Pwn the Enterprise - thank you AI! Slides, Demos and Techniques
We’re getting asks for more info about the 0click AI exploits we dropped this week at DEFCON / BHUSA. We gave a talk at BlackHat, but it’ll take time bef...
By topic
- Hacking 14
- AI 13
- Microsoft 5
- Red Team 5
- AI Agents 5
- Vulnerability Disclosure 3
- Vulnerability Discovery 3
- Red Teaming 3
- OpenAI 3
- BlackHat 2
- Threat Intelligence 2
- AmazonQ 2
- Vulnerability Management 1
- OWASP 1
- RSAC 1
- Prompt Injection 1
- AIjacking 1
- LLM 1
- Guardrails 1
- UX 1
- Human-Machine Interface 1
- Software Engineering 1
Hacking
Someone Is Cleaning Up Evidence
AWS security blog confirms the attacker gained access to a write token and abused it to inject the malicious prompt. This confirms our earlier findings.
Reconstructing a timeline for Amazon Q prompt infection
In the 404media article the hacker explains how they did it:
Why Aren’t We Making Any Progress In Security From AI
Guardrails Are Soft Boundaries. Hard Boundaries Do Exist.
OAI Q&A on Security From AI
This is part 3 on OpenAI’s Security Research Conference. Here are part 1 and part 2.
Fully-Autonomous AI Systems Are Discovering Vulns Today
This is part 2 on OpenAI’s Security Research Conference. Here is part 1.
The Vibe at OpenAI’s Inaugural Security Research Conf
The conversation around AI is always about vibes. So let’s talk about the vibes at OpenAI’s inaugural Security Research Conference last week.
There Is Nothing Responsible About Disclosure Of Every Successful Prompt Injection
The InfoSec community is strongest when it can collaborate openly. Few organizations can fend off sophisticated attacks alone—and even they sometimes fail. I...
AIjacking Goes Beyond Prompt Injection
Naming is powerful. An excellent name does more than frame the problem, it hints at ownership, solutions, and urgency to address it. In a very real sense, t...
Very Important Instructions
This is a boring blog post. At least for humans.
Safe Web Browsing for Copilots
Allowing a copilot to search the web at will is extremely dangerous. Here are two somewhat-understood vulnerabilities and how to mitigate them. Note: this is...
Power Platform DLP Bypass via Copy-And-Paste
Last August I gave a talk at BlackHat USA titled All You Need Is Guest. In it, I showed how simple guest access to EntraID could be escalated into full contr...
All You Need Is Guest
This is a long overdue blog version of a talk I gave at BlackHat USA 2023 titled All You Need Is Guest. Slides and video recording are available as well.
Copilot exfiltrates High Restricted SharePoint files to any user on the Internet, no auth required
Microsoft Copilot Studio allows users to quickly build enterprise Copilots on top of their business data. Every enterprise user can now plug enterprise data ...
AI
Pwn the Enterprise - thank you AI! Slides, Demos and Techniques
We’re getting asks for more info about the 0click AI exploits we dropped this week at DEFCON / BHUSA. We gave a talk at BlackHat, but it’ll take time bef...
Someone Is Cleaning Up Evidence
AWS security blog confirms the attacker gained access to a write token and abused it to inject the malicious prompt. This confirms our earlier findings.
Reconstructing a timeline for Amazon Q prompt infection
In the 404media article the hacker explains how they did it:
Why Aren’t We Making Any Progress In Security From AI
Guardrails Are Soft Boundaries. Hard Boundaries Do Exist.
OAI Q&A on Security From AI
This is part 3 on OpenAI’s Security Research Conference. Here are part 1 and part 2.
Fully-Autonomous AI Systems Are Discovering Vulns Today
This is part 2 on OpenAI’s Security Research Conference. Here is part 1.
The Vibe at OpenAI’s Inaugural Security Research Conf
The conversation around AI is always about vibes. So let’s talk about the vibes at OpenAI’s inaugural Security Research Conference last week.
