Modern Cyber with Jeremy Snyder

This Week in AI Security - 7th May 2026

14 min · 7. maj 2026
episode This Week in AI Security - 7th May 2026 cover

Beskrivelse

In this episode for May 7, 2026, Jeremy reports from the sidelines of BSides Luxembourg. This week marks a significant shift in AI-driven vulnerability research, moving from source code analysis to the successful reverse engineering of closed-source compiled binaries. Key Episode Highlights: * GitHub Backend RCE: Researchers from Wiz used AI-augmented binary analysis to find an X-stat header injection vulnerability in GitHub’s Git push pipeline, achieving a CVSS score of 8.7 on closed-source code. * The "Copyfail" Crisis: A critical Linux security flaw dating back to 2017 was uncovered using AI-assisted tools. The story highlights the tension between automated discovery and the rise of "AI slop" in automated vulnerability disclosures. * CISA Patching Mandates: CISA is considering lowering the required "mean time to patch" from 14 days to just 3 days in response to AI’s ability to find vulnerabilities at an "apocalypse" scale. * Shadow AI Exposure: A study by Intruder found over 1 million exposed AI services via certificate transparency logs, with 31% of Meta Llama servers requiring zero authentication. * Google "Cosmo" Leak: A massive 1.13 GB system-level agent for Android briefly leaked on the Play Store, revealing an autonomous browser agent with deep system permissions. * The Criminal Skill Gap: New research from the University of Edinburgh suggests that while AI is boosting professional developers, most cybercriminals currently lack the skills to weaponize AI at a "weaponizable scale". Shadow AI and unsecured AI models are the new frontier of enterprise risk. 31% of exposed AI servers are operating with zero authentication. Don't let your infrastructure be the next headline. Get full visibility into your AI environment in 15 minutes. Book your FireTail demo: https://www.firetail.ai/schedule-your-demo [https://www.firetail.ai/schedule-your-demo] Episode Links https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 https://cyberscoop.com/copy-fail-linux-vulnerability-artificial-intelligence/ https://www.reuters.com/legal/litigation/us-officials-weigh-cutting-deadlines-fix-digital-flaws-amid-worries-over-ai-2026-05-01/ https://venturebeat.com/security/ai-agent-runtime-security-system-card-audit-comment-and-control-2026 https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html https://www.euronews.com/next/2026/05/05/cybercriminals-gave-ai-a-go-and-came-away-disappointed-study-finds https://www.bleepingcomputer.com/news/security/learning-from-the-vercel-breach-shadow-ai-and-oauth-sprawl/ https://azat.tv/en/google-cosmo-ai-leak-privacy-safety/https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

Kommentarer

0

Vær den første til at kommentere

Tilmeld dig nu og bliv en del af Modern Cyber with Jeremy Snyder-fællesskabet!

Kom i gang

1 måned kun 9 kr.

Derefter 99 kr. / måned · Opsig når som helst.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

