Grok the stalker, the Louvre heist, and Microsoft 365 mayhem
Smashing Security
Graham Cluley
4.7 • 579 Ratings
🗓️ 11 December 2025
⏱️ 56 minutes
🧾️ Download transcript
Summary
On this week's show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire's lawn and ends with Grok happily doxxing real people, mapping out stalking "strategies," and handing out revenge-porn tips.
Then we go inside the Louvre heist, where thieves in hi-vis and a hire van waltzed off with the French crown jewels in broad daylight, exploiting our assumptions about what "looks normal" - the same kind of bias we’re now baking into security AIs.
Plus, Graham chats with Rob Edmondson from CoreView about why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable.
All this, and more, in episode 447 of the "Smashing Security" podcast with Graham Cluley, and special guest Jenny Radcliffe.
EPISODE LINKS:
- Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware - The Record.
- US Posts $10 Million Bounty for Iranian Hackers - Security Week.
- Infostealer has entered the chat - Kaspersky.
- Dave Portnoy posts a photo of his lawn (including a manatee-shaped mailbox) - Twitter.
- Elon Musk’s Grok AI Is Doxxing Home Addresses of Everyday People - Futurism.
- Elon Musk’s Grok Is Providing Extremely Detailed and Creepy Instructions for Stalking - Futurism.
- How the Louvre thieves exploited human psychology to avoid suspicion – and what it reveals about AI - The Conversation.
- Outrageous (TV series) - Wikipedia.
- Outrageous trailer - YouTube.
- Man charged with theft after allegedly swallowing Fabergé pendant in jewellery store - The Guardian.
- Free Microsoft 365 Tenant Security Scanner - CoreView.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
SPONSORS:
- Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- Horizon3.ai - Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.
- CoreView - Benchmark your Microsoft 365 tenant security against the Center for Internet Security (CIS) controls.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!
FOLLOW THE SHOW:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
ENJOYED THE SHOW?
Make sure to check out our sister podcast, "The AI Fix".
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript
Click on a timestamp to play from that location
| 0:00.0 | An iPad? |
| 0:03.9 | Yes, apparently. |
| 0:05.4 | How would you swallow an iPad? |
| 0:06.9 | No, he didn't swallow the iPad. |
| 0:08.9 | All right. |
| 0:09.2 | Yeah, Graham, you blurt, as we say in Liverpool. |
| 0:30.4 | Smashing Security, Episode 447, Grock the Stalker, the Louvre Haist, and Microsoft 365 Mayhem, with Graham Cluelly and special guest Jenny Radcliffe. |
| 0:34.5 | Hello, hello, and welcome to Smashing Security episode 447. My name's Graham Cluelly. And I'm Jenny Radcliffe. Hello, hello and welcome to Smash Insurity Episode 447. My name's Graham Cleary. |
| 0:38.9 | And I'm Jenny Radcliffe. Hello, Jenny. How lovely to have you back on the show. Thanks for |
| 0:43.8 | joining us once again. Always a pleasure. What's been keeping you busy since we last spoke? |
| 0:49.2 | Oh, well, I mean, everything and nothing. Obviously, we're in a very strange days, Graham. |
| 0:55.8 | So we've got lots of sort of security things related to the global political situation. |
| 1:02.5 | That's quite busy. There's a lot of people on the social engineering side quite worried about help desk scams and things like that. |
| 1:08.9 | So it's a busy time for people trying to stop social |
| 1:11.7 | engineers doing malicious things. So always busy, my friend. Now, as I remember, your particular |
| 1:17.9 | speciality is all about human hacking, isn't it? About social engineering and things like that. |
| 1:23.4 | Yes, yes. I mean, what we really do, what I've done for years, whether you like it or not, is talk about the humans and all about the scams, the psychology of social engineering. |
| 1:35.7 | And now humans still, even in this technical age, facilitate a lot of the scams. |
| 1:40.1 | Well, before we kick off, let's thank this week's wonderful sponsors, Vanta, Coreview, |
| 1:48.4 | and Horizon 3 AI. We'll be hearing more about them later on in the podcast. |
| 1:51.8 | This week on Smashing Security. |
| 1:56.2 | We won't be talking about how the widow of murdered Saudi journalist Jamal Khashoggi claims the Saudi government infected her phone with the Pegasus spyware. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Graham Cluley, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Graham Cluley and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.