AI Security Ops

In this episode of BHIS Presents: AI Security Ops, the team breaks down a new benchmarking framework designed to evaluate AI pentesting agents against real-world offensive security scenarios. What began as experimental evaluation of “can AI hack?” has quickly shifted into something much closer to operational reality. Organizations are now seeing a surge in agentic tooling and automated pentesting workflows, where human-guided AI systems consistently outperform fully autonomous agents in complex, unsupervised environments. As AI tooling evolves, teams must balance speed with validation, monitoring, and oversight as offensive capabilities outpace defenses. We dig into: The new “AutoPenBench” framework for benchmarking AI pentesting agentsWhy fully autonomous AI hacking only achieved a 21% success rateHow human-assisted AI workflows increased success rates to 64%Testing AI agents against Log4Shell, Heartbleed, Spring4Shell, and classic web exploitsWhy modern offensive AI systems still require heavy human oversight and validationHow custom internal AI frameworks are already finding vulnerabilities humans missedThe operational role of prompt engineering, scaffolding, and agent memoryReal examples of AI agents mis-scoping infrastructure and chasing irrelevant targetsHow AI lowers the barrier for ransomware operations and offensive capability developmentWhy defensive teams need stronger edge visibility, packet capture, and AI-aware monitoring strategies⸻ 📚 Key Concepts & Topics AI Pentesting & Agentic Security Autonomous AI hacking agentsAgentic AI workflowsAI-assisted penetration testingOffensive security automation Benchmarking & Evaluation AutoPenBenchAI security benchmarkingHuman-in-the-loop validationLong-horizon task evaluation Offensive Security Operations SQL injectionPath traversalLog4Shell / Heartbleed / Spring4ShellKali Linux offensive tooling AI Infrastructure & Model Operations Prompt engineeringPersistent agent memoryRoleplay jailbreak techniquesGuardrail reduction strategies Defensive Security Strategy Defense in depthEdge network monitoringZeek network analysisPacket capture visibility Industry & Threat Implications AI-enabled ransomware operationsAI-assisted red teamingInfrastructure scoping failures Operational scalability challenges#AISecurity #CyberSecurity #Pentesting #AIAgents #RedTeam #EthicalHacking #CyberDefense---------------------------------------------------------------------------------------------- (00:00) - Video Intro and Sponsor (01:20) - Al Pentesting Benchmark Overview (02:11) - How AutoPenBench Works (03:44) - Real World Results and Experience (05:16) - Real World Results and Experience (06:48) - Human and Al Collaboration (07:38) - Improving Al Agent Workflows (08:56) - Model Limitations and Updates (10:35) - Jailbreaks and Model Guardrails (13:16) - Provider Controls and Trust Factors (14:41) - Lower Barrier for Cyber Attacks (15:39) - Defensive Security Implications (16:59) - Why Red Teams Need Al Now Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Derek Banks - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, the team breaks down a growing problem in cybersecurity: AI-generated bug bounty “slop” overwhelming the system. What started as a powerful way to crowdsource vulnerability discovery is now hitting a breaking point. Programs like cURL’s bug bounty and platforms like HackerOne are seeing a massive surge in submissions — but fewer and fewer of them are actually valid. The result? Security teams spending hours reviewing reports that go nowhere, while real vulnerabilities risk getting buried in the noise. We dig into:• Why cURL shut down its bug bounty program after years of success• How valid reports dropped from 1-in-6 to 1-in-20• What “death by a thousand slops” actually looks like in practice• How AI is flooding programs with low-quality vulnerability reports• The difference between “theoretical” vs. exploitable vulnerabilities• Why reviewing findings is now harder than generating them• How HackerOne is responding to the surge in submissions• Whether AI can be used to filter AI-generated noise• The role of reproducibility and proof-of-impact in triage• Why human expertise still matters in vulnerability validation This episode explores a critical shift in security operations: when vulnerability discovery becomes cheap and automated, validation and triage become the real bottleneck. ⸻ 📚 Key Concepts & Topics Bug Bounty Programs & Triage• Submission quality vs. volume imbalance• Signal-to-noise challenges in vulnerability pipelines• The growing burden of manual validation AI in Vulnerability Discovery• Automated scanning vs. real exploitability• AI-generated findings and false positives• The “editor’s dilemma” — review vs. generation AI Security Risks• Lower barrier to entry for vulnerability discovery• Over-reliance on AI without domain expertise• Flooding systems with low-quality submissions Defensive Strategy• Requiring reproducible steps and proof-of-impact• Using AI to pre-filter vulnerability reports• Combining human expertise with AI tooling Industry Impact• cURL bug bounty shutdown• HackerOne submission pause• Shifting economics of vulnerability research #AISecurity #BugBounty #CyberSecurity #LLMSecurity #ArtificialIntelligence #InfoSec #BHIS #AIAgents #AppSec---------------------------------------------------------------------------------------------- (00:00) - Intro: Bug Bounty Burnout & AI Noise (01:14) - cURL Kills Its Bug Bounty Program (02:05) - “Death by a Thousand Slops” Explained (03:42) - AI vs Vulnerability Scanners: Signal vs Noise (04:38) - HackerOne Pauses Submissions & Industry Impact (05:41) - Can AI Filter AI? Proposed Solutions (07:49) - Why Humans Still Matter in Validation (12:55) - Final Takeaway: AI as a Tool, Not a Replacement Click here to watch this episode on YouTube. Creators & Guests Ethan Robish - Guest Bronwen Aker - Host Brian Fehrman - Host Derek Banks - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, the team breaks down the Vercel breach — a real-world incident that shows just how fragile modern security has become in the age of AI integrations and SaaS sprawl. What started as a simple Roblox cheat script downloaded on a work laptop quickly escalated into a multi-hop compromise involving OAuth permissions, an AI productivity tool, and access into Vercel’s internal systems. This wasn’t a zero-day or advanced nation-state exploit. It was a chain of everyday decisions: installing software, clicking “Allow,” and trusting third-party integrations. The result? Allegedly $2M worth of data listed for sale, including API keys, internal data, and employee records — all from a breach path that most organizations aren’t even monitoring. We dig into:• What Vercel is and why it’s such a high-value target• How environment variables become the “keys to the kingdom”• The full attack chain: Roblox malware → Context.ai → Vercel• What infostealers like Lumma actually do (and how cheap they are)• How OAuth permissions become persistent backdoors• Why AI productivity tools introduce hidden risk• The rise of “shadow AI” inside organizations• How supply chain attacks continue to scale across ecosystems• The role of AI in accelerating attacker speed and capability• Why this type of breach is becoming the new normal This episode highlights a critical shift in cybersecurity: you don’t have to get hacked directly anymore — attackers just need to compromise something you’ve already trusted. ⸻ 📚 Key Concepts & Topics Attack Chain & Initial Access• Lumma infostealer and malware-as-a-service• Credential theft: passwords, cookies, OAuth tokens• Low-cost, high-impact compromise paths OAuth & Identity Risk• “Allow All” permissions and persistent access• OAuth tokens as long-lived entry points• Lack of visibility into third-party integrations AI Security Risks• Shadow AI and unsanctioned tool adoption• Deep integrations with Google Workspace and SaaS• AI tools as new supply chain attack surfaces Supply Chain Attacks• Multi-hop compromise paths across vendors• Real-world parallels (Trivy, LiteLLM)• Interconnected ecosystems increasing blast radius Threat Landscape Evolution• AI accelerating attacker speed and scale• Lower barrier to entry for complex attacks• Criminal groups operating as decentralized “businesses” Defensive Strategy• Auditing OAuth integrations and permissions• Enforcing least privilege across SaaS tools• Segmenting sensitive data and reducing blast radius• Avoiding risky behavior on corporate devices ⏱️ Chapters(00:00) - Intro & Breach Overview (00:21) - Sponsors & Show Setup (01:29) - What Vercel Is & Why It Matters (02:31) - Initial Compromise: Roblox Script & Infostealer (05:03) - OAuth Permissions & Pivot into Vercel (08:04) - AI Tools, Over-Permissioning & Supply Chain Risk (09:53) - AI Acceleration of Attacks & Ecosystem Impact (13:34) - Threat Actors, Attribution & Key Takeaways Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Ethan Robish - Guest Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, the team breaks down Claude Mythos Preview — Anthropic’s unreleased frontier model that may represent a turning point in AI-powered cybersecurity. What started as a controlled research release under Project Glasswing has quickly become one of the most controversial developments in AI security. Mythos isn’t just better at finding vulnerabilities — it’s operating at a scale and depth that challenges long-held assumptions about how quickly software can be broken… and whether it can realistically be fixed. From leaked internal documents to real-world exploit generation, this episode explores what happens when vulnerability discovery becomes cheap, fast, and automated — while remediation remains slow, manual, and human-bound. The result? A growing asymmetry that could fundamentally reshape the security landscape. We dig into:• What Claude Mythos Preview is and why it was withheld from the public• The leaks that exposed its existence and capabilities• How Project Glasswing is positioning AI for defensive use• Real-world vulnerability discoveries made by the model• The “vulnpocalypse” problem: discovery vs. remediation imbalance• Emerging AI behaviors that raise containment concerns• How attackers are already leveraging AI for offensive operations• The access control dilemma: who gets to use models like this?• Why patching — not discovery — is now the primary bottleneck• What defenders must do to prepare for AI-accelerated exploitation This episode explores a critical shift in cybersecurity: when vulnerability discovery scales faster than human response, the entire defensive model starts to break down. ⸻ 📚 Key Concepts & Topics AI-Powered Vulnerability Discovery• Autonomous exploit generation and chaining• Benchmark performance vs. prior models• AI-assisted offensive security workflows AI Security Risks• Discovery vs. remediation asymmetry• AI-driven vulnerability scaling• Offensive use by nation-states and cybercriminals Model Behavior & Safety• Emergent autonomy and sandbox escape concerns• Evaluation awareness and deceptive behaviors• Limits of containment and alignment Defensive Strategy & Readiness• Patch velocity as the new bottleneck• AI-assisted vulnerability management• Open-source ecosystem risk exposure AI Governance & Industry Response• Restricted model releases and access control• Regulatory and financial sector concerns• The future of AI capability containment #AISecurity #CyberSecurity #ArtificialIntelligence #LLMSecurity #BHIS #AIThreats #InfoSec #AIAgents #CyberDefense (00:00) - Intro & Show Overview (01:00) - Sponsors, Hosts, and Episode Setup (01:53) - What Is Claude Mythos Preview? (03:04) - The Leak, Project Glasswing, and Restricted Access (07:53) - Capabilities: Exploits, Benchmarks, and Breakthroughs (09:16) - Real-World Vulnerabilities & “Vulnpocalypse” Concerns (14:47) - Access Control, Threat Actors, and Emerging Risks (21:38) - Defensive Strategy: Patching, AI Tools, and What Comes Next (23:08) - Defensive Strategy: Patching, AI Tools, and What Comes Next Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Bronwen Aker - Host Brian Fehrman - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, the team is joined by Alex Minster to demo his project: HOLOCRON OpenBrain with — a persistent, model-agnostic memory layer designed to solve one of the biggest frustrations in AI workflows. Instead of starting from scratch every time you open a new chat, Alex’s approach creates a centralized “brain” that multiple AI models can connect to, allowing context, notes, and intelligence to persist across sessions, tools, and even platforms. The result? A flexible system that captures thoughts, ingests threat intel, and generates structured outputs — all without locking you into a single AI provider. We dig into:• The “cold start” problem in AI and why it breaks real workflows• What the OpenBrain HOLOCRON is (and isn’t)• How centralized memory changes the way we interact with AI tools• The architecture: Supabase, OpenRouter, MCP, and multi-model access• Using Discord as a lightweight ingestion pipeline for persistent memory• Real-world CTI workflows: capturing intel and generating reports on demand• Managing, editing, and superseding memory over time• The tradeoffs between context richness and security exposure• Multi-model reliability differences (and why they matter)• Practical setup: what it takes to build your own system This episode highlights a shift in how AI is used operationally: moving from isolated chats to persistent, structured memory systems that can evolve alongside your work. ⸻ 📚 Key Concepts & Topics Persistent AI Memory• Solving the “cold start” problem• Centralized context across multiple models• Structured vs raw data ingestion AI Architecture & Tooling• Supabase as a backend memory store• OpenRouter for multi-model access• MCP protocol for integrations Cyber Threat Intelligence (CTI)• Capturing, tagging, and prioritizing intel• Generating automated reports and dashboards• Context-aware intelligence workflows Security & Privacy• Need-to-know data design• Avoiding overexposure via full integrations (email, docs, etc.)