This Week in AI Security - 5th March 2026

This Week in AI Security - 5th March 2026

In this week's episode, Jeremy records straight from the sidelines of the [un]prompted security conference in San Francisco. Before diving into his key takeaways from the event, he covers a massive, AI-assisted data breach and a critical shift in how Google API keys must be handled.

Key Stories & Developments:

  • Nation-State AI Hack: A hacker reportedly used Anthropic’s Claude to identify vulnerabilities and OpenAI’s GPT-4.1 for lateral movement, resulting in the theft of 150GB of data (over 180 million records) from the Mexican government.
  • MCP Infrastructure Flaws: An unauthenticated Server-Side Request Forgery (SSRF) flaw leading to Remote Code Execution (RCE) was found in a widely used Atlassian MCP.
  • The Gemini API Key Crisis: A flaw in the Gemini AI panel allowed browser extensions to escalate privileges. More critically, legacy Google API keys—traditionally viewed as safe "lookup only" keys ignored by secret scanners—are now being used for Gemini, granting them "teeth" and leading to massive financial exposures (like an $82,000 bill for a solo developer).

Dispatches from the Unprompted Conference: Jeremy shares his top thematic observations from the event, including:

  • The "Zero-Day Clock": The mean time to exploit availability has plummeted from months to mere hours. As LLMs are increasingly used to write exploits, the industry must fundamentally rethink patching strategies.
  • LLMs Finding Legacy Bugs: Researchers demonstrated LLMs uncovering vulnerabilities in massive software projects that have evaded human detection for decades—some predating the invention of Git.
  • Treating Prompts as Code: A key takeaway from Google's Gemini workspace team: as prompts become the primary instruction set for executing tasks, developers must apply traditional secure coding hygiene and logic to their prompt engineering.

Episode Links

https://www.bloomberg.com/news/articles/2026-02-25/hacker-used-anthropic-s-claude-to-steal-sensitive-mexican-data

https://blog.pluto.security/p/mcpwnfluence-cve-2026-27825-critical

https://cyberpress.org/critical-servicenow-ai-platform-flaw-allows-remote-code-execution-attacks/

https://www.darkreading.com/endpoint-security/bug-google-gemini-ai-panel-hijacking

https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

https://boingboing.net/2026/02/27/stolen-gemini-api-key-racks-up-82000-in-48-hours-for-solo-dev.htmlhttps://unpromptedcon.org/

Worried about AI security? Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/request-a-demo

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(120)

This Week in AI Security - 2nd July 2026

This Week in AI Security - 2nd July 2026

A lighter week on volume, which gives Jeremy room to go deeper on a set of stories that all reinforce trends we've been tracking for months. The through-line: prompts keep showing up in places nobody ...

2 Heinä 12min

This Week in AI Security - 25th June 2026

This Week in AI Security - 25th June 2026

This week's episode is short but loaded. Jeremy walks through a run of stories where AI is reshaping both sides of the security fight at once. Models are now surfacing decades-old vulnerabilities that...

2 Heinä 13min

Taylor Hersom of Eden Dta

Taylor Hersom of Eden Dta

In this episode of Modern Cyber, Jeremy is joined by Taylor Hersom, Founder of Eden Data, to explore the critical intersection of cybersecurity, compliance, and enterprise growth.They discuss why star...

24 Kesä 42min

This Week in AI Security - 18th June 2026

This Week in AI Security - 18th June 2026

In this episode, Jeremy explores the fallout of the first US government-mandated global model kill switch, an unprecedented action taken against Anthropic's new Fable model. We also examine CISA's rad...

18 Kesä 14min

Kenneth Ellington of Ellington Cybersecurity Academy

Kenneth Ellington of Ellington Cybersecurity Academy

In this episode of Modern Cyber, Jeremy sits down with Kenneth Ellington, founder of Ellington Cyber Academy, to explore the rapidly evolving landscape of SIEM engineering, threat hunting, and automat...

16 Kesä 30min

This Week in AI Security - 11th June 2026

This Week in AI Security - 11th June 2026

In this episode, Jeremy explores how the automated "Vulnpocalypse" is officially manifesting in enterprise networks. As Microsoft logs a historic record-shattering Patch Tuesday to keep pace with AI-a...

11 Kesä 12min

Nick Cawthon of Guage

Nick Cawthon of Guage

In this episode of Modern Cyber, Jeremy sits down with Nick Cawthon, an enterprise-scale design strategist and user experience researcher, to explore the critical and frequently neglected relationship...

9 Kesä 38min

This Week in AI Security - 4th June 2026

This Week in AI Security - 4th June 2026

In this week's episode, Jeremy reports live from the sidelines of Infosecurity Europe in London. As state-sponsored actors turn to thousands of automated recursive prompts to weaponize zero-days, the ...

4 Kesä 14min

Suosittua kategoriassa Liike-elämä ja talous

sijotuskasti
mimmit-sijoittaa
psykopodiaa-podcast
rss-oivalluksia-rahasta-elamasta
ostan-asuntoja-podcast
rss-rahapodi
asuntoasiaa-paivakirjat
inderespodi
rss-rahamania
rahapuhetta
oppimisen-psykologia
pomojen-suusta
vapauta-supervoimasi-podcast
lakicast
rss-laakispodi
rss-karon-grilli
rss-viisas-raha-podi
rss-viestinnan-palvelumuotoilu
rss-kohti-unelmia
rss-raharadio