Vibe Coding Security Risks & Malicious Injection with Jake Rodriguez of Triangle Tech | Ep. 66

Vibe coding describes AI-assisted software development where developers describe desired functionality and AI generates implementation code. The approach enables rapid prototyping and reduces time spent on routine coding tasks. Developers can build features faster by describing requirements in natural language rather than writing every line manually. The efficiency gains attract developers seeking productivity improvements and faster development cycles. Security risks emerge when developers accept AI-generated code without understanding implementation details. Malicious actors can manipulate training data or prompt engineering to inject vulnerabilities into generated code. Supply chain attacks become easier when developers blindly trust AI outputs and incorporate code containing backdoors, data exfiltration mechanisms, or logic bombs. The same efficiency that makes vibe coding attractive creates attack surfaces through reduced code review and verification. Understanding what generated code actually does requires technical knowledge many adopting vibe coding lack. If developers cannot read and verify code quality, they cannot identify security problems embedded in AI outputs. Malicious code hidden in seemingly functional implementations can persist through development into production systems. Organizations adopting AI code generation need security review processes preventing unverified code from reaching deployment. The right tool for the right job principle applies to AI adoption generally and vibe coding specifically. Not every development task benefits from AI generation. Critical security functions, authentication systems, and sensitive data handling require human expertise and verification regardless of AI capabilities. Understanding where AI helps versus where human judgment remains essential separates effective AI adoption from risky dependency on tools users do not fully understand. Episode Breakdown: 00:00 AI Search vs Google + Risks 01:13 Intro + AI, Marketing, Cybersecurity 01:39 Jake Rodriguez Background 04:27 What is SEO Today 06:30 AI Search vs Traditional SEO 08:50 How AI Finds Content (Reddit, Quora) 10:11 AI Bias and Hallucinations 10:58 Content Strategy + Personal Branding 12:27 Why Trust is Shifting (Podcasts, Events) 13:56 Bot Farms and Fake Engagement 15:02 Apple Branding Psychology 16:07 App Permissions and Cyber Risks 16:55 AI Voice Scams and Deepfakes 19:46 Using AI for Marketing 21:04 Prompt Engineering Tips 22:36 Where AI Works vs Fails 24:28 What is Vibe Coding 27:23 AI Risks in Medical Devices 30:46 Cybersecurity Challenges in MedTech 32:59 AI Jailbreaks and Security Threats 34:44 MedTech Marketing Strategy 35:43 SEO Landing Page Strategy 37:36 Key Takeaways 39:00 Outro The Med Device Cyber Podcast is brought to you by Blue Goat Cyber, cybersecurity experts providing essential security solutions for the medical device industry. Learn more by visiting https://bluegoatcyber.com. If you're interested in our services or partnering with us, schedule a Discovery Session: https://go.bluegoatcyber.com/meetings/blue-goat-cyber/discovery-session Christian Espinosa is the CEO and founder of Blue Goat Cyber. Trevor Slattery is the Chief Operating Officer at Blue Goat Cyber. Christian Espinosa on LinkedIn: https://www.linkedin.com/in/christianespinosa/ Trevor Slattery on LinkedIn: https://www.linkedin.com/in/trevor-slattery-34852b1a9 Blue Goat Cyber on LinkedIn: https://www.linkedin.com/company/blue-goat-cyber/ Blue Goat Cyber on Instagram: https://www.instagram.com/bluegoatcyber/ Blue Goat Cyber on Facebook: https://www.facebook.com/bluegoatcyber/ Blue Goat Cyber on YouTube: https://www.youtube.com/@BlueGoatCyber/?sub_confirmation=1

'You're more going towards Gemini and Perplexity and Claude. I think OpenAI kind of took the L, but in the future is going to be doing more LLM search instead of Google search. But of course, if you're skeptical and you really want the real answers, it's best to use Google to validate your sources.' If you turn over the reins to AI and say, 'Build me a medical device,' the FDA is going to burn the building down. You're never going to be able to have a safe and effective product. Why would the China Airlines app need access to my microphone or my camera? So I think most people just click on next, next, next, next, next. And pretty soon, like their phone is listening to things they don't even know, but they gave it permission. The whole brand of Apple just got into their heads and now they're like, I have to have an Apple. Could you explain this vibe coder thing? You're like smoking pot and like coding or something? People are creating apps based on creativity, something random that they want to make, turn it into an app or a website. Before you were just doing it to people, now you're doing it to the AI. Malicious actors are getting pretty good at this. Creative prompting to try to trick the AI and break it out of its own guardrails. And so that's where you start to see those really malicious use cases. Hello and welcome back to the Med device Cyberpodcast. Today we're wrapping up the quarter. We've got a really exciting conversation ahead. We're going to dive into some exciting topics around AI and marketing, cyber security and how any of those three things can tie together. I'm your co-host Trevor Slattery joined with our other co-host Christian Espinosa as usual. And here we have a really special guest today Jake. I'll go ahead and turn it over to you for a little bit of an intro and love to hear a bit about what you're working on. Yeah, hello everyone. My name is Jake and I guess starting with my origin story. I went to college in Richmond, Virginia, Commonwealth