This Week in AI Security - 27th November 2025

This Week in AI Security - 27th November 2025

In this week's episode, Jeremy covers seven stories that highlight the continuing pattern of API-level risks, the rise of multi-agent threats, and new academic insights into LLM fundamentals.

Key stories include:

  • RCE via PyTorch: A high-severity vulnerability (with an assigned CVE) was discovered in the widely-used PyTorch package, enabling Remote Code Execution (RCE) through malicious payloads at the API layer. This reinforces the trend of the API being the primary attack surface for AI applications.
  • AI Browser Local Command Execution: Researchers found an API flaw in AI browsers that allowed a malicious instruction set to execute local commands on a user's machine via an embedded extension.
  • Klein Bot Vulnerabilities: An open-source coding agent was found to have multiple security flaws, including the exfiltration of API keys and the disclosure of its underlying model (Grok), validating OWASp's risk categories.
  • Multi-Agent Risk in ServiceNow: Researchers demonstrated that in ServiceNow’s new A-to-A agentic workflows, default configurations place agents in the same network, allowing them to communicate and be exploited using the privileges of the human user who created them.
  • The "Subspace Problem" of Red Teaming: Academic research argues that current LLM red teaming methods are flawed because they test human language, not the numerical token strings the LLM actually processes, meaning predictable token-level vulnerabilities remain hidden.
  • AI Evaluation Shift: A paper argues that non-deterministic LLM environments require a shift away from binary "yes/no" security checks (like traditional network security) toward scenario-based testing for better risk evaluation.
  • Positive ROI of AI in Security: A Google paper provides positive data for early movers, showing that AI can triage at least 50% of security incidents, leading to reduced human workloads and faster response times, providing a strong case for simple, prompt-based AI improvements in security operations.

------

Worried about AI security? Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/request-a-demo

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(120)

This Week in AI Security - 2nd July 2026

This Week in AI Security - 2nd July 2026

A lighter week on volume, which gives Jeremy room to go deeper on a set of stories that all reinforce trends we've been tracking for months. The through-line: prompts keep showing up in places nobody ...

2 Jul 12min

This Week in AI Security - 25th June 2026

This Week in AI Security - 25th June 2026

This week's episode is short but loaded. Jeremy walks through a run of stories where AI is reshaping both sides of the security fight at once. Models are now surfacing decades-old vulnerabilities that...

2 Jul 13min

Taylor Hersom of Eden Dta

Taylor Hersom of Eden Dta

In this episode of Modern Cyber, Jeremy is joined by Taylor Hersom, Founder of Eden Data, to explore the critical intersection of cybersecurity, compliance, and enterprise growth.They discuss why star...

24 Jun 42min

This Week in AI Security - 18th June 2026

This Week in AI Security - 18th June 2026

In this episode, Jeremy explores the fallout of the first US government-mandated global model kill switch, an unprecedented action taken against Anthropic's new Fable model. We also examine CISA's rad...

18 Jun 14min

Kenneth Ellington of Ellington Cybersecurity Academy

Kenneth Ellington of Ellington Cybersecurity Academy

In this episode of Modern Cyber, Jeremy sits down with Kenneth Ellington, founder of Ellington Cyber Academy, to explore the rapidly evolving landscape of SIEM engineering, threat hunting, and automat...

16 Jun 30min

This Week in AI Security - 11th June 2026

This Week in AI Security - 11th June 2026

In this episode, Jeremy explores how the automated "Vulnpocalypse" is officially manifesting in enterprise networks. As Microsoft logs a historic record-shattering Patch Tuesday to keep pace with AI-a...

11 Jun 12min

Nick Cawthon of Guage

Nick Cawthon of Guage

In this episode of Modern Cyber, Jeremy sits down with Nick Cawthon, an enterprise-scale design strategist and user experience researcher, to explore the critical and frequently neglected relationship...

9 Jun 38min

This Week in AI Security - 4th June 2026

This Week in AI Security - 4th June 2026

In this week's episode, Jeremy reports live from the sidelines of Infosecurity Europe in London. As state-sponsored actors turn to thousands of automated recursive prompts to weaponize zero-days, the ...

4 Jun 14min

Populært innen Business og økonomi

stopp-verden
lydartikler-fra-aftenposten
dine-penger-pengeradet
rss-penger-polser-og-politikk
e24-podden
rss-borsmorgen-okonominyhetene
rss-skravla-gar
aftenbladet-intervjuer
pengepodden-2
rss-pa-konto
finansredaksjonen
livet-pa-veien-med-jan-erik-larssen
tid-er-penger-en-podcast-med-peter-warren
morgenkaffen-med-finansavisen
utbytte
okonomiamatorene
liberal-halvtime
lederpodden
pengesnakk
rss-politisk-preik