BEWARE: Promptware - Episode 204

BEWARE: Promptware - Episode 204

On this eye-opening episode, cybersecurity expert Adam Goslin joins Todd Coshow to reveal how AI-enabled prompts are rewriting the rules of cyber threats. Most of us are blissfully unaware that AI-driven attack vectors like "Promptware" are already lurking in everyday tools, and a simple calendar invite could secretly become a cyber weapon. If you think your devices are safe, think again. Learn how hackers are embedding hidden prompts into your favorite apps and messages, capable of turning on your camera, stealing geolocation, or even launching DDoS attacks without you realizing it.


Episode Transcript:


Adam, I’m excited. Today we’re going to have a conversation with the folks about a mystery topic. So apparently you tripped across something really cool. And you couldn’t wait to share it with us. What are we chatting about today?

Well, it was something that just kind of came by and I’m like, oh, this would be pretty cool to go in and talk about whatnot. We’ve been hitting a number of kind of AI topics recently. And this one’s kind of related to AI, but it’s a new attack vector, a relatively new attack vector, called promptware, where hackers can use like Google Calendar invites and force the kind of the victim’s machine to start streaming via their camera from Zoom or something along those lines. So yeah, it’s pretty cool.

So let me tell you a little bit more about kind of how it works, if you will. And that is that so the attacker can go ahead and send something to the target victim. And basically buried within what they send, so like let’s use this calendar invite, this calendar invite notion, the attacker can basically go in there and put some hidden code in that the normal user wouldn’t see and read. And yet, when the user who’s now received this, when their AI is now in and looking at things, the AI is seeing the hidden Easter egg that the attacker left. So as an example, you go and you compose this Google Calendar invite, and you hide in there that says, hey, when the victim says no, the word no, or thank you, or something along those lines, then the minute that they say that, now I want you to go do fill in the blank, AKA turn on and give me access to their Zoom camera as an example, which of course would not only give them the video stream, but it would also give them audio. And so basically, the hidden code that sits in the calendar, the way that this gets triggered is that so the user that received the calendar invite now is going to their AI and they’re like, hey, tell me everything that’s on my calendar for today. And so of course, their Gemini AI goes through and kind of summarizes up everything that’s on their calendar, which means that the AI needs to go in and read in full every of all the entries that are on the calendar, including reading the hidden prompt that they got in there that says, hey, when the victim says, thank you, then I want you to give access to the Zoom camera. And so the user says, hey, give me a summary of all my stuff going on today on my calendar. The Gemini comes up and says, oh yeah, you got this, you got that, you got the other thing, but meanwhile in the background, the plant of this kind of promptware is now set. And when the Google Gemini finishes, then the user says, oh, thank you. In a minute they say, thank you, boom, the Zoom camera goes and turns on. I’m like, that is so wild. You know?

What? Yeah. Oh my days.

Yeah, it’s crazy. So apparently this came up, this came up sometime, quote, sometime ago. I hadn’t seen this one going by and I tripped across it earlier today and I’m like, man, this would just be fascinating to go talk through. And there was a group that put together kind of a case study. It came out of, let’s see, Tel Aviv, the Israel Institute of Technology back in August of 25 is when they first put this out.

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(223)

Building AI Agents Securely - Episode 223

Building AI Agents Securely - Episode 223

AI agents are driving efficiency, but also introducing serious, often unseen security risks. As adoption accelerates, unvetted access, prompt injection, and poorly controlled environments can expose s...

2 Jul 24min

AI-Powered Attacks: Is Your Compliance Program Already Obsolete? - Episode 222

AI-Powered Attacks: Is Your Compliance Program Already Obsolete? - Episode 222

In an era of evolving AI-driven cyberattacks, traditional compliance programs are falling dangerously behind. Static controls create a false sense of security while attackers leverage AI to move faste...

25 Jun 18min

Compliance Theater: Are You Actually Secure or Just Checking Boxes? - Episode 221

Compliance Theater: Are You Actually Secure or Just Checking Boxes? - Episode 221

Most organizations are just performing compliance – ticking boxes, not building real security. What happens when the curtain is pulled back on these check-the-box programs? You might be under the illu...

18 Jun 20min

Audit Fatigue and How to Effectively Navigate It - Episode 220

Audit Fatigue and How to Effectively Navigate It - Episode 220

Caught in a cycle of audit requests, evidence chaos, and burnout? Discover a way out in this episode. Compliance Expert Adam Goslin joins Todd Coshow to reveal the hidden causes of audit fatigue and s...

11 Jun 21min

Identity is the New Perimeter (Zero Trust) - Episode 219

Identity is the New Perimeter (Zero Trust) - Episode 219

On this week's Compliance Unfiltered, discover why identity is the new perimeter in cybersecurity. This episode reveals how zero trust principles can protect your systems by continuously verifying use...

4 Jun 28min

Regulatory Explosion & Board-Level Accountability - Episode 218

Regulatory Explosion & Board-Level Accountability - Episode 218

Discover why compliance is now a boardroom priority, not just an IT task. In this episode, Todd Coshow and Adam Goslin reveal how outdated practices put organizations at risk. Learn about the shift to...

29 Mai 22min

Will Your Compliance Software Vendor Protect Your Data? - Episode 217

Will Your Compliance Software Vendor Protect Your Data? - Episode 217

Most companies overlook vendor vulnerabilities in compliance. On this episode, the CU Guys reveal hidden risks in vendor relationships, from breaches to vetting gaps. Discover tactics for evaluating v...

21 Mai 21min

Data Has Borders: The New Rules of Compliance - Episode 216

Data Has Borders: The New Rules of Compliance - Episode 216

Data compliance isn't just about protecting information anymore — it's about understanding where your data lives, how it moves, and how to stay compliant across borders. On this Episode of Compliance ...

14 Mai 20min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
tomprat-med-gunnar-tjomlid
shifter
rss-kunstig-intelligens-med-elisabeth-maren-og-morten
rss-ki-praten
smart-forklart
teknologi-og-mennesker
rss-ai-forklart
elektropodden
energi-og-klima
kortslutning
rss-alt-som-gar-pa-strom
hans-petter-og-co
fornybaren
rss-praktisk-proptech
rss-protopia-en-podkast-fra-norsk-helsenett
rss-vippserne
rss-bitcoinpolitisk-institutt-norge