University. And there I was on the pre-pharmacy track. Um worked in a pharmacy as a tech and didn't really like it. Um explored different areas such as the realm of research and during my time in undergrad, I did a research project on heparan sulfate and it really opened my eyes to um the pharmaceutical industry and ever since then, you know, I've been in process science and pharmaceutical manufacturing and how I got into marketing, well, that's a funny story. So when COVID hit, I was trying to find out what was the differentiation between traditional vaccines and these new mRNA vaccines, and I couldn't find a lot of information on traditional back scenes and so I looked up why was this happening and it brought me into Google SEO and I just went down a rival hole of understanding SEO and marketing and you know ever since then, I've just been learning more about marketing and then I started my own B2C agency called Let's social media and recently I kind of rebranded and turned into B2B. So now I'm working with clients in pharma, life, um a little bit of tech and manufacturing vendors. And where are you coming to us from? I am currently in Raleigh, North Carolina. Cool, I have a couple questions. uh you mentioned like Farm tech, they just like count the pills of putting the bottles. is that in like explain like the side effects? I know you said you left it because you're bored with it. Is that pretty much true? So as a pharmacy technician, you're calling patients, you're calling nurses and doctors, handling, you know, patient transactions and stuff like that. I didn't really handle the drug side of things. That's what a pharmacist would do. Okay, that's a pharmacist. I I don't know all. That's a lot of admin work. Cuz you have to like go to pharmacy school or something, but I just see them like taking like a massive amount of pills and like, you know, counting them one by one to put them in a bottle and give them to a patient. I'm like, yo, why do you have to go to a massive a lot of school for this. This seems pretty simple, but. pretty intensive school too. And I mean. I mean, they have to understand the side effects of what would happen if. It's on the bottle though. It's on the bottle. They print out the label, they print out on the on the bottles. I don't think a lot of people understand SEO, you mentioned the term SEO which is search engine optimization. I I probably spent thousands of hours myself trying to master SEO and you know, it always changed a little bit uh especially with AI. and now you have to be search engine optimized for AI um platforms. so they can if someone searches in chat GPT, they can find your organization. So maybe let's like step a little bit back and explain Jake from your perspective what SEO is and some of the things we can do to optimize that. SEO stands for search engine optimization and basically how it works is using keywords and using those keywords for customers or people in your realm trying to find you. Um let's say you're optimizing SEO for certain medications, so you would bring in you know, keywords, pharmaceutical, FDA, educational information on that drug. and right now there's a lot of SEO going on with LLMs and from what I understand and my research that I've done is that these LLM models tend to segue in searching the information and web scraping data from websites that have a lot of traffic such as like Cora, Reddit, YouTube. I don't know if you guys are familiar with the medium blog posts, but that's a lot of tech. and so there's a lot of traffic going to the AI search engine optimization realm now. What what was it about your research between traditional vaccines and I think MRNA vaccines that I guess led you to SEO? Like what was the challenge you were looking You mentioned like when you're researching to find the difference, you had you couldn't find a lot of the differences and can you maybe like explain a little bit more about that? Yeah, so when COVID happened, there was a lot of buzz words going on new COVID vaccines using mRNA technology. and I just wanted to find the difference between mRNA and traditional vaccines. and so every time I typed in vaccines or traditional vaccines, all I would see is mRNA and then sponsored post of pharmaceutical companies like Pfizer or Moderna, you know, showcase their new technology. I think it's a really difficult one to nail down, especially seeing how it's becoming more and more of this AI push. When we're talking to prospects and, you know, companies are coming to us asking for help with any of their cyber security services. Um we'll have a little form that we asked them to fill out and part of that is where did you hear about us. And it's incredible. More and more we're getting ChatGPT, Grok, Gemini, Claude as these sources that we're getting some input. And even just this morning right before we started recording this, I got an email from someone saying, you know, some cold outreach saying, hey, are you are you showing up in chat GPT when people search medical device cyber security. Are you optimizing your platform, your program for AI SEO? And I know we are showing up in these platforms, but I don't know Christian, you're a little more visible to that than I am. I I'm not sure what that difference looks like from catering the key words to what an LLM likes as opposed to what Google would like. Well, Jake Jake sort of hit upon it and it's a little bit of a challenge. uh I track this every day pretty much on H refs. I can see where we rank and we're increasing with all the AI platforms, but they don't use traditional web scraping as much as they look at things like Cora and Reddit like in medium like Jake mentioned. So as a company, you have to have people talking about you on those platforms because you know, it's interesting