[Dev]olution

The Echo Leak Exploit: Why AI Leaks Data Without a Click

You think your AI is working for you…until it’s leaking your data. Welcome to Echo Leak, the zero-click exploit that can send your company’s most sensitive info to attackers, and you won’t even realize it’s happening. Here’s how it works: an email lands in your inbox, and without anyone clicking anything, your AI system picks it up. It accesses your sensitive data from Outlook, SharePoint, Teams, and quietly ships it out through a crafted URL, all while doing exactly what you paid it to do. This isn’t a glitch. It’s a massive vulnerability. In this minisode, we dive into the lethal trifecta, three factors that make your AI system an easy target for this type of attack. From private data access to untrusted content, to how your AI can communicate externally, it’s all laid out for you. Learn how to protect your systems, lock down permissions, and secure your AI agents before they become the next big breach. In this episode, you’ll learn: 1. What Echo Leak is and how zero-click exploits can leak your data silently 2. The "lethal trifecta": Three key vulnerabilities in AI systems that make them exploitable 3. Actionable steps to restrict AI agents' permissions and prevent Echo Leak Episode highlights: (00:00) Echo Leak: How it works without any user clicks (03:00) The "lethal trifecta" and why it's a security risk for AI (05:40) Real-world Echo Leak examples from Black Hat and RSA (08:00) Vendor responses and why they’re missing the point (09:40) Understanding AI agent governance failures (12:00) Steps to secure your AI systems against Echo Leak (14:20) Restricting external communication and limiting data access (16:00) Designing AI systems with security in mind (18:00) Preparing for AI exploits like Echo Leak Resources: * EchoLeak: Zero-Click Microsoft 365 Copilot Vulnerability [https://www.linkedin.com/pulse/echoleak-zero-click-microsoft-365-copilot-stephen-dyson-ivgye/] * The lethal trifecta for AI agents: private data, untrusted content, and external communication [https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/] * The lethal trifecta for AI agents [https://simonw.substack.com/p/the-lethal-trifecta-for-ai-agents] * YouTubeBlack Hat USA 2025 | AI Enterprise Compromise - 0click Exploit Methods [https://youtu.be/M_BDq2hTJxU?t=1470] * Penetration Testing [https://www.bugcrowd.com/glossary/penetration-testing/] * Safeguarding VS Code against prompt injections [https://github.blog/security/vulnerability-research/safeguarding-vs-code-against-prompt-injections/]

Your Security Was Built for Humans, Not AI

AI agents are already embedded within your infrastructure, yet the critical issue remains: no one is truly in control. In this episode, we sit down with two experts from Red Hat, Michael Epley [https://www.linkedin.com/in/epleymichael/] and Sam Richman [https://www.linkedin.com/in/sam-richman/], who are actively engaged at the intersection of AI, security, and defense. Their work isn't theoretical; it's about managing systems where the stakes couldn't be higher. Michael Epley, as Chief Architect and Security Strategist, has dedicated years to building identity and governance frameworks in environments where errors are unacceptable. Meanwhile, Sam Richman, Principal Architect for Defense, is responsible for deploying software from development environments to operational drones. This discussion reveals some uncomfortable realities surrounding modern security and AI: the presence of AI agents operating without proper identification, the ineffectiveness of security models designed for human users when governing machine behavior, and the challenge of managing systems that cannot be thoroughly tested, predicted, or trusted. Despite these challenges, these systems are being rolled out. If you're involved in developing AI systems or ensuring their security, this episode poses a critical question: Do you truly understand what your AI agents are doing? In this episode, you’ll learn: 1. Why AI agents break traditional identity and access models 2. How overprovisioned agents create invisible security risks 3. What real governance looks like when systems can’t be fully tested Things to listen for:  (00:00) Meet Michael Epley and Sam Richman (02:47) Are enterprises ready for AI agents (05:00) Why AI adoption outpaces value (07:00) AI finding vulnerabilities humans missed (10:58) Why AI systems are unpredictable by design (13:00) The identity problem for AI agents (17:00) Digital sovereignty becomes mission-critical (21:30) AI strategy in defense and enterprise (26:30) Why modular AI infrastructure matters (27:30) What Kagenti actually solves (31:00) Fixing overprovisioned AI agents (34:30) Observability and agent behavior tracking (38:00) AI at the edge and deployment risks (47:30) Running AI without losing control of data (59:00) Predictions for AI governance and agents Resources: Michael Epley’s LinkedIn: https://www.linkedin.com/in/epleymichael [https://www.linkedin.com/in/epleymichael] Sam Richman’s LinkedIn: https://www.linkedin.com/in/sam-richman [https://www.linkedin.com/in/sam-richman] Red Hat website: https://www.redhat.com [https://www.redhat.com]

Is AI Actually Helping or Hurting Devs?