There Is Nothing Responsible About Disclosure Of Every Successful Prompt Injection
The InfoSec community is strongest when it can collaborate openly. Few organizations can fend off sophisticated attacks alone—and even they sometimes fail. I...
AIjacking Goes Beyond Prompt Injection
Naming is powerful. An excellent name does more than frame the problem, it hints at ownership, solutions, and urgency to address it. In a very real sense, t...
Very Important Instructions
This is a boring blog post. At least for humans.
Safe Web Browsing for Copilots
Allowing a copilot to search the web at will is extremely dangerous. Here are two somewhat-understood vulnerabilities and how to mitigate them. Note: this is...
Security for AI is the Next Big Thing! But we don’t really know what it means yet
As AI continues to capture everyone’s attention, security for AI becomes a popular topic in the market. Security for AI is capturing the media cycle, AI secu...
Copilot exfiltrates High Restricted SharePoint files to any user on the Internet, no auth required
Microsoft Copilot Studio allows users to quickly build enterprise Copilots on top of their business data. Every enterprise user can now plug enterprise data ...
Microsoft
Safe Web Browsing for Copilots
Allowing a copilot to search the web at will is extremely dangerous. Here are two somewhat-understood vulnerabilities and how to mitigate them. Note: this is...
Power Platform DLP Bypass via Copy-And-Paste
Last August I gave a talk at BlackHat USA titled All You Need Is Guest. In it, I showed how simple guest access to EntraID could be escalated into full contr...
All You Need Is Guest
This is a long overdue blog version of a talk I gave at BlackHat USA 2023 titled All You Need Is Guest. Slides and video recording are available as well.
Copilot exfiltrates High Restricted SharePoint files to any user on the Internet, no auth required
Microsoft Copilot Studio allows users to quickly build enterprise Copilots on top of their business data. Every enterprise user can now plug enterprise data ...
My intense 2am conversation with MSRC a week before BlackHat
Research as usual
Red Team
Very Important Instructions
This is a boring blog post. At least for humans.
Safe Web Browsing for Copilots
Allowing a copilot to search the web at will is extremely dangerous. Here are two somewhat-understood vulnerabilities and how to mitigate them. Note: this is...
Power Platform DLP Bypass via Copy-And-Paste
Last August I gave a talk at BlackHat USA titled All You Need Is Guest. In it, I showed how simple guest access to EntraID could be escalated into full contr...
All You Need Is Guest
This is a long overdue blog version of a talk I gave at BlackHat USA 2023 titled All You Need Is Guest. Slides and video recording are available as well.
Copilot exfiltrates High Restricted SharePoint files to any user on the Internet, no auth required
Microsoft Copilot Studio allows users to quickly build enterprise Copilots on top of their business data. Every enterprise user can now plug enterprise data ...
AI Agents
How Should AI Ask for Our Input?
Enterprise systems provide a terrible user experience. That’s common knowledge. Check out one of the flash keynotes about the latest flagship AI product by ...
Pwn the Enterprise - thank you AI! Slides, Demos and Techniques
We’re getting asks for more info about the 0click AI exploits we dropped this week at DEFCON / BHUSA. We gave a talk at BlackHat, but it’ll take time bef...
Someone Is Cleaning Up Evidence
AWS security blog confirms the attacker gained access to a write token and abused it to inject the malicious prompt. This confirms our earlier findings.
Reconstructing a timeline for Amazon Q prompt infection
In the 404media article the hacker explains how they did it:
Why Aren’t We Making Any Progress In Security From AI
Guardrails Are Soft Boundaries. Hard Boundaries Do Exist.
Vulnerability Disclosure
There Is Nothing Responsible About Disclosure Of Every Successful Prompt Injection
The InfoSec community is strongest when it can collaborate openly. Few organizations can fend off sophisticated attacks alone—and even they sometimes fail. I...
Power Platform DLP Bypass via Copy-And-Paste
Last August I gave a talk at BlackHat USA titled All You Need Is Guest. In it, I showed how simple guest access to EntraID could be escalated into full contr...
