Unlike prompt injection, which targets instructions, embedding attacks operate at a deeper level by influencing how data is represented, retrieved, and interpreted inside vector spaces. By subtly altering embeddings or poisoning data sources, attackers can manipulate AI behavior without ever touching the model directly.

Through a hands-on walkthrough of a custom notebook with rich visualizations, this episode breaks down how embeddings work, why they are critical to LLM-powered systems like RAG pipelines, and how attackers can exploit them in real-world scenarios.

We dig into:
- What embeddings are and how AI systems convert text into numerical representations
- How vector spaces enable similarity search and retrieval in LLM applications
- What embedding space attacks are and why they matter for AI security
- How small perturbations in data can drastically change model behavior
- The risks of poisoned data in RAG and vector databases
- How attackers can influence search results and downstream AI outputs
- Why these attacks are subtle, hard to detect, and often overlooked
- The role of visualization in understanding embedding behavior
- Real-world implications for AI-powered applications and workflows
- Defensive considerations when building with embeddings and vector stores

This episode focuses on the foundational layer of AI systems, showing how security risks extend beyond prompts and into the underlying data representations that power modern AI.

⸻

📚 Key Concepts Covered

AI Foundations
- Embeddings and vector representations
- Similarity search and vector space reasoning

AI Security Risks
- Embedding space manipulation
- Data poisoning in vector databases
- Retrieval manipulation in RAG systems

Applications & Impact
- LLM-powered search and assistants
- AI pipelines using embeddings
- Risks in production AI systems

#AISecurity #Embeddings #CyberSecurity #LLMSecurity #AIThreats #BHIS #AIAgents #ArtificialIntelligence #InfoSec

Join the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security.
https://discord.gg/bhis

• (00:00) - Intro & Episode Overview
• (01:39) - What Are Embeddings? (AI Only Understands Numbers)
• (03:44) - The Embedding Process (Text → Vectors)
• (07:43) - Similarity, Classification & Vector Math
• (09:55) - Visualizing Embedding Space (2D Projection)
• (14:29) - Classifiers
• (15:39) - Playing Games with Information
• (18:06) - Attack Techniques: Synonyms & Context Manipulation
• (20:29) - Context Padding
• (27:10) - Collision Attacks, Defenses & Final Thoughts

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com

Click here to view the episode transcript.

Unlike traditional attacks, indirect prompt injection doesn’t require malware, credentials, or even user interaction. Instead, attackers hide malicious instructions inside everyday content like emails, documents, or web pages — and wait for AI systems to unknowingly execute them.

From real-world exploits like EchoLeak to in-the-wild attacks observed by Palo Alto Unit 42, this episode explores how attackers are already abusing AI-powered tools in production environments — and why current defenses are struggling to keep up.

We dig into:
• What indirect prompt injection is and how it differs from direct attacks
• Why OWASP ranks prompt injection as the #1 LLM security risk
• How attackers hide payloads inside emails, documents, and web content
• The EchoLeak zero-click exploit against Microsoft 365 Copilot
• Web-based prompt injection attacks observed in the wild (Unit 42)
• Exploits targeting AI coding tools like Cursor IDE and GitHub Copilot
• How RAG systems amplify the risk through poisoned knowledge bases
• Why LLM architecture makes this problem fundamentally hard to solve
• Research showing modern defenses still fail 50%+ of the time
• Practical mitigation strategies: least privilege, human-in-the-loop, and observability

This episode focuses on the real-world security implications of AI adoption, showing how attackers are already leveraging these techniques — and what defenders need to understand as AI becomes deeply embedded in business workflows.

⸻

📚 Key References

Prompt Injection & LLM Risk
• OWASP Top 10 for LLM Applications 2025 — https://owasp.org

Real-World Attacks
• EchoLeak (CVE-2025-32711) — Aim Security / arXiv
• Unit 42 — Web-Based Indirect Prompt Injection in the Wild (March 2026) — https://unit42.paloaltonetworks.com

AI System Vulnerabilities
• Cursor IDE (CVE-2025-59944)
• GitHub Copilot (CVE-2025-53773)
• Lakera — Zero-Click MCP Attack — https://lakera.ai

Research on Defenses
• Zhan et al. — Adaptive Attacks Break Defenses (NAACL 2025)
• Anthropic System Card (Feb 2026)
• Google Gemini Security Research (2025)

Standards & Guidance
• NIST AI Risk Management Framework — https://nist.gov
• MITRE ATLAS — https://atlas.mitre.org
• ISO/IEC 42001 AI Management Systems

#AISecurity #PromptInjection #CyberSecurity #LLMSecurity #AIThreats #BHIS #AIAgents #ArtificialIntelligence #infosec

• (00:00) - Intro & BHIS / Antisyphon Overview
• (01:19) - OWASP Top 10 & Prompt Injection Context
• (01:41) - Indirect Prompt Injection Explained (Stored Attack Analogy)
• (02:54) - Real-World Attack Scenarios (Calendar & Hidden Payloads)
• (05:10) - EchoLeak & Zero-Click Copilot Exploit
• (06:10) - Weaponized Excel Prompt Injection PoC
• (06:50) - Email Injection & AI Summarization Abuse
• (09:07) - Why Detection & Prevention Are So Difficult
• (14:02) - Mitigations & Final Thoughts

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com

Click here to view the episode transcript.

As AI capabilities rapidly expand, so does the attack surface. From agentic AI systems being used by attackers, to deepfakes at industrial scale, to the persistent challenge of prompt injection, security teams are trying to understand what risks are real, what’s hype, and where defenders should focus first.

We dig into:
- Why agentic AI is emerging as a major security concern
- How attackers could weaponize autonomous agents to scale operations
- The risk of malicious agent skills and AI supply chain attacks
- Why overly broad permissions make agent-based systems dangerous
- AI-assisted phishing campaigns and social engineering at scale
- The rise of deepfakes and corporate fraud driven by generative AI
- Why humans still struggle to reliably detect deepfake media
- The economics of deepfake fraud and real-world incidents
- Prompt injection attacks and why they remain difficult to solve
- Whether future models may autonomously discover and exploit jailbreaks

This episode looks at the practical security implications of today’s AI ecosystem — where the biggest risks are coming from, how attackers may leverage AI systems, and what defenders should be thinking about as these technologies continue to evolve.

📚 Key References

Agentic AI Threats
- CrowdStrike 2026 Global Threat Report — https://www.crowdstrike.com
- IBM X-Force 2026 Threat Intelligence Index — https://www.ibm.com/security/x-force
- Cisco State of AI Security 2026 — https://www.cisco.com/site/us/en/products/security/state-of-ai-security.html#tabs-9da71fbd27-item-1288c79d71-tab

Deepfakes & AI-Driven Fraud
- WEF Global Cybersecurity Outlook 2026 — https://www.weforum.org/publications/global-cybersecurity-outlook-2026/
- International AI Safety Report 2026 — https://www.internationalaisafetyreport.org

AI Security & Infrastructure Risk
- CISA Joint Guidance on AI in OT — https://www.cisa.gov/news-events/news/new-joint-guide-advances-secure-integration-artificial-intelligence-operational-technology

Prompt Injection & LLM Exploitation
- Schneier et al., “The Promptware Kill Chain” — https://www.lawfaremedia.org/article/the-promptware-kill-chain
- Palo Alto Unit 42 — “Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild”
https://unit42.paloaltonetworks.com/indirect-prompt-injection-ai-agents/

• (00:00) - Intro & Episode Overview
• (02:18) - Agentic AI as a Security Threat (CrowdStrike 2026 Global Threat Report, IBM X-Force Index)
• (03:46) - Malicious Agent Skills & AI Supply Chain Attacks (Cisco State of AI Security)
• (04:58) - How Agent Skills Actually Work
• (07:47) - Permissions & Guardrails for AI Agents (CISA AI in OT Guidance)
• (09:57) - AI-Generated Phishing Campaigns (CrowdStrike / IBM Threat Reports)
• (13:58) - Deepfakes at Industrial Scale (WEF Global Cybersecurity Outlook)
• (15:38) - Corporate Fraud & Deepfake Incidents (International AI Safety Report)
• (17:21) - Why Humans Struggle to Detect Deepfakes
• (21:13) - Prompt Injection Attacks Explained (Schneier – Promptware Kill Chain)
• (24:35) - AI Models Jailbreaking Other Models (Palo Alto Unit 42 Research)
• (28:59) - Final Thoughts & Wrap-Up

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com

Click here to view the episode transcript.