• Auditing and removing sensitive data Operational Workflows• Capturing ideas, notes, and research• Multi-project memory segmentation (“multiple brains”)• Using AI to accelerate—not replace—analysis 🔗 HOLOCRON GitHub Guide: https://github.com/belouve/open-brain-holocron🔗 Alex Minster: https://www.linkedin.com/in/alexminster/ #AISecurity #CyberSecurity #AIWorkflows #LLM #ThreatIntel #DevSecOps #BHIS #OpenSource #AIEngineering (00:00) - Intro & Guest Introduction (Alex Minster) (00:55) - What Is the OpenBrain HOLOCRON? (Cold Start Problem) (03:00) - How It Works: Centralized Memory & AI Integration (05:30) - Architecture & Free-Tier Stack (Supabase, OpenRouter, MCP) (07:54) - Demo: Capturing Thoughts via Discord (10:55) - CTI Use Case: Prioritizing & Querying Intelligence (15:03) - Managing Memory: Editing, Deleting & Superseding Data (19:04) - Running Protocols: Automated CTI Reports (Demo) (22:05) - Multi-Brain Concept & Segmentation (25:00) - Real-World Output: Reports, Dashboards & Briefings (31:31) - Multi-Model Differences (Claude vs ChatGPT) (35:55) - Improving the System with Feedback Loops (37:29) - How to Build Your Own OpenBrain (41:26) - Real-World Benefits & Workflow Improvements (45:44) - Security Considerations & Data Exposure Risks (47:20) - Where to Find the Project & Contribute (50:16) - Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Alex Minster "Belouve" - Guest Ethan Robish - Guest Brian Fehrman - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, the team breaks down the LiteLLM supply chain compromise–a real-world attack that shows how AI systems are being breached through the same old software supply chain weaknesses. What initially looked like a bad release quickly escalated into a full-scale compromise affecting a library downloaded millions of times per day. But LiteLLM wasn’t the starting point–it was just one link in a much larger attack chain involving compromised security tools, CI/CD pipelines, and stolen publishing credentials. The result? Malicious packages distributed at scale, harvesting secrets, enabling lateral movement, and establishing persistence across affected systems. We dig into:• What LiteLLM is and why it’s such a high-value target• How the attack chain started with compromised security tooling (Trivy, Checkmarx)• How unpinned dependencies enabled the compromise• The role of CI/CD pipelines in exposing sensitive credentials• What the malicious LiteLLM packages actually did (credential harvesting, persistence, lateral movement)• The scale of impact given LiteLLM’s widespread adoption• Why supply chain attacks are no longer theoretical–and no longer nation-state exclusive• How AI is lowering the barrier to entry for attackers• Why this wasn’t really an “AI vulnerability”–but an infrastructure failure• The growing risk of automated, agent-driven attack discovery This episode highlights a critical reality: the biggest risks in AI systems aren’t always in the models–they’re in the pipelines, dependencies, and infrastructure surrounding them. ⸻ 📚 Key Concepts & Topics Supply Chain Security• Dependency poisoning and malicious package distribution• CI/CD pipeline compromise• Version pinning and build integrity Credential & Secrets Exposure• API keys, SSH keys, and cloud credentials in pipelines• Risks of centralized AI gateways like LiteLLM Threat Actor Techniques• Tag rewriting and trusted reference hijacking• Multi-stage malware (harvest, lateral movement, persistence)• Use of lookalike domains for exfiltration AI & Security Reality Check• AI as an amplifier, not the root vulnerability• Traditional security failures in modern AI stacks• Automation lowering attacker barriers Defensive Strategies• Dependency pinning and isolation (Docker, VPS)• Atomic credential rotation• Treating CI/CD tools as critical infrastructure• Monitoring outbound traffic from build environments (00:00) - Intro & Incident Overview (01:26) - What Is LiteLLM & Why It Matters (03:53) - Supply Chain Scope & Why This Is Dangerous (07:31) - Why These Attacks Are Getting Easier (AI + Scale) (10:48) - Attack Chain Breakdown (Trivy → Checkmarx → LiteLLM) (11:50) - What the Malware Did & Impact at Scale (14:23) - Detection, Response & Who Was Safe Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Derek Banks - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, the team breaks down model ablation — a powerful interpretability technique that’s quickly becoming a serious concern in AI security. What started as a way to better understand how models work is now being used to remove safety mechanisms entirely. By identifying and disabling specific components inside a model, researchers — and attackers — can effectively strip out refusal behavior while leaving the rest of the model fully functional. The result? A fast, reliable way to “de-safety” AI systems without prompt engineering, fine-tuning, or significant compute. We dig into:• What model ablation is and how it works• The difference between ablation and pruning• How safety behaviors can be isolated inside model internals• Why refusal mechanisms are often localized (and fragile)• How ablation is being used as a jailbreak technique• Why this is more reliable than prompt-based attacks• Risks specific to open-weight models and public checkpoints• The growing “uncensored model” ecosystem• Why interpretability is a double-edged sword• Whether safety should be deeply embedded into model architecture• What this means for defenders and AI security strategy This episode explores a critical shift in AI risk: when safety controls can be surgically removed, they stop being security controls at all. ⸻ 📚 Key Concepts & Topics Model Internals & Interpretability• Neurons, attention heads, and residual stream analysis• Activation space and feature directions AI Security Risks• Prompt injection vs. structural attacks• Jailbreaking techniques and safety bypasses Model Access & Risk Surface• Open-weight vs. API-only models• Hugging Face and the uncensored model ecosystem AI Safety & Governance• Defense-in-depth for AI systems• Future standards for ablation resistance #AISecurity #ModelAblation #LLMSecurity #CyberSecurity #ArtificialIntelligence #AIResearch #BHIS #AIAgents #InfoSec (00:00) - Intro & Show Overview (01:27) - Removing AI Safety Mechanisms (02:05) - What Is Model Ablation? (Technical Breakdown) (04:01) - Open-Weight Models & Practical Limitations (05:43) - Risks, Use Cases, and Ethical Tradeoffs (07:32) - Security Implications & “You Can’t Ban Math” (10:43) - Future Impact: Open Models Catching Up (17:44) - Final Takeaway: Why “No” Isn’t Security Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Derek Banks - Host Brian Fehrman - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, the team explores embedding space attacks — a lesser-known but increasingly important threat in modern AI systems — and how attackers can manipulate the mathematical foundations of how models understand data. Unlike prompt injection, which targets instructions, embedding attacks operate at a deeper level by influencing how data is represented, retrieved, and interpreted inside vector spaces. By subtly altering embeddings or poisoning data sources, attackers can manipulate AI behavior without ever touching the model directly. Through a hands-on walkthrough of a custom notebook with rich visualizations, this episode breaks down how embeddings work, why they are critical to LLM-powered systems like RAG pipelines, and how attackers can exploit them in real-world scenarios. We dig into:- What embeddings are and how AI systems convert text into numerical representations- How vector spaces enable similarity search and retrieval in LLM applications- What embedding space attacks are and why they matter for AI security- How small perturbations in data can drastically change model behavior- The risks of poisoned data in RAG and vector databases- How attackers can influence search results and downstream AI outputs- Why these attacks are subtle, hard to detect, and often overlooked- The role of visualization in understanding embedding behavior- Real-world implications for AI-powered applications and workflows- Defensive considerations when building with embeddings and vector stores This episode focuses on the foundational layer of AI systems, showing how security risks extend beyond prompts and into the underlying data representations that power modern AI. ⸻ 📚 Key Concepts Covered AI Foundations- Embeddings and vector representations- Similarity search and vector space reasoning AI Security Risks- Embedding space manipulation- Data poisoning in vector databases- Retrieval manipulation in RAG systems Applications & Impact- LLM-powered search and assistants- AI pipelines using embeddings- Risks in production AI systems #AISecurity #Embeddings #CyberSecurity #LLMSecurity #AIThreats #BHIS #AIAgents #ArtificialIntelligence #InfoSec Join the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security. https://discord.gg/bhis (00:00) - Intro & Episode Overview (01:39) - What Are Embeddings? (AI Only Understands Numbers) (03:44) - The Embedding Process (Text → Vectors) (07:43) - Similarity, Classification & Vector Math (09:55) - Visualizing Embedding Space (2D Projection) (14:29) - Classifiers (15:39) - Playing Games with Information (18:06) - Attack Techniques: Synonyms & Context Manipulation (20:29) - Context Padding (27:10) - Collision Attacks, Defenses & Final Thoughts Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Derek Banks - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, the team breaks down indirect prompt injection — the #1 risk in the OWASP Top 10 for LLM Applications — and why it represents one of the most dangerous and misunderstood threats in modern AI systems. Unlike traditional attacks, indirect prompt injection doesn’t require malware, credentials, or even user interaction. Instead, attackers hide malicious instructions inside everyday content like emails, documents, or web pages — and wait for AI systems to unknowingly execute them. From real-world exploits like EchoLeak to in-the-wild attacks observed by Palo Alto Unit 42, this episode explores how attackers are already abusing AI-powered tools in production environments — and why current defenses are struggling to keep up. We dig into:• What indirect prompt injection is and how it differs from direct attacks• Why OWASP ranks prompt injection as the #1 LLM security risk• How attackers hide payloads inside emails, documents, and web content• The EchoLeak zero-click exploit against Microsoft 365 Copilot• Web-based prompt injection attacks observed in the wild (Unit 42)• Exploits targeting AI coding tools like Cursor IDE and GitHub Copilot• How RAG systems amplify the risk through poisoned knowledge bases• Why LLM architecture makes this problem fundamentally hard to solve• Research showing modern defenses still fail 50%+ of the time• Practical mitigation strategies: least privilege, human-in-the-loop, and observability This episode focuses on the real-world security implications of AI adoption, showing how attackers are already leveraging these techniques — and what defenders need to understand as AI becomes deeply embedded in business workflows. ⸻ 📚 Key References Prompt Injection & LLM Risk• OWASP Top 10 for LLM Applications 2025 — https://owasp.org Real-World Attacks• EchoLeak (CVE-2025-32711) — Aim Security / arXiv• Unit 42 — Web-Based Indirect Prompt Injection in the Wild (March 2026) — https://unit42.paloaltonetworks.com AI System Vulnerabilities• Cursor IDE (CVE-2025-59944)• GitHub Copilot (CVE-2025-53773)• Lakera — Zero-Click MCP Attack — https://lakera.ai Research on Defenses• Zhan et al. — Adaptive Attacks Break Defenses (NAACL 2025)• Anthropic System Card (Feb 2026)• Google Gemini Security Research (2025) Standards & Guidance• NIST AI Risk Management Framework — https://nist.gov• MITRE ATLAS — https://atlas.mitre.org• ISO/IEC 42001 AI Management Systems #AISecurity #PromptInjection #CyberSecurity #LLMSecurity #AIThreats #BHIS #AIAgents #ArtificialIntelligence #infosec (00:00) - Intro & BHIS / Antisyphon Overview (01:19) - OWASP Top 10 & Prompt Injection Context (01:41) - Indirect Prompt Injection Explained (Stored Attack Analogy) (02:54) - Real-World Attack Scenarios (Calendar & Hidden Payloads) (05:10) - EchoLeak & Zero-Click Copilot Exploit (06:10) - Weaponized Excel Prompt Injection PoC (06:50) - Email Injection & AI Summarization Abuse (09:07) - Why Detection & Prevention Are So Difficult (14:02) - Mitigations & Final Thoughts Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Brian Fehrman - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, Bronwen Aker and Dr. Brian Fehrman break down some of the top AI security concerns being discussed by researchers, security firms, and government agencies this year. As AI capabilities rapidly expand, so does the attack surface. From agentic AI systems being used by attackers, to deepfakes at industrial scale, to the persistent challenge of prompt injection, security teams are trying to understand what risks are real, what’s hype, and where defenders should focus first. We dig into:- Why agentic AI is emerging as a major security concern- How attackers could weaponize autonomous agents to scale operations- The risk of malicious agent skills and AI supply chain attacks- Why overly broad permissions make agent-based systems dangerous- AI-assisted phishing campaigns and social engineering at scale- The rise of deepfakes and corporate fraud driven by generative AI- Why humans still struggle to reliably detect deepfake media- The economics of deepfake fraud and real-world incidents- Prompt injection attacks and why they remain difficult to solve- Whether future models may autonomously discover and exploit jailbreaks This episode looks at the practical security implications of today’s AI ecosystem — where the biggest risks are coming from, how attackers may leverage AI systems, and what defenders should be thinking about as these technologies continue to evolve. 📚 Key References Agentic AI Threats- CrowdStrike 2026 Global Threat Report — https://www.crowdstrike.com- IBM X-Force 2026 Threat Intelligence Index — https://www.ibm.com/security/x-force- Cisco State of AI Security 2026 — https://www.cisco.com/site/us/en/products/security/state-of-ai-security.html#tabs-9da71fbd27-item-1288c79d71-tab Deepfakes & AI-Driven Fraud- WEF Global Cybersecurity Outlook 2026 — https://www.weforum.org/publications/global-cybersecurity-outlook-2026/- International AI Safety Report 2026 — https://www.internationalaisafetyreport.org AI Security & Infrastructure Risk- CISA Joint Guidance on AI in OT — https://www.cisa.gov/news-events/news/new-joint-guide-advances-secure-integration-artificial-intelligence-operational-technology Prompt Injection & LLM Exploitation- Schneier et al., “The Promptware Kill Chain” — https://www.lawfaremedia.org/article/the-promptware-kill-chain- Palo Alto Unit 42 — “Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild”https://unit42.paloaltonetworks.com/indirect-prompt-injection-ai-agents/ (00:00) - Intro & Episode Overview (02:18) - Agentic AI as a Security Threat (CrowdStrike 2026 Global Threat Report, IBM X-Force Index) (03:46) - Malicious Agent Skills & AI Supply Chain Attacks (Cisco State of AI Security) (04:58) - How Agent Skills Actually Work (07:47) - Permissions & Guardrails for AI Agents (CISA AI in OT Guidance) (09:57) - AI-Generated Phishing Campaigns (CrowdStrike / IBM Threat Reports) (13:58) - Deepfakes at Industrial Scale (WEF Global Cybersecurity Outlook) (15:38) - Corporate Fraud & Deepfake Incidents (International AI Safety Report) (17:21) - Why Humans Struggle to Detect Deepfakes (21:13) - Prompt Injection Attacks Explained (Schneier – Promptware Kill Chain) (24:35) - AI Models Jailbreaking Other Models (Palo Alto Unit 42 Research) (28:59) - Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Brian Fehrman - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

