Join Robert Hurlbut for AI Whiteboard Hacking, a 2-day hands-on threat modeling training, happening Nov 4–5 at OWASP Global AppSec USA 2025.

Register: https://owasp.glueup.com/event/131624/register/

Explore real-world AI threats like prompt injection and data poisoning and learn how to design secure AI systems using the proven DICE methodology.

Master AI cybersecurity in 3 days!
SECUIA by HS2 trains devs, pentesters & AI pros to spot & exploit LLM flaws.
Focus: generative models & AI threats
Upcoming sessions: July 7–9 & Sept 3–5
formation@hs2.fr
#AIsecurity #LLM #leHACK

Secure your AI models with OpenSSF Model Signing (OMS)

Learn how OpenSSF’s AI/ML WG designed OMS to build trust in ML model artifacts.

https://openssf.org/blog/2025/06/25/an-introduction-to-the-openssf-model-signing-oms-specification/

LLMs are now part of phishing kits.
The future isn't coming—it's exploiting your inbox in natural language.
#AIsecurity #LLM #phishing

Hi y'all! New to infosec.exchange!

We're RSOLV - building automated security vulnerability detection + remediation (yes, a _fix_, not just a red flag)

While researching AI-generated code, we discovered something wild: 19.6% of AI package suggestions don't exist. Hackers are pre-registering them.

Traditional scanners miss this completely. We detect AND fix it.

Journey: https://www.indiehackers.com/post/built-the-wrong-thing-at-the-wrong-time-but-discovered-something-worse-or-better-0bc8629cc0

Blog: https://rsolv.dev/blog/hidden-cost-ai-generated-code?utm_source=mastodon&utm_medium=social&utm_campaign=slopsquatting

https://www.europesays.com/2173702/ IBM Creates Integrated Solution for AI Security and Governance #AI #AIRisk #AISafety #AISecurity #ArtificialIntelligence #EUAIAct #IBM #News #PYMNTSNews #security #technology #What'sHot

Ever heard of "data poisoning" or "prompt injection" attacks on AI? It's not sci-fi! Hackers can actually manipulate AI models used in supply chains by corrupting their training data or tricking their outputs. Fascinatingly scary stuff. #AISecurity #Tech
https://archive.is/Wjoh0

Okay, this is a bit sci-fi: imagine hackers sending secret instructions to your AI assistant, hidden in a normal-looking email, to steal your data. That's kinda what happened with a (now patched) Microsoft Copilot vulnerability. Spooky! #AIsecurity #Tech
https://archive.is/Xg0r5

What Happens When AI Goes Rogue?

From blackmail to whistleblowing to strategic deception, today's AI isn't just hallucinating — it's scheming.

In our new Cyberside Chats episode, LMG Security’s @sherridavidoff and @MDurrin share new AI developments, including:

• Scheming behavior in Apollo’s LLM experiments
• Claude Opus 4 acting as a whistleblower
• AI blackmailing users to avoid shutdown
• Strategic self-preservation and resistance to being replaced
• What this means for your data integrity, confidentiality, and availability

Watch the video: https://youtu.be/k9h2-lEf9ZM
Listen to the podcast: https://www.chatcyberside.com/e/ai-gone-rogue-from-schemes-to-whistleblowing/?token=a0a79bc031829d23746df1392fa6122a

Microsoft 365 Copilot: Critical 'EchoLeak' Flaw Turned Microsoft's Own AI Into Data Thief

#AI #AISecurity #Microsoft #Copilot #CyberSecurity #EchoLeak #Vulnerability #DataBreach #LLM #InfoSec #Microsoft365 #EnterpriseSecurity

https://winbuzzer.com/2025/06/16/microsoft-365-copilot-critical-echoleak-flaw-turned-microsofts-own-ai-into-data-thief-xcxwbn/

Hello World! #introduction

Work in cybersec for 25+ years. Big OSS proponent.

Latest projects:

VectorSmuggle is acomprehensive proof-of-concept demonstrating vector-based data exfiltration techniques in AI/ML environments. This project illustrates potential risks in RAG systems and provides tools and concepts for defensive analysis.
https://github.com/jaschadub/VectorSmuggle

SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks (aka MCP Rug Pulls).
https://github.com/ThirdKeyAI/SchemaPin

Heard of "data poisoning" for AI? It's like feeding your AI deliberately corrupted info. The NSA & its partners are sounding the alarm: protect your AI's training data, because bad data = bad (or dangerous) AI. #AISecurity #Tech
https://archive.is/tCZBh

Mind blown: Code doesn't always wait to be called to execute! In Langflow AI, a vulnerability (CVE-2025-3248) allowed unauthenticated RCE because Python function decorators (and even default arguments!) can run code just on *definition*. Patch up! #AIsecurity #Tech
https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/

AI is the new attack surface—are you ready?

From shadow AI to deepfake-driven threats, attackers are finding creative ways to exploit your organization’s AI tools, often without you realizing it.

Watch our new 3-minute video, How Attackers Target Your Company’s AI Tools, for advice on:

The rise of shadow AI (yes, your team is probably using it!)
Real-world examples of AI misconfigurations and account takeovers
What to ask vendors about their AI usage
How to update your incident response plan for deepfakes
Actionable steps for AI risk assessments and inventories

Don’t let your AI deployment become your biggest security blind spot.

Watch now: https://youtu.be/R9z9A0eTvp0

Microsoft Unveils Free AI Security Program for EU Governments

#Cybersecurity #Microsoft #EuropeanUnion #AI #DigitalDefense #Privacy #InfoSec #EuropeanSecurityProgram #AIsecurity #GovTech

https://winbuzzer.com/2025/06/05/microsoft-unveils-free-ai-security-program-for-eu-governments-xcxwbn/

Only one week left to register for our next Cyberside Chats Live event! Join us June 11th to discuss what happens when an AI refuses to shut down—or worse, starts blackmailing users to stay online?

These aren’t science fiction scenarios. We’ll dig into two real-world incidents, including a case where OpenAI’s newest model bypassed shutdown scripts and another where Anthropic’s Claude Opus 4 generated blackmail threats in an alarming display of self-preservation.

Join us as we unpack:
What “high-agency behavior” means in cutting-edge AI
How API access can expose unpredictable and dangerous model actions
Why these findings matter now for security teams
What it all means for incident response and digital trust

Stick around for a live Q&A with LMG Security’s experts @sherridavidoff and @MDurrin. This session will challenge the way you think about AI risk!

Register today: https://www.lmgsecurity.com/event/cyberside-chats-live-june2025/

Almost every organization is using some type of AI, but are you securing it?

Download our free tip sheet: Adapting to AI Risks: Essential Cybersecurity Program Updates

From deepfake response plans to AI-specific access controls, this checklist helps you modernize your cybersecurity program and stay ahead of emerging threats.

Check it out: https://www.lmgsecurity.com/resources/adapting-to-ai-risks-essential-cybersecurity-program-updates/

Here's a cyber-puzzle: It takes 6-9 months to ensure an AI model is safe, but the model itself might only be useful for 3-6 months. That math is... tricky. How do we keep up? #AISecurity #Tech
https://archive.is/75UtJ

New research tests on various models find that the #ChatGPTo3 model resists shutdown despite explicit instructions.

Read: https://hackread.com/chatgpt-o3-resists-shutdown-instructions-study/