Claude Cowork brings large language models directly onto the endpoint — giving Claude the ability to read, write, and organize files on your local machine. It’s designed to make powerful AI workflows accessible to non-technical users… but as with any tool that operates at the OS level, the security implications are significant.

We explore what happens when AI moves closer to your data, your filesystem, and your browser — and what that means for defenders.

We dig into:
- What Claude Cowork is and how it differs from Claude Code
- Agentic desktop tools vs. command-line workflows
- Local file access and OS-level interaction risks
- Skills, automation, and task iteration
- Chrome plugins and expanded attack surface
- Overly broad permissions and least-privilege concerns
- SaaS disruption and shifting trust boundaries
- Endpoint monitoring challenges
- The speed of AI releases vs. security review cycles
- Balancing innovation with responsible deployment

This conversation looks at the real-world operational and defensive considerations of agentic AI tools running directly on user systems. If you’re evaluating AI productivity tools inside your organization — or defending environments where they’re already being adopted — this episode will help you think through the risks and tradeoffs.

• (00:00) - Intro & Episode Overview
• (02:08) - What Is Claude Cowork?
• (04:03) - Desktop Agents vs. Command Line Users
• (06:12) - Agentic Workflows & Task Automation
• (08:08) - Building Fast with Claude (Speed of Development)
• (09:29) - Browser Plugins & Expanding Capabilities
• (11:06) - Permission Models & “Just Give It Access to Everything”
• (12:40) - SaaS Disruption & Enterprise Impact
• (14:38) - Overly Broad File Access Risks
• (16:27) - Organizational Disruption & Workforce Impact
• (18:09) - Security Lag vs. Rapid AI Releases
• (19:46) - Final Thoughts & Wrap-Up

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com

Click here to view the episode transcript.

OpenClaw exploded onto the scene as an autonomous AI agent capable of operating Claude Code from the command line — executing tasks, monitoring output, and iterating with minimal human involvement. Shortly after, Moltbook emerged as a social platform designed specifically for AI agents to interact with one another.

But as with most cutting-edge AI experiments, things moved fast… and broke fast.

We dig into:

• What OpenClaw actually is and how it works
• AI agents operating other AI systems (Claude Code in the loop)
• The concept of “skills” and extending agent capabilities
• The one-click RCE vulnerability discovered shortly after release
• Moltbook as a social network for AI agents
• API keys, agent-only access, and how humans bypassed it
• Beacons, autonomy, and what “control” really means
• Where the line is between automation and true autonomy
• Short-term workforce impacts vs. long-term AI risk

This conversation moves beyond hype into the practical and security implications of rapidly deployed autonomous agents. If you’re experimenting with AI agents — or defending against them — this episode will give you a grounded perspective on what’s possible today, what’s fragile, and what’s coming next.

• (00:00) - Intro & Guest Welcome
• (01:38) - AI Agents in the News
• (03:23) - From “Moltbot” to OpenClaw
• (04:13) - What Is OpenClaw? How It Works
• (05:13) - Claude Code + Agent-in-the-Middle Model
• (07:36) - Extending OpenClaw with Skills
• (08:42) - Release Timeline & Rapid Adoption
• (10:16) - One-Click RCE in OpenClaw
• (11:45) - Introducing Moltbook (AI Social Network)
• (14:03) - How Moltbook Actually Worked
• (17:55) - “I Am a Robot” & Agent Authentication
• (20:28) - Beaconing & Operational Behavior
• (26:44) - Automation vs. True Autonomy
• (27:26) - Control, Kill Switches & Agent Boundaries
• (30:59) - Workforce Impact & Near-Term Concerns
• (35:34) - AI Apocalypse? Final Thoughts & Wrap-Up

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com

Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, we sit down with Hayden Covington and Ethan Robish from the BHIS Security Operations Center (SOC) to explore how AI is actually being used in modern defensive operations.

From foundational machine learning techniques like statistical baselining and clustering to large language models assisting with alert triage and reporting, we dig into what works, what doesn’t, and what SOC teams should realistically expect from AI today.

We break down:

- How AI helps reduce alert fatigue and improve triage
- Practical automation inside a real-world SOC
- The difference between traditional ML approaches and LLM-powered workflows
- Foundational techniques like K-means, anomaly detection, and behavioral baselining
- Using LLMs for enrichment, investigation, and report drafting
- Where AI struggles: hallucinations, inconsistency, and edge cases
- Risks around over-trusting AI in security operations
- How to responsibly integrate AI into analyst workflows

This episode is grounded in real operational experience—not vendor demos. If you’re running a SOC, building AI tooling, or just trying to separate hype from reality, this conversation will help you think clearly about augmentation vs. automation in defensive security.

• (00:00) - Intro & Guest Introductions
• (04:44) - Alert Triage & SOC Pain Points
• (06:04) - Automation Inside the SOC
• (09:59) - “Boring AI”: Clustering, Baselining & Statistics
• (17:06) - AI-Assisted Reporting & Client Communication
• (18:34) - Limitations, Edge Cases & Model Risk
• (22:56) - Hallucinations & Inconsistent Outputs
• (25:04) - AI Demos vs. Real-World Security Work
• (28:35) - Final Thoughts & Closing

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com 

In this episode of AI Security Ops, we break down the latest developments in AI-driven threats, identity chaos caused by autonomous agents, NIST’s focus on securing AI in critical infrastructure, and new visibility tooling for AI exposure.

We cover real-world abuse of LLMs for phishing, how AI agents are colliding with IAM governance, and what defenders should be watching right now.

Chapters:
00:00 – Introduction and Sponsors
Black Hills Information Security - https://www.blackhillsinfosec.com/
Antisyphon Training - https://www.antisyphontraining.com/

01:08 – LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto)
Discussion begins as the hosts introduce the first story.
How LLMs are generating polymorphic malicious JavaScript for phishing pages and evading traditional detection.
👉 https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/

08:49 – AI Agents vs IAM: “Who Approved This Agent?” (Hacker News)
Conversation shifts to agent privilege management and governance failures.
👉 https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html

10:07 – NIST Focus on Securing AI Agents in Critical Infrastructure
Discussion on federal guidance and why AI agents are being treated as critical infrastructure risk components.
👉 https://www.linkedin.com/pulse/cybersecurity-institute-news-roundup-20-january-2026-entrust-alz7c

13:44 – Tenable One AI Exposure
Breaking down Tenable’s push into enterprise AI usage visibility and exposure management.
👉 https://www.tenable.com/blog/tenable-one-ai-exposure-secure-ai-usage-at-scale

Join the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security.
https://discord.gg/bhis

Chapters

• (00:00) - Introduction and Sponsors
• (01:08) - LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto)
• (10:07) - NIST Focus on Securing AI Agents in Critical Infrastructure
• (13:44) - Tenable One AI Exposure

• Brian Fehrman - Host
• Bronwen Aker - Host

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com 

Click here to view the episode transcript.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com 

Click here to view the episode transcript.

