Lock and Code

Big news: Lock and Code is nominated for a Webby Award! You can help us win the People’s Voice Award by voting here.
---
We have to talk about killer robots. No, not the Terminator, and not some Boston Dynamics robot run amok. We have to talk instead about a technological reality that is very much already here.
In late February, the artificial intelligence developer Anthropic made a perhaps surprising statement for those who are only familiar with its helpful chatbot tool Claude: The company would not allow the government to use its technology to kill people without proper safety controls.
Hold on… what?
Despite Anthropic’s reputation amongst most everyday people as the creator of a collaborative AI-powered assistant for coding, writing, and searching, the company had already deployed Claude across the US government for strategic military needs. According to Anthropic, Claude was used by the US Department of Defense and other national security agencies for “mission-critical applications, such as intelligence analysis, modeling and simulation, operational planning, cyber operations, and more.”
But behind the scenes, the US government was asking for even more applications, and it wrapped all of its requests under a broad, vague term: “Any lawful use.” Anthropic bristled at the government’s request, defining two use-cases that were simply off limits: Mass surveillance of Americans and fully autonomous weapons—or, put another way, the powering of independent killer robots.
As Anthropic said in its statement:
“Frontier AI systems are simply not reliable enough to power fully autonomous weapons. We will not knowingly provide a product that puts America’s warfighters and civilians at risk. We have offered to work directly with the Department of War on R&D to improve the reliability of these systems, but they have not accepted this offer. In addition, without proper oversight, fully autonomous weapons cannot be relied upon to exercise the critical judgment that our highly trained, professional troops exhibit every day. They need to be deployed with proper guardrails, which don’t exist today.”
Sure, the guardrails may not exist today, but do they—can they—exist at all?
Today, on the Lock and Code podcast with host David Ruiz, we speak with Peter Asaro, chair of the Campaign to Stop Killer Robots, about what a killer robot actually is, how close we are to seeing them deployed, and what some of the hidden consequences are to rolling out impossibly-quick, decision-making technology into a landscape where deescalation requires time, space, and human judgment.
”This mass proliferation of targets, it just accelerates the speed of destruction and the intensity of destruction of warfare, and it doesn’t necessarily give you any kind of military or political advantage.”Tune in today.
You can also find us on Apple Podcasts, Spotify, and whatever preferred podcast platform you use.
For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.
Show notes and credits:
Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)
Listen up—Malwarebytes doesn't just talk cybersecurity, we provide it.
Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

Forget the runaway train thrillingly shot in Buster Keaton’s 1926 film “The General,” and never mind the charging locomotive rescued by actors Denzel Washington and Chris Pine in the 2010 film “Unstoppable,” as there’s a far more frequent (and far less heart-pounding) railcar drama happening across California’s Bay Area: The repeated breakdown of the Bay Area Rapid Transit (BART) system, all because of a few networking errors.
Opened in 1972, BART today carries about 175,000 people every weekday on five separate lines to 50 different stations placed across dozens of cities in the Bay Area, including San Francisco, Oakland, Berkeley, Daly City, Fremont, Richmond, and more. Its tracks and railcars travel both above ground and below, and it is one of the only public transit systems in the US that goes underwater—traveling through what is called the TransBay tube. It is likely the region’s largest public project, spanning 131 miles of track, with a fleet of more than 700 cars, proving vital to workers and residents everywhere, and on May 9, 2025, it all came grinding to a halt, due to what BART officials called a “computer networking problem.”
At the Glen Park station in San Francisco, would-be travelers found yellow caution tape at the entry gates. At the El Cerrito Plaza station, BART staff and police informed visitors that the system was down. And at the Rockridge station in Oakland, a reporter for The San Francisco Chronicle witnessed a small group of people sprinting up the stairs to try and catch a train that never came.
It was the kind of meltdown for public infrastructure that puts an entire system in peril.
And it happened again just months later.
In September, a network crash brought BART to a halt, repeating almost the exact same frustrations and delays for travelers left without transportation to work.
That’s the end of it, right? Wrong. In February 2026, another computer failure caused another outage.
So, in one of the wealthiest regions in America, the subway doesn’t always run, its network is prone to crash, and any money for technology often goes elsewhere.
Today, on the Lock and Code podcast with host David Ruiz, we speak with San Francisco Chronicle transportation report Rachel Swan about what the BART outages revealed about the state of the system’s aging technology, why public infrastructure so often struggles to modernize, and what exactly went wrong in the three prior outages.
“One piece of equipment—and again, this is old equipment—one piece breaks down and they completely lose visibility, so they don’t know where any of the trains are.”Tune in today.
You can also find us on Apple Podcasts, Spotify, and whatever preferred podcast platform you use.
For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.
Show notes and credits:
Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)
Listen up—Malwarebytes doesn't just talk cybersecurity, we provide it.
Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

