Cursor 3, Gemma 4 & AI Taxes

Download MP3

[00:00] Ben: All right, Bradley, we’re recording. How’s it going?

[00:03] Brad: It is, uh—what is today? Thursday? Wow, we usually record on different days, so I had to kind of catch my date.

[00:14] Ben: Yeah, episode 40 of the Breakeven Brothers podcast. Nice round number. And it turns out to be—or you turn out to be—30 years old. Gosh, I can’t talk. Yeah, you had your birthday this week, so happy birthday, Brad.

[00:25] Brad: Thank you, thank you. Dirty 30. Big Sur for the weekend, so really relaxing. Did some Japanese hot bath, unlimited all-you-can-eat food—pretty relaxing. Did some falconry too, so I saw some really cool birds, and yeah, a really, really talented falconer, which was the first experience that I’ve had.

[00:42] Brad: He took us to the woods, had a little glove that we could use to beckon this falcon to fly in and land on top of your glove. Really freaking cool. I would highly recommend it. So a little bit of a far drive, but it was a fun weekend escape.

[00:59] Brad: And this week I actually had the whole week off. So Monday through Wednesday was in Big Sur. Nice to relax and reset and just do hiking around the natural area. Then Thursday, Friday—today being Thursday—day off. Love it. Haven’t had a day off in what feels like a long time. Probably incorrect, but it’s just fun being at home.

[01:16] Brad: And the best part is having the day off when your spouse doesn’t have a day off, because then it’s just, you know, do whatever I want. So that was fun. Shoutout to my wife.

[01:29] Ben: Nice. All the falconry talk—have you seen Dave Chappelle’s most recent stand-up?

[01:38] Brad: No.

[01:38] Ben: He talks about falconry a lot in that one.

[01:41] Brad: Okay.

[01:41] Ben: Well, then you have to watch it now that you have a newfound appreciation for the sport, the hobby, whatever it is.

[01:46] Brad: Yeah, I don’t know what to classify it as—the science of falconry.

[01:49] Ben: Yeah, that sounds fun. That’s awesome.

[01:51] Brad: Yeah. Right now I’m older, I’m wiser. Um, yeah, yeah. Honestly, it felt like a long time coming. I feel like a lot of my friends were slightly older, and I just felt like I was welcomed into the 30s with open arms. So here we are. And if I sound smarter, it’s probably why.

[02:09] Ben: Yeah, my text to Brad on the day of, you know, to wish him happy birthday, but I was like, “Are you finally 30? Like, are you finally 30?” Because I feel like you need to be 30 by now. Like, come on, you’re taking too long.

[02:17] Brad: Yeah.

[02:18] Ben: So, yeah, yeah. That’s awesome. Well, belated happy birthday again, and I’m sure the viewers—or listeners—of the show will wish you happy birthday too.

[02:29] Brad: Cool. Awesome. Yeah, what did we miss in terms of—yeah, what’s been taking off? We’ve got some new product releases. What’s been going on in the AI world?

[02:38] Brad: Honestly, there’s a lot, but the ones that I want to talk about—big one: Cursor 3. So Cursor was kind of the first AI IDE. They came to market, had a big splash. Cursor 2 changed the UI a lot, introduced agents, but was still kind of a VS Code-looking text editor and IDE.

[02:54] Brad: Cursor 3 is here. Now that is fully agentic, agents-first UI—much, much different than the original VS Code fork. So they published a blog article recently talking about the transition. It looks very similar to the Codex app, Cloud Cowork, if you’ve used that.

[03:10] Brad: Essentially, you don’t have a text editor anymore. At least that part’s not extremely accessible. Now you’re managing agents with a left sidebar that has threads for each of your tasks and the main content window being a chat window. So that’s our new UI update.

[03:23] Brad: And I think the good thing about Cursor is they’re pushing the frontier on local versus cloud. So in my mind, how I pin Cursor as their product is: really good agent-first product, really good at handing off a local task to a cloud server, which means you can say, “Do something from your phone,” and kind of pick it up later.

[03:40] Brad: They spend a lot of time focusing on web development, is what I feel like. So they have a good experience there. But for things like building an Apple app on the iPhone or macOS, not as good of an experience. But hey, there are a ton of web developers out there. So shoutout to Cursor for kind of pushing the boundary and getting closer to that agentic UI that people are now getting used to.

[04:04] Brad: And the second one is from Google Gemini. They’re releasing Gemma 4, I think actually today. This comes in 2B, 4B, 26B, or 31B. And this is kind of their on-device model, which is hence the size of being really small.

[04:20] Brad: So all the latest models are pretty large, require lots of compute, big NVIDIA chips. These ones are much smaller. And with the partnership that Gemini has with Apple, I’m curious to see where these will land in terms of Siri or other product areas. But yeah, two big releases. And it feels like there have not been too many releases outside of that. But honestly, things evolve week over week, so I’m sure there are some that we missed.

[04:45] Ben: Yeah, I feel like lately there’s been a bit more of a product or feature kind of shipping more than new models. I feel like late 2025 was a lot of model shipping, and yeah, it just seems like there’s been more product-type stuff that’s shipped from these different labs lately. So yeah, not as much on the model side.

[05:09] Ben: But I did notice—I was looking at the announcement for Gemma because I think we talked the last two times on the pod that I was trying to do some local AI stuff—and they published the Elo score from Arena AI, and it’s pretty cool. I’m just a visual person, so it’s pretty cool to see how they basically have the x-axis being the model size, like billion parameters, and then the intelligence being the y-axis.

[05:38] Ben: And it’s almost at the top. It’s not the top one. The top one is still GLM-5, which we haven’t really talked about. But the other one is Kimi, and it’s Qwen—it’s like the usual ones that you expect to see at the top there. But then Gemma is right there with them, but it’s way shorter down the x-axis in terms of model size.