Chapters

• (00:00) - Episode 37 – AI Frameworks & Databases
• (01:39) - A.I. vulnerability tracking is still young
• (02:44) - Should A.I. get its own vulnerability database?
• (07:33) - The benefit of multiple vulnerability databases
• (15:58) - The what is the definition of a vulnerability?
• (17:54) - Final Thoughts

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com 

Key stories discussed

1) n8n (“n-eight-n”) zero-day → unauthenticated RCE risk

• https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html
• The hosts discuss a critical flaw in the n8n workflow automation platform where a workflow-parsing HTTP endpoint can be abused (via a crafted JSON payload) to achieve remote code execution as the n8n service account. Because automation/orchestration platforms often have broad internal access, one compromise can cascade quickly across an organization’s automation layer. 
  ai-news-stories-episode-36
• Practical takeaway: don’t expose orchestration platforms directly to the internet; restrict who/what can talk to them; treat these “glue” systems as high-impact targets and assess them like any other production system. 
  ai-news-stories-episode-36

2) “Zombie agent” prompt injection via ChatGPT Memory

• https://www.darkreading.com/endpoint-security/chatgpt-memory-feature-prompt-injection
• The team talks about research describing an exploit that stores malicious instructions in long-term memory, then later triggers them with a benign prompt—leading to potential data leakage or unsafe tool actions if the model has integrations. The discussion frames this as “stored XSS vibes,” but harder to solve because the “feature” (following instructions/context) is also the root problem. 
  ai-news-stories-episode-36
• User-side mitigation themes: consider disabling memory, keep chats cleaned up, and avoid putting sensitive data into chat tools—especially when agents/tools are involved. 
  ai-news-stories-episode-36

3) “Zero-click” agentic abuse via crafted email/URL (indirect prompt injection)

• https://www.infosecurity-magazine.com/news/new-zeroclick-attack-chatgpt/
• Another story describes a crafted URL delivered via email that could trigger an agentic workflow (e.g., email summarization / agent actions) to export chat logs without explicit user interaction. The hosts largely interpret this as indirect prompt injection—a pattern they expect to keep seeing as assistants gain more connectivity. 
  ai-news-stories-episode-36
• Key point: even if the exact implementation varies, auto-processing untrusted content (like email) is a persistent risk when the model can take actions or access history. 
  ai-news-stories-episode-36

4) Malicious Chrome extensions stealing ChatGPT/DeepSeek chats (900k users)

• https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html
• Two Chrome extensions posing as AI productivity tools reportedly injected JavaScript into AI web UIs, scraped chat text from the DOM, and exfiltrated it—highlighting ongoing extension supply-chain risk and the reality that “approved store” doesn’t mean safe. 
  ai-news-stories-episode-36
• Advice echoed: minimize extensions, separate browsers/profiles for sensitive activities, and treat “AI sidebar” tools with extra skepticism. 
  ai-news-stories-episode-36

5) APT28 credential phishing updated with AI-written lures

• https://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.html
• The closing story is a familiar APT pattern—phishing emails with malicious Office docs leading to PowerShell loaders and credential theft—except the lure text is AI-generated, making it more consistent/convincing (and harder for users to spot via grammar/tone). 
  ai-news-stories-episode-36
• The conversation stresses that “don’t click links” guidance is oversimplified; verification and layered controls matter (e.g., disabling macros org-wide). 
  ai-news-stories-episode-36

Chapter Timestamps

• (00:00) - Intro & Sponsors
• (01:16) - 1) n8n zero-day → unauthenticated RCE
• (09:00) - 2) “Zombie agent” prompt injection via ChatGPT Memory
• (19:52) - 3) “Zero-click” style agent abuse via crafted email/URL (indirect prompt injection)
• (23:41) - 4) Malicious Chrome extensions stealing ChatGPT/DeepSeek chats (~900k users)
• (29:59) - 5) APT28 phishing refreshed with AI-written lures
• (34:15) - Closing thoughts: “AI genie is out of the bottle” + safety reminders

Click here to watch a video of this episode.
Creators & Guests

• Brian Fehrman - Host
• Bronwen Aker - Host
• Derek Banks - Host

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com 

Chapters

• (00:00) - Intro & Sponsor Shoutouts
• (01:14) - Prediction: Grid Power Becomes the Bottleneck
• (10:27) - Prediction: FDA Qualifies AI Drug Development Tools
• (15:45) - Prediction: Nation-State Threat Actors Weaponize AI
• (17:33) - Prediction: Agentic AI Dominates App Development
• (23:07) - Closing Thoughts: Jobs, Risk & Opportunity

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

AI Security Ops | Episode 34 – Why Did We Create This Podcast?
In this episode, the BHIS team explains the purpose behind AI Security Ops, what you can expect from future episodes, and why this show matters for anyone at the intersection of AI and cybersecurity.

Chapters

• (00:00) - Intro & Welcome
• (00:13) - Why We Started AI Security Ops
• (00:41) - Our Mission: Stay Informed & Ahead
• (00:56) - What We Cover: AI News & Insights
• (01:23) - Community Q&A & Real-World Scenarios
• (02:18) - Special Guests & Industry Leaders
• (02:41) - Demos, How-Tos & Practical Tips
• (03:07) - Who Should Listen & Why Subscribe
• (03:34) - Join the Conversation & Closing

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

In this episode of BHIS Presents: AI Security Ops, our panel tackles real questions from the community about AI, hallucinations, privacy, and practical use cases. From limiting model hallucinations to understanding memory features and explaining AI to non-technical audiences, we dive into the nuances of large language models and their role in cybersecurity.

We break down:

• Why LLMs sometimes “make stuff up” and how to reduce hallucinations
• The role of prompts, temperature, and RAG databases in accuracy
• Prompting best practices and reasoning modes for better results
• Legal liability: Can you sue ChatGPT for bad advice?
• Memory features, data retention, and privacy trade-offs
• Security paranoia: AI apps, trust, and enterprise vs free accounts
• Practical examples like customizing AI for writing style
• How to explain AI to your mom (or any non-technical audience)
• Why AI isn’t magic—just math and advanced auto-complete

Whether you’re deploying AI tools or just curious about the hype, this episode will help you understand the realities of AI in security and how to use it responsibly.

Chapters

• (00:00) - Welcome & Sponsor Shoutouts
• (00:50) - Episode Overview: Community Q&A
• (01:19) - Q1: Will ChatGPT Make Stuff Up?
• (07:50) - Q2: Can Lawyers Sue ChatGPT for False Cases?
• (11:15) - Q3: How Can AI Improve Without Ingesting Everything?
• (22:04) - Q4: How Do You Explain AI to Non-Technical People?
• (28:00) - Closing Remarks & Training Plug

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

----------------------------------------------------------------------------------------------
Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/
Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/
Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

https://poweredbybhis.com

AI News | Episode 33
In this episode of BHIS Presents: AI Security Ops, the panel dives into the latest developments shaping the AI security landscape. From the first documented AI-orchestrated cyber-espionage campaign to polymorphic malware powered by Gemini, we explore how agentic AI, insecure infrastructure, and old-school mistakes are creating a fragile new attack surface.

We break down:

• AI-driven cyber espionage: Anthropic disrupts a state-sponsored campaign using autonomous 
• Black-hat LLMs: KawaiiGPT democratizes offensive capabilities for script kiddies.
• Critical RCEs in AI stacks: ShadowMQ vulnerabilities hit Meta, NVIDIA, Microsoft, and more.
• Amazon’s private AI bug bounty: Nova models under the microscope.
• Google Antigravity IDE popped in 24 hours: Persistent code execution flaw.
• PROMPTFLUX malware: Polymorphic VBScript leveraging Gemini for hourly rewrites.

Whether you’re defending enterprise AI deployments or building secure agentic tools, this episode will help you understand the emerging risks and what you can do to stay ahead.

⏱️ Chapters

• (00:00) - Intro & Sponsor Shoutouts
• (01:27) - AI-Orchestrated Cyber Espionage (Anthropic)
• (08:10) - ShadowMQ: Critical RCE in AI Inference Engines
• (09:54) - KawaiiGPT: Free Black-Hat LLM
• (22:45) - Amazon Nova: Private AI Bug Bounty
• (26:38) - Google Antigravity IDE Hacked in 24 Hours
• (31:36) - PROMPTFLUX: Malware Using Gemini for Polymorphism

Brought to you by Black Hills Information Security 

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

https://poweredbybhis.com

Model Evasion Attacks | Episode 32
In this episode of BHIS Presents: AI Security Ops, the panel explores the stealthy world of model evasion attacks, where adversaries manipulate inputs to trick AI classifiers into misclassifying malicious activity as benign. From image classifiers to malware detection and even LLM-based systems, learn how attackers exploit decision boundaries and why this matters for cybersecurity.

