MastodonTech.de

Paul Reynolds :verified:AI at work is transforming how we get things done - but are we thinking about the security implications?I've just published my latest thoughts on Microsoft Copilot and the new internal risks it can create for UK businesses. We need to understand how powerful AI tools interact with our existing data permissions.The challenge isn't with Copilot itself, but with how it exposes the access control gaps that already exist in most organisations:✅ AI doesn't change permissions - it just makes existing oversharing more visible ✅ Most SMEs have never audited who can access what ✅ Simple training and policy changes can dramatically reduce risk ✅ The goal is securing AI adoption, not avoiding itMicrosoft has built security into Copilot but, like any powerful tool, it needs to be deployed thoughtfully. The businesses getting the most value are those taking a strategic approach to AI security from day one.<a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/MicrosoftCopilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftCopilot</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/SME" class="mention hashtag" rel="nofollow noopener" target="_blank">#SME</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a><a href="https://www.paulreynolds.uk/ai-at-work/" rel="nofollow noopener" translate="no" target="_blank">https://www.paulreynolds.uk/ai-at-work/</a>

Chloé MessdaghiPersistent prompt injections can manipulate LLM behavior across sessions, making attacks harder to detect and defend against. This is a new frontier in AI threat vectors. Read more: <a href="https://dl.acm.org/doi/10.1145/3728901" rel="nofollow noopener" translate="no" target="_blank">https://dl.acm.org/doi/10.1145/3728901</a> <a href="https://infosec.exchange/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#PromptInjection</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a>

OWASP FoundationJoin Robert Hurlbut for AI Whiteboard Hacking, a 2-day hands-on threat modeling training, happening Nov 4–5 at OWASP Global AppSec USA 2025.📍 Register: <a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank">https://owasp.glueup.com/event/131624/register/</a>Explore real-world AI threats like prompt injection and data poisoning and learn how to design secure AI systems using the proven DICE methodology.<a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSec</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#WashingtonDC</a>

leHACK🇬🇧🚨 Master AI cybersecurity in 3 days! SECUIA by HS2 trains devs, pentesters & AI pros to spot & exploit LLM flaws. 🎯 Focus: generative models & AI threats 📅 Upcoming sessions: July 7–9 & Sept 3–5 📩 formation@hs2.fr <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#LLM</a> <a href="https://infosec.exchange/tags/leHACK" class="mention hashtag" rel="nofollow noopener" target="_blank">#leHACK</a>

Sentinel SecurityLLMs are now part of phishing kits. The future isn't coming—it's exploiting your inbox in natural language. 📥📎 <a href="https://mastodon.social/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://mastodon.social/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#LLM</a> <a href="https://mastodon.social/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a>

RSOLV👋 Hi y'all! New to infosec.exchange! We're RSOLV - building automated security vulnerability detection + remediation (yes, a _fix_, not just a red flag) While researching AI-generated code, we discovered something wild: 19.6% of AI package suggestions don't exist. Hackers are pre-registering them. Traditional scanners miss this completely. We detect AND fix it. Journey: <a href="https://www.indiehackers.com/post/built-the-wrong-thing-at-the-wrong-time-but-discovered-something-worse-or-better-0bc8629cc0" rel="nofollow noopener" translate="no" target="_blank">https://www.indiehackers.com/post/built-the-wrong-thing-at-the-wrong-time-but-discovered-something-worse-or-better-0bc8629cc0</a> Blog: <a href="https://rsolv.dev/blog/hidden-cost-ai-generated-code?utm_source=mastodon&utm_medium=social&utm_campaign=slopsquatting" rel="nofollow noopener" translate="no" target="_blank">https://rsolv.dev/blog/hidden-cost-ai-generated-code?utm_source=mastodon&utm_medium=social&utm_campaign=slopsquatting</a> <a href="https://infosec.exchange/tags/AutomatedRemediation" class="mention hashtag" rel="nofollow noopener" target="_blank">#AutomatedRemediation</a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a>