[05:52] Ben: So basically, they packed in a lot more intelligence into a much tinier package, which is pretty cool. So yeah, I’m curious if I can give that one a spin on my local setup here, since I was doing some of that demoing last month too. Haven’t had any time lately, but yeah.

[06:07] Brad: Yeah, I think Google does really well in the small models and speed. Unfortunately, I think Gemini Pro and those top-intelligence models don’t beat out the other labs. But Gemini Flash, Gemini Flash Lite—extremely cost-efficient and fast, and I think that’s their sweet spot.

[06:25] Brad: I don’t know if they’ll get around to having their top-tier model be extremely intelligent and top code-writing. But the inverse of that—having a very fast, small, efficient model—they do a great job on that. So yeah, really awesome work.

[06:43] Brad: And Apple is already shipping on-device LLMs in iOS 26 so that you can do inference and power all these AI experiences on your iPhone using great Apple chips. So I wonder, with the partnership, if that future Gemma model will end up on-device or if it’ll be Apple-trained. Who knows, but that seems like a pretty solid candidate to me.

[07:02] Brad: Because Apple has this incredibly rich machine learning background and hardware background. And if they could bring that LLM expertise and package that and put it on an iPhone and have a really good model there, honestly, it’d be amazing. Because even talking about Split My Expenses mobile app, I have to make a network call to give, for example, an expense categorization.

[07:22] Brad: However, technically with iOS 26, I could invoke the local LLM to make an inference call and get, you know, “How do I categorize Justin Bieber tickets?” for example. It would be much better if this on-device LLM model that Apple is shipping is top-tier.

[07:41] Brad: And right now, Apple hasn’t really been swinging in that category. But who knows? Maybe Gemma 4 will be kind of the first foray into saying this is possible. And whatever Apple has already shipped in terms of this base LLM model that’s really light, maybe they could derive the Gemma 2B to be even smaller and get really fast performance. Because yeah, the Apple chips are spectacular, like the M1 Max—excellent. But they’re not there yet on the foundational LLM side, although they do have cool research papers that we’ve looked at previously.

[08:10] Ben: Yeah. Justin Bieber tickets, huh? We’ve got to check your Spotify, Brad.

[08:14] Brad: Well, that’s my normal example. I have 140 categories on Split My Expenses, and I try to find something that’s not immediately understandable. Not hard, but not easy. And I’m like, I’ve typed in Gears of War. I’ve typed in Justin Bieber tickets. There are a few that I reach for, and I obviously know the category for those. So yeah, that one just kind of popped in my head.

[08:35] Ben: Yeah, yeah. All good fun. Cool. Awesome. Well, I think that’s the updates, right? That’s the kind of new releases that we wanted to recap.

[08:42] Ben: Cool. Awesome. One of the things that’s taken my timeline by storm the last probably two days, but especially today, is our good friend—we don’t know him personally—but big internet personality Daniel Vassallo, founder of Small Bets, ex-Amazon, whatever else he’s got into. He’s very online. But I actually am a big fan of his content, generally speaking.

[09:05] Ben: But he completely rage-baited a ton of accountants by saying that he’s going to have OpenClaude do his taxes. And he did—he kind of had a whole thread about how he gave all his documents into OpenClaude and it went through and found all the right credits, it did all the right deductions, explained everything to him, and it was a matter of, I think he said, like an hour or so. I can’t remember the exact time.

[09:30] Ben: And basically saying that his past CPA would extend him on short notice and would overcharge him and then charge him to even have a meeting to talk about things, and it sounds like he had a bad experience with the last CPA he was with.

[09:46] Ben: And so it’s really interesting. He’s always really good at—I don’t want to say engagement bait. I think it’s genuinely pretty good—but he’s good at driving conversation, and that’s definitely what he did. So he got some people started. But what’s—what have you got? Hit me.

[10:03] Brad: Yeah, I was thinking he did have a tweet earlier about giving his taxes to GPT or Codex, right? Because as far as I had seen it—and maybe the timeline isn’t correct from what I’m remembering—but it was Daniel tweeting about, “I had hired an accountant or a CPA years before, and then I had handed off my taxes to AI this year, and they had found a mistake or something.”

[10:28] Brad: What I can’t remember is if that was Daniel or somebody else, because on my feed I just have this vague memory of someone outlining, “I did it with an accountant, and I did it with AI, and AI found something that the accountant missed and saved me money.” And I don’t know if that was Daniel or not. So I just wanted to ask, did you see that, or was that somebody else, or am I just making stuff up?

[10:49] Ben: I think he had said something like before he was going to have Claude do his taxes, and he specifically said Claude, I think. And that wasn’t that he had already done it—I think from what I remember, he was saying he was going to do it. But this one, the more recent one, is that he did his taxes with OpenClaude. So he kind of—I don’t know, time passed and he decided to use OpenClaude instead.

[11:12] Ben: But yeah, it wasn’t his first foray into my CPA world. You know, I have two worlds on Twitter—or on X. It’s like the developer world and it’s like the CPA world, and they usually don’t mix. They usually don’t mix. But this was an instance where they mixed because of him. Every now and then it’s either him or someone like Levels that posts some kind of tax thing and there’s some overlap, so it wasn’t his first time.

[11:38] Ben: But I actually thought it was a really cool tweet. And I’m a CPA, I do taxes—but I don’t do taxes for a living. And so there were kind of a couple different reactions, I’d say, from CPAs to Daniel’s tweet.

[11:53] Ben: There was definitely the ones that were like, “This guy’s an idiot. He’s going to get audited, and who’s going to be there to kind of support him when the IRS comes knocking?” and all that kind of stuff. So there’s that crew.

[12:05] Ben: There was also the crew that was like, “Oh yeah, you’re so right. CPAs are cooked. Why would anyone pay more than $100 to an AI to just take care of your taxes for you?” blah, blah, blah.

