This Week in AI Security - 25th June 2026

This Week in AI Security - 25th June 2026

This week's episode is short but loaded. Jeremy walks through a run of stories where AI is reshaping both sides of the security fight at once. Models are now surfacing decades-old vulnerabilities that humans never caught, chaining old bugs into new high-impact attacks, and getting jailbroken within days of launch. On top of that: a fresh zero-click exfiltration chain in Microsoft 365 Copilot, a database that doubles as a covert attack channel, a major open source patching initiative from OpenAI and Trail of Bits, and a NIST proof that no fixed set of guardrails can hold forever.

Key Episode Highlights

  • SquidBleed: a Squid proxy flaw sitting in the default config since a 1997 commit, surfaced almost instantly by Claude Mythos Preview under Project Glasswing. Roughly 30 years undetected by humans.
  • The HTTP/2 Bomb: a denial-of-service attack chaining an HPACK compression bomb with a Slowloris-style memory hold, built by an AI model that read the codebases and stitched together two old CVEs.
  • The Daybreak Initiative: OpenAI pairs GPT-5.5 Cyber with Trail of Bits to find and fix flaws across 30-plus critical open source projects.
  • Five Eyes alarm: NSA and CISA issue a rare joint statement warning that frontier AI will transform offense and defense, with a timeline measured in months, not years.
  • SearchLeak: Varonis discloses a zero-click Microsoft 365 Copilot Enterprise chain that pulls mail, calendar, and files from a single crafted link. Already patched server-side, no customer action needed.
  • "Oops, I weaponized the database": SpecterOps shows native AI features in Microsoft SQL Server 2025 doubling as a covert command and control and exfiltration channel. Microsoft says it's working as designed.
  • Meta hits pause: an internal program training AI on employee behavior is halted after sensitive data was exposed to the entire workforce.
  • Fable 5 jailbroken: Bruce Schneier reports Anthropic's new Mythos-class model bypassed within days, with its 120,000 character system prompt leaked to GitHub.
  • NIST proof: a peer-reviewed result showing no finite set of guardrails can be universally robust against an adaptive adversary.

Episode Links

  • https://thehackernews.com/2026/06/29-year-old-squid-proxy-bug-squidbleed.html
  • https://www.theregister.com/security/2026/06/04/openais-codex-chains-decade-old-dos-techniques-into-http/2-bomb/5251377
  • ‍https://openai.com/index/patch-the-planet/
  • ‍https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/
  • https://specterops.io/blog/2026/06/10/oops-i-weaponized-the-database-abusing-ai-features-in-mssql-2025/
  • https://www.wired.com/story/meta-accidentally-let-employees-access-each-others-keystroke-data/
  • https://www.schneier.com/blog/archives/2026/06/anthropics-fable-5-model-jailbroken-within-days.html
  • https://www.nist.gov/news-events/news/2026/06/nist-mathematical-proof-supports-transition-continuous-monitor-and-update

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(120)

This Week in AI Security - 2nd July 2026

This Week in AI Security - 2nd July 2026

A lighter week on volume, which gives Jeremy room to go deeper on a set of stories that all reinforce trends we've been tracking for months. The through-line: prompts keep showing up in places nobody ...

2 Heinä 12min

Taylor Hersom of Eden Dta

Taylor Hersom of Eden Dta

In this episode of Modern Cyber, Jeremy is joined by Taylor Hersom, Founder of Eden Data, to explore the critical intersection of cybersecurity, compliance, and enterprise growth.They discuss why star...

24 Kesä 42min

This Week in AI Security - 18th June 2026

This Week in AI Security - 18th June 2026

In this episode, Jeremy explores the fallout of the first US government-mandated global model kill switch, an unprecedented action taken against Anthropic's new Fable model. We also examine CISA's rad...

18 Kesä 14min

Kenneth Ellington of Ellington Cybersecurity Academy

Kenneth Ellington of Ellington Cybersecurity Academy

In this episode of Modern Cyber, Jeremy sits down with Kenneth Ellington, founder of Ellington Cyber Academy, to explore the rapidly evolving landscape of SIEM engineering, threat hunting, and automat...

16 Kesä 30min

This Week in AI Security - 11th June 2026

This Week in AI Security - 11th June 2026

In this episode, Jeremy explores how the automated "Vulnpocalypse" is officially manifesting in enterprise networks. As Microsoft logs a historic record-shattering Patch Tuesday to keep pace with AI-a...

11 Kesä 12min

Nick Cawthon of Guage

Nick Cawthon of Guage

In this episode of Modern Cyber, Jeremy sits down with Nick Cawthon, an enterprise-scale design strategist and user experience researcher, to explore the critical and frequently neglected relationship...

9 Kesä 38min

This Week in AI Security - 4th June 2026

This Week in AI Security - 4th June 2026

In this week's episode, Jeremy reports live from the sidelines of Infosecurity Europe in London. As state-sponsored actors turn to thousands of automated recursive prompts to weaponize zero-days, the ...

4 Kesä 14min

Suosittua kategoriassa Liike-elämä ja talous

sijotuskasti
mimmit-sijoittaa
psykopodiaa-podcast
rss-oivalluksia-rahasta-elamasta
ostan-asuntoja-podcast
rss-rahapodi
asuntoasiaa-paivakirjat
inderespodi
rss-rahamania
rahapuhetta
oppimisen-psykologia
pomojen-suusta
vapauta-supervoimasi-podcast
lakicast
rss-laakispodi
rss-karon-grilli
rss-viisas-raha-podi
rss-viestinnan-palvelumuotoilu
rss-kohti-unelmia
rss-raharadio