On February 8, during the Super Bowl in the United States, countless owners of one of the most popular smart products today got a bit of a wakeup call: Their Ring doorbells could be used to see a whole lot more than they knew.
In a commercial that was broadcast to one of most reliably enormous audiences in the country, Amazon, which owns the company Ring, promoted a new feature for its smart doorbells called “Search Party.” By scouring the footage of individual Ring cameras across a specific region, “Search Party” can implement AI-powered image recognition technology to find, as the commercial portrayed it, a lost dog. But immediately after the commercial aired, people began wondering what else their Ring cameras could be used to find.
As US Senator Ed Markey wrote on social media:
“Ring’s Super Bowl ad exposed a scary truth: the technology in its doorbell cameras could be used to hunt down a lost pet…or a person. Amazon must discontinue its dystopian monitoring features.”These “dystopian monitoring features” aren’t entirely new, but that’s not to say that most Ring owners knew what they were allowing when they originally bought their devices.
Bought by Amazon in 2018, Ring is the most popular manufacturer of a product that, as of 15 years ago, didn’t really exist. And while other “smart” innovations failed, smart doorbells have become a fixture of American neighborhoods, providing a mixture of convenience and security. For instance, a Ring owner away from home can verify and buzz in their mailman dropping off a package behind a gated entrance. Or, a Ring owner can see on their phone that the person knocking at their door is a salesman and choose to avoid talking to them. Or, a Ring owner can help police who are investigating a crime in their area by handing over relevant footage. Even the presence of a Ring doorbell, and its variety of motion-detecting alerts, could possibly serve as a deterrent to crime.
What has seemingly upset so many of those same owners, then, is learning exactly how their personal devices might be used for a company’s gains.
Today, on the Lock and Code podcast with host David Ruiz, we speak with Matthew Guariglia, senior policy analyst at Electronic Frontier Foundation, about Ring’s long history of partnering with—and sometimes even speaking directly for—police, who can access Ring doorbell footage both inside the company and outside it, and what people really open themselves up to when purchasing a Ring device.
”There’s this impression, a myth practically, that ‘I buy a ring doorbell to put on my house, I control the footage… But there is [an] entire secondary use of this device, which is by police that you don’t really get a lot of say in.”Tune in today.
You can also find us on Apple Podcasts, Spotify, and whatever preferred podcast platform you use.
For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.
Show notes and credits:
Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)
Listen up—Malwarebytes doesn't just talk cybersecurity, we provide it.
Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

A funny thing happened on TikTok last month, and its brought allegations of censorship, manipulation, and control.
It was the week of January 22, and after a long legal battle, TikTok had finally—for the first time in its company history—moved its ownership to new, American stewards. But with the American restructuring, TikTok users immediately reported that something had changed: videos would sometimes fail to record any views, and even direct messages would fail to send. But, according to user complaints, the flaws weren’t random. Instead, they befell users who spoke openly about topics that have become political lightning rods in the US, including Immigration and Customs Enforcement and the actions of sex offender Jeffrey Epstein.
To some aggrieved users, the flaws looked like censorship. But, according to TikTok, the error messages and missing video count tallies were part of a larger power outage.
“Since yesterday we’ve been working to restore our services following a power outage at a US data center impacting TikTok and other apps we operate,” TikTok wrote on the social media platform X (formerly Twitter). “We’re working with our data center partner to stabilize our service. We’re sorry for this disruption and hope to resolve it soon.”
While TikTok has reportedly more than 200 million users in the US alone, it’s far from a universal app. But the changes made to TikTok hint at a bigger sea change in social media and the internet today, in which online spaces are increasingly being altered, shut down, or even controlled—if not through government plot then certainly through corporate influence.
Oddly, the ownership change of TikTok was supposed to solve many of these problems.
Since TikTok’s 2017 founding in China, American lawmakers and government officials claimed that American users were vulnerable to Chinese surveillance. All the data that Americans hand over when using TikTok—their names and email addresses, but also their viewing habits, interests, behaviors, political inclinations, and approximate locations—all of that, the argument went, should not belong in the hands of a foreign power.
As FBI Director Christopher Wray said in 2022, the risk of TikTok was:
“The possibility that the Chinese government could use [TikTok] to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations.”
But the rocky start to the new American TikTok has only drawn renewed scrutiny: Have the past concerns about foreign manipulation now become current concerns about domestic manipulation?
Today on the Lock and Code podcast with host David Ruiz, we speak with Zach Hinkle, senior social media manager for Malwarebytes, and MinJi Pae, social media content creator for Malwarebytes, about what they personally experienced during TikTok’s transition to American owners, why the changes matter for the delivery of news and information, and how the internet appears to be shrinking from its earlier promises.
As Hinkle said on the podcast:
“ The idea of the internet being a private, free space that was ingrained in its creation, and every platform since then sort of carried that spirit with it… those spaces are disappearing.”Tune in today.
You can also find us on Apple Podcasts, Spotify, and whatever preferred podcast platform you use.
For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.
Show notes and credits:
Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)
Listen up—Malwarebytes doesn't just talk cybersecurity, we provide it.
Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

In January, Google settled a lawsuit that pricked up a few ears: It agreed to pay $68 million to a wide array of people who sued the company together, alleging that Google’s voice-activated smart assistant had secretly recorded their conversations, which were then sent to advertisers to target them with promotions.
Google denied any admission of wrongdoing in the settlement agreement, but the fact stands that one of the largest phone makers in the world decided to forego a trial against some potentially explosive surveillance allegations. It’s a decision that the public has already seen in the past, when Apple agreed to pay $95 million last year to settle similar legal claims against its smart assistant, Siri.
Back-to-back, the stories raise a question that just seems to never go away: Are our phones listening to us?
This week, on the Lock and Code podcast with host David Ruiz, we revisit an episode from last year in which we tried to find the answer. In speaking to Electronic Frontier Foundation Staff Technologist Lena Cohen about mobile tracking overall, it becomes clear that, even if our phones aren’t literally listening to our conversations, the devices are stuffed with so many novel forms of surveillance that we need not say something out loud to be predictably targeted with ads for it.
“Companies are collecting so much information about us and in such covert ways that it really feels like they’re listening to us.”Tune in today.
You can also find us on Apple Podcasts, Spotify, and whatever preferred podcast platform you use.
For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.
Show notes and credits:
Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)
Listen up—Malwarebytes doesn't just talk cybersecurity, we provide it.
Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.