We discuss the meaning of AI life In episode 42 of "BHIS Presents: AI Security Ops." Derek Banks is joined by Bronwen Aker and Brian Fehrman to break down Anthropic’s latest agentic desktop experiment: Claude Cowork. Claude Cowork brings large language models directly onto the endpoint — giving Claude the ability to read, write, and organize files on your local machine. It’s designed to make powerful AI workflows accessible to non-technical users… but as with any tool that operates at the OS level, the security implications are significant. We explore what happens when AI moves closer to your data, your filesystem, and your browser — and what that means for defenders. We dig into:- What Claude Cowork is and how it differs from Claude Code- Agentic desktop tools vs. command-line workflows- Local file access and OS-level interaction risks- Skills, automation, and task iteration- Chrome plugins and expanded attack surface- Overly broad permissions and least-privilege concerns- SaaS disruption and shifting trust boundaries- Endpoint monitoring challenges- The speed of AI releases vs. security review cycles- Balancing innovation with responsible deployment This conversation looks at the real-world operational and defensive considerations of agentic AI tools running directly on user systems. If you’re evaluating AI productivity tools inside your organization — or defending environments where they’re already being adopted — this episode will help you think through the risks and tradeoffs. (00:00) - Intro & Episode Overview (02:08) - What Is Claude Cowork? (04:03) - Desktop Agents vs. Command Line Users (06:12) - Agentic Workflows & Task Automation (08:08) - Building Fast with Claude (Speed of Development) (09:29) - Browser Plugins & Expanding Capabilities (11:06) - Permission Models & “Just Give It Access to Everything” (12:40) - SaaS Disruption & Enterprise Impact (14:38) - Overly Broad File Access Risks (16:27) - Organizational Disruption & Workforce Impact (18:09) - Security Lag vs. Rapid AI Releases (19:46) - Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Bronwen Aker - Host Brian Fehrman - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