Alle episoder

122 episoder

episode This Week in AI Security - 16th July 2026 cover

This Week in AI Security - 16th July 2026

Another lighter week that lets Jeremy slow down and dig into the stories that matter most. The theme running through this episode: the tooling and plumbing around AI keep proving to be the real attack surface, and the economics of who owns AI-generated value are becoming a live debate. This week covers a prompt-injection twist that turns code-scanning agents against the code they are meant to protect, a new evolution of package-name squatting, a Langflow vulnerability hitting a major patching milestone, another agentic AWS compromise, and Satya Nadella's argument that enterprises are paying for AI twice. Key Episode Highlights * "Friendly fire": AI agents built to scan for malicious code can be tricked into executing it, when a code repository being scanned contains embedded malicious instructions that hit the third-party scanning engine rather than the codebase itself. * Hallux squatting: researchers from Tel Aviv University and the Technion show that LLM package-name hallucinations are predictable at roughly 85 percent accuracy and consistent across foundation models, letting attackers pre-register those names and stuff them with malware. The evolution of what was called slop squatting, and Palo Alto's phantom squatting. * Langflow hits the CISA KEV: CVE-2026-55255, an IDOR (broken function level authorization) flaw letting an authenticated user run any other user's workflows, has landed in CISA's Known Exploited Vulnerabilities catalog, roughly three months from first report to confirmed in-the-wild exploitation and a federal patching mandate. * Another agentic AWS compromise: concurrent work streams running credential harvesting, backdoor creation, and RDS data exfiltration, with queues zeroed out to obscure the attack. A follow-on to last week's agentic ransomware story, and notably not built on novel zero-days. * Nadella on paying twice: the Microsoft CEO argues enterprises pay for AI once in tokens and again by handing over proprietary knowledge through prompts, corrections, and feedback, what he calls "exhaust," raising the question of who should own that data. Episode Links - ‍ https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html [https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html] https://www.securityweek.com/hallusquatting-turns-ai-hallucinations-into-botnet-delivery-mechanism/ [https://www.securityweek.com/hallusquatting-turns-ai-hallucinations-into-botnet-delivery-mechanism/] https://www.techtimes.com/articles/319918/20260708/cisa-adds-first-ai-agent-platform-kev-sets-thursday-deadline-4-cves.htm [https://www.techtimes.com/articles/319918/20260708/cisa-adds-first-ai-agent-platform-kev-sets-thursday-deadline-4-cves.htm] https://www.infosecurity-magazine.com/news/threat-actor-agentic-ai-cloud/ [https://www.infosecurity-magazine.com/news/threat-actor-agentic-ai-cloud/] https://techcrunch.com/2026/07/13/satya-nadella-has-issued-a-shocking-warning-to-companies-using-ai/ [https://techcrunch.com/2026/07/13/satya-nadella-has-issued-a-shocking-warning-to-companies-using-ai/] ‍

I går15 min
episode This Week in AI Security - 9th July 2026 cover

This Week in AI Security - 9th July 2026

A quieter summer week on the news front, which gives Jeremy room to dig deeper into a handful of stories that all circle the same theme: the tooling and infrastructure around AI keep proving to be the weak link, not the models themselves. This week covers a critical remote-code-execution flaw in the Cursor IDE, a fresh round of coding agents falling to bash obfuscation, a prompt-injection payment scam spreading through SEO poisoning, what one research team is calling the first end-to-end agentic ransomware event, and renewed attention on Anthropic's sleeper agents research and what it means for open-weight model adoption. Key Episode Highlights Cursor RCE (CVSS 9.8): a sandbox-escape chain in the Cursor AI IDE that lets a poisoned MCP server or repo file run arbitrary OS commands with no user approval, by manipulating the working-directory allow list and abusing symlinks to overwrite the sandbox binary. ‍ Coding agents fall to bash obfuscation: Adversa AI tested 11 open source coding agents and found 10 failed to guard against classic bash obfuscation, letting a poisoned Readme or Makefile exfiltrate AWS credentials. Prompt-injection payment scam: Zscaler Threat Labs (a FireTail investor) documented SEO poisoning that lures agents to fake developer sites carrying a hidden prompt to pay for an API key. 26 LLMs were tricked into making crypto payments; two others misclassified a typosquatting site as legitimate. "Jade Puffer": Sysdig's threat research team describes what may be the first end-to-end agentic ransomware event, using an AI agent for reconnaissance and an unpatched Langflow CVE to breach environments, in some cases going from unauthenticated to authenticated in as little as 30 seconds. Sleeper agents, revisited: a Forbes report renews attention on Anthropic's sleeper agents research and the risk that a trigger baked into an open-weight model's training can flip it from behaving normally to exfiltrating data, and why real-time model inventory and observability are the practical defenses. Episode Links - https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/ [https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/] https://www.securityweek.com/decades-old-bash-tricks-expose-ai-coding-agents-to-supply-chain-attacks/ [https://www.securityweek.com/decades-old-bash-tricks-expose-ai-coding-agents-to-supply-chain-attacks/] https://www.securityweek.com/prompt-injection-attacks-trick-ai-agents-into-making-crypto-payments/ [https://www.securityweek.com/prompt-injection-attacks-trick-ai-agents-into-making-crypto-payments/] https://www.forbes.com/sites/josipamajic/2026/07/03/hidden-llm-backdoors-could-detonate-at-massive-scale/ [https://www.forbes.com/sites/josipamajic/2026/07/03/hidden-llm-backdoors-could-detonate-at-massive-scale/] https://www.unite.ai/kelas-2026-mid-year-ai-threat-landscape-report-ai-is-becoming-both-the-weapon-and-the-target/ [https://www.unite.ai/kelas-2026-mid-year-ai-threat-landscape-report-ai-is-becoming-both-the-weapon-and-the-target/] https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/ [https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/] ‍