[12:17] Ben: But I thought he was addressing something that actually wasn’t just like, “Oh, AI is going to take all of knowledge work.” To me, it was in one of the tweets he had—and I’ll link it in the show notes—he was kind of going through how much of a different experience it was doing taxes with AI.

[12:42] Ben: Because he was saying how the AI doesn’t judge you if you have a question about where a 1099 should go. AI doesn’t judge you if you—let’s see if I can find it real quickly—but he was kind of saying more from the human experience that sometimes, and it sounds like he had a bad CPA just to be clear too, because it sounds like he’s got some scar tissue, but about how they’re not there to make you feel like you understand your taxes.

[13:01] Ben: You don’t wait to do it until April. They don’t feel like you’re a number in the queue in terms of clients. So he’s kind of touching on it from a human-experience angle. And to me, I was like, I think that makes sense. If you had that experience at the traditional CPA firm where it’s like you’re just a number in the queue and you have to wait until your taxes are done, you can’t speak to them, and then when you finally get your taxes, they don’t really explain it to you, and it’s confusing, and you’re just kind of supposed to take it—that’s not a good experience.

[13:29] Ben: And so while I don’t think AI is good for everyone to do their taxes, I do think what he’s saying does make sense to a degree, of like, don’t take offense—don’t be offended by it, CPAs. See how customers are going to start thinking about doing their taxes with AI too.

[13:46] Ben: But also, look at what he’s saying. He’s not saying he loathes CPAs. He’s just saying, “Hey, my past CPA was a bad experience, and so I did taxes with AI this year.” Don’t crucify him for that. Just see what he’s saying.

[13:59] Ben: And it’s really—he shared his prompt, right? I thought he had described what he had prompted, so it’s all out there. But I don’t know—he didn’t share the conversation, obviously, because it’s sensitive details. But I wonder how far it went.

[14:13] Brad: Because yeah, it popped up on my feed. The second I saw it, a little bit of engagement bait—you know, being on X, getting views, getting payouts. It’s not the number one reason people post things, for sure, but it’s up there. And I think likewise, being the reply guy on top of these incoming viral tweets is also a big thing, which you’ll see a lot of the AI-generated replies.

[14:34] Brad: But overall, I’ve done a little bit of dabbling with AI and taxes. Of course, I’m not an accountant, but it felt to me like it wasn’t there. Maybe I’m a bad prompter, maybe I didn’t have the right data, maybe I should use OpenClaude—I’m not sure where things went wrong.

[14:45] Brad: But it is interesting that there is an uptick in people on X talking about AI and taxes because there was an inflection point, I would say, end of last year in coding where models got really good, the products got really good. It felt like the barrier to creating software was extremely low, and code feels really cheap today.

[15:06] Brad: And if you know what you’re doing on the accounting side, it feels like you get pretty close to something that would wield your taxes. For someone who’s less familiar with tax code and, to be quite honest, less interested, I didn’t push too hard in that category. So I gave it a run-through, I stepped back, I said, “This probably isn’t right,” went to TurboTax, got a number. It was off, but hey, maybe I messed something up.

[15:30] Brad: So it’s nice to know that someone who is experienced can get somewhere far. Hard to fully validate that whatever you said is true, but it does paint somewhat of a picture.

[15:40] Ben: Yeah. Well, and speaking of engagement bait, I quote-tweeted Daniel, and I was just giving my own thoughts. And it was kind of just what I just said here, so I won’t reread or anything like that. But my replies got blown up too.

[15:51] Ben: And I don’t tweet that much, and when I do, I get like eight views—and probably one of them is usually from you. So I got 10,000 views, and I kind of tweeted it and walked away, and came back a few hours later, and the responses were fascinating.

[16:05] Ben: Because half of it was other CPAs trying to complain to me, or they were attacking me about, “Oh, he’s a bad client. We wouldn’t want him anyway,” all this kind of stuff. And I’m like, guys, I didn’t say anything controversial. I’m just saying think about what he’s saying and don’t get upset.

[16:19] Ben: There was a guy who quote-tweeted me and basically he was being a hater. It’s funny—I think it’s funny. He’s like, “Just because someone calls himself a CPA doesn’t mean they know jack shit about taxes. Case in point,” like tweeting my tweet.

[16:36] Brad: Wow.

[16:36] Ben: Yeah, I know, right? I told him, “Hey, I hope you find peace with whatever you’ve got going on.” But yeah, dude, I was like, damn, these people are crazy. So yeah, I don’t think I could be an engagement baiter because people are nuts.

[16:54] Ben: But yeah, it was a fascinating Twitter thread. And I think, again, where it all comes down to for me is expectations are going to get there. People are going to start using it for their taxes. This is the worst it’s going to be right now.

[17:04] Ben: Clients are going to take your tax return that you give them—and if you’re a CPA, clients are going to take your tax return that you give them—and they’re going to go run it through AI and say, “Hey, did my CPA miss anything?” So just be aware that that’s where things are going.

[17:16] Ben: And I think it’s popular right now, obviously, one, because it’s tax season, but then two, I think Perplexity specifically announced or tweeted something about, “Hey, you can use Perplexity to do your taxes.” And so I think that was actually what kind of kicked it off, or maybe what Daniel was replying to.

[17:31] Ben: So yeah, eventually it can. There’s always going to be weird nuance, and things like if you don’t report it correctly, the AI is not going to know about it, and so it’s going to get it wrong. But if your moat is your knowledge, that’s not a great place to be. I think if your moat is that you know the tax code, that’s not sustainable, you know? I think your relationships and what are you providing in this transaction—not just the knowledge. I don’t know. That’s it.

[18:09] Brad: It reminds me of a Gary Tan—I think it’s called G-Stack. Have you seen that blow up on X?

[18:15] Ben: No.