In this episode of BHIS Presents: AI Security Ops, we’re joined by Beau Bullock and Hayden Covington to unpack one of the most talked-about AI agent experiments in recent memory: OpenClaw and its companion platform, Moltbook. OpenClaw exploded onto the scene as an autonomous AI agent capable of operating Claude Code from the command line — executing tasks, monitoring output, and iterating with minimal human involvement. Shortly after, Moltbook emerged as a social platform designed specifically for AI agents to interact with one another. But as with most cutting-edge AI experiments, things moved fast… and broke fast. We dig into: What OpenClaw actually is and how it worksAI agents operating other AI systems (Claude Code in the loop)The concept of “skills” and extending agent capabilitiesThe one-click RCE vulnerability discovered shortly after releaseMoltbook as a social network for AI agentsAPI keys, agent-only access, and how humans bypassed itBeacons, autonomy, and what “control” really meansWhere the line is between automation and true autonomyShort-term workforce impacts vs. long-term AI riskThis conversation moves beyond hype into the practical and security implications of rapidly deployed autonomous agents. If you’re experimenting with AI agents — or defending against them — this episode will give you a grounded perspective on what’s possible today, what’s fragile, and what’s coming next. (00:00) - Intro & Guest Welcome (01:38) - AI Agents in the News (03:23) - From “Moltbot” to OpenClaw (04:13) - What Is OpenClaw? How It Works (05:13) - Claude Code + Agent-in-the-Middle Model (07:36) - Extending OpenClaw with Skills (08:42) - Release Timeline & Rapid Adoption (10:16) - One-Click RCE in OpenClaw (11:45) - Introducing Moltbook (AI Social Network) (14:03) - How Moltbook Actually Worked (17:55) - “I Am a Robot” & Agent Authentication (20:28) - Beaconing & Operational Behavior (26:44) - Automation vs. True Autonomy (27:26) - Control, Kill Switches & Agent Boundaries (30:59) - Workforce Impact & Near-Term Concerns (35:34) - AI Apocalypse? Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Beau Bullock - Guest Hayden Covington - Guest Derek Banks - Host Brian Fehrman - Host Bronwen Aker - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

AI in the SOC: Interview with Hayden Covington and Ethan Robish from the BHIS SOC | Episode 40 In this episode of BHIS Presents: AI Security Ops, we sit down with Hayden Covington and Ethan Robish from the BHIS Security Operations Center (SOC) to explore how AI is actually being used in modern defensive operations. From foundational machine learning techniques like statistical baselining and clustering to large language models assisting with alert triage and reporting, we dig into what works, what doesn’t, and what SOC teams should realistically expect from AI today. We break down: - How AI helps reduce alert fatigue and improve triage- Practical automation inside a real-world SOC- The difference between traditional ML approaches and LLM-powered workflows- Foundational techniques like K-means, anomaly detection, and behavioral baselining- Using LLMs for enrichment, investigation, and report drafting- Where AI struggles: hallucinations, inconsistency, and edge cases- Risks around over-trusting AI in security operations- How to responsibly integrate AI into analyst workflows This episode is grounded in real operational experience—not vendor demos. If you’re running a SOC, building AI tooling, or just trying to separate hype from reality, this conversation will help you think clearly about augmentation vs. automation in defensive security. (00:00) - Intro & Guest Introductions (04:44) - Alert Triage & SOC Pain Points (06:04) - Automation Inside the SOC (09:59) - “Boring AI”: Clustering, Baselining & Statistics (17:06) - AI-Assisted Reporting & Client Communication (18:34) - Limitations, Edge Cases & Model Risk (22:56) - Hallucinations & Inconsistent Outputs (25:04) - AI Demos vs. Real-World Security Work (28:35) - Final Thoughts & Closing Click here to watch this episode on YouTube. Creators & Guests Hayden Covington - Guest Ethan Robish - Guest Bronwen Aker - Host Derek Banks - Host Brian Fehrman - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com 

AI News | Episode 39 In this episode of AI Security Ops, we break down the latest developments in AI-driven threats, identity chaos caused by autonomous agents, NIST’s focus on securing AI in critical infrastructure, and new visibility tooling for AI exposure. We cover real-world abuse of LLMs for phishing, how AI agents are colliding with IAM governance, and what defenders should be watching right now. Chapters:00:00 – Introduction and SponsorsBlack Hills Information Security - https://www.blackhillsinfosec.com/Antisyphon Training - https://www.antisyphontraining.com/ 01:08 – LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto)Discussion begins as the hosts introduce the first story.How LLMs are generating polymorphic malicious JavaScript for phishing pages and evading traditional detection.👉 https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/ 08:49 – AI Agents vs IAM: “Who Approved This Agent?” (Hacker News)Conversation shifts to agent privilege management and governance failures.👉 https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html 10:07 – NIST Focus on Securing AI Agents in Critical InfrastructureDiscussion on federal guidance and why AI agents are being treated as critical infrastructure risk components.👉 https://www.linkedin.com/pulse/cybersecurity-institute-news-roundup-20-january-2026-entrust-alz7c 13:44 – Tenable One AI ExposureBreaking down Tenable’s push into enterprise AI usage visibility and exposure management.👉 https://www.tenable.com/blog/tenable-one-ai-exposure-secure-ai-usage-at-scale Join the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security. https://discord.gg/bhis Chapters (00:00) - Introduction and Sponsors (01:08) - LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto) (10:07) - NIST Focus on Securing AI Agents in Critical Infrastructure (13:44) - Tenable One AI Exposure Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Click here to watch this episode on YouTube. ----------------------------------------------------------------------------------------------About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com  Click here to view the episode transcript.

Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Joff Thyer - Host Derek Banks - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com  Click here to view the episode transcript.

In Episode 37 of AI Security Ops, the team breaks down the most important AI security frameworks and vulnerability databases used to track risks in machine learning and large language models. The discussion covers emerging AI vulnerability databases, the OWASP Top 10 for LLMs, CVE challenges, and frameworks like MITRE ATLAS, highlighting why standardizing AI threats is still difficult. This episode is a practical guide for security professionals looking to stay ahead of AI vulnerabilities, attack techniques, and defensive resources in a fast-moving landscape. Chapters (00:00) - Episode 37 – AI Frameworks & Databases (01:39) - A.I. vulnerability tracking is still young (02:44) - Should A.I. get its own vulnerability database? (07:33) - The benefit of multiple vulnerability databases (15:58) - The what is the definition of a vulnerability? (17:54) - Final Thoughts Brought to you by:Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com 

