Podcast thumbnail for Won't Fix

by Rob Leathern

8 episodes
Updated Daily
Accepts GuestsHas Sponsors

Podcast Overview

From the founders of InfoHawk: conversations about AI-driven deception, abuse and scams, and why they’re so hard to stop. In software engineering, “won’t fix” describes a bug by acknowledging the issue but intentionally leaving it unsolved because addressing it is too costly, risky, or not worth the trade-offs. Hear from the practitioners fighting phishing, deepfakes and bots, and learn about the broken systems and misaligned incentives that keep us all vulnerable.

Language

🇺🇲

Publishing Since

4/7/2026

Reach the team behind Won't Fix

Verified contact details for this show aren't on file yet — sign up to get notified when they land.

Recent Episodes

Episode thumbnail for Won't Fix Episode 8: With Dave Kleidermacher of Google

June 30, 2026

Won't Fix Episode 8: With Dave Kleidermacher of Google

<p>Dave Kleidermacher is a vice president of engineering at Google, leading engineering for Android security and privacy. His scope encompasses Android and the Made-by-Google world — Pixel, Nest, Fitbit, and the Play Store.</p><p>We talked about Android's answer to scams: <strong>smarter defenses that use AI as a shield</strong> (on-device detection that catches scams as they unfold), and a deeper <strong>structural pivot to "Actor Trust"</strong> — establishing provable, cryptographic confidence in who or what a source is rather than forever trying to detect bad things.</p><p>Dave has been steeped in these topics for a long time so we get into a bunch of great territory, and I think you’ll really enjoy the conversation.</p><p><strong>Key Highlights:</strong></p><ul><li>Consumer platforms must pivot from traditional vulnerability exploitation defenses to fighting scams and fraud, which make up 99% of actual practical threats facing users today.</li><li>The future of mobile authentication lies in reversing security asymmetry through "actor trust" cryptographically verifying the source device rather than relying on human intuition.</li><li>Big Tech players like Apple and Google need to publish a transparent, accountability driven joint priority roadmap to accelerate cross-platform security for critical defenses like caller verification.</li><li>Mobile network operators remain a critical structural weak point in consumer safety due to privacy-invasive habits like silent third party app installations and outdated location-tracking protocols.</li></ul><br/><p><strong>Chapter Timestamps:</strong></p><p>00:00 Introduction and Background</p><p>3:01 The Shift from Vulnerability Threats to Scam Prevention ‎</p><p>6:01 Real-time Voice Spoofing Capabilities and Demonstrations ‎</p><p>8:19 Platform Defense Strategies and the Whack-a-Mole Problem ‎</p><p>11:00 Actor Trust and Cryptographic Verification Approach ‎</p><p>15:37 Google's Security Key Success and Developer Ecosystem Verification ‎</p><p>17:35 RCS Standards and Industry Collaboration Challenges ‎</p><p>27:19 Business Caller Verification and Stir Shaken Limitations ‎</p><p>31:59 Privacy-Security Balance and Binary Transparency ‎</p><p>41:30 Consumer Role and Stakeholder Responsibilities ‎</p><p>43:27 Future AI Landscape and Industry Recommendations ‎</p><p>49:47 Advertising Technology and Platform Accountability ‎</p><p><strong>Resources &amp; Links:</strong></p><p>Rob Leathern (<u><a href="https://www.linkedin.com/in/leathern/" rel="noopener noreferrer" target="_blank">https://www.linkedin.com/in/leathern/</a></u>)</p><p>Dave Kleidermacher (<a href="(https://www.linkedin.com/in/davekleidermacher/)" rel="noopener noreferrer" target="_blank">https://www.linkedin.com/in/davekleidermacher/</a>)</p>

Episode thumbnail for Won’t Fix Episode 7: With Jeremy Philip Galen of Charlemagne Labs

June 19, 2026

Won’t Fix Episode 7: With Jeremy Philip Galen of Charlemagne Labs

<p>My guest today is Jeremy Galen, founder of Charlemagne Labs. Jeremy spent twelve years at Meta working in privacy, safety, and security — most recently five years as a product manager in trust and safety, focused on machine-learning content enforcement, account access, impersonation, and plagiarism.</p><p>He left to start Charlemagne Labs, a New York startup building what he calls a "digital bodyguard" — an on-device AI assistant, Agent Charley, that steps in before a worker clicks a dangerous link or pastes sensitive data into a chatbot.</p><p>The company's research recently landed in Meta's safety report for its frontier model, Muse Spark, where Charlemagne's benchmark measured how capable leading AI models are at multi-turn social engineering. His core argument is that the old "think before you click" model of security is broken, and that risky digital behavior should be treated less like a moral failure and more like a public-health and system-design problem.</p><p>Learn more about Jeremy and the company at <u><a href="https://charlemagnelabs.ai/" rel="noopener noreferrer" target="_blank">https://charlemagnelabs.ai/</a></u></p><p>Listeners who sign up for the Pro plan can get 6 months for free if they use the promo code ROB2026. </p><p><strong>Key Highlights:</strong></p><ul><li>Selling consumer security software is a non-viable market because consumers buy what they want, while businesses buy what they need.</li><li>The open internet operates as an active battlefield where users face direct threat vectors from sophisticated foreign adversaries.</li><li>Falling for social engineering scams is entirely situational, rather than a reflection of an individual's intelligence.</li><li>Real-time, automated AI interventions are far more effective at enforcing digital hygiene than relying on static digital literacy training.</li><li>Over 90% of modern cybersecurity incidents originate from human risk vectors where an individual is directly targeted or manipulated.</li></ul><br/><p><strong>Chapter Timestamps:</strong></p><p>00:00 Introduction and Guest Background</p><p>1:02 Career Transition and Startup Journey</p><p>2:33 Consumer vs. Business Security Market Analysis</p><p>3:56 Personal Motivation and Scam Prevalence</p><p>5:09 Social Engineering Sophistication and Victim Blaming</p><p>8:01 Big Tech vs. Startup Challenges</p><p>13:59 Fundraising Reality and Survivor Bias</p><p>18:05 Digital Hygiene and AI-Powered Protection</p><p>22:06 Privacy-First Architecture and Local Models</p><p>28:18 Democratizing Security and Luxury Concerns</p><p>31:59 Meta Collaboration and Industry Standards</p><p>35:16 Founder Advice and Problem Selection</p><p>38:08 Company Information and Target Market</p><p><strong>Resources &amp; Links:</strong></p><p>Rob Leathern (<u><a href="https://www.linkedin.com/in/leathern/" rel="noopener noreferrer" target="_blank">https://www.linkedin.com/in/leathern/</a></u>)</p>