[18:16] Brad: For those who are unfamiliar, it’s what I like to call kind of an AI slot factory. So I think Gary Tan—I really should have looked this up before the show—but Gary is a Y Combinator executive.

[18:29] Ben: Yeah, yeah, yeah.

[18:29] Brad: Something in that area. And he created his own software stack that essentially has these different agents that Cloud Code will dispatch to. One is like a CEO, one is a product reviewer, one is a designer, etc. So he created kind of a mini company. I believe he called it G-Stack, and it was trending like crazy.

[18:51] Brad: And Gary had been on X posting about how much code he had written in the past seven days, and it was some staggering hundreds of thousands of lines of code. And what one person had done was they dove deep into what Gary had published online, which I think was some—not basic, but some starter website project that does what he wants to do, kind of like just a side project.

[19:13] Brad: And this person did a really deep dive on performance, best practices, etc. And it turns out that Gary was shipping what seemingly wasn’t the best code quality and was just getting stuff out there.

[19:23] Brad: And so when you talk about the knowledge being something important, I do think we’re ending up in a world where code is cheap, but writing good code is still important, and making sure you ship performant things and correct things, accessible things—all things I think Gary’s code had missed because he was just letting loose and the code was being written and it mostly worked, but there are a lot of pieces that didn’t work that maybe aren’t as easy to uncover.

[19:52] Brad: And so when I think about Gary and his experience, and then someone peeling back that facade of, “Oh, I’m writing 500K lines of code in seven days. I’m doing amazing,” if you peel back some of that and do analysis on it, it doesn’t feel as incredible.

[20:04] Brad: Whereas if you were to reframe that, it’s, “I’m writing 500K lines of code. My website works, but it’s missing the mark on maybe 30, 40 percent of production-grade code that wouldn’t be released for any large company that has a software product.”

[20:22] Brad: So almost on the same thing with taxes, it’s having that knowledge to know that if I chuck my data into AI and it has some understanding of the tax code, and I provide it information of the tax code, and I’m able to audit its work, that part’s pretty valuable.

[20:38] Brad: Like auditing Gary’s work—if you don’t know what you’re looking for, it looks great. No one really knows. If you do know what you’re looking for, and you’ve been in the space and you have that knowledge, you can really easily point these things out and say, “This isn’t optimal. This isn’t right.” It’s maybe not critical, but it’s important.

[20:55] Brad: So it’s not things that are edge cases or fringe. It’s very much important, but it’s not going to break the website. And I think those parts are what you pay for. That’s the experience that you get. You need to have that knowledge.

[21:06] Brad: We’re not at the point where AI can take you from start to finish where you have complete hands off the wheel. And I think that was the experience that I was trying to do for my taxes: give it minimal information, give it all my information, hands off the wheel, what number is it, okay, move on. And we’re not there yet. And we’re not there with code. We’re getting closer and closer, but I think knowledge is still important.

[21:31] Brad: I don’t know how it’ll evolve, but it’s becoming to a point where it is confusing looking at the horizon of what jobs will be, and specifically jobs that interact with text. And software engineering is one of those.

[21:39] Ben: Yeah. Long story short, it’s interesting. I think knowledge is important, but if you’re selling knowledge, I think that’s where it’s like, I don’t know exactly where that still fits in.

[21:51] Ben: But I mean, to the point about the line-of-code thing, that is one of the most silly metrics I see on my feed—on LinkedIn, on X. Especially coming from a non-technical background, and my timeline is mostly filled with non-technical people that are getting into coding, which is great, but flexing that you’ve committed 500,000 lines of code—that does not matter, to be honest with you. I’m just going to be real. It doesn’t matter.

[22:20] Ben: What does that code do? Does it work? I would rather have less code that just does what it needs to do versus 500,000 lines of bloat. That’s why I don’t like those kinds of apps like Replit or Lovable, where it’s going to create a website and the website will look great, but it’s just 18 folders of JavaScript and TypeScript and just—yeah, it just looks horrible when you look at it. You know how I feel about JavaScript.

[22:50] Ben: But I’d rather just be able to see something—it’s like when you write, when you’re a writer, the best writers write the least. They get their message across in the least amount of words. They don’t just ramble on. And so code, to me, is the same thing.

[23:02] Ben: It’s like Karpathy—he does those kinds of, like, he released some kind of auto-generating LLM. I think we talked about it on an episode or two. But he does it in really short lines of code. I think he did one—it was probably like six months ago, so I’m going to butcher this—but he did something where he made an LLM that runs on like 90 lines of Python code, and you could literally print it out on a—

[23:29] Brad: The researcher thing?

[23:30] Ben: Yeah, something like that. He did something, and it was really small, compact, and you could literally print it out on one page. And it was like, that is impressive. The fact that you can do all that in 90 lines of code—I don’t care what you do in 500,000 lines of code. That doesn’t impress me without any other context, you know? So yeah.

[23:55] Brad: Yeah, yeah, yeah. While you were chatting, I was looking up Gary Tan’s tweets. I really didn’t want to be wrong about these numbers, but his direct quote is, “I use it to 90x my own best developer productivity, and it’s only getting faster.” Then he links to his G-Stack.

[24:08] Brad: And yeah, 90x productivity—that’s humongous. And the lines of code for 2026 he had documented was 694K. So a lot of lines of code. Again, not full quality. He’s still shipping things, which is a big win.

[24:25] Brad: And I think G-Stack has—let’s see—8K forks, 60K stars. So it’s a Cloud Code setup with 23 opinionated tools: CEO, designer, engineering, release manager, doc engineer. So it’s a fascinating setup.

[24:41] Brad: I have not adopted it. I’m curious if anyone who is listening to the pod has had experience with G-Stack because it clearly has 60K stars, has some reach. Do let us know in the comments because maybe I could 90x my productivity.

