Meta sees everything, Copy Fail, and a deepfake gets hired

Smashing Security1h 2mMay 6, 2026

Get the full intelligence

Search transcripts, export clips, track mentions, and explore all topics from “Meta sees everything, Copy Fail, and a deepfake gets hired” inside PodZeus.

Search in PodZeusStart Free Trial
AI-Generated Summary

In this episode of Smashing Security, Graham Cluley and guest Paul Ducklin dive into three major cybersecurity stories. First, they expose the dark reality behind Meta's smart glasses, revealing that thousands of workers in Nairobi, Kenya, are manually labeling AI training data from the glasses' recordings—capturing intimate moments like bathroom visits, credit card details, and private conversations—despite Meta's claims of privacy and user control. The workers, many of whom were traumatized by previous Facebook moderation work, were fired after whistleblowing, raising serious ethical and privacy concerns. Next, the hosts dissect the 'Copy Fail' Linux kernel vulnerability, a legitimate but overhyped bug with a catchy name that doesn't pose a critical threat like Heartbleed, but still warrants patching for privilege escalation risks. Finally, Jake Moore of ESET shares a chilling real-world deepfake experiment where he successfully impersonated a candidate in a job interview using AI, securing a £38,000 offer—highlighting how easily AI can bypass hiring processes and the urgent need for verification methods like phone calls and in-person meetings. The episode underscores the hidden human cost of AI, the dangers of overhyping bugs, and the growing threat of AI-powered social engineering.

Key Takeaways
1

Meta's smart glasses rely on human labor in Nairobi to label AI training data, exposing intimate user footage and violating privacy claims.

2

The 'Copy Fail' Linux bug is real but not critical—rated 7.8/10 on CVSS—and requires patching only for privilege escalation risks.

3

AI deepfakes can successfully impersonate job candidates in video interviews, bypassing HR checks and highlighting urgent need for verification.

4

Companies should verify remote hires through phone calls, third parties, or in-person meetings to prevent AI impersonation.

5

AI is a double-edged sword: it can be used for defense (e.g., vulnerability detection) but also enables sophisticated social engineering.

Chapters
0:00
10 min

Meta's Smart Glasses: The Hidden Human Cost

We see footage of people on the loo, footage of people undressing, footage of people's bank cards, footage of people watching pornography while wearing the glasses.

Highlight
10:00
20 min

Whistleblowers Fired, Privacy Claims Shattered

If you've been using these glasses and use their AI features... there is a non-zero chance that footage has been seen on a screen by a human.

Highlight
30:00
20 min

Copy Fail: A Bug with a Catchy Name

The hosts analyze the 'Copy Fail' Linux kernel vulnerability, explaining its technical basis and why it’s been overhyped in the media. Though it’s a legitimate elevation-of-privilege bug, it’s not remotely exploitable and doesn’t pose a critical threat like Heartbleed.

50:00
40 min

Deepfake Gets Hired: A Real-World AI Scam

I did get a second interview. So I knew that I'd fooled them. In my mind, that was the end of the experiment, but I thought, well, I'm here now. I might as well go through it.

Highlight
1:30:00
11 min

The Future of AI in Hiring and Security

The episode concludes with a discussion on how companies should adapt to AI threats—using verification tools, phone calls, and in-person meetings—while acknowledging that AI can also be used defensively. The hosts stress that human vigilance remains essential.

High-Impact Quotes
We see footage of people on the loo, footage of people undressing, footage of people's bank cards, footage of people watching pornography while wearing the glasses.
Graham Cluley12:48
Viral: 90.0
If you've been using these glasses and use their AI features... there is a non-zero chance that footage has been seen on a screen by a human.
Graham Cluley19:11
Viral: 85.0
I did get a second interview. So I knew that I'd fooled them. In my mind, that was the end of the experiment, but I thought, well, I'm here now. I might as well go through it.
Jake Moore46:51
Viral: 80.0
Speakers

Host

Graham Cluley

Guests

Paul DucklinJake Moore
Topics Discussed
AI Ethics and Privacy95%Deepfake Threats90%Human Labor in AI Training85%Digital Surveillance80%Remote Hiring Security80%Cybersecurity in the Age of AI75%Software Vulnerability Disclosure70%Corporate Responsibility65%
People & Brands

Meta

organization

45xNegative

Graham Cluley

person

42xNeutral

Paul Ducklin

person

38xNeutral

Jake Moore

person

28xPositive

SAMA

organization

22xNegative

Linux Kernel

product

14xNeutral

Copy Fail

other

12xNeutral

ESET

organization

10xPositive

ActionOne

organization

6xPositive

Vanta

organization

5xPositive
Related Episodes

This man hid $400 million in a fishing rod. Then it vanished

Smashing Security45m • 4/1/2026

LinkedIn is spying on you, and you agreed to nothing

Smashing Security41m • 4/8/2026

This AI company leaked its own code. It's also built something terrifying

Smashing Security50m • 4/15/2026

Rockstar got hacked. The data was junk. The secrets it revealed were not

Smashing Security51m • 4/22/2026

This developer wanted to cheat at Roblox. It cost millions

Smashing Security1h 4m • 4/29/2026

Get the full intelligence

Search transcripts, export clips, track mentions, and explore all topics from “Meta sees everything, Copy Fail, and a deepfake gets hired” inside PodZeus.

Search in PodZeusStart Free Trial

Start discovering podcast insights today

Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.

Start free trial

Try live search

No credit card required • 7-day trial • Cancel anytime