VIDEO

  • We made the SANS list of top security newsletters!

  • How to use Fabric with o1 and o3 (the flags are different) POST

  • After listening to that conversation I massively tightened up my explanation of why I define AGI as an AI that can replace a knowledge worker from 2022. If you have a better definition, please send it!

  • 📺 Harmonic Sponsored Interview
    I had a great conversation recently with Alastair Paterson, CEO of Harmonic Security. We discussed how their Zero-Touch Data Protection tackles AI data security, the risks of shadow AI, and how their browser-based solution helps enterprises adopt AI safely. Worth a listen! WATCH | HARMONIC.SECURITY

Have a great week!

-Daniel

Sponsor

Ransomware Survival Guide: Infostealers, Exploits & More

Flashpoint identified 4,500+ ransomware attacks in 2024, with 53% targeting U.S. companies. Ransomware operations have grown more sophisticated — strategically combining phishing, infostealers, and vulnerability exploits to breach defenses.

Survive ransomware in 2025 with this free report:

Download the report from Flashpoint to learn more

SECURITY

DeepSeek AI Exposed Customer Data in Unprotected Database
Chinese AI company DeepSeek, which disrupted the AI world last week, left a database containing over a million user chat logs and API keys exposed to the internet with no password protection. Researchers at Wiz found the database and reported it. My question? Does it reveal any evidence that they used OpenAI for training?

Healthcare Monitors Found With Chinese Backdoor
CISA (RIP?) found that Contec patient monitors have been secretly sending patient data to China and can download and execute files remotely. Even worse: when CISA reported it to Contec, the company's "fixes" still had the backdoor—they just disabled the network interface (which the backdoor immediately re-enables). The full advisory is full of goodies.

Critical SonicWall Zero-Day Being Exploited in the Wild
SonicWall confirmed that attackers are actively exploiting a nasty authentication bypass in their SMA 1000 series products. Microsoft's Threat Intel team found this one (CVE-2025-23006), and it lets attackers execute commands remotely without needing to log in.
- Affects admin consoles on port 8443 by default
- About 2,000 vulnerable devices exposed on Shodan right now
- CISA added it to their must-patch list immediately

Sponsor

Protect your app with WorkOS Radar

Does your app get fake signups, throwaway emails, or users abusing your free tier? Or worse, bots attacks and brute force attempts?

WorkOS Radar can block all this and more. A simple API gives you advanced device fingerprinting that can detect bad actors, bots, and suspicious behavior.

Your users trust you. Let’s keep it that way.

Major Hacking Forums Seized in International Operation
Law enforcement just took down some of the biggest hacking forums in the world, including Cracked and Nulled, which had over 10 million users combined.

Backline Launches with AI-Powered Security Remediation
A new startup called Backline raised $9M to use AI agents that automatically fix security vulnerabilities without human intervention. I include this one because it’s part of the trend of what we’re going to see from agents becoming real. Sure you can find issues, but can you fix them?

Tulsi Gabbard Faces Senate Over Surveillance Stance
In her DNI confirmation hearing, Tulsi Gabbard got grilled hard about her complete 180° on surveillance—going from wanting to kill Section 702 to now calling it "vital". She was also asked about her previous support of Edward Snowden, who she once called a "brave whistleblower" but now says "broke the law".

💡 I am a simple man: I think if you dump top secret documents to the internet and move to Russia, or if you break into the Capitol building on verification day because you want to change the results—you’re a criminal.

At one point I saw Snowden as a whistleblower too, and I was a bit torn about it, but that day passed years ago.

AI and Palantir Transform UK Police Operations
Bedfordshire police just became the first UK force to deploy Palantir's AI system, and they found 123 at-risk kids in just 8 days. Their stock is way up too.

A Better Way to Think About Passkeys
An argument we're getting passkeys all wrong—i.e., that they should be used alongside magic links, not as a complete replacement for other auth methods. I’m just happy they exist. Best thing to happen to security in over a decade at least.

AI / TECH

💡 Why I Think You Should Care About Us Reaching AGI

I wanted to say a bit more on the AGI thing. I think it’s the most important topic in AI, actually. Tons of very smart people don’t know why they should care about AGI. Like who cares if it hits this benchmark or that threshold? There’s only one good reason I can think of, which is why I use it as my definition.

AI workers. Like, coworkers.

Imagine your team at work. You’ve got 5 coworkers. Or 20. Or 35. However big your team is. Now imagine it’s 10,000 instead. Like overnight. One day you just have 10,000 devs instead of 7.

They’re not perfect. They make mistakes just like everyone else. Someone still reviews their work. They still get lost sometimes. In some ways they’re way smarter than your human coder peers, and in some ways way dumber.

But they make steady progress. They show up for video calls. They can read docs. They can code. They can take direction. They can readjust based on seeing a Slack message. They can give updates in a meeting.

But it’s 10,000 of them instead of 10. Or 100,000 instead of 100. And they work 24/7 and constantly improve.

That’s why AGI is a big deal. And I think we’re getting really close. Again, it’s not one component that will do it. AGI will be a system. It’ll behave like one person (thing, whatever), but it’ll really be this composite that lets it behave in a cohesive way.

My guess in 2023 was 2025-2028. I think we’re on track for that. My guess now is late 2025 or sometime in 2026 for the most basic version that barely gets us there. And even more likely in 2027, and definitely by 2028.

If and when it happens, it’ll be the single biggest impact on humanity from tech, by far. Even bigger than the internet. Both negative and positive.