[24:54] Brad: It’s hard because when you look at some of those things at face value, you think, why aren’t more people doing it? It’s kind of like the get-rich-quick schemes. If people are selling me a guide on how to do it, do I need it? I don’t think it’s exactly in that use case, but it gives a feeling of that where I don’t like to be left out. But to me, sometimes things are too good to be true.

[25:16] Ben: Yeah, yeah. Usually if it’s too good to be true, it usually is.

[25:20] Ben: Cool. Awesome. What else have we got?

[25:23] Brad: Yeah, so we can jump to our next one. I have been using some pretty useful MCP servers recently. I just wanted to call out a few and kind of talk about the broader topic.

[25:32] Brad: But we’ve talked about MCP ever since it was introduced, how useful it is, the transition from MCP to CLIs, and now it kind of feels like we’re coming back. And the reason why I say we’re coming back to MCPs full circle is that it feels like companies have finally started shipping useful MCPs or have shipped their first MCP.

[25:48] Brad: So when we talk about when MCP was first introduced, it feels like only the bleeding-edge companies had it, and you would use those, and the MCP clients that we use weren’t fully featured. It just didn’t feel super great.

[26:01] Brad: Now, with smarter models, better MCP clients, and more companies shipping MCP servers, it feels like we’re at the pinnacle again, where I can use a website that I was normally going to use and it also has an MCP. Oftentimes this means juggling between multiple websites.

[26:17] Brad: So I have Stripe for payments. I have RevenueCat for in-app subscriptions. I want to collect that data, look at it side by side. I don’t want to have two browser windows open with each tab. So I add their MCP servers.

[26:27] Brad: One that I found extremely useful recently for Split My Expenses mobile app is there’s an App Store Connect CLI and MCP. So this one allows you to manage the metadata for your iPhone app, so you can update the title, description, do managerial tasks like submitting a new build for App Store review. Really awesome.

[26:47] Brad: There’s another one called Hopper. So Hopper is kind of an in-the-weeds developer program to disassemble macOS applications. So if you download something like VS Code and want to look at the internals, you can send it to Hopper. It’ll do some very deep investigation. And they have an MCP server for that, which is very useful if you want to get at the internals of any Apple application.

[27:10] Brad: So if you want to automate your text messages, look at email, you can just hand off, you know, Messages.app to Hopper. It’ll disassemble it, look at kind of the internals, and give you cool data.

[27:21] Brad: The last one that I use is BodySpec. So if you’ve ever taken a DEXA scan, which is just kind of like an X-ray of your body to tell you your fat, where you store things, your weight of each limb—just kind of like a deep body skeletal analysis—this company BodySpec has an MCP server, which is crazy to me because they’re just kind of a health and fitness brand, not a developer tool, and they have an MCP server.

[27:46] Brad: And it exposes your data over time, allows you to dive deep into certain insights into your fat loss, your fat gain, etc. And so to me, I don’t know, it feels like we’re almost back in the MCP era where companies have finally gotten around to it, it feels useful, it feels easy, and now these tools—like Codex, at least the Codex app—I can say, “You have these four MCPs installed. Go do things,” and it’s able to fetch all that data automatically, compact the conversation, keep going.

[28:15] Brad: So it feels like with having long-task capabilities and full-fledged MCP services from a large range of products that I use, I’m able to kind of automate my job away in ways that I can kick off a query saying, “Do analysis here,” and I’ll come back to it in 20, 30 minutes. It’s super freaking useful.

[28:31] Brad: So I don’t know if you’ve had experiences like that recently, but I’ve been adding a lot more MCPs. When you get that taste of it, and when you can coordinate these things and kick off long-running tasks, it feels like that’s what it should have been. But we didn’t have the model capabilities and harnesses back then. So maybe, yeah, maybe it’s the era of MCPs.

[28:48] Ben: Yeah, no, I think MCPs—we’ve talked before about how people thought they were dead and no one’s building anything useful with them. I think from what I see and what I’m involved with, there was not an enterprise readiness for MCPs for non-tech people.

[29:06] Ben: So I think developers knew about MCPs, but you talk to the random person that I deal with on a day-to-day basis as an accounting professional—they won’t know what an MCP is. And now that there’s Cloud Cowork and there’s Codex, and there are probably more of those kinds of non-technical harnesses that kind of resemble Cloud Code or resemble more of a regular programming interface without having to know code, I think MCPs are going to play an important role.

[29:33] Ben: And certainly, I use one that is—I won’t say what it is because, you know, I don’t want to get into that here—but I use an MCP and it’s super helpful. It’s super helpful. And we pair that with a skill that goes and gets data out of the database, and then there’s an MCP that kind of lets me do some file-type maneuvers and read files and stuff like that. And it is insanely useful. Not having that would be half as useful. That’s a huge part of kind of my workflow.

[30:06] Ben: And I think that’s becoming more and more possible. It’s going to be more accessible to people as these kinds of tools get more in the hands of, again, the non-coder. So yeah, no, I think—and I think we’ll see more of them.

[30:18] Ben: The MCP thing is still—I’m still fascinated by the MCP versus CLI debate. I will say the MCP I was talking about, I’ve kind of earmarked like, when we do the Google—I guess Google Cloud CLI or Google Workspace CLI, because I can’t remember the exact one—but I was like, when that is kind of onboarded or when we can start using that, should I switch to that or should I stick with this MCP? So I’m curious if I ever end up doing that and switching over and seeing how it feels. But yeah, they’re definitely useful, and I think they’re here to stay for sure.

[30:59] Brad: Yeah, I think previously the CLIs were really good because you could compose things, and the models were decent at Bash, composing things together, saying copy this, put a file there. Now it feels like the models reach toward Python to do any task locally. It’s, “I’m going to create a Python script, run it, it’s going to do things and modify your computer or modify your server.” That’s how I get things done.