LMG SecurityCan Your AI Be Hacked by Email Alone?No clicks. No downloads. Just one well-crafted email, and your Microsoft 365 Copilot could start leaking sensitive data.In this week’s episode of Cyberside Chats, <a href="https://infosec.exchange/@sherridavidoff" class="u-url mention" rel="nofollow noopener" target="_blank">@sherridavidoff</a> and <a href="https://infosec.exchange/@MDurrin" class="u-url mention" rel="nofollow noopener" target="_blank">@MDurrin</a> discuss EchoLeak, a zero-click exploit that turns your AI into an unintentional insider threat. They also reveal a real-world case from LMG Security’s pen testing team where prompt injection let attackers extract hidden system prompts and override chatbot behavior in a live environment.We’ll also share:• How EchoLeak exposes a new class of AI vulnerabilities • Prompt injection attacks that fooled real corporate systems • Security strategies every organization should adopt now • Why AI inputs need to be treated like code🎧 Listen to the podcast: <a href="https://www.chatcyberside.com/e/unmasking-echoleak-the-hidden-ai-threat/?token=90468a6c6732e5e2477f8eaaba565624" rel="nofollow noopener" translate="no" target="_blank">https://www.chatcyberside.com/e/unmasking-echoleak-the-hidden-ai-threat/?token=90468a6c6732e5e2477f8eaaba565624</a> 🎥 Watch the video: <a href="https://youtu.be/sFP25yH0sf4" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/sFP25yH0sf4</a><a href="https://infosec.exchange/tags/EchoLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#EchoLeak</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft365</a> <a href="https://infosec.exchange/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Copilot</a> <a href="https://infosec.exchange/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#PromptInjection</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/InsiderThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#InsiderThreats</a> <a href="https://infosec.exchange/tags/GenAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#GenAI</a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> <a href="https://infosec.exchange/tags/CybersideChats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CybersideChats</a>

hackmacEchoLeak - der "Dosenöffner" für KI‑Sicherheitsrealitäten!Es war nur eine Frage der Zeit – und hier ist sie: eine Zero‑Click‑Attacke auf ein KI-System wurde Realität. Die Schwachstelle, bekannt als EchoLeak, nutzt nur eine einzige manipulierte E‑Mail – kein Klick, kein Download, keine Warnung – und Copilot exfiltriert heimlich sensible Unternehmensdaten. <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://mastodon.social/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Copilot</a> <a href="https://mastodon.social/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft365</a> <a href="https://mastodon.social/tags/EchoLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#EchoLeak</a> <a href="https://mastodon.social/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZeroTrust</a> <a href="https://mastodon.social/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercrime</a>

Bryce KunzEver heard of "data poisoning" or "prompt injection" attacks on AI? It's not sci-fi! Hackers can actually manipulate AI models used in supply chains by corrupting their training data or tricking their outputs. Fascinatingly scary stuff. <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a> <a href="https://archive.is/Wjoh0" rel="nofollow noopener" translate="no" target="_blank">https://archive.is/Wjoh0</a>

Bryce KunzOkay, this is a bit sci-fi: imagine hackers sending secret instructions to your AI assistant, hidden in a normal-looking email, to steal your data. 🕵️‍♂️ That's kinda what happened with a (now patched) Microsoft Copilot vulnerability. Spooky! <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a> <a href="https://archive.is/Xg0r5" rel="nofollow noopener" translate="no" target="_blank">https://archive.is/Xg0r5</a>

LMG SecurityWhat Happens When AI Goes Rogue? From blackmail to whistleblowing to strategic deception, today's AI isn't just hallucinating — it's scheming.In our new Cyberside Chats episode, LMG Security’s <a href="https://infosec.exchange/@sherridavidoff" class="u-url mention" rel="nofollow noopener" target="_blank">@sherridavidoff</a> and <a href="https://infosec.exchange/@MDurrin" class="u-url mention" rel="nofollow noopener" target="_blank">@MDurrin</a> share new AI developments, including:• Scheming behavior in Apollo’s LLM experiments • Claude Opus 4 acting as a whistleblower • AI blackmailing users to avoid shutdown • Strategic self-preservation and resistance to being replaced • What this means for your data integrity, confidentiality, and availability📺 Watch the video: <a href="https://youtu.be/k9h2-lEf9ZM" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/k9h2-lEf9ZM</a> 🎧 Listen to the podcast: <a href="https://www.chatcyberside.com/e/ai-gone-rogue-from-schemes-to-whistleblowing/?token=a0a79bc031829d23746df1392fa6122a" rel="nofollow noopener" translate="no" target="_blank">https://www.chatcyberside.com/e/ai-gone-rogue-from-schemes-to-whistleblowing/?token=a0a79bc031829d23746df1392fa6122a</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/RogueAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#RogueAI</a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZeroTrust</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/CybersideChats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CybersideChats</a> <a href="https://infosec.exchange/tags/LMGSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#LMGSecurity</a> <a href="https://infosec.exchange/tags/AIWhistleblower" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIWhistleblower</a> <a href="https://infosec.exchange/tags/AIgoals" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIgoals</a> <a href="https://infosec.exchange/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#LLM</a> <a href="https://infosec.exchange/tags/ClaudeAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#ClaudeAI</a> <a href="https://infosec.exchange/tags/ApolloAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#ApolloAI</a> <a href="https://infosec.exchange/tags/AISafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISafety</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/CEO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CEO</a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMB</a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberaware</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a>

