The $50 Hack That Broke Intel & Why AI Still Needs its Meatbags

Show Notes

 Autonomous AI is crashing against the rocks of reality, stalled by a massive trust crisis and fears over governance, while chip giants brush off a $50 hardware hack that breaks their confidential computing promises. We also dissect Broadcom's zero-day silence and the never-ending nightmare of identity theft for major corporations like WestJet.

Transcript

Welcome back to Cyber Scoops & Digital Shenanigans. I'm Mike Housch, and if you thought 2025 was going to be the year the robots finally took over, well, pour yourself a stiff drink, because reality just slapped the AI hype train right off the tracks. Today, we're talking about failure on a grand scale: the failure of AI to launch, the failure of chip manufacturers to take cheap hardware attacks seriously, and the failure of basic +enterprise security.

 

Segment 1: Autonomous AI—The Trust Crisis

Let's start with the promised land of autonomous agents—you know, the AI that's supposed to handle everything without human input. According to Gartner, enterprises are not keen on letting autonomous agents take the wheel.  And Most IT application leaders are actively avoiding it.

 

We're talking about a reality check here. An industry-wide survey of big organizations found that just 15 percent were even considering, piloting, or deploying fully autonomous agents. While around three quarters of respondents are messing around with some form of AI agent, they draw the line at going fully autonomous.

 

Why the stall? Simple. It comes down to trust and governance. Companies are terrified. A whopping 74 percent worried that AI agents represented a new attack vector in their organization. And they should be worried, especially since only 19 percent have high or complete trust in their vendor’s ability to protect against AI hallucinations.

Max Goss, an analyst at Gartner, nailed it: "concerns around governance, maturity and agent sprawl continue to hamper the deployment of truly agentic AI".

We’re seeing the fallout already. Studies suggest over 40 percent of agentic AI projects might be canceled by the end of 2027 due to rising costs, unclear business value, and insufficient risk controls. 

 

Even the giants are struggling. Salesforce, which we all remember famously slashed thousands of customer support roles in the name of  AI, produced figures showing that LLM agents aren’t great at customer confidentiality or multi-step tasks.

 

And speaking of bad agents, let’s not forget Google’s Gemini. Remember security rsearchers recently found several ways to hack Gemini through something they called "The Gemini Trifecta". These attacks tricked the AI assistant into exfiltrating sensitive data. 

 

They used indirect prompt injection, poisoning logs that Gemini Cloud Assist analyzes. An attacker could slip a malicious prompt into a log file, and when the user asks Gemini to explain the entry, the AI essentially executes the attacker’s command—like querying all public assets or IAM misconfigurations and sending that sensitive data via a hyperlink. They even abused Gemini's Search Personalization feature by injecting malicious queries into a victim's browsing history.

 

So much for replacing us. The majority of leaders surveyed don't expect AI agents to replace applications or workers in the next two to four years. Only 7 percent strongly agreed they would replace workers in that timeframe. The hype is officially dead. Long live the security audit.

 

Battering RAM—The Hardware Humiliation

Now, let's pivot to hardware security, where we find a stark reminder that sometimes the cheapest, simplest attacks are the most devastating.

 

I’m talking about Battering RAM. This is a new hardware attack that has been demonstrated against both AMD and Intel systems. What does it break? It breaks the highly secure confidential computing technologies like Intel SGX and AMD SEV. These are technologies widely used by cloud providers, designed specifically to protect sensitive data even from malicious insiders or host system attackers.

 

And how much does this highly advanced, system-breaking device cost? Fifty dollars.

 

Researchers UK universities built a device called an interposer. This thing is planted between the CPU and the DRAM memory, attached to the DIMM. It sits quietly, avoiding detection, until you flip a switch. Then, it silently redirects protected memory addresses to locations controlled by the attacker. The researchers explained that their "stealthy interposer bypasses both memory encryption and state-of-the-art boot-time defenses, invisible to the operating system". It gives attackers arbitrary plaintext access to SGX-protected memory.

 

Here's the kicker: The attack requires physical access to the targeted system. And what did Intel and AMD say when they were notified about these findings in February 2025? They both published security advisories, but promptly pointed out that attacks requiring physical access are not in scope of their products' threat model.

Seriously? They just shrug off a $50 device that breaks their foundational security features because the attacker has to physically touch the box?

 

The researchers rightly argue that physical access doesn’t mean no risk. These attacks could be conducted by rogue cloud employees, data center technicians, law enforcement, or even via supply chain attacks during manufacturing or shipping of memory modules.

 

This vulnerability is fundamental; the underlying issue hasn't been fixed, meaning a more advanced interposer could even conduct attacks on DDR5 memory. And forget about software fixes—the researchers confirmed that software or firmware updates cannot patch the vulnerability. This is a hardware humiliation, and Intel and AMD are treating it like a parking ticket.

 

Zero-Day Silence and the Identity Crisis

Moving on to the software supply chain, we have another story of security failure and questionable transparency.

 

Broadcom recently rolled out patches for a high-severity VMware vulnerability, CVE-2025-41244. This flaw impacts VMware Aria Operations and VMware Tools. It’s a bad one—it allows unprivileged users to execute code with root privileges on VMs.

 

But the truly scandalous scoop here, provided by NVISO Labs, is that this vulnerability has been exploited as a zero-day since October 2024. That means a Chinese state-sponsored threat actor, tracked as UNC5174, was exploiting this bug for a year.

 

And what did Broadcom fail to do when they issued patches this week? They made no mention of its in-the-wild exploitation. Broadcom’s public advisories typically warn customers about zero-day exploitation. This zero-day exploitation was silent, impacting the service and application discovery feature in VMware, where a logic flaw allows attackers to stage a malicious binary—often mimicking system binaries like httpd—in a broadly-matched path, resulting in privilege elevation. UNC5174, for example, was placing malicious binaries in the /tmp/httpd folder.

It’s another example of how, regardless of billion-dollar infrastructure, the basics fail. And this brings us to the root of almost every modern breach: identity.

 

October marks Cybersecurity Awareness Month, and the theme for 2025 focuses on safeguarding critical infrastructure, especially government and small/medium businesses. But the core issue remains the same: identities are still the most common attack vector.

Despite massive investments in security tools, industry reports confirm that more than 70 percent of breaches involve the misuse of identities. Attackers aren't hacking in; they are logging in. Phishing for credentials or exploiting over-privileged accounts is cheap and scalable.

We saw this play out in the news recently with Canadian airline WestJet. The airline confirmed that a June 2025 cyberattack resulted in the theft of customer personal information. The hackers didn't get credit card details or passwords, but they stole names, contact information, government-issued IDs, and other reservation data. WestJet is now scrambling to warn customers about identity theft risks and suspicious messages impersonating the airline.

This is the reality of 2025. Whether it’s nation-state actors exploiting a VMware zero-day or run-of-the-mill identity theft from an airline, we are constantly being reminded that identity is the new perimeter. Organizations need to shift from reactive compliance to proactive identity security, focusing on things like least privilege and phishing-resistant authentication. Until organizations treat identity as the foundation of security, breaches will keep making headlines.

That's it for this edition of Cyber Scoops & Digital Shenanigans. Thanks for tuning in. Remember: trust no one, especially your autonomous AI vendor, and never underestimate the power of a fifty-dollar DIY hack. See you next time.