[31:22] Brad: Which is really off the back of compute and models being trained on code. Just to get things done, instead of models being trained on language or other things, it’s code being this foundational physics of computers where if we’re good at writing code, we’re good at doing things. And Excel, MCP, CLIs—all that feels like you could boil it down to code.

[31:39] Brad: And yeah, I do love CLIs. And it’s fantastic to watch the AI models do some crazy Bash stuff that I’m not even sure what’s going on, and it can do everything in one line. And then when you see the MCP server call, it’s a little bit slower—not as beautiful, or can’t compose as much, because it has to wait on a tool call for each one. But it gets the job done. You know, I’m doing multiple things in parallel, so that’s not a big deal.

[32:09] Brad: I think CLI is definitely preferred. Having both is even better. But an MCP server for some of these more sensitive actions—it’s excellent. So if you have dissed MCPs, please give it another look. I think Cursor, Codex, Claude all have first-class support for MCP servers, so definitely add those and try those again.

[32:27] Brad: I think, to me, it was a bit of an enlightening moment to say with the modern tools we have now, MCP servers feel a lot more useful.

[32:35] Ben: Yeah, I think the funny thing I always run into when I deal with my MCP that I’ve been talking about is I keep hitting context window limits and breaking chunks. So seeing it deal with—I’m sure different MCP servers are better than others—but yeah, I think that’s the negative aspect that you’ll hear sometimes, is that the MCPs eat up a crap ton of tokens.

[32:58] Ben: But, you know, if you have the bandwidth to absorb that, it’s fine. It’s still useful.

[33:06] Brad: Yeah. Crazy. Cool. Awesome. What else have we got?

[33:10] Brad: We had a crazy security breach. So it feels like every other week, a new one pops up. So we like to call this the software supply chain attack. And Axios, which is downloaded over 100 million times weekly, was the target of the latest attack.

[33:26] Brad: And for those who aren’t familiar, this is using NPM. Axios is basically a library to wrap network requests. So making a request, an API request, any web request—Axios makes it a little bit easier to do. A little bit of a nice developer experience. And honestly, it’s embedded in a ton of frameworks and other big, useful JavaScript packages.

[33:50] Brad: So I think that 100 million downloads per week is really pointing at Axios being a foundational JavaScript package. And to be quite honest, I like it. It’s useful. It’s not one of those things that adds two numbers together. It’s actually a useful package. So it’s quite unfortunate to see something like that happen.

[34:09] Brad: I believe it was detected within an hour. But for those who were affected, I believe it went pretty deep in trying to install kind of an obfuscated crypto package that tried to extract data from your system.

[34:25] Brad: What I had done—because again, I work on web apps, I use Axios—that was the second package that I’d actually used in my web application that got compromised. The first one was PostHog, which is an analytics service. This was the second one.

[34:39] Brad: So I went to Twitter, saw this, I thought, “Oh crap, did I download it during this unfortunate hour time window? I don’t think I did, but let me check.” And someone actually posted a reply on X mentioning, “Run this prompt,” which basically tells your computer, “Hey, scan for certain files that this program would have downloaded to kind of do malicious things and see if I’m affected.”

[35:03] Brad: Fortunately, after that ran for 20 minutes, I kind of held my breath, it came back that I was clean. I didn’t download any of these bad versions. I wasn’t affected by it, but I’m sure people were.

[35:13] Brad: And what’s probably worse is I’m sure that companies who build their code in CI or in GitHub, who are downloading these packages—hopefully they didn’t lose any secrets or any other API keys that were exposed in kind of this build-time environment.

[35:29] Brad: And one of the interesting things that came out of it was: how do you prevent this for developers? Because this seems to pop up way too often. Feels like at least once a month, a popular package, if not one of the most popular packages, is getting compromised.

[35:43] Brad: And so an engineer had posted essentially a configuration for your dependency managers. So if you’re using NPM, if you’re using Python, whatever you’re using to pull dependencies for your code base, a lot of them have these configurations that say don’t download something if it’s not at least a week old.

[36:02] Brad: So kind of a weird way to put it, but oftentimes these hacks go as: they publish a bad version, you pull that in, it’s fresh off the press, boom, you’re hacked. So people were talking about, should we have a seven-day delay? How should we handle this? But then it kind of gets in your way too. So I don’t know if you saw those tweets, but kind of interesting to paper over what really should be a better security system by just saying, “Hey, I don’t want any updates if it hasn’t existed for seven days.”

[36:28] Brad: Because to be quite honest, these are eliminated rather quickly because it’s such a widespread package. We have AI agents running, doing half our coding these days. Any way that it’s able to detect, “Hey, something is really off here”—but sometimes it’s too late.

[36:41] Ben: Yeah. Yeah, no, I definitely saw that. And you know, I don’t do anything with JavaScript, so it doesn’t really impact me at all.

[36:49] Brad: You’re missing out.

[36:49] Ben: Yeah, no, no, I’m good. I’m a JavaScript hater. But yeah, it is scary because I think it’s one of those things where, again, from a non-coder perspective, if you’re getting into it, you pip install blank, XYZ, and you pip install this, pip install that—you don’t really think too much about that.

[37:08] Ben: And if that were to happen to me, I wouldn’t even really know how to go to AI and figure out how do I—how do I, you know, to your point, do the audit and make sure that you’re okay. But yeah, that stuff’s scary.

[37:22] Ben: And I think it’s going to come more and more. I think the other one that we didn’t touch on, that I will mention quickly here, is LiteLLM got—

[37:30] Brad: Yeah.

[37:30] Ben: Yeah, and that was a Python package. And I was just reading about that a little bit too. And this was written on March 20th, I think, or March 24th. And so the person said the LiteLLM package is super popular. It had 3 million downloads just yesterday alone and over 95 million downloads last month.

[37:50] Ben: That’s a staggering amount of downloads that would have downloaded this malware and then have to go through this whole root canal of getting that off your system and hope that it didn’t find anything and extract anything sensitive and go do what they do with it, right? So yeah, it’s scary stuff right now.