We break down:
- What model evasion attacks are and how they differ from data poisoning
- How attackers tweak features to bypass classifiers (images, phishing, malware)
- Real-world tactics like model extraction and trial-and-error evasion
- Why non-determinism in AI models makes evasion harder to predict
- Advanced threats: model theft, ablation, and adversarial AI
- Defensive strategies: adversarial training, API throttling, and realistic expectations
- Future outlook: regulatory trends, transparency, and the ongoing arms race

Whether you’re deploying EDR solutions or fine-tuning AI models, this episode will help you understand why evasion is an enduring challenge, and what you can do to defend against it.

#AISecurity #ModelEvasion #Cybersecurity #BHIS #LLMSecurity #aithreats

Brought to you by Black Hills Information Security 

https://www.blackhillsinfosec.com

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro & Sponsor Shoutouts
• (01:19) - What Are Model Evasion Attacks?
• (03:58) - Image Classifiers & Pixel Tweaks
• (07:01) - Malware Classification & Decision Boundaries
• (10:02) - Model Theft & Extraction Attacks
• (13:16) - Non-Determinism & Myth Busting
• (16:07) - AI in Offensive Capabilities
• (17:36) - Defensive Strategies & Adversarial Training
• (20:54) - Vendor Questions & Transparency
• (23:22) - Future Outlook & Regulatory Trends
• (25:54) - Panel Takeaways & Closing Thoughts

https://poweredbybhis.com

Data Poisoning Attacks | Episode 31
In this episode of BHIS Presents: AI Security Ops, the panel dives into the hidden danger of data poisoning – where attackers corrupt the data that trains your AI models, leading to unpredictable and often harmful behavior. From classifiers to LLMs, discover why poisoned data can undermine security, accuracy, and trust in AI systems.

We break down:

• What data poisoning is and why it matters
• How attackers inject malicious samples or flip labels in training sets
• The role of open-source repositories like Hugging Face in supply chain risk
• New twists for LLMs: poisoning via reinforcement feedback and RAG
• Real-world concerns like bias in ChatGPT and malicious model uploads
• Defensive strategies: governance, provenance, versioning, and security assessments

Whether you’re building classifiers or fine-tuning LLMs, this episode will help you understand how poisoned data sneaks in, and what you can do to prevent it. Treat your AI like a “drunk intern”: verify everything.

#aisecurity  #DataPoisoning #Cybersecurity #BHIS #llmsecurity  #aithreats

Brought to you by Black Hills Information Security 

https://www.blackhillsinfosec.com

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro & Sponsor Shoutouts
• (01:19) - What Is Data Poisoning?
• (03:58) - Poisoning Classifier Models
• (08:10) - Risks in Open-Source Data Sets
• (12:30) - LLM-Specific Poisoning Vectors
• (17:04) - RAG and Context Injection
• (21:25) - Realistic Threats & Examples
• (25:48) - Defensive Strategies & Governance
• (28:27) - Panel Takeaways & Closing Thoughts

https://poweredbybhis.com

AI News Stories | Episode 30
In this episode of BHIS Presents: AI Security Ops, we break down the top AI cybersecurity news and trends from November 2025. Our panel covers rising public awareness of AI, the security risks of local LLMs, emerging AI-driven threats, and what these developments mean for security teams. Whether you work in cybersecurity, AI security, or incident response, this episode helps you stay ahead of evolving AI-powered attacks and defenses.

Topics Covered:

Only 5% of Americans are unaware of AI?
What Pew Research reveals about AI’s penetration into everyday life and workplace usage.
AI’s Shift to the Intimacy Economy – Project Liberty
https://email.projectliberty.io/ais-shift-to-the-intimacy-economy-1 

Amazon to Cut Jobs and Invest in AI Infrastructure
14,000 corporate roles eliminated—are layoffs really about efficiency or something else?
Amazon to Cut Jobs & Invest in AI – DW
https://www.dw.com/en/amazon-to-cut-14000-corporate-jobs-amid-ai-investment/a-74524365

Local Models Less Secure than Cloud Providers?
Why quantization and lack of guardrails make local LLMs more vulnerable to prompt injection and insecure code.
Local LLMs Security Paradox – Quesma
https://quesma.com/blog/local-llms-security-paradox

Whether you're a red teamer, SOC analyst, or just trying to stay ahead of AI threats, this episode delivers sharp insights and practical takeaways.

Brought to you by Black Hills Information Security 

https://www.blackhillsinfosec.com

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro & Sponsor Shoutouts
• (01:07) - AI’s Shift to the Intimacy Economy (Pew Research)
• (19:40) - Amazon Layoffs & AI Investment
• (27:00) - Local LLM Security Paradox
• (36:32) - Wrap-Up & Key Takeaways

https://poweredbybhis.com

A Conversation with Dr. Colin Shea-Blymyer  | Episode 29

In this episode of BHIS Presents: AI Security Ops, the panel welcomes Dr. Colin Shea-Blymyer for a deep dive into the intersection of AI governance, cybersecurity, and red teaming. From the historical roots of neural networks to today’s regulatory patchwork, we explore how policy, security, and innovation collide in the age of AI. Expect candid insights on emerging risks, open models, and why defining your risk appetite matters more than ever.

Topics Covered:

• AI governance vs. innovation: U.S. vs. EU regulatory approaches
• The evolution of neural networks and lessons from AI history
• AI red teaming: definitions, methodologies, and data-sharing challenges
• Safety vs. security: where they overlap and diverge
• Emerging risks: supply chain vulnerabilities, prompt injection, and poisoned data
• Open weights vs. closed models: implications for research and security
• Practical takeaways for organizations navigating AI uncertainty

About the Panel:
Joff Thyer, Dr. Brian Fehrman, Derek Banks
Guest Panelist: Dr. Colin Shea-Blymyer
https://cset.georgetown.edu/staff/colin-shea-blymyer/

#aisecurity  #aigovernance  #cyberrisk  #AIredteam #OpenModels #aipolicy  #BHIS #AIthreats #aiincybersecurity  #llmsecurity

Brought to you by Black Hills Information Security 

https://www.blackhillsinfosec.com

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro & Guest Welcome
• (02:14) - Colin’s Journey: From CS to AI Governance
• (06:33) - Lessons from AI History & Neural Network Origins
• (10:28) - AI Red Teaming: Definitions & Methodologies
• (15:11) - Safety vs. Security: Where They Intersect
• (22:47) - Regulatory Landscape: U.S. Patchwork vs. EU AI Act
• (33:42) - Open Models Debate: Risks & Research Benefits
• (38:19) - Emerging Threats & Supply Chain Risks
• (44:06) - Practical Takeaways & Closing Thoughts

https://poweredbybhis.com

AI News Stories | Episode 28 – Questions from the Community
In this episode of BHIS Presents: AI Security Ops, the panel tackles real questions from the community, diving deep into the practical, ethical, and technical challenges of AI in cybersecurity. From red teaming tools to prompt privacy, this Q&A session delivers candid insights and actionable advice for professionals navigating the AI-infused threat landscape.

🧠 Topics Covered:

• Open-source tools for LLM red teaming
• Threat modeling AI systems (STRIDE methodology)
• Hallucination rates in frontier vs. local models
• Prompt privacy: what’s stored, what’s shared
• Should red teamers disclose AI usage?
• Human-in-the-loop: AI-generated deliverables
• Whether you're a pentester, SOC analyst, or just curious about how AI is reshaping offensive security, this episode is packed with expert perspectives and practical takeaways.