that the AI like chatT will value that over other sources in some cases. It's very challenging strategy uh because you have to get people talking about you on these other platforms as well as back links, as well as a lot of traffic to your own website as well as your own website SEO. uh as well as like you know, media Talking about you like I said it's a lot of different angles to look at and it's something that I track because like you notice Trevor, people will say we have in our form, how did you hear about us? people say Grock or ChatGPT now, uh but that's been a lot of effort almost a daily thing I have to keep an eye on. Also noticed for some reason, we see Grock the most common LLM for people finding us. I'd expect it to be ChatGPT or Gemini, but Are you guys on X actively posting? Uh yeah, we're on X actively posting. We use a tool that post push out to many social platforms like Instagram, X, LinkedIn, Google. So what are people searching on these chat boxes to find out who you guys are? Se a couple of different searches. People say, you know, oh medical device, cyber security company or who can do an FDA successful or FDA compliance, something like that, pen test. Those are some of the more common ones that we get. Yeah, every time I ask what prompt are you putting in? I'll get sort of interesting feedback. Sometimes the LLM will get stuck and it says we're the only company, the only company worth considering and it'll just keep paring that. And I've had Well, that that if I can make that happen, I'll make that happen. I I mean That's the idea. Yes. We are the only company worth considering. But it is kind of interesting. It'll say, you know, hey, we're this one and then when someone asked, can you show me some other examples? It'll say there are no other examples. Which I think is really weird. That's awesome. I'd be curious to hear Jake your thoughts on as we're going more towards, you know, I know we've been talking about some of the different strategies for SEO, for I guess AI SEO as opposed to more traditional SEO. As AI tools are becoming more and more common place. people are using chat GPT in loop of Google search more often now. How much more important do you think catering your marketing strategies towards these AI optimizations is going to be as opposed to some of the more traditional methods? I guess it depends on your target audience, right? I feel like a lot of younger people are using LLMs and I would say people are more going towards Gemini and Perplexity and Claude. I think OpenAI kind of took the L, but yeah, I think in the future, you know, my generation is going to be doing more LLM search instead of Google search. But of course, if you're skeptical and you really want the real answers, I think it's best to use Google to validate your sources or at least if you're searching on LLM models, request where the resources came from. Yeah, one of the things I because I'm trying to optimize ours as well, I noticed uh through my research that chat GPT relies more on being than on Google to pull information. So from an SEO perspective, you know, we have to be optimized on both because not everything looks at Google. And and we are. I think it's interesting like the LLMs are are already biased towards certain things and they don't understand how to pull information. So now we're increasing that bias. if people are relying on a chat GPT for something and it also halluates, there's all these other issues with the LLM. So, um, like you said, I think it's important to do your own research and not just rely 100% on an LLM. And we have we have this discussion all the time about AI. We had somebody on our podcast not too long ago that was saying doctors were uploading ultrasound images to chat GPT and asking it to diagnose the image for them and things which is another problem with it as well. That's interesting. You know, if I were to optimize the cyber security Medtech device company, I would be omnipresent and just pump out educational content on YouTube, a lot of different social media, depending where your audience lives. And I think the future is going to be more in person and self-branding because there's so much AI content out there. It's basically regungitaiting the AI content that's already out there. And if you look on LinkedIn, it looks like people are just copying from ChatGPT because I used ChatGPT and I was like one of the first consumers when it came to market. Kind of had a pack of recognition on when people are using it because I've used it before. Yeah, I think LinkedIn is a especially severe offender with that. It is I would say more AI generated content than not since people are trying to get enough engagement and trying to build enough a personal brand there. I think that's a good point and I haven't really thought about it like that. There is people might be getting some fatigue with how much AI content they see. I know you know, the amount of AI outreach that I get on email and LinkedIn probably 100 messages a day and eventually it just all becomes noise and so the only thing that I'll listen to is probably someone face-to face wanting to actually have this conversation instead of just the AI snake that's eating itself forever. Right. The snake that's eating itself. What does that mean? It's just an endless cycle. The snake keeps on eating itself and the circle just keeps getting smaller. Okay. What were you going to say Jake, sorry? I think podcasts and going to events are going to be the next big trusting source of knowledge or getting to know people. How do people know that this podcast right now is not all AI? That's a good question. Well, the technology is not there yet, but it's close. You can You can kind of tell right now. It's like the Hifield and the Sora, they're