This week on AI Security Ops, the team breaks down how attackers are weaponizing AI and the tools around it: a critical n8n zero-day that can lead to unauthenticated remote code execution, prompt-injection “zombie agent” risks tied to ChatGPT memory, a zero-click-style indirect prompt injection scenario via email/URLs, and malicious Chrome extensions caught siphoning ChatGPT/DeepSeek chats at scale. They close with a reminder that the tactics are often “same old security problems,” just amplified by AI—so lock down orchestration, limit browser extensions, and keep sensitive data out of chat tools. Key stories discussed 1) n8n (“n-eight-n”) zero-day → unauthenticated RCE risk https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.htmlThe hosts discuss a critical flaw in the n8n workflow automation platform where a workflow-parsing HTTP endpoint can be abused (via a crafted JSON payload) to achieve remote code execution as the n8n service account. Because automation/orchestration platforms often have broad internal access, one compromise can cascade quickly across an organization’s automation layer. ai-news-stories-episode-36Practical takeaway: don’t expose orchestration platforms directly to the internet; restrict who/what can talk to them; treat these “glue” systems as high-impact targets and assess them like any other production system. ai-news-stories-episode-362) “Zombie agent” prompt injection via ChatGPT Memory https://www.darkreading.com/endpoint-security/chatgpt-memory-feature-prompt-injectionThe team talks about research describing an exploit that stores malicious instructions in long-term memory, then later triggers them with a benign prompt—leading to potential data leakage or unsafe tool actions if the model has integrations. The discussion frames this as “stored XSS vibes,” but harder to solve because the “feature” (following instructions/context) is also the root problem. ai-news-stories-episode-36User-side mitigation themes: consider disabling memory, keep chats cleaned up, and avoid putting sensitive data into chat tools—especially when agents/tools are involved. ai-news-stories-episode-363) “Zero-click” agentic abuse via crafted email/URL (indirect prompt injection) https://www.infosecurity-magazine.com/news/new-zeroclick-attack-chatgpt/Another story describes a crafted URL delivered via email that could trigger an agentic workflow (e.g., email summarization / agent actions) to export chat logs without explicit user interaction. The hosts largely interpret this as indirect prompt injection—a pattern they expect to keep seeing as assistants gain more connectivity. ai-news-stories-episode-36Key point: even if the exact implementation varies, auto-processing untrusted content (like email) is a persistent risk when the model can take actions or access history. ai-news-stories-episode-364) Malicious Chrome extensions stealing ChatGPT/DeepSeek chats (900k users) https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.htmlTwo Chrome extensions posing as AI productivity tools reportedly injected JavaScript into AI web UIs, scraped chat text from the DOM, and exfiltrated it—highlighting ongoing extension supply-chain risk and the reality that “approved store” doesn’t mean safe. ai-news-stories-episode-36Advice echoed: minimize extensions, separate browsers/profiles for sensitive activities, and treat “AI sidebar” tools with extra skepticism. ai-news-stories-episode-365) APT28 credential phishing updated with AI-written lures https://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.htmlThe closing story is a familiar APT pattern—phishing emails with malicious Office docs leading to PowerShell loaders and credential theft—except the lure text is AI-generated, making it more consistent/convincing (and harder for users to spot via grammar/tone). ai-news-stories-episode-36The conversation stresses that “don’t click links” guidance is oversimplified; verification and layered controls matter (e.g., disabling macros org-wide). ai-news-stories-episode-36Chapter Timestamps (00:00) - Intro & Sponsors (01:16) - 1) n8n zero-day → unauthenticated RCE (09:00) - 2) “Zombie agent” prompt injection via ChatGPT Memory (19:52) - 3) “Zero-click” style agent abuse via crafted email/URL (indirect prompt injection) (23:41) - 4) Malicious Chrome extensions stealing ChatGPT/DeepSeek chats (~900k users) (29:59) - 5) APT28 phishing refreshed with AI-written lures (34:15) - Closing thoughts: “AI genie is out of the bottle” + safety reminders Click here to watch a video of this episode. Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Derek Banks - Host Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com 

AI Security Ops | Episode 35 – 2026 PredictionsIn this episode, the BHIS panel looks into the crystal ball and shares bold predictions for AI in 2026—from energy constraints and drug development breakthroughs to agentic AI risks and cybersecurity threats. Chapters (00:00) - Intro & Sponsor Shoutouts (01:14) - Prediction: Grid Power Becomes the Bottleneck (10:27) - Prediction: FDA Qualifies AI Drug Development Tools (15:45) - Prediction: Nation-State Threat Actors Weaponize AI (17:33) - Prediction: Agentic AI Dominates App Development (23:07) - Closing Thoughts: Jobs, Risk & Opportunity 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

Join the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security. https://discord.gg/bhis AI Security Ops | Episode 34 – Why Did We Create This Podcast?In this episode, the BHIS team explains the purpose behind AI Security Ops, what you can expect from future episodes, and why this show matters for anyone at the intersection of AI and cybersecurity. Chapters (00:00) - Intro & Welcome (00:13) - Why We Started AI Security Ops (00:41) - Our Mission: Stay Informed & Ahead (00:56) - What We Cover: AI News & Insights (01:23) - Community Q&A & Real-World Scenarios (02:18) - Special Guests & Industry Leaders (02:41) - Demos, How-Tos & Practical Tips (03:07) - Who Should Listen & Why Subscribe (03:34) - Join the Conversation & Closing 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com

Community Q&A on AI Security | Episode 34 In this episode of BHIS Presents: AI Security Ops, our panel tackles real questions from the community about AI, hallucinations, privacy, and practical use cases. From limiting model hallucinations to understanding memory features and explaining AI to non-technical audiences, we dive into the nuances of large language models and their role in cybersecurity. We break down: Why LLMs sometimes “make stuff up” and how to reduce hallucinationsThe role of prompts, temperature, and RAG databases in accuracyPrompting best practices and reasoning modes for better resultsLegal liability: Can you sue ChatGPT for bad advice?Memory features, data retention, and privacy trade-offsSecurity paranoia: AI apps, trust, and enterprise vs free accountsPractical examples like customizing AI for writing styleHow to explain AI to your mom (or any non-technical audience)Why AI isn’t magic—just math and advanced auto-completeWhether you’re deploying AI tools or just curious about the hype, this episode will help you understand the realities of AI in security and how to use it responsibly. Chapters (00:00) - Welcome & Sponsor Shoutouts (00:50) - Episode Overview: Community Q&A (01:19) - Q1: Will ChatGPT Make Stuff Up? (07:50) - Q2: Can Lawyers Sue ChatGPT for False Cases? (11:15) - Q3: How Can AI Improve Without Ingesting Everything? (22:04) - Q4: How Do You Explain AI to Non-Technical People? (28:00) - Closing Remarks & Training Plug Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/ Active Countermeasureshttps://www.activecountermeasures.com Wild West Hackin Festhttps://wildwesthackinfest.com 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com ----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com AI News | Episode 33In this episode of BHIS Presents: AI Security Ops, the panel dives into the latest developments shaping the AI security landscape. From the first documented AI-orchestrated cyber-espionage campaign to polymorphic malware powered by Gemini, we explore how agentic AI, insecure infrastructure, and old-school mistakes are creating a fragile new attack surface. We break down: AI-driven cyber espionage: Anthropic disrupts a state-sponsored campaign using autonomous Black-hat LLMs: KawaiiGPT democratizes offensive capabilities for script kiddies.Critical RCEs in AI stacks: ShadowMQ vulnerabilities hit Meta, NVIDIA, Microsoft, and more.Amazon’s private AI bug bounty: Nova models under the microscope.Google Antigravity IDE popped in 24 hours: Persistent code execution flaw.PROMPTFLUX malware: Polymorphic VBScript leveraging Gemini for hourly rewrites.Whether you’re defending enterprise AI deployments or building secure agentic tools, this episode will help you understand the emerging risks and what you can do to stay ahead. ⏱️ Chapters (00:00) - Intro & Sponsor Shoutouts (01:27) - AI-Orchestrated Cyber Espionage (Anthropic) (08:10) - ShadowMQ: Critical RCE in AI Inference Engines (09:54) - KawaiiGPT: Free Black-Hat LLM (22:45) - Amazon Nova: Private AI Bug Bounty (26:38) - Google Antigravity IDE Hacked in 24 Hours (31:36) - PROMPTFLUX: Malware Using Gemini for Polymorphism 🔗 LinksAI-Orchestrated Cyber Espionage (Anthropic)ShadowMQ: Critical RCE in AI Inference EnginesKawaiiGPT: Free Black-Hat LLMAmazon Nova: Private AI Bug BountyGoogle Antigravity IDE Hacked in 24 HoursPROMPTFLUX: Malware Using Gemini for Polymorphism#AISecurity #Cybersecurity #BHIS #LLMSecurity #AIThreats #AgenticAI #BugBounty #malwareBrought to you by Black Hills Information Security  https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Model Evasion Attacks | Episode 32In this episode of BHIS Presents: AI Security Ops, the panel explores the stealthy world of model evasion attacks, where adversaries manipulate inputs to trick AI classifiers into misclassifying malicious activity as benign. From image classifiers to malware detection and even LLM-based systems, learn how attackers exploit decision boundaries and why this matters for cybersecurity. We break down:- What model evasion attacks are and how they differ from data poisoning- How attackers tweak features to bypass classifiers (images, phishing, malware)- Real-world tactics like model extraction and trial-and-error evasion- Why non-determinism in AI models makes evasion harder to predict- Advanced threats: model theft, ablation, and adversarial AI- Defensive strategies: adversarial training, API throttling, and realistic expectations- Future outlook: regulatory trends, transparency, and the ongoing arms race Whether you’re deploying EDR solutions or fine-tuning AI models, this episode will help you understand why evasion is an enduring challenge, and what you can do to defend against it. #AISecurity #ModelEvasion #Cybersecurity #BHIS #LLMSecurity #aithreats Brought to you by Black Hills Information Security  https://www.blackhillsinfosec.com ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (01:19) - What Are Model Evasion Attacks? (03:58) - Image Classifiers & Pixel Tweaks (07:01) - Malware Classification & Decision Boundaries (10:02) - Model Theft & Extraction Attacks (13:16) - Non-Determinism & Myth Busting (16:07) - AI in Offensive Capabilities (17:36) - Defensive Strategies & Adversarial Training (20:54) - Vendor Questions & Transparency (23:22) - Future Outlook & Regulatory Trends (25:54) - Panel Takeaways & Closing Thoughts

