AI Security Under Fire: Vulnerabilities, Code Quality, and the Fight Back

AI Security Under Fire: Vulnerabilities, Code Quality, and the Fight Back

Michael Housch explores the latest AI security threats including Google's GeminiJack vulnerability and PromptPwnd attacks, while examining how AI-generated code quality issues are impacting development teams. Plus, how organizations are fighting back with custom AI security models and what India's copyright proposal means for the future of AI training.

"AI Agents: The Security Paradox - When Your Best Defense Becomes Your Biggest Threat

AI agents are revolutionizing cybersecurity in contradictory ways. This episode explores how the same AI technology that enables companies like Picus Security to validate defenses against new threats in hours, instead of weeks, can also autonomously exploit vulnerabilities for profit. We examine why enterprises are hesitant to deploy AI agents at scale due to identity management challenges, the escalating war between publishers and AI scrapers (with blocking up 336%), practical strategies for  identifying truth when AI systems can be manipulated by their owners, and Anthropic's research showing AI can now find and exploit zero-day vulnerabilities in smart contracts autonomously. The bottom line: AI capabilities are advancing faster than our governance frameworks, creating both unprecedented defensive capabilities and entirely new attack vectors that security teams must navigate.

The Misaligned Matrix: AI Cheating, Cloud Debt, and the Rise of Bossware

This week on AI Weekly, we delve into the surprising methods researchers are using to keep AI models honest—including teaching them to cheat—and explore the massive financial risks Oracle is undertaking to fuel the AI cloud goldrush. We also dissect the escalating security and privacy challenges posed by agentic AI, LLM-generated malware, and the booming "bossware" industry surveilling remote workers.

Whisper Leaks, Agentic Attacks, and Shadow AI in the C-Suite

This week, we dive into the dangerous 'Whisper Leak' side-channel attack that infers user conversation topics even when encrypted. We also analyze the new reality of AI-powered cyber campaigns and discuss why corporate executives are breaking their own internal AI security rules.

Agentic Threats and Trustworthy AI: The Week in Review

This week, we dive into critical research from MIT aimed at building safer, faster AI models and modular software, contrasted sharply by alarming reports of successful data exfiltration attacks against major LLMs like Claude and ChatGPT, alongside the emergence of autonomous, adaptive malware. We also look at the governance challenges presented by autonomous "agentic users" entering the enterprise workforce and the profound uncertainty surrounding AI integration in K-12 schools.