Breakpoint Security Podcast

Have you ever thought about how an attacker might reverse-engineer an AI model? Our guest today is doing just that, going beyond passwords and keys to unpack the very DNA of deep learning! In this segment, we're diving into the groundbreaking work of reversing large deep learning models. Our guest reveals how it's possible to reverse an AI model's entire mathematical structure, exposing its architecture, critical hyperparameters, and even the internal weights and biases that define its behavior. We'll explore this new frontier of security research in the context of different model formats and major models like GoogleNet and Llama. This isn't just about finding vulnerabilities; it's about understanding how a malicious actor could exploit the sparsity of a tensor or reverse a tokenizer, fundamentally subverting an AI's core logic. This is next-level threat intelligence, showing us how to defend AI by understanding its deepest secrets. Guest: Yashodhan Mandke, Research Scholar MIT-WPU Yashodhan is a Security Researcher with over 13 years of cutting-edge experience at the intersection of IoT and AI innovation. A tech visionary currently pursuing a doctorate in Satellite and Security, Yashodhan’s academic journey spans M.Tech in Satellite Communication, M.Tech in Signal Processing, and a B.E. in Electronics & Telecommunication. Recommended reading/viewing, Paper(in this topic) for practitioners https://goa2025.nullcon.net/doc/goa-2025/nullcon_2025_rev_dl.pdf -- Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast Audio on Buzzsprout: https://breakpoint.buzzsprout.com If you like to see more like this, please Subscribe to Breakpoint [https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1] Youtube! Please Share with others in the community. It always means a lot! Follow us on LinkedIn: @breakpoint-security-podcast [https://www.linkedin.com/company/breakpoint-security-podcast] Audio on Buzzsprout: https://breakpoint.buzzsprout.com [https://breakpoint.buzzsprout.com] Buzz me on Twitter or LinkedIn Connect with me on - * Twitter: @NeeluTripathy [https://x.com/NeeluTripathy/] * LinkedIn: @neelutripathy [https://www.linkedin.com/in/neelutripathy/]

Ever wonder how zero-day vulnerabilities in your favorite websites get uncovered? Our guest today is diving into a game-changing technique: coverage-guided fuzzing for PHP web apps! Forget slow scanners; we're talking about finding critical bugs before the bad guys do. Guest: Sebastian Neef, PhD at the Technical University of Berlin, at the Chair for Security in Telecommunications In this segment, we explore PHUZZ, an open-source tool that's shaking up web application security testing. Our guest explains how this innovative approach outperforms traditional vulnerability scanners like BurpSuite, ZAP, and WFuzz in pinpointing crucial flaws like SQLi, RCE, XXE, and XSS. We'll delve into the technical hurdles of applying coverage-guided fuzzing to the dynamic nature of web applications and how PHUZZ's clever function hooking and vulnerability detection uncovered over 20 potential security issues and even 2 CVEs in popular WordPress plugins. This is the future of proactive web security, finding those elusive zero-day exploits with the power of intelligent automation. Recommended reading/viewing for practitioners: * https://www.sebastian-neef.de/ * Coverage guided Fuzzing [https://www.youtube.com/watch?v=pTAx03yYxRo] If you like to see more like this, please Subscribe to Breakpoint [https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1] Youtube! Please Share with others in the community. It always means a lot! Follow us on LinkedIn: @breakpoint-security-podcast [https://www.linkedin.com/company/breakpoint-security-podcast] Audio on Buzzsprout: https://breakpoint.buzzsprout.com [https://breakpoint.buzzsprout.com] Buzz me on Twitter or LinkedIn Connect with me on - * Twitter: @NeeluTripathy [https://x.com/NeeluTripathy/] * LinkedIn: @neelutripathy [https://www.linkedin.com/in/neelutripathy/]

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security. As the first installment, we share this fun series where we ask our guests to share 'What they would like their Agents to do for them' :) Guest: Dr Angelina Gokhale Senior Data Scientist, Netmonastery Agents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security.  If you like to see more like this, please Subscribe to Breakpoint [https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1] Youtube! Please Share with others in the community. It always means a lot! Follow us on LinkedIn: @breakpoint-security-podcast [https://www.linkedin.com/company/breakpoint-security-podcast] Audio on Buzzsprout: https://breakpoint.buzzsprout.com [https://breakpoint.buzzsprout.com] Buzz me on Twitter or LinkedIn Connect with me on - * Twitter: @NeeluTripathy [https://x.com/NeeluTripathy/] * LinkedIn: @neelutripathy [https://www.linkedin.com/in/neelutripathy/]

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security. As the first installment, we share this fun series where we ask our guests to share 'What they would like their Agents to do for them' :) Guest: Khushbu Jain Managing Partner, Data Privacy | Ark Legal Agents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security.  If you like to see more like this, please Subscribe! https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1 If you like to see more like this, please Subscribe to Breakpoint [https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1] Youtube! Please Share with others in the community. It always means a lot! Follow us on LinkedIn: @breakpoint-security-podcast [https://www.linkedin.com/company/breakpoint-security-podcast] Audio on Buzzsprout: https://breakpoint.buzzsprout.com [https://breakpoint.buzzsprout.com] Buzz me on Twitter or LinkedIn Connect with me on - * Twitter: @NeeluTripathy [https://x.com/NeeluTripathy/] * LinkedIn: @neelutripathy [https://www.linkedin.com/in/neelutripathy/]

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security. As the first installment, we share this fun series where we ask our guests to share 'What they would like their Agents to do for them' :) Guest: Abhishek Datta Co-Founder | SafeDep Agents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security.  If you like to see more like this, please Subscribe to Breakpoint [https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1] Youtube! Please Share with others in the community. It always means a lot! Follow us on LinkedIn: @breakpoint-security-podcast [https://www.linkedin.com/company/breakpoint-security-podcast] Audio on Buzzsprout: https://breakpoint.buzzsprout.com [https://breakpoint.buzzsprout.com] Buzz me on Twitter or LinkedIn Connect with me on - * Twitter: @NeeluTripathy [https://x.com/NeeluTripathy/] * LinkedIn: @neelutripathy [https://www.linkedin.com/in/neelutripathy/]