WinbuzzerMicrosoft 365 Copilot: Critical 'EchoLeak' Flaw Turned Microsoft's Own AI Into Data Thief<a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://mastodon.social/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISecurity</a> <a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://mastodon.social/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Copilot</a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/EchoLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#EchoLeak</a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://mastodon.social/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#DataBreach</a> <a href="https://mastodon.social/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#LLM</a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://mastodon.social/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft365</a> <a href="https://mastodon.social/tags/EnterpriseSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#EnterpriseSecurity</a><a href="https://winbuzzer.com/2025/06/16/microsoft-365-copilot-critical-echoleak-flaw-turned-microsofts-own-ai-into-data-thief-xcxwbn/" rel="nofollow noopener" translate="no" target="_blank">https://winbuzzer.com/2025/06/16/microsoft-365-copilot-critical-echoleak-flaw-turned-microsofts-own-ai-into-data-thief-xcxwbn/</a>

JaschaHello World! <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#introduction</a> Work in cybersec for 25+ years. Big OSS proponent. Latest projects:VectorSmuggle is acomprehensive proof-of-concept demonstrating vector-based data exfiltration techniques in AI/ML environments. This project illustrates potential risks in RAG systems and provides tools and concepts for defensive analysis. <a href="https://github.com/jaschadub/VectorSmuggle" rel="nofollow noopener" translate="no" target="_blank">https://github.com/jaschadub/VectorSmuggle</a>SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks (aka MCP Rug Pulls). <a href="https://github.com/ThirdKeyAI/SchemaPin" rel="nofollow noopener" translate="no" target="_blank">https://github.com/ThirdKeyAI/SchemaPin</a><a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#ai</a> <a href="https://infosec.exchange/tags/AiResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#AiResearch</a> <a href="https://infosec.exchange/tags/aisecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#aisecurity</a> <a href="https://infosec.exchange/tags/rag" class="mention hashtag" rel="nofollow noopener" target="_blank">#rag</a> <a href="https://infosec.exchange/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#mcp</a> <a href="https://infosec.exchange/tags/mcpserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#mcpserver</a>

Bryce KunzHeard of "data poisoning" for AI? ☠️ It's like feeding your AI deliberately corrupted info. The NSA & its partners are sounding the alarm: protect your AI's training data, because bad data = bad (or dangerous) AI. <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a> <a href="https://archive.is/tCZBh" rel="nofollow noopener" translate="no" target="_blank">https://archive.is/tCZBh</a>

Bryce KunzMind blown: Code doesn't always wait to be called to execute! 🤯 In Langflow AI, a vulnerability (CVE-2025-3248) allowed unauthenticated RCE because Python function decorators (and even default arguments!) can run code just on *definition*. Patch up! <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a> <a href="https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/" rel="nofollow noopener" translate="no" target="_blank">https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/</a>