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Data Poisoning Attacks | Episode 31In this episode of BHIS Presents: AI Security Ops, the panel dives into the hidden danger of data poisoning – where attackers corrupt the data that trains your AI models, leading to unpredictable and often harmful behavior. From classifiers to LLMs, discover why poisoned data can undermine security, accuracy, and trust in AI systems. We break down: What data poisoning is and why it mattersHow attackers inject malicious samples or flip labels in training setsThe role of open-source repositories like Hugging Face in supply chain riskNew twists for LLMs: poisoning via reinforcement feedback and RAGReal-world concerns like bias in ChatGPT and malicious model uploadsDefensive strategies: governance, provenance, versioning, and security assessmentsWhether you’re building classifiers or fine-tuning LLMs, this episode will help you understand how poisoned data sneaks in, and what you can do to prevent it. Treat your AI like a “drunk intern”: verify everything. #aisecurity  #DataPoisoning #Cybersecurity #BHIS #llmsecurity  #aithreats Brought to you by Black Hills Information Security  https://www.blackhillsinfosec.com ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (01:19) - What Is Data Poisoning? (03:58) - Poisoning Classifier Models (08:10) - Risks in Open-Source Data Sets (12:30) - LLM-Specific Poisoning Vectors (17:04) - RAG and Context Injection (21:25) - Realistic Threats & Examples (25:48) - Defensive Strategies & Governance (28:27) - Panel Takeaways & Closing Thoughts

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com AI News Stories | Episode 30In this episode of BHIS Presents: AI Security Ops, we break down the top AI cybersecurity news and trends from November 2025. Our panel covers rising public awareness of AI, the security risks of local LLMs, emerging AI-driven threats, and what these developments mean for security teams. Whether you work in cybersecurity, AI security, or incident response, this episode helps you stay ahead of evolving AI-powered attacks and defenses. Topics Covered: Only 5% of Americans are unaware of AI?What Pew Research reveals about AI’s penetration into everyday life and workplace usage.AI’s Shift to the Intimacy Economy – Project Libertyhttps://email.projectliberty.io/ais-shift-to-the-intimacy-economy-1  Amazon to Cut Jobs and Invest in AI Infrastructure14,000 corporate roles eliminated—are layoffs really about efficiency or something else?Amazon to Cut Jobs & Invest in AI – DWhttps://www.dw.com/en/amazon-to-cut-14000-corporate-jobs-amid-ai-investment/a-74524365 Local Models Less Secure than Cloud Providers?Why quantization and lack of guardrails make local LLMs more vulnerable to prompt injection and insecure code.Local LLMs Security Paradox – Quesmahttps://quesma.com/blog/local-llms-security-paradox Whether you're a red teamer, SOC analyst, or just trying to stay ahead of AI threats, this episode delivers sharp insights and practical takeaways. Brought to you by Black Hills Information Security  https://www.blackhillsinfosec.com ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (01:07) - AI’s Shift to the Intimacy Economy (Pew Research) (19:40) - Amazon Layoffs & AI Investment (27:00) - Local LLM Security Paradox (36:32) - Wrap-Up & Key Takeaways

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com A Conversation with Dr. Colin Shea-Blymyer  | Episode 29 In this episode of BHIS Presents: AI Security Ops, the panel welcomes Dr. Colin Shea-Blymyer for a deep dive into the intersection of AI governance, cybersecurity, and red teaming. From the historical roots of neural networks to today’s regulatory patchwork, we explore how policy, security, and innovation collide in the age of AI. Expect candid insights on emerging risks, open models, and why defining your risk appetite matters more than ever. Topics Covered: AI governance vs. innovation: U.S. vs. EU regulatory approachesThe evolution of neural networks and lessons from AI historyAI red teaming: definitions, methodologies, and data-sharing challengesSafety vs. security: where they overlap and divergeEmerging risks: supply chain vulnerabilities, prompt injection, and poisoned dataOpen weights vs. closed models: implications for research and securityPractical takeaways for organizations navigating AI uncertaintyAbout the Panel:Joff Thyer, Dr. Brian Fehrman, Derek BanksGuest Panelist: Dr. Colin Shea-Blymyerhttps://cset.georgetown.edu/staff/colin-shea-blymyer/ #aisecurity  #aigovernance  #cyberrisk  #AIredteam #OpenModels #aipolicy  #BHIS #AIthreats #aiincybersecurity  #llmsecurity Brought to you by Black Hills Information Security  https://www.blackhillsinfosec.com ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Guest Welcome (02:14) - Colin’s Journey: From CS to AI Governance (06:33) - Lessons from AI History & Neural Network Origins (10:28) - AI Red Teaming: Definitions & Methodologies (15:11) - Safety vs. Security: Where They Intersect (22:47) - Regulatory Landscape: U.S. Patchwork vs. EU AI Act (33:42) - Open Models Debate: Risks & Research Benefits (38:19) - Emerging Threats & Supply Chain Risks (44:06) - Practical Takeaways & Closing Thoughts

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com AI News Stories | Episode 28 – Questions from the CommunityIn this episode of BHIS Presents: AI Security Ops, the panel tackles real questions from the community, diving deep into the practical, ethical, and technical challenges of AI in cybersecurity. From red teaming tools to prompt privacy, this Q&A session delivers candid insights and actionable advice for professionals navigating the AI-infused threat landscape. 🧠 Topics Covered: Open-source tools for LLM red teamingThreat modeling AI systems (STRIDE methodology)Hallucination rates in frontier vs. local modelsPrompt privacy: what’s stored, what’s sharedShould red teamers disclose AI usage?Human-in-the-loop: AI-generated deliverablesWhether you're a pentester, SOC analyst, or just curious about how AI is reshaping offensive security, this episode is packed with expert perspectives and practical takeaways.About the Panel:Brian Fehrman, Derek Banks, Joff Thyer Brought to you by Black Hills Information Security  https://www.blackhillsinfosec.com ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (01:14) - Recommended Tools for LLM Red Teaming (06:12) - Threat Modeling AI Systems (09:58) - Which Models Hallucinate Most? (17:13) - Prompt Privacy: What You Should Know (22:54) - Should Red Teamers Disclose AI Usage? (27:01) - Final Thoughts & Wrap-Up

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Azure AI Foundry Guardrails | Episode 27 In this episode of BHIS Presents: AI Security Ops, we explore how to configure content filters for AI models using the Azure AI Fooundry guardrails and controls interface. Whether you're building secure demos or deploying models in production, this walkthrough shows how to block unwanted content, enforce policy, and maintain compliance. Topics Covered:  Changing default filters for demo compliance Setting up a system prompt and understanding its role Adding regex terms to block specific content Creating and configuring a custom filter: “tech demo guardrails” Input-side filtering: inspecting user text before model access Safety vs. security categories in filtering Enabling prompt shields for indirect jailbreak detectionThis video is ideal for developers, security engineers, and anyone working with AI systems who needs to implement layered defenses and ensure responsible model behavior. Why This MattersBy implementing layered security—block lists, input and output filters—you protect sensitive data, comply with policy, and maintain a safe user experience. #AIsecurity #GuardrailsAndControls #ContentFiltering #PromptSecurity #RegexFiltering #BHIS #AIModelSafety #SystemPromptSecurity Brought to you by Black Hills Information Security  https://www.blackhillsinfosec.com ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Introduction & Overview (01:17) - Changing the Default Content Filter for Demo Compliance (02:00) - Setting Up a System Prompt and Its Purpose (04:26) - Adding a New Term (“dogs”) to the Content Filter (Regex Example) (05:04) - Creating and Configuring a Content Filter Named “Tech Demo Guardrails” (05:35) - How Input-Side Filters Inspect and Block Unwanted Content (06:01) - Overview of Safety Categories vs. Security Categories (07:15) - Enabling Prompt Shields for Indirect Jailbreak Detection (Not Used in Demo) (08:30) - Summary & Next Steps

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Questions from the Community | Episode 26In this community-driven episode of BHIS Presents: AI Security Ops, the panel answers real questions from viewers about AI security, privacy, and risk. Featuring Brian Fehrman, Bronwen Aker, Jack Verrier, and Joff Thyer, the team dives into everything from guardrails and hallucinations to GDPR, agentic AI, and how to stay safe in an AI-saturated world. 💬 Topics include: Are guardrails enough to protect sensitive prompts?What’s the difference between hallucination and confabulation?How does AI intersect with GDPR and the right to be forgotten?What does it mean to “stay safe” when using AI?How is securing AI different from traditional software?Whether you're a red teamer, SOC analyst, or just trying to navigate the AI landscape, this episode offers practical insights and thoughtful perspectives from seasoned security professionals. Panelists:🔹 Brian Fehrman🔹 Bronwen Aker🔹 Jack Verrier🔹 Joff Thyer#AIsecurity #Cybersecurity #PromptInjection #LLMs #BHIS #AIprivacy #AgenticAI #AIandGDPR Brought to you by Black Hills Information Security  https://www.blackhillsinfosec.com ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Panel Welcome (01:22) - Are Guardrails Enough to Protect System Prompts? (09:54) - Explaining Hallucination vs. Confabulation (20:09) - AI and GDPR: The Right to Be Forgotten? (23:49) - How Do We Stay Safe Using AI? (32:26) - Securing AI vs. Traditional Software (37:18) - Final Thoughts & Wrap-Up