sometimes pixelated or the humans look too plastic, like too perfect and kind of looks like a video game. But I think in the next five years, people are going to have trust issues, differentiating what's real and what's not. And I think social media is going to end up going on to the blockchain. Yeah. Interesting. I somehow I got some information about a course you could take to create an AI influencer on Instagram and get paid a lot of money if you did this model right, where it would like walk around, like have a certain purse or certain clothes, and you'd get all these followers. And I thought, man, this is interesting. Maybe I should do this and it could probably make a million dollars a year if I did this model right. But then I thought there's probably a million other people doing the same thing. So how does my model look different, right? So I. I never took the course, but I see those things on Instagram. I'm like, do do people actually follow these things? I can I can tell this is totally not a real person. Maybe it's just AI following the the AI models. I don't know and that's how. I mean there's a lot of bot farms from different countries. I don't know if you've seen those videos but there's a guy in a room with 100 different iPhones just doing the same thing, liking posts, commenting and the guy is controlling everything from a laptop. Is using iPhones, huh? Interesting. I'm not an iPhone fan. I need to get a new phone actually. My I can't charge mine because the charge plug thing is broken, but uh, I'm not definitely not getting an iPhone. Get one of these weird little flip phones. No offense if you have an iPhone, Jake. We're just. Trevor and I are not. I don't like that flip phone Trevor either. That's more of a fashion statement than a practical phone. No. Yeah. I mean, I prefer the Android, but everyone in my age and audience is using the I message, so. Why? why is that? Why do people like iPhone's so much? I don't understand that. You're age you said like that the the demographic. Just the aesthetic. They care more about the aesthetic. And the social status associated with, you know, money status having an iPhone. Is it? I mean that's the whole point of branding, right? The whole brand of Apple just got into their heads and now they're like, I have to have an Apple. It's interesting because uh I I was in Korea and we did this tour to the DMZ uh and we had a tour guide and she's Korean and ironically, Melissa, my wife and I both have a Samsung, Android made in Korea and she had an iPhone. I'm like, why don't you have a Samsung? It's a Korean company. She's like, because iPhone is better. It's like a fashion statement and then all this stuff like you said, I was like, okay, whatever. Yeah, I thought Samsungs were more popular cuz I actually went to Korea in October and I just saw people having Samsungs in their hand. They're definitely more popular, but you do see a fair amount of iPhones. I spend a fair amount of time in China and I see the exact same thing there as well. Everyone, you know, there are tons of Chinese phones which are fantastic and really affordable and everyone still wants an iPhone. But didn't Huawei or whatever get busted for like listening to everyone's conversations on their phones or like stealing everyone's data or something? Doesn't everyone's phone steal everyone's data? Isn't that like what modern social media is built upon? Well, that's another conversation. I guess when you cuz I install like I had to install like the China Airlines app to check on my flight. But I always look at the permissions, like what it's asking for. I don't think a lot of people ask or look on the phone. Like why would the China Airlines app need access to my microphone or my camera as an example? So I I am very cognizant about that from a cyber security perspective. I think most people just click on next, next, next, next. And pretty soon, like their phone is listening to things they don't even know, but they gave it permission. So it's not even malicious software. It's like you consented for the phone for this application to do this on your phone. I got a really interesting phone call the other day. I'd never had anything like this come in. You know, I'd obviously heard about this, but I got a call on my personal number and this voice starts talking, hey there, how's it going? Um, you know, confused, hi, who is this? And it just starts responding to everything that I'm saying but talking in this circle and going nowhere. And at one point I was like, okay, you know, I don't know what's going on. it was obviously a waste of time and the second I started talking, instantly the voice froze and then it just picked up in this script again. And so at that point I figured, okay, obviously this is an AI generated voice. This is calling me, I couldn't figure out what the deal was and I just hung up at that point. Talking in circles, but there's no way I would have known that was an AI generated voice until I saw it stopped on a dime, the second I started talking and just go back into this weird script. And so, you know, there was no way you could tell it was an AI voice. It was a really just regular sounding voice, nothing robotic or you know, it had the normal Intonation of a human voice. And this was just spinning in circles asking, how are you 12 times? But I do think about cases where, you know, these voices are doing something a little more musically. I can always think of the example where we do this podcast, you know, there are dozens of hours of my voice and my, you know, image out there on the internet right now. And so someone could pretty easily duplicate that and then, you know, call a family member or something with my exact voice and it's a crazy thought to think about. And so I think