I går12 min
episode This Week in AI Security - 2nd July 2026 cover

This Week in AI Security - 2nd July 2026

A lighter week on volume, which gives Jeremy room to go deeper on a set of stories that all reinforce trends we've been tracking for months. The through-line: prompts keep showing up in places nobody thinks to inspect, AI development tooling keeps proving to be a soft target, and the infrastructure around AI is becoming a first-class attack surface. Plus an update on the US government's limited release of Anthropic's Mythos model, and a fresh Five Eyes warning that the cyber risk timeline is measured in months, not years. Key Episode Highlights * GuardFall: research from Versa showing a prompt-injection technique that defeats 10 of the 11 most popular open source coding and computer-use agents (Cline, Goose, Aider, Roo Code, OpenHands, and others) using basic bash obfuscation. Roughly 548,000 combined GitHub stars across the affected tools. * Amazon Q auto-load flaw: Wiz found the tool auto-loads an amazonq/mcp.json file from cloned repos with no prompt, consent, or workspace-trust check, opening a path to arbitrary code execution. * Perplexity typosquat: Microsoft Defender uncovered a malicious "Search for Perplexity.ai [http://Perplexity.ai]" extension that captured every keystroke in the address bar and routed it to perplexity-ai.online [http://perplexity-ai.online]. AI chat-skimming extensions total roughly 900,000 installs across 20-plus enterprise networks. * Langflow RCE: a new critical CVE enabling remote code execution and arbitrary Python on exposed instances. Trend Micro documented a 19-day campaign deploying Monero crypto miners. * Mythos, unblocked (with limits): the US government has lifted its export-control block on Anthropic's Mythos 5 release, though the exact terms remain fuzzy. * Five Eyes warning: a joint NSA, GCHQ, and allied-agency statement that frontier AI will accelerate the speed, scale, and sophistication of cyber threats, with Bruce Schneier arguing in The Guardian that AI decouples skill from ability. Episode Links - * https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html [https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html] * https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html [https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html] * https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html [https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html] * https://www.theguardian.com/technology/2026/jun/22/anthropic-claude-fable-ai-model-artificial-intelligence-national-security [https://www.theguardian.com/technology/2026/jun/22/anthropic-claude-fable-ai-model-artificial-intelligence-national-security] * https://www.cnn.com/2026/06/26/tech/anthropic-mythos-release [https://www.cnn.com/2026/06/26/tech/anthropic-mythos-release] * https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html [https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html]