Episode thumbnail for Won't Fix Episode 6: With Tate Jarrow, Founder & CEO of Rebound

June 5, 2026

Won't Fix Episode 6: With Tate Jarrow, Founder & CEO of Rebound

<p>Tate Jarrow is the Founder and CEO of Rebound (<a href="https://trustrebound.com/" rel="noopener noreferrer" target="_blank">https://trustrebound.com</a>), a consumer anti-scam company. Before founding Rebound, Tate was an Army infantry officer and Airborne Ranger, and then a Special Agent at the U.S. Secret Service.</p><p>At Google, he helped start a company called Beacon through the Area 120 incubator, which was then acquired into Google One.</p><p>Key Highlights:</p><ul><li><strong>What Rebound is building:</strong> "Antivirus but for scams" — software that sits on a user's device across macOS, Windows, iOS, and Android, sees what the user sees, and alerts when it detects an inbound scam. Currently in alpha, heading into paid beta within the month, with general availability targeted for summer.</li><li><strong>Why now:</strong> Normal people have zero real defense against scams. Law enforcement don't have resources for individual cases, and platforms are hard to reach for recovery. Existing consumer cybersecurity is rooted in 20-year-old problems (antivirus, credit monitoring) and isn't built for AI-powered, personalized, scaled attacks.</li><li><strong>“You can't arrest your way out of cybercrime”:</strong> Cyber criminals run transnational organizations as businesses with P&amp;Ls, so the real lever is changing the economics.</li><li><strong>Google:</strong> Tate started in legal/investigations chasing cybercrime actors on Google platforms, got frustrated by the gap between business incentive and what could actually be done. Two of his Area 120 teammates are now on the Rebound team.</li><li><strong>Scam overconfidence:</strong> Tate shares that a GASA study found the #1 predictor of being scammed is confidence that you can spot one — overconfidence is the actual risk factor. Every demographic gets hit.</li><li><strong>Regulation and data:</strong> US regulation is 20 years behind. The real risk now is social engineering powered by leaked addresses, phones, emails, and contacts. He wants companies held accountable for the social engineering risk they create, not just PII in the narrow legacy sense.</li><li><strong>"Caring guardians":</strong> People in tech are the de facto security help desk for their parents, friends, and families. Rebound is building features so a tech-savvy family member can have visibility into risk across the people they care about — plus in-app trust verification (one-click identity check) for the "is this actually my friend messaging me?" problem.</li></ul><br/><p>Chapter Timestamps:</p><p>00:00 Introduction and Background</p><p>1:26 Rebound's Mission and Product Overview</p><p>3:39 Technical Implementation and Current Status</p><p>4:45 Motivation Behind Consumer Protection Focus</p><p>7:45 Google Journey and Area 120 Experience</p><p>14:59 Law Enforcement Perspective on Cybercrime</p><p>18:30 Evolution of Cybercriminal Organizations</p><p>21:07 Current State of Consumer Protection</p><p>30:04 Regulatory Environment and Government Role</p><p>37:25 Community Protection and Cross-Platform Challenges</p><p>43:00 Product Vision and Future Plans</p><p>Resources &amp; Links:</p><p>Rebound (<a href="https://trustrebound.com/" rel="noopener noreferrer" target="_blank">https://trustrebound.com</a>)</p><p>Tate Jarrow (<a href="https://www.linkedin.com/in/tatejarrow/" rel="noopener noreferrer" target="_blank">https://www.linkedin.com/in/tatejarrow/</a>)</p><p>Rob Leathern (<a href="https://www.linkedin.com/in/leathern/" rel="noopener noreferrer" target="_blank">https://www.linkedin.com/in/leathern/</a>)</p>

8 total episodes available

Deep-dive analytics for Won't Fix

Frequently asked questions

Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.

What is Won't Fix?

From the founders of InfoHawk: conversations about AI-driven deception, abuse and scams, and why they’re so hard to stop. In software engineering, “won’t fix” describes a bug by acknowledging the issue but intentionally leaving it unsolved because addressing it is too costly, risky, or not worth the trade-offs. Hear from the practitioners fighting phishing, deepfakes and bots, and learn about the broken systems and misaligned incentives that keep us all vulnerable.

How often does this podcast release new episodes?

This podcast updates daily.

Where can I listen to this podcast?

This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.

Does this podcast accept guests?

Yes, this podcast regularly features guests.

Legal Disclaimer

Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.

All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.

We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.

While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.

By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.