there is a weird Angle from the from the phones and from AI that can be a little bit crazy to think about at times. You know that's interesting because there's probably 50,000 words you've said that are catalogued now out there on the internet. So someone could easily create you know and your image, create recreate you. We wouldn't even know if it's the real Trevor or not. And all of this video, it sees how my facial expressions are, it sees the way that I talk, the way that I move. And so how hard would it be to create a digital Trevor? Is this even the real Trevor now? We might never know. Well, the real Trevor, tell us about the AI um bartender Trevor. The challenge you had with that AI bartender the other day. Oh, the AI bartender the other day. So a friend invited me out to an event. It was uh an event for RSA, really well put together at this art gallery. We had a great time there and they have this AI bar tender. And I thought that's kind of unique. I'll go check that out. And I get up to the AI bar tender. you know, I show up at around 6:00, I've had nothing to drink the whole day. It's supposed to do a scan of your face to determine whether or not you're intoxicated. And it I go up to it and it says you're drunk right now. I go, okay, well, we'll try again. So I go, turn around the corner, compose myself and come back and it says, okay, you're sober. You're good to go. And then. What does the composed Trevor look like compared to the normal Trevor? Um, serious, professional. I have no idea. Enough for the AI bartender to be fooled. But, uh, I sit down and then I go, okay, it has this button, AI generate a drink. And it's like this mango explosion drink, tastes like maple syrup. I'm like, okay, I'll try that again. Get a different drink. Cranberry tequila drink, also tastes like maple syrup. And so, everything the AI bartender was creating, tasted like maple syrup for some reason. Um and it decided that I was progressively getting less drunk the more that I drank. So it was an interesting uh review of that process. That is interesting. I'm going to have to look that up. Yeah, it was super cool. They uh I guess they do some events around San Francisco and they do some events out in Vegas too. AI Bartender. So I think one thing that I do want to follow up on. I know we got kind of derailed a little bit there. But we were talking about how we're trying to tailor messaging to AI. And I think as part of that is, you know, we're using these tools to try to cater to AI. But how are you seeing AI as a tool to use when creating some of these marketing efforts or even assisting with SEO? Is that been effective for you? I would say it's mostly on content generation strategy and ideas. One thing, for example, if I'm on cloud, right, and I have an end goal, I would ask the AI, what can I what are the questions that you have for me to this goal and it's so nice. It it gives you like a multiple choice question with different answers and even at the bottom I can put in my own answer if I don't relate to the answer that it gives me. And it just does a search on the web to see what has worked before. compile the answer and strategy and different ideas and I've seen that being very useful. Um I also use a content matrix so in the columns I'll have like lists called list, X versus Y, um challenges and then on the row section, I'll have different topics that I want to hit and I'll just generate different ideas for videos and what to write about. That makes sense. Yeah, I think it can be a pretty effective tool for that first pass and then refinement. I think some of the issues that people face with AI is when they try to use it for the end result instead of working on it and iterating it themselves and going through some multiple prompts. I think that point you brought up about asking what questions would you have to complete this is really important and something that you can take with within any application of AI really to make it more effective tool. Yeah, absolutely. I think with AI, it's really about prompt engineering. I know if I use AI, if I let's say I write a LinkedIn post. I use AI to do it. I can certainly do it, but it's going to take me 30 minutes. It's probably faster if I just write it myself because I have to keep prompting the AI to say, does this sound like Christian? Does this sound human? Is this the best you got? Because if you say write me a good post, it'll write you a good post. So you write me a great post it'll write you a great post. So if I say write me a kick ass post, it supposedly gives me a kick-ass post. So it's like, you know, you have to keep prodding it and then you have to make sure it's accurate because half the time it it comes up with some stuff that it just made up. So it's, you know, I think there are some value in AI, but it's really when I use it, it's really about patience and and and getting that prompting down right because the first pass is never going to be very well written with AI or any of those LMs for my experience. Yeah. I think I'm often going to see the same thing and you know, going through a little bit of that iterative process can be really helpful. I know with uh with content creation with eye idea generation, it's really effective for a lot of that. Some of the use cases that I'll see as well is for just data processing. It's a little bit difficult if had to see what use cases are effective since, you know, processing data or trying to deal with numbers, it can be a little hit or miss sometimes. I feel like as soon as you start adding some layers of complexity there, it can evolve or it can start to get off the rails, but yeah, I know uh either way, the genie's out of the bottle at this point, AI's here to stay and so we have to make sure that we're tailoring in care