2. juli 202612 min
episode This Week in AI Security - 25th June 2026 cover

This Week in AI Security - 25th June 2026

This week's episode is short but loaded. Jeremy walks through a run of stories where AI is reshaping both sides of the security fight at once. Models are now surfacing decades-old vulnerabilities that humans never caught, chaining old bugs into new high-impact attacks, and getting jailbroken within days of launch. On top of that: a fresh zero-click exfiltration chain in Microsoft 365 Copilot, a database that doubles as a covert attack channel, a major open source patching initiative from OpenAI and Trail of Bits, and a NIST proof that no fixed set of guardrails can hold forever. Key Episode Highlights * SquidBleed: a Squid proxy flaw sitting in the default config since a 1997 commit, surfaced almost instantly by Claude Mythos Preview under Project Glasswing. Roughly 30 years undetected by humans. * The HTTP/2 Bomb: a denial-of-service attack chaining an HPACK compression bomb with a Slowloris-style memory hold, built by an AI model that read the codebases and stitched together two old CVEs. * The Daybreak Initiative: OpenAI pairs GPT-5.5 Cyber with Trail of Bits to find and fix flaws across 30-plus critical open source projects. * Five Eyes alarm: NSA and CISA issue a rare joint statement warning that frontier AI will transform offense and defense, with a timeline measured in months, not years. * SearchLeak: Varonis discloses a zero-click Microsoft 365 Copilot Enterprise chain that pulls mail, calendar, and files from a single crafted link. Already patched server-side, no customer action needed. * "Oops, I weaponized the database": SpecterOps shows native AI features in Microsoft SQL Server 2025 doubling as a covert command and control and exfiltration channel. Microsoft says it's working as designed. * Meta hits pause: an internal program training AI on employee behavior is halted after sensitive data was exposed to the entire workforce. * Fable 5 jailbroken: Bruce Schneier reports Anthropic's new Mythos-class model bypassed within days, with its 120,000 character system prompt leaked to GitHub. * NIST proof: a peer-reviewed result showing no finite set of guardrails can be universally robust against an adaptive adversary. Episode Links * https://thehackernews.com/2026/06/29-year-old-squid-proxy-bug-squidbleed.html * https://www.theregister.com/security/2026/06/04/openais-codex-chains-decade-old-dos-techniques-into-http/2-bomb/5251377 * ‍https://openai.com/index/patch-the-planet/ * ‍https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/ * https://specterops.io/blog/2026/06/10/oops-i-weaponized-the-database-abusing-ai-features-in-mssql-2025/ * https://www.wired.com/story/meta-accidentally-let-employees-access-each-others-keystroke-data/ * https://www.schneier.com/blog/archives/2026/06/anthropics-fable-5-model-jailbroken-within-days.html * https://www.nist.gov/news-events/news/2026/06/nist-mathematical-proof-supports-transition-continuous-monitor-and-update

2. juli 202613 min
episode Taylor Hersom of Eden Dta cover

Taylor Hersom of Eden Dta

In this episode of Modern Cyber, Jeremy is joined by Taylor Hersom, Founder of Eden Data, to explore the critical intersection of cybersecurity, compliance, and enterprise growth. They discuss why startups often overinvest in technical security tools while underinvesting in the actual foundation of customer trust. Taylor unpacks how compliance frameworks like SOC 2 and ISO 27001 act as a powerful "trust escrow" for businesses and explains the complex nuances of the Cybersecurity Maturity Model Certification (CMMC) for government contractors and their subcontractors. The conversation also tackles the escalating challenge of shadow IT driven by AI tools, the urgent need for structured AI governance, and why the cybersecurity industry must shift away from relying on static employee policies toward implementing automated technical controls that eliminate human error entirely. About Taylor Hersom Taylor is the Founder of Eden Data, a modern cybersecurity firm recently acquired by Riveron, where it now plays a key role in expanding the firm’s risk advisory platform. A former Deloitte leader and CISO, Taylor brings deep expertise in governance and compliance frameworks, including SOC 2, ISO 27001, and HIPAA. Since founding Eden Data, he has helped hundreds of startups and scaleups—including Nooks AI, Zendesk, Bitly, and Kindbody—navigate everything from early-stage compliance to IPO readiness. He has earned Partner of the Year awards four years in a row from Drata. With his background, Taylor speaks to the evolving intersection of cybersecurity, compliance, and enterprise growth, showing how trust can be a powerful driver of business success. Episode Links Eden Data: https://www.edendata.com/ [https://www.edendata.com/] Taylor Hersom on LinkedIn: https://www.linkedin.com/in/taylorhersom/ [https://www.linkedin.com/in/taylorhersom/]

24. juni 202642 min