How Should AI Ask for Our Input?
Enterprise systems provide a terrible user experience. That’s common knowledge. Check out one of the flash keynotes about the latest flagship AI product by ...
Posts
Pwn the Enterprise - thank you AI! Slides, Demos and Techniques
We’re getting asks for more info about the 0click AI exploits we dropped this week at DEFCON / BHUSA. We gave a talk at BlackHat, but it’ll take time bef...
Someone Is Cleaning Up Evidence
AWS security blog confirms the attacker gained access to a write token and abused it to inject the malicious prompt. This confirms our earlier findings.
Reconstructing a timeline for Amazon Q prompt infection
In the 404media article the hacker explains how they did it:
Why Aren’t We Making Any Progress In Security From AI
Guardrails Are Soft Boundaries. Hard Boundaries Do Exist.
OAI Q&A on Security From AI
This is part 3 on OpenAI’s Security Research Conference. Here are part 1 and part 2.
Fully-Autonomous AI Systems Are Discovering Vulns Today
This is part 2 on OpenAI’s Security Research Conference. Here is part 1.
The Vibe at OpenAI’s Inaugural Security Research Conf
The conversation around AI is always about vibes. So let’s talk about the vibes at OpenAI’s inaugural Security Research Conference last week.
There Is Nothing Responsible About Disclosure Of Every Successful Prompt Injection
The InfoSec community is strongest when it can collaborate openly. Few organizations can fend off sophisticated attacks alone—and even they sometimes fail. I...
AIjacking Goes Beyond Prompt Injection
Naming is powerful. An excellent name does more than frame the problem, it hints at ownership, solutions, and urgency to address it. In a very real sense, t...
Very Important Instructions
This is a boring blog post. At least for humans.
Safe Web Browsing for Copilots
Allowing a copilot to search the web at will is extremely dangerous. Here are two somewhat-understood vulnerabilities and how to mitigate them. Note: this is...
Followup links for All You Need Is Guest RSAC 2024
Assorted links for All You Need Is Guest @ RSAC 2024:
Power Platform DLP Bypass via Copy-And-Paste
Last August I gave a talk at BlackHat USA titled All You Need Is Guest. In it, I showed how simple guest access to EntraID could be escalated into full contr...
All You Need Is Guest
This is a long overdue blog version of a talk I gave at BlackHat USA 2023 titled All You Need Is Guest. Slides and video recording are available as well.
Security for AI is the Next Big Thing! But we don’t really know what it means yet
As AI continues to capture everyone’s attention, security for AI becomes a popular topic in the market. Security for AI is capturing the media cycle, AI secu...
Copilot exfiltrates High Restricted SharePoint files to any user on the Internet, no auth required
Microsoft Copilot Studio allows users to quickly build enterprise Copilots on top of their business data. Every enterprise user can now plug enterprise data ...
Followup links for OWASP Global AppSec DC 2023
Assorted links for OWASP Global AppSec DC 2023:
My intense 2am conversation with MSRC a week before BlackHat
Research as usual