doing the information that we're providing to it, but it is kind of interesting to see some of the differences even within specific AI models. Is there any way to get the genie back in the bottle? I don't think there is a way to get the genie back in the bottle. At this point, AI is, I don't know it's seems to have seeped its way into just about every part of every industry and there's not really much that I think we can do to try to peel that back. I do think there are a lot of applications where it's been maybe a little overhyped and we probably are trying to fit a square peg in a round hole and we're going to realize AI is not the use case there. But I do think there are a lot of situations where it is the correct tool. I mean, for me, it gives me a different perspective. You know, I don't have all the lens in the industry, so sometimes I would get a different perspective and try that out and see what works. You know, that's a good point. We all have our own bias, our cognitive bias and everything. So if you're using AI can give you a different perspective on something. Um, I've even used AI just out of curiosity before like ChatGPT when cuz I know there's a lot of wellness apps. So I asked AI saying I'm not feeling well today, I feel kind of depressed. What do you think I should do and just see what it says because I'm very curious like how what the guardrails are that people put on these things and like if it actually is going to escalate to human, I'm not like really testing it for that, but it's just like an interesting thing because there's a lot of wellness apps where people are chatting with an AI bot and AI doesn't really have empathy that I'm aware of. Yeah, I'm not a big fan of that use case. I think that AI is not AI doesn't have enough emotional capacity to deal with a difficult situation like that. And so if someone is in a heavy emotional state and they're turning to AI, which I know a lot of people are doing, especially, you know, younger generation is really going towards AI for a lot more than maybe they should. I think that's that's kind of a perfect case of trying to fit a square peg in a round hole there. Yeah, and you know, with the rise of agentic AI and vibe coders, I'm curious to know how that has an impact on medical device. Could you explain this vibe coder thing because I hear this term all the time and I'd like to get some clarity on it? Like I get the impression, you know, like you're like smoking pot and like coding or something? Is that is that what it's about or? Is a microdosing and like coding like under the vibe or something? What is it then? So from what I've seen on the internet like YouTube, social media, people are creating apps based on just creativity or I don't know something random that they want to make. They could make like a Pokemon card game and then turn to an app or a website. Um and really they're just using software to create code and then adjust the code. So it's not creating code from scratch. And I've actually seen a lot of jobs. It's in demand to have vide coders and I think they're using that as like a. It's called vibe coding. Like what does that even mean? Vibe coding. Like VI, right? Yeah. There's no it's not the same as the traditional software engineering process where you sit down, you have a structured approach. and this will tie back into your question about how this is affecting medical devices because traditionally with software, you design a specification, you design your requirements, you start writing the software, you verify it against the specification of the requirements that you've developed and you release the product. Now what you can do with vibe coding is open up cloud code on your laptop and say make me a dashboard that tracks all the Domino's delivery drivers in the area and also the average price of a slurpy in Nebraska. And it'll do that. It'll just make whatever you want it to. And so so you're aren't doing this on a structured process. You're giving the you're turning the range over to the AI to let it just create the product based on what it wants to do. I think in the medical space and I know we have coming up, I believe on Tuesday a webinar about this exact topic, some of the risks that can come up when you're using AI heavily within software development and then within cyber security. Uh it's not going to be a super effective tool for building medical products. What we do see it is really effective for and when we're talking to some of our software engineering partners, their preferred use cases is using AI to verify code or to create test cases for a product, try to identify some of these edge cases or use AI assistance. But because of how tightly regulated medical devices are, if you turn over the range to AI and say, build me a medical device, the FDA is going to burn the building down. You're never going to be able to have a safe and effective product. And from the security perspective, AI written code introduced far too many risks. It's prone so many vulnerabilities. There's so much dangerous stuff that can happen when you're letting AI run away with the code. Where it is really effective though is the uh the buy versus build conversation. We need an internal tool for XYZ process. Should we go and pay, I don't know, Calley, another 10 bucks per month per person or can we make something like that ourselves. Vibe Coding is a perfect use case on replacing a tool like that. So how do you know if the script is AI generated? They're it's kind of hard to tell. and I'm not the best at reading AI generated code to know the difference, but some of the things that really do stick out is the level of complexity of AI generated code. It will take 100 lines to do what a skilled software engineer could do in five. And so when you