Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecurity initiatives, and the legal risks faced by security researchers.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect

Today’s Guest: https://x.com/jackhcable?lang=en

====== This Week in Bug Bounty ======

Nullcon Berlin

https://www.yeswehack.com/page/yeswehack-live-hacking-nullcon-berlin-2025?utm_source=sponsor&utm_medium=blog&utm_campaign=lhe-nullcon-berlin

BB Bulletin #15

https://www.linkedin.com/pulse/bug-bounty-bulletin-15-yes-we-hack-dntue/

2x Bounty on Grab

https://hackerone.com/grab?type=team

====== Resources ======

Corridor

https://corridor.dev/

disclose.io

https://disclose.io/

====== Timestamps ======

(00:00:00) Introduction

(00:03:33) Cluely Bug, Government involvement, & Disclosed.io

(00:12:33) AI in security & Corridor.dev

(00:29:23) Cluely Bug Fallout & Ethics of hacking outside of Programs

(00:41:20) Shift Agents