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com AI News Stories | Episode 25In this episode of BHIS Presents: AI Security Ops, the panel dives into the biggest AI cybersecurity headlines from late September 2025. From government regulation to zero-click exploits, we unpack the risks, trends, and implications for security professionals navigating the AI-powered future. 🧠 Topics Covered: Government oversight of advanced AI systemsAccenture’s massive layoffs amid AI pivotShadowLeak: zero-click vulnerability in ChatGPT agentsMalicious MCP server stealing emailsAI in the SOC: benefits and risksAttackers using AI to scale ransomware and social engineeringWhether you're a red teamer, SOC analyst, or just trying to stay ahead of AI threats, this episode delivers sharp insights and practical takeaways. Brought to you by Black Hills Information Security  https://www.blackhillsinfosec.com ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (00:45) - Senators Introduce AI Risk Evaluation Act (09:48) - Accenture Layoffs & AI Restructuring (16:17) - ShadowLeak: Zero-Click Vulnerability in ChatGPT (20:07) - Malicious MCP Server & Supply Chain Risks (26:27) - AI in the SOC: Alert Triage & Analyst Burnout (30:10) - Final Thoughts: AI’s Role in Security Operations

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Model Extraction Attacks | Episode 24In this solo episode of BHIS Presents: AI Security Ops, Brian Fehrman explores the stealthy world of Model Extraction Attacks—where hackers clone your AI model without ever touching your code. Learn how adversaries can reverse-engineer your multimillion-dollar model simply by querying its API, and why this threat is more than just academic. We break down:- What model extraction is and how it works- Real-world examples like DeepSeek’s alleged distillation of OpenAI models- The risks to intellectual property, security, and sensitive data- Defensive strategies including API throttling, output limiting, watermarking, and honeypots- Legal and ethical questions around benchmarking vs. theft Whether you're deploying LLMs or classification models, this episode will help you understand how attackers replicate model behavior—and what you can do to stop them.If your AI is accessible, someone’s probably trying to copy it. #AIsecurity #ModelExtractionAttacks #Cybersecurity #BHIS #LLMsecurity #AIthreats ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (01:19) - What Is a Model Extraction Attack? (02:45) - Why Training a Model Is So Expensive (05:42) - How Model Extraction Works (07:11) - Why It Matters: IP, Security & Data Risks (10:25) - What Makes Extraction Easier or Harder (12:54) - Defenses: Monitoring, Watermarking & Privacy (16:04) - What to Do If You Suspect an Attack (16:29) - Legal & Ethical Questions Around Model Theft (19:30) - Final Thoughts & Takeaways

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com In this episode of AI Security Ops, Brian Fehrman and Joff Thyer dive into the latest AI news of the month, exploring how rapidly evolving technologies are reshaping cybersecurity.Topics covered include: - How AI is changing cybersecurity monitoring - Expanding from email to Slack, Teams, and other chat platforms - Addressing insider threats and phishing campaigns in new channels - The rapid pace of AI innovation and industry trends - Why organizations should prioritize AI security assessments - Real-world risks and opportunities in the AI landscape Stay ahead in the AI race with Black Hills Information Security as we cover real-world risks, opportunities, and the latest developments in the AI landscape. ///News Stories This Episode: 1. AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concernshttps://thehackernews.com/2025/09/ai-powered-villager-pen-testing-tool.html 2. CrowdStrike and Meta Just Made Evaluating AI Security Tools Easierhttps://www.zdnet.com/article/crowdstrike-and-meta-just-made-evaluating-ai-security-tools-easier/ 3. Check Point Acquires Lakera to Deliver End-to-End AI Security for Enterpriseshttps://www.checkpoint.com/press-releases/check-point-acquires-lakera-to-deliver-end-to-end-ai-security-for-enterprises/ 4. Proofpoint Offers AI Agents to Monitor Human-Based Communicationshttps://www.msspalert.com/news/proofpoint-offers-ai-agents-to-monitor-human-based-communications 5. EvilAI Malware Campaign Exploits AI-Generated Code to Breach Global Critical Sectorshttps://industrialcyber.co/ransomware/evilai-malware-campaign-exploits-ai-generated-code-to-breach-global-critical-sectors/ ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Insider Threat 2.0 -  Prompt Leaks & Shadow AI | Episode 22 In this episode of BHIS Presents AI Security Ops, we dive into Insider Threat 2.0: Prompt Leaks & Shadow AI. The panel explores the hidden risks of employees pasting sensitive data into public AI tools, the rise of unauthorized “Shadow AI” in organizations, and how policies—or lack thereof—can expose critical information. Learn why free AI services often make you the product, how prompt history creates data leakage risks, and why companies must establish clear AI usage guidelines. We also cover practical defenses, from enterprise AI accounts to cultural awareness training, and draw parallels to past IT challenges like Shadow IT and rogue wireless.If you’re concerned about AI security, data leakage, or safe adoption of large language models, this discussion will help you navigate the risks and protect your organization. #AIsecurity #PromptInjection #ShadowAI #Cybersecurity #BHIS ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Episode 21 - Deepfakes And Fraudulent Interviews In Remote Hiring In this episode of AI Security Ops by Black Hills Information Security, the crew explores the alarming rise of deepfakes and fraudulent interviews in remote hiring. As virtual work expands, cybercriminals are using AI-driven impersonation tactics to pose as job candidates, deceive recruiters, and gain unauthorized access to organizations. Joff, Bronwen Aker, Brian Fehrman, and Derek Banks break down real-world cases, explain the challenges of spotting deepfake job scams, and share actionable strategies to secure hiring processes. Discover the red flags to watch for in virtual interviews, how attackers exploit trust, and why companies must adapt their security awareness in the age of AI. ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Episode 20 - The Hallucination Problem In this episode of AI Security Ops, Joff Thyer and Brian Fehrman from Black Hills Information Security dive into the hallucination problem in AI large language models and generative AI.  They explain what hallucinations are, why they happen, and the risks they create in real-world AI deployments. The discussion covers security implications, practical examples, and strategies organizations can use to mitigate these issues through stronger design, monitoring, and testing.  A must-watch for cybersecurity professionals, AI researchers, and anyone curious about the limitations and challenges of modern AI systems. ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com AI News of the Month | Episode 19 In Episode 19,Brianand Derek cover a zero-click indirect prompt injection attack against ChatGPT connectors and seemingly innocent Google Calendar events that hijack smart homes via Gemini, with possible consequences for the power grid. They'll discuss the impact of Microsoft patching a critical Azure OpenAI SSRF vulnerability and go over new NIST AI security standards, IBM’s study on shadow AI and breach costs, OpenAI’s response to chat indexing leaks, and a malicious VS Code extension that stole $500K in cryptocurrency.  #AI #CyberSecurity #PromptInjection #Malware #InfoSec #AIThreats #Hacking #GenerativeAI #Deepfakes #LLM #ShadowAI “Poisoned doc” exfiltrates data via ChatGPT Connectors (AgentFlayer) — Aug 6, 2025Primary: https://www.wired.com/story/poisoned-document-could-leak-secret-data-chatgpt/Tech write-up: https://labs.zenity.io/p/agentflayer-chatgpt-connectors-0click-attack-5b41 Poisoned Google Calendar invite hijacks Gemini to control a smart home — Aug 6–10, 2025Primary: https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home/Bug/patch coverage: https://www.bleepingcomputer.com/news/security/google-calendar-invites-let-researchers-hijack-gemini-to-leak-user-data/ Microsoft August Patch Tuesday adds AI-surface fixes; critical Azure OpenAI vuln (CVE-2025-53767) — Aug 12–13, 2025Release coverage: https://www.techradar.com/pro/security/microsofts-latest-major-patch-fixes-a-serious-zero-day-flaw-and-a-host-of-other-issues-so-update-nowCVE entry: https://nvd.nist.gov/vuln/detail/CVE-2025-53767 (NVD)Overview: https://www.tenable.com/blog/microsofts-august-2025-patch-tuesday-addresses-107-cves-cve-2025-53779 (Tenable®) NIST proposes SP 800-53 “Control Overlays for Securing AI Systems” — Aug 14, 2025Announcement: https://www.nist.gov/news-events/news/2025/08/nist-releases-control-overlays-securing-ai-systems-concept-paperConcept paper (PDF): https://csrc.nist.gov/csrc/media/Projects/cosais/documents/NIST-Overlays-SecuringAI-concept-paper.pdf IBM 2025 “Cost of a Data Breach”: AI is both breach vector and defender — Jul 30, 2025Press release: https://newsroom.ibm.com/2025-07-30-ibm-report-13-of-organizations-reported-breaches-of-ai-models-or-applications%2C-97-of-which-reported-lacking-proper-ai-access-controlsReport: https://www.ibm.com/reports/data-breachAnalysis: https://venturebeat.com/security/ibm-shadow-ai-breaches-cost-670k-more-97-of-firms-lack-controls/ (VentureBeat) OpenAI considers encrypting Temporary Chats; privacy clean-ups after search-indexing scare — Aug 18, 2025Interview: https://www.axios.com/2025/08/18/altman-openai-chatgpt-encrypted-chatsContext: https://arstechnica.com/tech-policy/2025/08/chatgpt-users-shocked-to-learn-their-chats-were-in-google-search-results/Help center (retention): https://help.openai.com/en/articles/8914046-temporary-chat-faq Fake VS Code extension for Cursor leads to $500K crypto theft — July 11, 2025Primary: https://www.scworld.com/news/fake-visual-studio-code-extension-for-cursor-led-to-500k-theft SC MediaResearch write-up: https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/SecurelistCoverage: https://www.bleepingcomputer.com/news/security/malicious-vscode-extension-in-cursor-ide-led-to-500k-crypto-theft/----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro (00:31) - “Poisoned doc” exfiltrates data via ChatGPT Connectors (AgentFlayer) (01:15) - A zero-click prompt injection (02:12) - url_safe bypassed using URLs from Microsoft’s Azure Blob cloud storage (07:08) - Poisoned Google Calendar invite hijacks Gemini to control a smart home (08:35) - The intersection of AI and IOT (09:53) - Be careful what you hook AI up to (10:23) - Derek warns of threat to power grid (11:54) - Mitigations - restrict permissions, sanitize calendar content (13:56) - Patch Tuesday - AI-surface fixes; critical Azure OpenAI vuln (15:49) - NIST proposes SP 800-53 “Control Overlays for Securing AI Systems” (18:43) - IBM “Cost of a Data Breach”: AI is both breach vector and defender (19:16) - Shadow AI (21:49) - “The AI adoption curve is outpacing controls” (23:02) - OpenAI considers encrypting Temporary Chats (26:39) - Data storage and logging LLM interactions (29:59) - Fake VS Code extension for Cursor leads to $500K crypto theft (30:37) - Danger of using pip install as root on a server