93% of IT Leaders Plan to Deploy AI Agents by 2026
Perfect timing: a new Mulesoft report shows that almost all IT leaders are planning to use autonomous AI agents within two years, and about half are already doing it.

Sam Altman Admits OpenAI Was Wrong About Open Source
Sam Altman admitted in a Reddit interview that OpenAI has been "on the wrong side of history" regarding open source. Insane how winds can shift so quickly. It’s all Kumbaya until a terror attack happens that was “influenced by” an open-source AI model. Then HuggingFace becomes an Al Qaeda website.

OpenAI Claims Chinese Rival DeepSeek Stole Training Data
OpenAI accused DeepSeek of scraping and using data from ChatGPT to train their own models. They say they found patterns in DeepSeek's outputs that were suspiciously similar to those from GPT-4, including some of the same quirks and mistakes.

💡 The big troll right now is to say it’s funny that OpenAI is complaining about stealing when they stole the internet for their own training. I personally think the whole thing is moot.

I think, with few specific and licensed exceptions, what we put into the public is just part of the universe’s background noise. Would it be nice to get credit? Sure. But if you said it publicly you should expect it to become part of the internet’s collective knowledge. AI is just making that more real.

DeepSeek's R1-Zero Shows AI Reasoning Without Human Training
DeepSeek just dropped their R1-Zero system that achieves 14% accuracy on ARC-AGI-1 without any human-labeled training data. This is so critical because it’s very much like previously in chess. At first the chess AI got good by watching humans, then they made a better one (AlphaZero) that just learned by playing.

DeepSeek AI Found Avoiding 85% of China-Related Topics
A new study shows that DeepSeek's AI model refuses to answer the vast majority of sensitive questions about China. The PromptFoo team tested 1,360 prompts and found that not only does it dodge these topics, but it often responds with weirdly nationalistic messaging.

Effective Ways to Evaluate LLMs and RAG Systems
Here's a solid breakdown of how to properly evaluate RAG systems and LLMs in practice. Salman Khan breaks down the two main components we need to care about: the quality of retrieved info and how well the LLM uses it.

Andrej Karpathy on Flow State Programming
Andrej Karpathy shared his thoughts on "vibe coding", where you basically get into a flow state and code like you're playing an instrument. He says the key is to stop overthinking and just think and respond and let the AI do most of the actual work. Lot of people were like, “No! Not you too!” But if Andrej is thinking this way and you aren’t, guess who’s probably wrong?

Apple Partners With SpaceX for iPhone Satellite Service
Apple quietly added Starlink satellite support to iPhones through a software update, partnering with SpaceX and T-Mobile to expand their emergency communication options.

HUMANS

Scientists Think Aliens Exist
A massive new survey revealed that 87% of astrobiologists think extraterrestrial life exists somewhere in the universe, and regular scientists agree at about the same rate.

Drones Are 91% Effective at Scaring Away Grizzly Bears
A study in Montana shows that drones are way better at keeping grizzlies away from humans than traditional methods like dogs and vehicles. Wesley Sarmento's research in Frontiers found that drones had a 91% success rate compared to just 57% for trained dogs.

IDEAS

Swerving Broncos
I was thinking about how worried people are about AI taking over, and how it’s going to cause all sorts of security and safety issues. But the other night I was driving on the 101 near San Francisco at like 11PM and saw literally three (unrelated) giant Bronco or whatever trucks like drifting over the lanes. Side to side. Over miles. Either on their phones or drunk or something. I’d get away from them and miles later another one. I’m fully Waymo-pilled. Humans are super dangerous, and we ignore it because we’re used to it.

Apple's Big AI Jump

Apple's about to go from having the worst AI implementation to having the best. How? By finally turning on the switch they've been building up to for years now.

danielmiessler.com/blog/apples-ai-jump

AI Novels Are Coming

It's about to get a lot easier to write a decent novel. I'd guess that within 1-3 years, being an "author" of a novel is going to become AI prompting combined with verbal narration.

danielmiessler.com/blog/ai-novels

DISCOVERY

🔥 Using UV as Your Python Script Shebang
Here's a really clever way to use UV (the new fast Python package manager) directly in your shell scripts as a shebang line. The trick is using #!/usr/bin/env -S uv run --script at the top of your Python scripts, which lets you run them directly from the command line while automatically handling dependencies.

AI Crawlers Getting Trapped by Malicious Tarpits
A developer has created Nepenthes, a malicious software that traps aggressive AI web crawlers in infinite loops and feeds them garbage data to poison their models. Smiling not smiling.

Deep Research Feature for ChatGPT
OpenAI dropped a new ChatGPT capability called "deep research" that's designed to do thorough, multi-source research with actual citations.

The Death of Subculture Through Commodification
Justin McGuirk explores how William Gibson's novels perfectly capture our obsession with commodifying everything unique and authentic until it loses all meaning.

YouTube Video Downloader with High Quality and No Ads
Found a really clean Python script that lets you download YouTube videos and playlists in the highest quality, and it even grabs subtitles and thumbnails automatically. Expect it to get blocked soon.

RECOMMENDATION OF THE WEEK

If you ever get overwhelmed by what all this AI stuff even means, or you want to explain it to anyone else, try something like this:

Within the next few years we might have something called AGI, where AI can work as a full knowledge-worker. Like joining the onboarding cohort, reading documentation, participating on Slack, submitting code, adjusting their work based on the work of others, etc.

But instead of 2 or 5 of them, imagine hundreds of them for the cost of one human employee.

APHORISM OF THE WEEK

Some books leave us free and some books make us free.

Ralph Waldo Emerson

Thank you for reading. Please forward to a friend and/or share on socials to help support the work.