About the Panel:
Brian Fehrman, Derek Banks, Joff Thyer

Brought to you by Black Hills Information Security 

https://www.blackhillsinfosec.com

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro & Sponsor Shoutouts
• (01:14) - Recommended Tools for LLM Red Teaming
• (06:12) - Threat Modeling AI Systems
• (09:58) - Which Models Hallucinate Most?
• (17:13) - Prompt Privacy: What You Should Know
• (22:54) - Should Red Teamers Disclose AI Usage?
• (27:01) - Final Thoughts & Wrap-Up

https://poweredbybhis.com

Azure AI Foundry Guardrails | Episode 27

In this episode of BHIS Presents: AI Security Ops, we explore how to configure content filters for AI models using the Azure AI Fooundry guardrails and controls interface. Whether you're building secure demos or deploying models in production, this walkthrough shows how to block unwanted content, enforce policy, and maintain compliance.

Topics Covered:

•  Changing default filters for demo compliance
•  Setting up a system prompt and understanding its role
•  Adding regex terms to block specific content
•  Creating and configuring a custom filter: “tech demo guardrails”
•  Input-side filtering: inspecting user text before model access
•  Safety vs. security categories in filtering
•  Enabling prompt shields for indirect jailbreak detection

This video is ideal for developers, security engineers, and anyone working with AI systems who needs to implement layered defenses and ensure responsible model behavior.

Why This Matters
By implementing layered security—block lists, input and output filters—you protect sensitive data, comply with policy, and maintain a safe user experience.

#AIsecurity #GuardrailsAndControls #ContentFiltering #PromptSecurity #RegexFiltering #BHIS #AIModelSafety #SystemPromptSecurity

Brought to you by Black Hills Information Security 

https://www.blackhillsinfosec.com

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Introduction & Overview
• (01:17) - Changing the Default Content Filter for Demo Compliance
• (02:00) - Setting Up a System Prompt and Its Purpose
• (04:26) - Adding a New Term (“dogs”) to the Content Filter (Regex Example)
• (05:04) - Creating and Configuring a Content Filter Named “Tech Demo Guardrails”
• (05:35) - How Input-Side Filters Inspect and Block Unwanted Content
• (06:01) - Overview of Safety Categories vs. Security Categories
• (07:15) - Enabling Prompt Shields for Indirect Jailbreak Detection (Not Used in Demo)
• (08:30) - Summary & Next Steps

https://poweredbybhis.com

Questions from the Community | Episode 26
In this community-driven episode of BHIS Presents: AI Security Ops, the panel answers real questions from viewers about AI security, privacy, and risk. Featuring Brian Fehrman, Bronwen Aker, Jack Verrier, and Joff Thyer, the team dives into everything from guardrails and hallucinations to GDPR, agentic AI, and how to stay safe in an AI-saturated world.

💬 Topics include:

• Are guardrails enough to protect sensitive prompts?
• What’s the difference between hallucination and confabulation?
• How does AI intersect with GDPR and the right to be forgotten?
• What does it mean to “stay safe” when using AI?
• How is securing AI different from traditional software?

Whether you're a red teamer, SOC analyst, or just trying to navigate the AI landscape, this episode offers practical insights and thoughtful perspectives from seasoned security professionals.

Panelists:
🔹 Brian Fehrman
🔹 Bronwen Aker
🔹 Jack Verrier
🔹 Joff Thyer
#AIsecurity #Cybersecurity #PromptInjection #LLMs #BHIS #AIprivacy #AgenticAI #AIandGDPR

Brought to you by Black Hills Information Security 

https://www.blackhillsinfosec.com

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro & Panel Welcome
• (01:22) - Are Guardrails Enough to Protect System Prompts?
• (09:54) - Explaining Hallucination vs. Confabulation
• (20:09) - AI and GDPR: The Right to Be Forgotten?
• (23:49) - How Do We Stay Safe Using AI?
• (32:26) - Securing AI vs. Traditional Software
• (37:18) - Final Thoughts & Wrap-Up

https://poweredbybhis.com

AI News Stories | Episode 25
In this episode of BHIS Presents: AI Security Ops, the panel dives into the biggest AI cybersecurity headlines from late September 2025. From government regulation to zero-click exploits, we unpack the risks, trends, and implications for security professionals navigating the AI-powered future.

🧠 Topics Covered:

• Government oversight of advanced AI systems
• Accenture’s massive layoffs amid AI pivot
• ShadowLeak: zero-click vulnerability in ChatGPT agents
• Malicious MCP server stealing emails
• AI in the SOC: benefits and risks
• Attackers using AI to scale ransomware and social engineering

Whether you're a red teamer, SOC analyst, or just trying to stay ahead of AI threats, this episode delivers sharp insights and practical takeaways.

Brought to you by Black Hills Information Security 

https://www.blackhillsinfosec.com

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro & Sponsor Shoutouts
• (00:45) - Senators Introduce AI Risk Evaluation Act
• (09:48) - Accenture Layoffs & AI Restructuring
• (16:17) - ShadowLeak: Zero-Click Vulnerability in ChatGPT
• (20:07) - Malicious MCP Server & Supply Chain Risks
• (26:27) - AI in the SOC: Alert Triage & Analyst Burnout
• (30:10) - Final Thoughts: AI’s Role in Security Operations

https://poweredbybhis.com

Model Extraction Attacks | Episode 24
In this solo episode of BHIS Presents: AI Security Ops, Brian Fehrman explores the stealthy world of Model Extraction Attacks—where hackers clone your AI model without ever touching your code. Learn how adversaries can reverse-engineer your multimillion-dollar model simply by querying its API, and why this threat is more than just academic.

We break down:
- What model extraction is and how it works
- Real-world examples like DeepSeek’s alleged distillation of OpenAI models
- The risks to intellectual property, security, and sensitive data
- Defensive strategies including API throttling, output limiting, watermarking, and honeypots
- Legal and ethical questions around benchmarking vs. theft

Whether you're deploying LLMs or classification models, this episode will help you understand how attackers replicate model behavior—and what you can do to stop them.
If your AI is accessible, someone’s probably trying to copy it.

#AIsecurity #ModelExtractionAttacks #Cybersecurity #BHIS #LLMsecurity #AIthreats

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro & Sponsor Shoutouts
• (01:19) - What Is a Model Extraction Attack?
• (02:45) - Why Training a Model Is So Expensive
• (05:42) - How Model Extraction Works
• (07:11) - Why It Matters: IP, Security & Data Risks
• (10:25) - What Makes Extraction Easier or Harder
• (12:54) - Defenses: Monitoring, Watermarking & Privacy
• (16:04) - What to Do If You Suspect an Attack
• (16:29) - Legal & Ethical Questions Around Model Theft
• (19:30) - Final Thoughts & Takeaways

https://poweredbybhis.com

In this episode of AI Security Ops, Brian Fehrman and Joff Thyer dive into the latest AI news of the month, exploring how rapidly evolving technologies are reshaping cybersecurity.
Topics covered include:
 - How AI is changing cybersecurity monitoring
 - Expanding from email to Slack, Teams, and other chat platforms
 - Addressing insider threats and phishing campaigns in new channels
 - The rapid pace of AI innovation and industry trends
 - Why organizations should prioritize AI security assessments
 - Real-world risks and opportunities in the AI landscape

Stay ahead in the AI race with Black Hills Information Security as we cover real-world risks, opportunities, and the latest developments in the AI landscape.

///News Stories This Episode:

1. AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
https://thehackernews.com/2025/09/ai-powered-villager-pen-testing-tool.html

2. CrowdStrike and Meta Just Made Evaluating AI Security Tools Easier
https://www.zdnet.com/article/crowdstrike-and-meta-just-made-evaluating-ai-security-tools-easier/

3. Check Point Acquires Lakera to Deliver End-to-End AI Security for Enterprises
https://www.checkpoint.com/press-releases/check-point-acquires-lakera-to-deliver-end-to-end-ai-security-for-enterprises/

4. Proofpoint Offers AI Agents to Monitor Human-Based Communications
https://www.msspalert.com/news/proofpoint-offers-ai-agents-to-monitor-human-based-communications

5. EvilAI Malware Campaign Exploits AI-Generated Code to Breach Global Critical Sectors
https://industrialcyber.co/ransomware/evilai-malware-campaign-exploits-ai-generated-code-to-breach-global-critical-sectors/

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

https://poweredbybhis.com

Insider Threat 2.0 -  Prompt Leaks & Shadow AI | Episode 22

In this episode of BHIS Presents AI Security Ops, we dive into Insider Threat 2.0: Prompt Leaks & Shadow AI. The panel explores the hidden risks of employees pasting sensitive data into public AI tools, the rise of unauthorized “Shadow AI” in organizations, and how policies—or lack thereof—can expose critical information. Learn why free AI services often make you the product, how prompt history creates data leakage risks, and why companies must establish clear AI usage guidelines. We also cover practical defenses, from enterprise AI accounts to cultural awareness training, and draw parallels to past IT challenges like Shadow IT and rogue wireless.
If you’re concerned about AI security, data leakage, or safe adoption of large language models, this discussion will help you navigate the risks and protect your organization.