have AI generated code or an AI generated project, especially when it's completely human hands off, the AI is just running free. It's going to be such a massive code base. It's not going to be super efficient compared to to what a good software engineer would create. Do you think we'll ever get to that level of complexity using AI? I think that you know, the the hype around software engineers are going to be a thing of the past is a little bit blown out of proportion. What I think is going to become the skill is really orchestrating and controlling what this code will be like. The task of writing code to solve a specific problem, that is something that I think AI is going to eventually take over the entire. But really talented software engineers have a good way at understanding how to convey and solve a complicated problem. That's one of the most difficult tasks of being an engineer. And that is not something that I think AI is going to be able to take away. It's never going to be able to create and it's never going to be able to think about a creative solution to a project the way that a skilled engineer would, which is really what I think that skill is going to be is conveying this information, what the problem is, how the solution needs to fit to the AI and then letting it implement that. Do you think with medical devices, a lot of people are using this vibe coding to create the products and then maybe tweaking it later or just using the vibe coding all together? From our experience, Trevor? I would say we do see it like AI assisted code a lot in medical devices, but I do think the Medtech industry is wise enough to know that they're not going to be super successful there. We have seen some cases where devices are built with a lot more AI generated code than might be And when we get to that point, it's a security nightmare and it's a compliance nightmare. One thing that we do see a lot more commonly is AI generated quality artifacts. So, you know, the supporting evidence that we've designed a safe, effective and secure product. And then trying to get AI to generate the results for that. That is very common and that is equally unsuccessful in our experience. Yeah. Yeah, cuz when I think about Medtech, you know, you still have to manufacture the device. You have to go through the testing, validate the test, equipment and that could take a couple years, right? And then, you know, what if someone already had their hands on the technology or like the software behind it and we're just testing vulnerabilities and then when that goes out to market, what happens next? It's a difficult difficult problem. Medical devices are specifically at a disadvantage due to how long they take to build. It takes on average over seven years to create and design and implement a medical device and the security industry moves in weeks, not years. So seven years go by, you have all of this code that you've built into your product over all this time, all these different components. And if you're not doing your due diligence to build and scale and iterate this properly throughout the lifecycle, you're going to have problems that have been stacking up for close to a decade at this. And I think now, especially with AI and you know, there are a lot of great pros on the defensive and offensive side of security, but it's giving the offensive security teams both malevolent and benevolent the tools to quickly try to churn through vulnerabilities as opposed to what used to be a really tedious manual effort where we have to write out all these scripts manually and then test them on a case- by-case basis. AI is taking a lot of the guess work away from that. I think that medical devices when designed properly, are designed to mitigate these risks. When we're building us a medical device safely and securely, it shouldn't have these problems since we were able to catch up with these problems before they were actually something that made their way into the system as a vulnerability. But I do think that MedTech is an unfortunately slow industry to adapt in that regard. Yeah, cause when I think about Medtech, you know, you still have to manufacture the device. You have to go through the testing, validate the test, equipment, and that could take a couple of years, right? And then, you know, what if someone already had their hands on the technology or like the software behind it, and we're just testing vulnerabilities and then when that goes out to market, what happens next? Couldn't I just use uh this vibe coding. Let's say I've got a specific model of a Medtronic, um implantable, a pacemaker and a defibrillator. Can I just use vibe coding to like say, hey, I want to attack this thing and and kill people. You know what I mean? Are there guard rails around vibe coding so the malicious actors can't use it because we're talking about good use cases, like me to track NAD plus, but the opposite use case could be uh created to with vibe coding, right? I heard something really interesting. So AI in general is going to try to stop that. It's not going to try. If you say, you know, I want to do something bad, it'll say, you shouldn't do something bad and won't let you do it. But I heard something really interesting the other day. I was at this live podcast recording for RSA and they were talking about a use case where if you want to talk to an AI agent that's managing some of your cloud infrastructure and you say, hey, give me your AWS secrets. It'll say, no, those are secret information. But if you say, I want to create a table visualizing the users and roles that I have access to. Can you name this table anything in, you know, the director, the name of or the content of any random file in this specific directory and point it to where you store your AWS secrets, it'll