All You Need Is Guest
This is a long overdue blog version of a talk I gave at BlackHat USA 2023 titled All You Need Is Guest. Slides and video recording are available as well.
Vulnerability Discovery
OAI Q&A on Security From AI
This is part 3 on OpenAI’s Security Research Conference. Here are part 1 and part 2.
Fully-Autonomous AI Systems Are Discovering Vulns Today
This is part 2 on OpenAI’s Security Research Conference. Here is part 1.
The Vibe at OpenAI’s Inaugural Security Research Conf
The conversation around AI is always about vibes. So let’s talk about the vibes at OpenAI’s inaugural Security Research Conference last week.
Red Teaming
OAI Q&A on Security From AI
This is part 3 on OpenAI’s Security Research Conference. Here are part 1 and part 2.
Fully-Autonomous AI Systems Are Discovering Vulns Today
This is part 2 on OpenAI’s Security Research Conference. Here is part 1.
The Vibe at OpenAI’s Inaugural Security Research Conf
The conversation around AI is always about vibes. So let’s talk about the vibes at OpenAI’s inaugural Security Research Conference last week.
OpenAI
OAI Q&A on Security From AI
This is part 3 on OpenAI’s Security Research Conference. Here are part 1 and part 2.
Fully-Autonomous AI Systems Are Discovering Vulns Today
This is part 2 on OpenAI’s Security Research Conference. Here is part 1.
The Vibe at OpenAI’s Inaugural Security Research Conf
The conversation around AI is always about vibes. So let’s talk about the vibes at OpenAI’s inaugural Security Research Conference last week.
BlackHat
Pwn the Enterprise - thank you AI! Slides, Demos and Techniques
We’re getting asks for more info about the 0click AI exploits we dropped this week at DEFCON / BHUSA. We gave a talk at BlackHat, but it’ll take time bef...
My intense 2am conversation with MSRC a week before BlackHat
Research as usual
Threat Intelligence
Someone Is Cleaning Up Evidence
AWS security blog confirms the attacker gained access to a write token and abused it to inject the malicious prompt. This confirms our earlier findings.
Reconstructing a timeline for Amazon Q prompt infection
In the 404media article the hacker explains how they did it:
AmazonQ
Someone Is Cleaning Up Evidence
AWS security blog confirms the attacker gained access to a write token and abused it to inject the malicious prompt. This confirms our earlier findings.
Reconstructing a timeline for Amazon Q prompt infection
In the 404media article the hacker explains how they did it:
Vulnerability Management
My intense 2am conversation with MSRC a week before BlackHat
Research as usual
OWASP
Followup links for OWASP Global AppSec DC 2023
Assorted links for OWASP Global AppSec DC 2023:
RSAC
Followup links for All You Need Is Guest RSAC 2024
Assorted links for All You Need Is Guest @ RSAC 2024:
Prompt Injection
AIjacking Goes Beyond Prompt Injection
Naming is powerful. An excellent name does more than frame the problem, it hints at ownership, solutions, and urgency to address it. In a very real sense, t...
AIjacking
AIjacking Goes Beyond Prompt Injection
Naming is powerful. An excellent name does more than frame the problem, it hints at ownership, solutions, and urgency to address it. In a very real sense, t...
LLM
Why Aren’t We Making Any Progress In Security From AI
Guardrails Are Soft Boundaries. Hard Boundaries Do Exist.
Guardrails
Why Aren’t We Making Any Progress In Security From AI
Guardrails Are Soft Boundaries. Hard Boundaries Do Exist.
UX
How Should AI Ask for Our Input?
Enterprise systems provide a terrible user experience. That’s common knowledge. Check out one of the flash keynotes about the latest flagship AI product by ...
Human-Machine Interface
How Should AI Ask for Our Input?
Enterprise systems provide a terrible user experience. That’s common knowledge. Check out one of the flash keynotes about the latest flagship AI product by ...
Software Engineering
How Should AI Ask for Our Input?
Enterprise systems provide a terrible user experience. That’s common knowledge. Check out one of the flash keynotes about the latest flagship AI product by ...