#AIsecurity #PromptInjection #ShadowAI #Cybersecurity #BHIS

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

https://poweredbybhis.com

Episode 21 - Deepfakes And Fraudulent Interviews In Remote Hiring

In this episode of AI Security Ops by Black Hills Information Security, the crew explores the alarming rise of deepfakes and fraudulent interviews in remote hiring. As virtual work expands, cybercriminals are using AI-driven impersonation tactics to pose as job candidates, deceive recruiters, and gain unauthorized access to organizations. Joff, Bronwen Aker, Brian Fehrman, and Derek Banks break down real-world cases, explain the challenges of spotting deepfake job scams, and share actionable strategies to secure hiring processes. Discover the red flags to watch for in virtual interviews, how attackers exploit trust, and why companies must adapt their security awareness in the age of AI.

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

https://poweredbybhis.com

Episode 20 - The Hallucination Problem

In this episode of AI Security Ops, Joff Thyer and Brian Fehrman from Black Hills Information Security dive into the hallucination problem in AI large language models and generative AI. 

They explain what hallucinations are, why they happen, and the risks they create in real-world AI deployments. The discussion covers security implications, practical examples, and strategies organizations can use to mitigate these issues through stronger design, monitoring, and testing. 

A must-watch for cybersecurity professionals, AI researchers, and anyone curious about the limitations and challenges of modern AI systems.

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

AI News of the Month | Episode 19

In Episode 19,Brianand Derek cover a zero-click indirect prompt injection attack against ChatGPT connectors and seemingly innocent Google Calendar events that hijack smart homes via Gemini, with possible consequences for the power grid.

They'll discuss the impact of Microsoft patching a critical Azure OpenAI SSRF vulnerability and go over new NIST AI security standards, IBM’s study on shadow AI and breach costs, OpenAI’s response to chat indexing leaks, and a malicious VS Code extension that stole $500K in cryptocurrency. 

#AI #CyberSecurity #PromptInjection #Malware #InfoSec #AIThreats #Hacking #GenerativeAI #Deepfakes #LLM #ShadowAI

• “Poisoned doc” exfiltrates data via ChatGPT Connectors (AgentFlayer) — Aug 6, 2025
  • Primary: https://www.wired.com/story/poisoned-document-could-leak-secret-data-chatgpt/
  • Tech write-up: https://labs.zenity.io/p/agentflayer-chatgpt-connectors-0click-attack-5b41

• Poisoned Google Calendar invite hijacks Gemini to control a smart home — Aug 6–10, 2025
  • Primary: https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home/
  • Bug/patch coverage: https://www.bleepingcomputer.com/news/security/google-calendar-invites-let-researchers-hijack-gemini-to-leak-user-data/

• Microsoft August Patch Tuesday adds AI-surface fixes; critical Azure OpenAI vuln (CVE-2025-53767) — Aug 12–13, 2025
  • Release coverage: https://www.techradar.com/pro/security/microsofts-latest-major-patch-fixes-a-serious-zero-day-flaw-and-a-host-of-other-issues-so-update-now
  • CVE entry: https://nvd.nist.gov/vuln/detail/CVE-2025-53767 (NVD)
  • Overview: https://www.tenable.com/blog/microsofts-august-2025-patch-tuesday-addresses-107-cves-cve-2025-53779 (Tenable®)

• NIST proposes SP 800-53 “Control Overlays for Securing AI Systems” — Aug 14, 2025
  • Announcement: https://www.nist.gov/news-events/news/2025/08/nist-releases-control-overlays-securing-ai-systems-concept-paper
  • Concept paper (PDF): https://csrc.nist.gov/csrc/media/Projects/cosais/documents/NIST-Overlays-SecuringAI-concept-paper.pdf

• IBM 2025 “Cost of a Data Breach”: AI is both breach vector and defender — Jul 30, 2025
  • Press release: https://newsroom.ibm.com/2025-07-30-ibm-report-13-of-organizations-reported-breaches-of-ai-models-or-applications%2C-97-of-which-reported-lacking-proper-ai-access-controls
  • Report: https://www.ibm.com/reports/data-breach
  • Analysis: https://venturebeat.com/security/ibm-shadow-ai-breaches-cost-670k-more-97-of-firms-lack-controls/ (VentureBeat)

• OpenAI considers encrypting Temporary Chats; privacy clean-ups after search-indexing scare — Aug 18, 2025
  • Interview: https://www.axios.com/2025/08/18/altman-openai-chatgpt-encrypted-chats
  • Context: https://arstechnica.com/tech-policy/2025/08/chatgpt-users-shocked-to-learn-their-chats-were-in-google-search-results/
  • Help center (retention): https://help.openai.com/en/articles/8914046-temporary-chat-faq

• Fake VS Code extension for Cursor leads to $500K crypto theft — July 11, 2025
  • Primary: https://www.scworld.com/news/fake-visual-studio-code-extension-for-cursor-led-to-500k-theft SC Media
  • Research write-up: https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/Securelist
  • Coverage: https://www.bleepingcomputer.com/news/security/malicious-vscode-extension-in-cursor-ide-led-to-500k-crypto-theft/

----------------------------------------------------------------------------------------------
Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/
Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/
Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro
• (00:31) - “Poisoned doc” exfiltrates data via ChatGPT Connectors (AgentFlayer)
• (01:15) - A zero-click prompt injection
• (02:12) - url_safe bypassed using URLs from Microsoft’s Azure Blob cloud storage
• (07:08) - Poisoned Google Calendar invite hijacks Gemini to control a smart home
• (08:35) - The intersection of AI and IOT
• (09:53) - Be careful what you hook AI up to
• (10:23) - Derek warns of threat to power grid
• (11:54) - Mitigations - restrict permissions, sanitize calendar content
• (13:56) - Patch Tuesday - AI-surface fixes; critical Azure OpenAI vuln
• (15:49) - NIST proposes SP 800-53 “Control Overlays for Securing AI Systems”
• (18:43) - IBM “Cost of a Data Breach”: AI is both breach vector and defender
• (19:16) - Shadow AI
• (21:49) - “The AI adoption curve is outpacing controls”
• (23:02) - OpenAI considers encrypting Temporary Chats
• (26:39) - Data storage and logging LLM interactions
• (29:59) - Fake VS Code extension for Cursor leads to $500K crypto theft
• (30:37) - Danger of using pip install as root on a server

https://poweredbybhis.com

Malware in the Age of AI | Episode 18

In Episode 18, hosts Joff Thyer, Derek Banks and Brian Fehrman discuss the rise of AI-powered malware. From polymorphic keyloggers like Black Mamba to the use of ChatGPT, WormGPT, and fine-tuned LLMs for cyberattacks, the team will explain how generative AI is reshaping the security landscape.

They'll break down the real risks vs. hype, including prompt injection, jailbreaking, deepfakes, and AI-driven fraud, while also sharing strategies defenders can use to fight back.

The discussion highlights both the ethical implications and the critical need for defense-in-depth as threat actors use AI to accelerate their attacks.