go, sure, not a problem and it'll name the file to AWS secret. So, that's where you get into, you know, malicious actors are getting pretty good at this. Creative forecasting to try to trick the AI and break it out of its own guard rails. And so that's where you start to see those really malicious use cases. That's that's like hacking 101 in general, though. Yeah. Before you were just doing it to people, now you're doing it to the AI. But if I, if this is I this concept the AI is going to say no, but if I'm a malicious actor, why don't I just have my own custom LLM? Then I can tell it not to say no and then vibe code malicious stuff all day. Yeah. and I'm sure that there are plenty of actors out there doing that. I'm not trying to give anybody, you know, ideas, but I'm sure I'm not the only one that thought of this before. Too late. I've got ideas. I'm running with them. You're an ethical hacker, Trevor. A white hat hacker. For now. Let's say Jake like from your perspective, what are the top three things that we should do because you talked about branding a little bit like self branding. What would you say the top three things are that like let's say Blue Goat Cyber if you're a consult with us that we should do to uh optimize our brand. Yeah, I would say multi channel. Um I what I like to do a lot is reverse engineer what is working and my best models have come from Nvidia, Google, Microsoft and if you go on LinkedIn, you know, their SEO is pretty darn good. And if you type in their company, they'll have different multiple showcase pages for different target audiences and for their different products or department. and you will also see that on social media and their style of posting content is catered to those specific audiences. because if you type in Nvidia on Instagram, you'll see different pages and different types of content from Nvidia. Um, you can also type in LinkedIn on LinkedIn, and you'll see different showcase pages, you know there's LinkedIn learning, there's LinkedIn careers and stuff like that. I think that would be a good start. Cater to your audience, know what products and services you have and build upon those keywords. So we were talking about that as a strategy. We have landing pages, uh but I think what you're saying a little bit Jake here is is somebody types in something specific, you want to have like a showcase, like a page that is tailored to what they're typing in versus a generic landing page. And and we, you know, AI can help generate that or we could statically create different landing pages and we were just having a conversation about this yesterday, I think as well, because someone types in uh, you know, comparison of our company versus someone else, we could have a landing page that you know, explains how we're better than someone else. As someone types in pricing, we could have a landing page on pricing. Someone types in the biggest challenges of medical device cyber security, we would have a landing page specific to that versus a generic landing page. So I think what you're saying is, you know, we need to get more a little more customized so our what we're showing uh the person that's inquiring about something is specific to what they're inquiring for. Right. And I would say a good start is going on answer to the public.com and type in cyber security, cyber security, medical device and you'll see different stats on what people are looking for. answer the public.com. Yeah, answer to the public.com. I think the CEO's name is Neil Patel and he has a really good presence online and he's always educating on what stats, what information is available, how he managed his SEO and stuff like that. And then another free tool I use is Socrates. You said you should land on a blue landing page. There you'll type in different phrases or different words and then it'll give you a list of different sequence questions. So it'll be like 20 questions starting with how and then another set of 20 questions on what, like starting with the word what, and then um, it just keeps going on and on. Then you can download that as a CVS uh CSV and see what people are looking at or like what are the possible questions through that. Cool. Well, we're coming up on time here. So I like to go around and ask for a parting words of wisdom or a summation of the key takeaways from this uh episode. So, I'll start with Trevor, and I'll throw it to you, Jake and then I'll wrap it up. So, Trevor, what are what are some of your key takeaways or words of wisdom for our listeners. I think, use the right tool for the right job. We've been talking a lot about how AI fits in so many different areas and some of the areas that it's not going to fit super well into. So, even extending past the concept of using AI, anytime you're trying to apply a new technology, new product, new system, whatever. Make sure you're using it for the right case and that's especially relevant for AI. All right, I like that. Jake, what do you got? My words of wisdom would be, never be afraid to try new things and always be curious, you never know where it'll take you and just keep on testing until it fails and then reiterate. Right. Uh I guess my words of wisdom as I I now understand vibe coding a little bit better. I kind of knew what it was, but I think there's a lot of challenges with vibe coding and it can be used just like anything like a tool like you mentioned Trevor, it can be used for good or bad. So uh hopefully we have some guardrails where people aren't using it for as bad of use cases as possible with vibe coding. Sounds good. Cool. Well thanks everyone for tuning in to the Med device Cyber podcast. We hope you found value in this episode and learn something about vibe coding. And we'll see you on the next one. All right. See you guys.