[38:09] Ben: We’ve talked a lot on this podcast about the pace of AI is amazing and people are super quick to jump in and use everything. But security is going to probably need to catch up. And it’s just one of those things where it’s like OpenClaude—neither you nor I touched OpenClaude because we were kind of not sure about the security piece just yet, you know? So people have got to be careful because there are lots of bad actors out there.

[38:36] Brad: Yeah, what I would recommend for folks who work on software projects or have their own software side project: just go to Codex, Gemini, Cloud Code, ask a prompt saying, “Do a deep security audit on my product following OWASP,” which I think is O-W-A-S-P. This is a foundation for cybersecurity—basically lingo for all the important things related to authentication, hacking, those sorts of topics.

[39:05] Brad: “Do a deep OWASP audit on my code base.” I ran this for old projects that I’ve worked on that are no longer live. So, you know, it is what it is. But it actually revealed some interesting findings, which I won’t talk about here. We’ll keep that as private information. But let’s just say it was useful information.

[39:25] Brad: And for someone working on a code base day in and day out, leaning on frameworks, it’s quite incredible how powerful and smart these models are and how deep they go in testing your application. So this is a web app, this is a deep security audit. It could work for any app, really. But it costs literally nothing to do this analysis on your code base these days. So why wouldn’t you?

[39:47] Brad: If you think back a year or two ago—maybe two years is too far, but a year ago—when all these vibe-coded apps were coming out, data breaches were happening left and right. The models have gotten a lot better. So those aren’t coming out of the box by default, but models aren’t perfect.

[40:03] Brad: So yeah, I would highly, highly recommend asking for an OWASP security audit on your code base. See what pops up. It might not be fully accurate. Definitely test things out yourself. But if it reports any high-security vulnerabilities, whether that’s your dependencies, your authentication, etc., definitely fix that and get that polished up.

[40:24] Brad: Because yeah, intelligence in coding and security used to be really hard, not what I wanted to spend time there. Now you can just kick off a query, go do what you’re actually trying to do, and come back and fix any findings. So quite literally, it almost feels free now, in a way that I would never kind of endeavor on some of these things, or only fix security issues when people reported it and it was immediately obvious. So we’re in a new era now, and the tides are shifting. The balances are different.

[40:50] Ben: Yeah. Nice. Cool. Awesome. Well, I guess before we wrap it up here, we should address the rumors in the news, Brad, that yes, we did see that the TBPN podcast did get acquired. Yes, we actually were first and we turned it down, so happy for them.

[41:11] Ben: The Tech Bros Podcast Network—that’s what I thought it stood for. It turned out that’s not what it stood for.

[41:17] Brad: Yeah, I had to look it up as well.

[41:19] Ben: Yeah, yeah. But pretty cool. As podcasters in the space, it’s always great to see. And yeah, again, it wasn’t our time. We just said, “No thanks,” and happy that they got the opportunity, so kudos to them.

[41:29] Brad: Yeah, I think they were making good money too. When I saw the announcement from OpenAI talking about it—or someone had done analysis that they were making tens of millions per month—I thought, damn.

[41:44] Ben: Or maybe it wasn’t per month. Maybe it was for a year.

[41:44] Brad: For a year, yeah.

[41:46] Ben: Well, you were an acqui-hire, so it’s true.

[41:51] Brad: Good, so yeah, you got it.

[41:53] Ben: We’ll work on it, we’ll work on it. I would love the pod to make that much, but we’re almost there. We’re close, but not—we turn down sponsors because we don’t want to sully our opinions on the different products, right? We don’t want to be biased, so we turn down the sponsors. So please—

[42:10] Ben: But yeah, there was something else I was going to say too. I was saying, do you want to hit one of our sponsors now? I see we have a sponsored section. Do you want to kick that off?

[42:20] Brad: Yeah, sure. Yeah, go ahead. Yeah, go for it.

[42:21] Ben: Yeah, no, again, we don’t take sponsors, so no—unless it’s from Split My Expenses.

[42:28] Brad: So Split My Expenses is sponsoring this episode. So go to splitmyexpenses.com, download the mobile app on iOS and Android. If you’re going on a trip—Coachella, EDC—all these are really popular times to do Justin Bieber tickets, you name it, any trip, any travel—Split My Expenses is there for you.

[42:49] Brad: If you run into anything, hit me up on chat support. But yeah, I’d say things are pretty figured out, and a proud sponsor of the Breakeven Brothers on this beautiful 40th episode.

[43:01] Ben: We still need to do that commercial, the one I told you about where they have the dining—

[43:04] Brad: I know. I’m going to use AI and just generate you, maybe.

[43:07] Ben: Yeah, that’d be great. And one thing we’re going to mark off for Brad on the bingo card, that I think we’ve got to give you credit for, the $1 billion company—for the story that went around today about the guy who vibe-coded an app that lets him—he drop-ships GLP-1 medication, which I told Brad earlier, that is so 2026 as a headline. I can’t believe it.

[43:34] Ben: But yeah, it does like 500 million in sales so far this year or something like that. So that’s probably a billion-dollar valuation. It’s just him. So I’m pretty sure that was one of your bingo cards. It was either this year or last year. I can’t remember.

[43:45] Brad: Okay. This year.

[43:46] Ben: Yeah. So you’re off to a good start, dude. You’re off to a good start. Looking like an oracle over there.

[43:51] Brad: Yeah, I know.

[43:52] Ben: You need to grow a beard and kind of get a little Gandalf thing going with the way you’re hitting it right now. It’s awesome.

[44:00] Ben: Cool. Awesome. Should we do bookmarks and wrap it up, Brad?

[44:04] Brad: Yeah, so I was just pulling up mine as you were speaking, but there has recently been—not a jailbreak. So for folks that are unfamiliar, jailbreak is the term that, on iOS, you can kind of get into the root access of an iPhone, which is a jailbreak. Really popular a while ago.