#AI #Cybersecurity #Malware #AIThreats #Deepfakes #LLM #InfoSec #AIinSecurity #GenerativeAI #Hacking

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro
• (01:15) - Black Mamba polymorphic AI keylogger
• (02:47) - Can Chat GPT5 generate malware for us?
• (03:42) - Guardrail circumvention technique #1
• (04:16) - Guardrail circumvention technique #2
• (05:30) - Guardrail circumvention technique #3
• (05:59) - Guardrail circumvention technique #4
• (06:30) - Using an Abliterated Model
• (08:32) - AI models have democratized software creation
• (11:20) - Polymorphic keyloggers are not new
• (12:03) - AI makes it faster to iterate polymorphic malware
• (12:33) - AI is able to analyze source code and find more vulnerabilities
• (15:16) - How scared should we be? (hype vs reality)
• (16:10) - Knowing enough to ask the right questions is important
• (17:41) - Significant risks of AI fraud and social engineering
• (19:32) - Business email compromise
• (21:10) - How defenders can use AI
• (24:28) - Audio deepfakes have become easier to create
• (25:06) - Ethical concerns for pentesters using AI
• (29:26) - In one sentence, how will AI change malware production in the near future?

Community Q&A | Episode 17

In episode 17 of the AI Security Ops Podcast, hosts Joff Thyer, Derek Banks, Brian Fehrman and Bronwen Aker answer viewer-submitted questions about system prompts, prompt injection risks, AI hallucinations, deep fakes, and when (and when not) to use AI in cybersecurity. 

They'll discuss the difference between system and user prompts, how temperature settings impact LLM outputs, and the biggest mistakes companies make when deploying AI models. 

They'll also explain how to reduce hallucinations, and approach AI responsibly in security workflows. Derek explains his method for detecting audio deep fakes.

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro
• (01:10) - What is a system prompt? How is it different from a user prompt?
• (03:35) - What are some common system prompt mistakes?
• (06:54) - Does repeating a prompt give different responses? (non-deterministic)
• (07:56) - The temperature knob effect
• (12:18) - When should I use AI? When should I not?
• (16:47) - What are best practices to reduce hallucinations?
• (20:29) - End-user temperature knob work-around
• (22:55) - AI bots that rewrite their code to avoid shutdown commands
• (26:53) - NCSL.org - Updates on legislation affecting AI
• (29:44) - How do we detect AI deep fakes?
• (30:00) - Derek’s DeepFake demo video
• (30:38) - DISCLAIMER - Do Not use AI deep fakes to break the law!
• (31:29) - F5-tts.org - Deep fake website
• (35:02) - Derek pranks his family using AI

In Episode 16, Joff and the team welcome human-centric AI innovator Daniel Miessler, creator of Fabric, an AI framework for solving real-world problems from a human perspective.

The conversation covers AI’s role in cybersecurity, the importance of clarity in “intent engineering” over prompt tricks, and the risks and opportunities of deploying large language models. They explore the shift from “vibe coding” to “spec coding,” the rise of AI scaffolding over raw model improvements, and what AI advancements including GPT-5 mean for the future of knowledge work.

"Introducing Fabric — A Human AI Augmentation Framework"
https://www.youtube.com/watch?v=wPEyyigh10g

Daniel's GitHub repository:
https://github.com/danielmiessler/Fabric

#AI #CyberSecurity #AgenticAI #SecurityOps #PromptEngineering

https://poweredbybhis.com

In this episode, we'll discuss Palo Alto Networks’ acquisition of Protect AI, the rise of “Shadow AI” in enterprises, alarming AI-driven data leaks, and vibe coding gone wrong. We'll dive into critical issues like AI hallucinations and the growing need for "human in the loop" oversight. We'll wrap up with a discussion of Proton’s Lumo AI chatbot, disappearing medical disclaimers in AI chatbots and data poisoning in Amazon's AI coding agent.

#AI #Cybersecurity #LLM #AInews #AISecurityOps #BlackHillsInfosec #LLMGuard #ShadowAI #DataLeak #AgenticAI #PrivacyTech #VibeCoding #ProtectAI

00:00 - Welcome, Intro

00:58 - Palo Alto Networks Completes Acquisition of Protect AI

https://www.paloaltonetworks.com/company/press/2025/palo-alto-networks-completes-acquisition-of-protect-ai

04:53 - Metomic Finds AI Data Leaks Impact 68% of Organizations, But Only 23% Have Proper AI Data Security Policies 

https://www.metomic.io/resource-centre/metomic-finds-ai-data-leaks-impact-68-of-organizations-but-only-23-have-proper-ai-data-security-policies

09:46 - S&P 500’s AI adoption may invite data breaches, new research shows

https://cybernews.com/security/sp-500-companies-ai-security-risks-report/

12:53 - Vibe Coding Fiasco: AI Agent Goes Rogue, Deletes Company's Entire Database

https://www.pcmag.com/news/vibe-coding-fiasco-replite-ai-agent-goes-rogue-deletes-company-database

18:47 - A major AI training data set contains millions of examples of personal data

https://www.technologyreview.com/2025/07/18/1120466/a-major-ai-training-data-set-contains-millions-of-examples-of-personal-data/

23:34 - Introducing Lumo, the AI where every conversation is confidential

https://proton.me/blog/lumo-ai

28:56 - AI companies have stopped warning you that their chatbots aren’t doctors

https://www.technologyreview.com/2025/07/21/1120522/ai-companies-have-stopped-warning-you-that-their-chatbots-arent-doctors/

36:53 - Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent

https://www.404media.co/hacker-plants-computer-wiping-commands-in-amazons-ai-coding-agent/

https://poweredbybhis.com

In Episode 14 of the AI Security Ops Podcast, hosts Joff Thyer, Derek Banks, and Brian Fehrman answer questions submitted by viewers. 

The team will cover how effective prompt engineering can transform LLMs into workflow accelerators, and debate AI tool strengths— when to use Claude, ChatGPT, or Notebook LM.

They'll discuss the importance of human oversight when integrating AI into operations, highlighting the "human-in-the-loop" concept and include ways to explain AI to non-technical audiences.

#AI #promptengineering #CyberSecurity #Automation #SecurityOps #claudeai #chatgpt 

00:00 - Welcome, Intro

02:00 - Q - How do you use AI?

02:55 - The importance of effective prompt engineering

10:24 - Upcoming workshop - AI Workflow Optimization for Red Teaming

12:10 - Q - Which AI for which task? Where should I invest my time?

14:12 - Claude for coding in Python & Golang, but not great at Java

16:35 - Derek - Initial prompt improvement in Chat GPT, then go to Claude

17:37 - NotebookLM for students (https://notebooklm.google/)

20:01 - Invest your time in prompt engineering - applicable to any model

22:38 - Double check code, understand what it means, do not blindly trust AI output

25:17 - Q - How to discuss AI with a non-technical audience

28:08 - Talk to LLMs like a child

28:54 - AI is not sentient, it's just drawing relevant correlations

31:48 - Ask them clarifying questions - what are they trying to ask? What's the context?

33:37 - Q - How can you do "Human in the Loop?"

35:24 - Don't give your agentic AI too much power - treat it like a junior assistant

https://poweredbybhis.com 

Augmenting Red Teaming with AI | Episode 13

In Episode 13 of the AI Security Ops Podcast, hosts Joff Thyer, Derek Banks, and Brian Fehrman dive into the exciting world of **Agentic AI in Red Teaming**. 

Discover how augmenting red teams with AI-driven tools helps automate penetration testing, tackle low-hanging fruit vulnerabilities, and provide comprehensive security coverage. The team discusses the importance of prompt engineering, maintaining human oversight, and navigating potential risks, including unintended actions by autonomous AI agents. 

Tune in to explore how AI is reshaping cybersecurity and learn practical strategies to effectively integrate Agentic AI into your security assessments.

#AI #CyberSecurity #RedTeaming #AgenticAI #Automation #SecurityOps

https://poweredbybhis.com

Regulating the Machine: Global AI Laws and the Impact of GDPR | Episode 12

In Episode 12 the hosts discuss the complexities of regulating artificial intelligence (AI) technology across the globe. 