LMG SecurityOnly one week left to register for our next Cyberside Chats Live event! Join us June 11th to discuss what happens when an AI refuses to shut down—or worse, starts blackmailing users to stay online?These aren’t science fiction scenarios. We’ll dig into two real-world incidents, including a case where OpenAI’s newest model bypassed shutdown scripts and another where Anthropic’s Claude Opus 4 generated blackmail threats in an alarming display of self-preservation.Join us as we unpack: ▪ What “high-agency behavior” means in cutting-edge AI ▪ How API access can expose unpredictable and dangerous model actions ▪ Why these findings matter now for security teams ▪ What it all means for incident response and digital trustStick around for a live Q&A with LMG Security’s experts <a href="https://infosec.exchange/@sherridavidoff" class="u-url mention" rel="nofollow noopener" target="_blank">@sherridavidoff</a> and <a href="https://infosec.exchange/@MDurrin" class="u-url mention" rel="nofollow noopener" target="_blank">@MDurrin</a>. This session will challenge the way you think about AI risk!Register today: <a href="https://www.lmgsecurity.com/event/cyberside-chats-live-june2025/" rel="nofollow noopener" translate="no" target="_blank">https://www.lmgsecurity.com/event/cyberside-chats-live-june2025/</a><a href="https://infosec.exchange/tags/CybersideChats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CybersideChats</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://infosec.exchange/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberRisk</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a> <a href="https://infosec.exchange/tags/CYberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#CYberaware</a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMB</a> <a href="https://infosec.exchange/tags/CEO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CEO</a>

LMG SecurityAlmost every organization is using some type of AI, but are you securing it?Download our free tip sheet: Adapting to AI Risks: Essential Cybersecurity Program UpdatesFrom deepfake response plans to AI-specific access controls, this checklist helps you modernize your cybersecurity program and stay ahead of emerging threats.Check it out: <a href="https://www.lmgsecurity.com/resources/adapting-to-ai-risks-essential-cybersecurity-program-updates/" rel="nofollow noopener" translate="no" target="_blank">https://www.lmgsecurity.com/resources/adapting-to-ai-risks-essential-cybersecurity-program-updates/</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/GenAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#GenAI</a> <a href="https://infosec.exchange/tags/AIgovernance" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIgovernance</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/CEO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CEO</a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberaware</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a>

Bryce KunzHere's a cyber-puzzle: It takes 6-9 months to ensure an AI model is safe, but the model itself might only be useful for 3-6 months. That math is... tricky. 🤯 How do we keep up? <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a> <a href="https://archive.is/75UtJ" rel="nofollow noopener" translate="no" target="_blank">https://archive.is/75UtJ</a>

TechnoTenshi :verified_trans: :Fire_Lesbian:A vulnerability in GitHub MCP lets malicious Issues hijack AI agents to leak data from private repos. Invariant calls this a “toxic agent flow” and shows it can exfiltrate sensitive info via prompt injection. GitHub alone can't fix it—mitigation needs system-level controls. <a href="https://invariantlabs.ai/blog/mcp-github-vulnerability" rel="nofollow noopener" translate="no" target="_blank">https://invariantlabs.ai/blog/mcp-github-vulnerability</a><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/promptinjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#promptinjection</a> <a href="https://infosec.exchange/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#supplychainsecurity</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a>

WinbuzzerGitHub Copilot Ecosystem Hit by Critical MCP Server Security Flaw<a href="https://winbuzzer.com/2025/05/27/github-copilot-ecosystem-hit-by-critical-mcp-server-security-flaw-xcxwbn/" rel="nofollow noopener" translate="no" target="_blank">https://winbuzzer.com/2025/05/27/github-copilot-ecosystem-hit-by-critical-mcp-server-security-flaw-xcxwbn/</a><a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://mastodon.social/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> <a href="https://mastodon.social/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISecurity</a> <a href="https://mastodon.social/tags/MCP" class="mention hashtag" rel="nofollow noopener" target="_blank">#MCP</a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://mastodon.social/tags/Coding" class="mention hashtag" rel="nofollow noopener" target="_blank">#Coding</a> <a href="https://mastodon.social/tags/DataLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#DataLeak</a> <a href="https://mastodon.social/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#PromptInjection</a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://mastodon.social/tags/AICoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#AICoding</a> <a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a><a href="https://winbuzzer.com/2025/05/27/github-copilot-ecosystem-hit-by-critical-mcp-server-security-flaw-xcxwbn/" rel="nofollow noopener" translate="no" target="_blank">https://winbuzzer.com/2025/05/27/github-copilot-ecosystem-hit-by-critical-mcp-server-security-flaw-xcxwbn/</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#aisecurity