[44:20] Brad: There’s a new method, which I’m not fully aware of, but essentially there’s a way to have an iOS simulator that feels jailbroken that runs on your macOS device. So someone figured out some complicated way, which I can’t explain, and even reading it I get confused about, but what you can picture as a listener is access to an iPhone that is not officially approved by Apple that allows you to do kind of this reverse engineering or research into how Apple does things.

[44:51] Brad: And I believe it was mostly powered by AI stitching things together about Apple and just pushing and pushing and pushing to see how far it got. So it’s essentially some sort of emulator that gives you root access that could allow you to load apps like Split My Expenses, kind of debug it or reverse engineer it to get insights into the application.

[45:08] Brad: I suggest you not do that with my app, but any other app totally works. So I’ll link it in the show notes, but a pretty cool kind of research security tool to allow you to run an iPhone that’s more or less root access on your macOS computer and just have fun with it, to tinker around. So really cool stuff.

[45:26] Brad: I’m glad that AI is also used for fun too, because I’m sure the people who are in the jailbreak space have been pushing hard to get this done. Now that they have really smart models, cybersecurity, etc., it feels like it came directly off the hinges of that. I don’t have the full origin story, but I can only assume that, you know, sitting there with Cloud Code and Codex saying, “Go deeper, go deeper, jailbreak this,” it feels like a loop of that 10,000 times with a smart Apple macOS systems guy, you get there.

[45:53] Brad: So I’ll link it in the show notes. Might not be super relevant to everybody, but if you’re interested, it’ll be there. Pretty cool.

[45:59] Ben: Cool. My bookmark is something I just saw that I came across and was like, that seems pretty interesting. It’s actually a research paper from Google about safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly. So kind of a mouthful.

[46:17] Ben: But basically, and the abstract, kind of the summary that I’ve read, is that they published this paper and they completely revised down significantly how much time until quantum computers could break ECC-256, which I think, from what I was reading, is like the underpinning of blockchain, essentially.

[46:41] Ben: That cryptography that lets blockchain historically be so secure, I guess, and kind of undecryptable, for lack of a better term—they significantly moved up the date that they think that’s actually going to happen.

[46:59] Ben: So basically, long story short from what I’m gathering, is that they’re making quicker and quicker breakthroughs in quantum computing. And yeah, they moved it into 2029. So I think by 2029 they think there needs to be some kind of transition in the terms of cryptography to be able to deal with and handle quantum computers.

[47:28] Ben: I need to read the research, need to read the paper, but this is what the tweet from Nick Carter—not the singer—said. And basically what he says is, “Many are wondering what Google saw that caused them to revise their post-quantum cryptography transition deadline to 2029 last week. It was this.” And then he put the paper out there.

[47:49] Ben: So pretty interesting. Yeah, because quantum computers look like something out of a James Bond film, you know? They’re just gnarly looking. So they’re fascinating to me. But it’s like, what can they actually do? And to see that, it’s like, oh, okay, that’s interesting. I won’t pretend to know how it works, but you tell me that my passwords aren’t going to be passwords anymore, then we’ve got to—what’s going to happen with that, you know?

[48:12] Brad: Yeah, it’s a little scary. I was at an AI meetup, and one of the guys I was talking to—the creator of get.ai, Aiden C, I can’t remember his last name—his hot take when I talked with him at the conference was that Bitcoin was just a big money trap to say, “Can we beat that encryption?” that you mentioned.

[48:32] Brad: Because if you could, you could theoretically get access to everyone’s Bitcoin, and that would be worth billions and billions of dollars. So his conclusion was, if this was possible, this had already been done. So Bitcoin is essentially a proof of concept that this encryption is basically unbeatable.

[48:50] Brad: I thought—I never thought about it like that. I guess if you could beat this encryption, you could steal Bitcoin. It would be a wrap. You know, that would be it. I don’t know if these quantum computers are getting us extremely close to it, but the day that comes, I am not sure. So I’m hoping it’s really far away. Sounds a little scary. That’s like an earthquake that just shatters the globe and puts us in a really weird spot where we have to recover in ways that we never expected.

[49:13] Ben: Yeah. Yeah, it’ll be interesting to see. With all the things we talk about on this show, so much of it is going to kind of change how things are today—knowledge work with AI, and now cryptography, passcodes and passwords with quantum computers. It’s—we’re living in a crazy time. We say that a lot, and I don’t know if everyone always feels that way. I don’t know if every generation feels that way when they get into their 30s. But it seems like this timeline is a little bit crazy. That’s just my take. So yeah, it can be good crazy—exciting times—but some scary too. So fun and crazy.

[49:53] Brad: Yeah, absolutely.

[49:54] Ben: Awesome. Well, with that, Brad, good stuff. And yeah, till next time.

[49:59] Brad: Cool. Till next time. See ya.

[50:01] Ben: See ya.

[50:03] Speaker: Thank you for listening to the Breakeven Brothers podcast. If you enjoyed the episode, please leave us a five-star review on Spotify, Apple Podcasts, or wherever else you may be listening from. Also, be sure to subscribe to our show and YouTube channel so you never miss an episode. Thanks, and take care.

[50:19] Speaker: All views and opinions by Bradley and Bennett are solely their own and unaffiliated with any external parties.

Creators and Guests

Bennett Bernard
Host
Bennett Bernard
Mortgage Accounting & Finance at Zillow. Tweets about Mortgage Banking and random thoughts. My views are my own and have not been reviewed/approved by Zillow
Bradley Bernard
Host
Bradley Bernard
Coder, builder, mobile app developer, & aspiring creator. Software Engineer at @Snap working on the iOS app. Views expressed are my own.
Cursor 3, Gemma 4 & AI Taxes
Broadcast by