Highlighting the rapid advancement of AI and its challenges for lawmakers, the episode explores how the GDPR framework in the European Union provides clear guidelines addressing AI-related issues like data privacy, consent, and accountability. The discussion also contrasts the European regulatory-first approach with the U.S.'s innovation-driven stance, considering implications for privacy, intellectual property, and technology advancement. Additionally, the podcast addresses the fragmented nature of AI regulations within U.S. states, emphasizing the need for effective information security practices, audit mechanisms, and risk management frameworks.

https://poweredbybhis.com 

In this episode of AI Security Ops, we explore major AI news, including the Scale AI data leak impacting giants like Google and Meta, a novel jailbreak attack technique dubbed the Echo Chamber, and Anthropic's Claude-Gov, tailored for U.S. national security. We discuss ethical AI management solutions, the innovative use of AI to detect shoplifting via behavioral gestures, IBM's WatsonX platform, and critical insights into AI red teaming and SQL injection vulnerabilities affecting AI applications. 

Join us as we uncover how traditional security practices remain crucial in today's AI-driven landscape.

News Links Referenced:

Scale AI exposed sensitive data about clients like Meta and xAI in public Google Docs, BI finds

https://www.businessinsider.com/scale-ai-public-google-docs-security-2025-6

AI Security Turning Point: Echo Chamber Jailbreak Exposes Dangerous Blind Spot

https://www.techrepublic.com/article/news-echo-chamber-jailbreak-manipulates-llms/

Anthropic's "Claude Gov" for National Security

https://techcrunch.com/2025/06/05/anthropic-unveils-custom-ai-models-for-u-s-national-security-customers/

Veesion - AI That Catches Shoplifters by Their Gestures

https://www.businessinsider.com/veesion-ai-tech-startup-shoplifting-prevention-alerts-security-suspicious-gestures-2025-6

IBM's New Platform for Managing "Agentic AI"

https://thejournal.com/articles/2025/06/24/ibm-launches-agentic-ai-governance-and-security-platform.aspx

How a Classic Bug Can Poison Modern AI Agents

https://www.trendmicro.com/en_us/research/25/f/why-a-classic-mcp-server-vulnerability-can-undermine-your-entire-ai-agent.html

The "False Sense of Security" in AI Red Teaming

https://www.forbes.com/councils/forbestechcouncil/2025/06/16/the-false-sense-of-security-in-ai-red-teaming/

Explore the rising security risks and challenges associated with agentic AI in Episode 10 of AI Security Ops. 

Join Cybersecurity experts Joff Thyer, Bronwen Aker, Derek Banks, and Brian Ferhman as they unpack the complexities of AI gaining autonomy and agency. This episode covers key topics such as defining agentic AI, real-world vulnerabilities like prompt injection, potential implications for cybersecurity, and effective mitigation strategies like implementing guardrails and maintaining granular logging. 

Valuable information for cybersecurity professionals, AI developers, and anyone interested in the future of artificial intelligence security.

#AgenticAI #AISecurity #Cybersecurity #LLMs #PromptInjection #RedTeaming #AIrisks
----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

https://poweredbybhis.com

Episode 9 of AI Security Ops! AI Model Usage and Comparisons

In this exciting episode, we explore practical uses and comparisons of popular AI models including OpenAI, Claude, Gemini, and Copilot. 

Join our expert panelists as they discuss personal workflows, share experiences with AI-driven coding and text processing, and examine strengths and weaknesses of these powerful technologies. Discover insights into the exponential growth of AI capabilities, the emerging specialization of models, and practical advice for effectively integrating AI tools into your cybersecurity practices. 

Tune in to stay ahead in the rapidly evolving landscape of AI and cybersecurity.

#AISecurityOps #AIModels #Cybersecurity #OpenAI #ClaudeAI #GeminiAI #Copilot #AITools #ArtificialIntelligence #TechTrends #AIInsights #CyberSec

----------------------------------------------------------------------------------------------

Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/

Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/

Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/

Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/

Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

https://poweredbybhis.com 

AEO vs SEO | Episode 8

Explore how Artificial Intelligence (AI) is revolutionizing online search in this insightful episode of the AI Security Ops Podcast. 

Learn about Search Engine Optimization (SEO) versus Answer Engine Optimization (AEO), and understand the shift from link-based results to rich, AI-driven answers. Discover the security challenges and ethical implications surrounding the use of AI in search engines, including risks like misinformation, deepfakes, and data privacy concerns. Gain practical insights on how critical thinking and verification are becoming essential skills in navigating this new era of AI-enhanced search.

#SEO #AEO #ArtificialIntelligence #Cybersecurity #AI #InformationSecurity #SearchEngines #AIOptimization #OnlineSecurity #DigitalPrivacy

R.A.G. (Retrieval Augmented Generation) is a powerful technique for enhancing Large Language Model (LLM) outputs with real-time, external data. RAG bridges the gap between static model knowledge and dynamic, context-aware responses.

Join hosts Brian Fehrman, Derek Banks, Bronwen Aker, and Ben Bowman as they break down how RAG improves the reliability and relevance of generative AI systems. You’ll learn why context retrieval matters, what problems RAG solves, and where it fits into modern AI security practices.

https://poweredbybhis.com 

Episode 6: LLM Guardrails

We dive deep into the evolving world of LLM guardrails. 

We explore why guardrails are essential for securing large language models, the challenges of implementing them effectively, and how current approaches often resemble the patchwork fixes of early InfoSec days. From input/output filtering and prompt injection defenses to the emerging trend of LLMs guarding other LLMs, we analyze real-world assessments, highlight security pitfalls, and discuss the need for layered, deterministic defenses.

Plus, Brian Teases the next [ segments ] episode utilizing Prompt Guard within open web pipelines.

In this episode of the AI Security Ops podcast, the panel discusses the challenges and risks of harmful content generated by AI, particularly focusing on generative models like GPT. They explore how powerful prompt engineering can lead to the creation of misleading or dangerous outputs, and highlight the importance of detection methods, ethical oversight, and regulatory standards. The conversation emphasizes the need for responsible use of AI, stressing that while these models are incredibly capable, safeguards and human accountability are essential to prevent misuse.

Is this summary misleading?

Topics :

• AI in email spam detection
• Teaching machine learning through real datasets
• NLP's role in cybersecurity
• Behind-the-scenes on building practical AI models

🔍 What We Cover:

• What deepfakes are and how they’re created using generative adversarial networks (GANs) and diffusion models
• Real-world deepfake incidents, including multimillion-dollar fraud
• The growing accessibility of deepfake tools and the implications for social engineering
• Detection and mitigation strategies: How to spot a deepfake and protect yourself or your organization
• Ethical and legal challenges in legislating deepfake technology
• Best practices for experimenting responsibly with deepfake tools

⚠️ With AI making deepfakes more realistic and accessible than ever, this isn’t just a tech curiosity—it’s a major infosec concern. Whether you're a cybersecurity pro, a tech enthusiast, or just curious about AI's darker side, this episode is a must-watch.

💬 Don’t forget to LIKE, COMMENT, and SUBSCRIBE for more insights on AI and cybersecurity!

#AI #Deepfakes #CyberSecurity #InfoSec #SocialEngineering #GenerativeAI #EthicalAI #AITrends #Podcast #AIForGood #BlackHillsInfoSec

Welcome to Episode 2 of AI Security Ops!

In this episode, Joff Thyer, Derek Banks, Brian Fehrman, and Ben "The Heretic" Bowman take a deep dive into Prompt Injection — one of the most fascinating and misunderstood attack techniques in the AI space.

We break down:
🛠️ What large language models (LLMs) are and how they work
💣 What prompt injection is, and why it matters for AI security
🎭 How attackers manipulate system prompts and personas
🔐 The difference between prompt injection and jailbreaking
👩‍💻 Practical examples, stories, and hands-on resources you can explore
🎯 How to start your journey as an AI hacker and why web app pen testing skills are more relevant than ever

Plus:
👉 Real-world cases of prompt attacks on Bing, Amazon, and more
👉 Tools and labs you can play with right now to test your skills
👉 Be sure to check out this weeks Tech Demo on YouTube!

Brought to you by the cybersecurity experts at Black Hills Information Security
https://blackhillsinfosec.com