Adron Hall thinks you already missed the boat if you are still banging away at lines of code.  He watches organizations struggle with locked-down environments while the rest of the industry moves at a pace they can't keep up with. The junior pipeline is collapsing, and we are building systems on code that nobody actually understands. Vibe coding sounds like a dream until the production system crashes at two in the morning.  Adron Hall [https://www.linkedin.com/in/adron/], Principal Software Engineer at Composite Thrashing Code, [https://www.google.com/search?q=https://thrashingcode.com/]joins Nicky Pike [https://www.linkedin.com/in/nicky-pike/] to discuss why productivity gains are getting eaten by debugging and what happens when the AI agents start treating your main repo like a sandbox project. If you are wondering if you are building faster or just debugging more, this conversation provides the reset you need. In this episode, you’ll learn: 1. Why writing code manually means you are already too far behind 2. How to manage the six specific types of AI code changes 3. The reason Diff Discipline is the only way to survive vibe coding Things to listen for:  (00:00) Meet Adron Hall (03:14) Why the junior developer pipeline is imploding (05:13) How to reign in agent scope for better results (08:31) The slow creeping dread of vibe coding (12:50) Moving past communication cycles with prototypes (16:50) Why shipping to production needs a human gatekeeper (20:20) How roles shift when agents handle the workflow (24:05) Why slinging individual lines of code is over (29:47) Bringing a generalist approach back to computer science (34:57) Breaking down the six types of code changes (41:40) Why AI optimizes for plausible output instead of correctness (52:37) Enforcing diff limits to keep human reviewers sane (57:29) Setting up no-fly zones for sensitive code (01:02:41) The coming hundred x shock to the tech industry (01:11:27) What it means to be a coder in 2026 Resources: Adron Hall’s LinkedIn: https://www.linkedin.com/in/adron/ [https://www.linkedin.com/in/adron/] Composite Thrashing Code blog: https://compositecode.blog/ [https://compositecode.blog/]

AI Is Skipping the Fundamentals and That Should Worry You feat. Dan Vega

Dan Vega [https://www.linkedin.com/in/danvega/] has spent years teaching developers how to build things the right way. Now he’s watching AI change how an entire generation learns to code. Dan is a Spring Developer Advocate at Broadcom [https://www.broadcom.com], and in this episode of [Dev]olution, we get into what happens when AI removes friction faster than it builds understanding. Writing code has never been easier, but the fundamentals are quietly getting skipped. We talk about why AI is creating masters with no apprentices, how junior developers are getting fast-tracked past the learning phase, and why understanding systems still matters more than shipping quickly.  If you’re building with AI or trying to learn without losing the basics, this conversation with Dan Vega is one heck of a learning session. In this episode, you’ll learn: 1. Why developers still need to learn how systems fail, not just how code runs 2. How AI changes the role of mentors and what juniors are missing without feedback loops 3. Why shipping faster doesn’t automatically mean building better software Things to listen for:  (00:00) Meet Dan Vega (01:40) How AI changed the way people learn to code (05:05) Shipping code without understanding systems (08:55) Dan’s path from learning fundamentals to teaching them (12:35) How AI reinforces bad developer habits (16:00) The “masters with no apprentices” problem (19:45) Why juniors are skipping the struggle phase (23:55) Copying answers versus building intuition (28:15) Why debugging is where learning happens (32:10) Teaching reasoning instead of syntax (36:30) The danger of prompt-driven development (40:20) What senior developers should do differently (44:35) Using AI without losing judgment (48:50) Advice for developers starting today (53:30) Final thoughts on learning in an AI-first world Resources: Dan Vega’s LinkedIn: https://www.linkedin.com/in/danvega/ [https://www.linkedin.com/in/danvega/] Broadcom website: https://www.broadcom.com [https://www.broadcom.com]

Shai-Hulud: The NPM Worm That Spreads Like Virus

Welcome to the first minisode of Devolution where we dive into the devastating Shai-Hulud attack that shook the NPM ecosystem last year.  Nicky Pike breaks down how a self-replicating worm took control of over 25,000 GitHub repositories, exploiting a simple NPM command that every developer runs without thinking. From the rapid spread to its impact on household developer tools, this attack wasn’t just a breach, it was a full-blown software pandemic. Listen in as we explore how this worm spread like wildfire, evaded detection, and the long-lasting implications it has on developer security. Get ready as we get into zero-day vulnerabilities and what we need to do to protect our development environments moving forward. Don’t let the next Shai-Hulud catch you off guard. In this episode, you’ll learn: 1. How Shai-Hulud started as a simple NPM command and evolved into a self-replicating worm. 2. Why big companies like PostHog and Trust Wallet were impacted despite having strong security measures, exposing critical vulnerabilities in their defenses. 3. What you can do next by rethinking your security models to protect against evolving threats like Shai-Hulud. Episode highlights: (00:00) 25,000 Repos in 72 Hours, What Happened? (00:30) The First Self-Replicating NPM Worm (01:00) Shai-Hulud 2.0 Goes Exponential (02:00) How It Bypassed Security & Harvested Secrets (03:00) 400K Secrets Exposed & the Trust Wallet Fallout (04:15) Why Traditional Developer Security Failed (05:00) What Teams Must Change Now Resources: * Widespread Supply Chain Compromise Impacting npm Ecosystem [https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem] * The Shai-Hulud 2.0 npm worm: analysis, and what you need to know [https://securitylabs.datadoghq.com/articles/shai-hulud-2.0-npm-worm/] * Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets [https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack] * Post-mortem of Shai-Hulud attack on November 24th, 2025 [https://posthog.com/blog/nov-24-shai-hulud-attack-post-mortem] * “Shai-Hulud” npm Attack: What You Need to Know [https://securityboulevard.com/2025/09/shai-hulud-npm-attack-what-you-need-to-know/] * Inside Shai-Hulud’s Maw: How The NPM Worm Exploits And Propagates [https://checkmarx.com/zero-post/inside-shai-huluds-maw-how-the-npm-worm-exploits-and-propagates/]