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Malware in the Age of AI | Episode 18 In Episode 18, hosts Joff Thyer, Derek Banks and Brian Fehrman discuss the rise of AI-powered malware. From polymorphic keyloggers like Black Mamba to the use of ChatGPT, WormGPT, and fine-tuned LLMs for cyberattacks, the team will explain how generative AI is reshaping the security landscape. They'll break down the real risks vs. hype, including prompt injection, jailbreaking, deepfakes, and AI-driven fraud, while also sharing strategies defenders can use to fight back. The discussion highlights both the ethical implications and the critical need for defense-in-depth as threat actors use AI to accelerate their attacks. #AI #Cybersecurity #Malware #AIThreats #Deepfakes #LLM #InfoSec #AIinSecurity #GenerativeAI #Hacking ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro (01:15) - Black Mamba polymorphic AI keylogger (02:47) - Can Chat GPT5 generate malware for us? (03:42) - Guardrail circumvention technique #1 (04:16) - Guardrail circumvention technique #2 (05:30) - Guardrail circumvention technique #3 (05:59) - Guardrail circumvention technique #4 (06:30) - Using an Abliterated Model (08:32) - AI models have democratized software creation (11:20) - Polymorphic keyloggers are not new (12:03) - AI makes it faster to iterate polymorphic malware (12:33) - AI is able to analyze source code and find more vulnerabilities (15:16) - How scared should we be? (hype vs reality) (16:10) - Knowing enough to ask the right questions is important (17:41) - Significant risks of AI fraud and social engineering (19:32) - Business email compromise (21:10) - How defenders can use AI (24:28) - Audio deepfakes have become easier to create (25:06) - Ethical concerns for pentesters using AI (29:26) - In one sentence, how will AI change malware production in the near future?

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Community Q&A | Episode 17 In episode 17 of the AI Security Ops Podcast, hosts Joff Thyer, Derek Banks, Brian Fehrman and Bronwen Aker answer viewer-submitted questions about system prompts, prompt injection risks, AI hallucinations, deep fakes, and when (and when not) to use AI in cybersecurity.  They'll discuss the difference between system and user prompts, how temperature settings impact LLM outputs, and the biggest mistakes companies make when deploying AI models.  They'll also explain how to reduce hallucinations, and approach AI responsibly in security workflows. Derek explains his method for detecting audio deep fakes. ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro (01:10) - What is a system prompt? How is it different from a user prompt? (03:35) - What are some common system prompt mistakes? (06:54) - Does repeating a prompt give different responses? (non-deterministic) (07:56) - The temperature knob effect (12:18) - When should I use AI? When should I not? (16:47) - What are best practices to reduce hallucinations? (20:29) - End-user temperature knob work-around (22:55) - AI bots that rewrite their code to avoid shutdown commands (26:53) - NCSL.org - Updates on legislation affecting AI (29:44) - How do we detect AI deep fakes? (30:00) - Derek’s DeepFake demo video (30:38) - DISCLAIMER - Do Not use AI deep fakes to break the law! (31:29) - F5-tts.org - Deep fake website (35:02) - Derek pranks his family using AI

A Conversation with Daniel Miessler In Episode 16, Joff and the team welcome human-centric AI innovator Daniel Miessler, creator of Fabric, an AI framework for solving real-world problems from a human perspective. The conversation covers AI’s role in cybersecurity, the importance of clarity in “intent engineering” over prompt tricks, and the risks and opportunities of deploying large language models. They explore the shift from “vibe coding” to “spec coding,” the rise of AI scaffolding over raw model improvements, and what AI advancements including GPT-5 mean for the future of knowledge work. "Introducing Fabric — A Human AI Augmentation Framework"https://www.youtube.com/watch?v=wPEyyigh10g Daniel's GitHub repository:https://github.com/danielmiessler/Fabric #AI #CyberSecurity #AgenticAI #SecurityOps #PromptEngineering

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com In this episode, we'll discuss Palo Alto Networks’ acquisition of Protect AI, the rise of “Shadow AI” in enterprises, alarming AI-driven data leaks, and vibe coding gone wrong. We'll dive into critical issues like AI hallucinations and the growing need for "human in the loop" oversight. We'll wrap up with a discussion of Proton’s Lumo AI chatbot, disappearing medical disclaimers in AI chatbots and data poisoning in Amazon's AI coding agent. #AI #Cybersecurity #LLM #AInews #AISecurityOps #BlackHillsInfosec #LLMGuard #ShadowAI #DataLeak #AgenticAI #PrivacyTech #VibeCoding #ProtectAI 00:00 - Welcome, Intro 00:58 - Palo Alto Networks Completes Acquisition of Protect AI https://www.paloaltonetworks.com/company/press/2025/palo-alto-networks-completes-acquisition-of-protect-ai 04:53 - Metomic Finds AI Data Leaks Impact 68% of Organizations, But Only 23% Have Proper AI Data Security Policies  https://www.metomic.io/resource-centre/metomic-finds-ai-data-leaks-impact-68-of-organizations-but-only-23-have-proper-ai-data-security-policies 09:46 - S&P 500’s AI adoption may invite data breaches, new research shows https://cybernews.com/security/sp-500-companies-ai-security-risks-report/ 12:53 - Vibe Coding Fiasco: AI Agent Goes Rogue, Deletes Company's Entire Database https://www.pcmag.com/news/vibe-coding-fiasco-replite-ai-agent-goes-rogue-deletes-company-database 18:47 - A major AI training data set contains millions of examples of personal data https://www.technologyreview.com/2025/07/18/1120466/a-major-ai-training-data-set-contains-millions-of-examples-of-personal-data/ 23:34 - Introducing Lumo, the AI where every conversation is confidential https://proton.me/blog/lumo-ai 28:56 - AI companies have stopped warning you that their chatbots aren’t doctors https://www.technologyreview.com/2025/07/21/1120522/ai-companies-have-stopped-warning-you-that-their-chatbots-arent-doctors/ 36:53 - Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent https://www.404media.co/hacker-plants-computer-wiping-commands-in-amazons-ai-coding-agent/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com In Episode 14 of the AI Security Ops Podcast, hosts Joff Thyer, Derek Banks, and Brian Fehrman answer questions submitted by viewers.  The team will cover how effective prompt engineering can transform LLMs into workflow accelerators, and debate AI tool strengths— when to use Claude, ChatGPT, or Notebook LM. They'll discuss the importance of human oversight when integrating AI into operations, highlighting the "human-in-the-loop" concept and include ways to explain AI to non-technical audiences. #AI #promptengineering #CyberSecurity #Automation #SecurityOps #claudeai #chatgpt  00:00 - Welcome, Intro 02:00 - Q - How do you use AI? 02:55 - The importance of effective prompt engineering 10:24 - Upcoming workshop - AI Workflow Optimization for Red Teaming 12:10 - Q - Which AI for which task? Where should I invest my time? 14:12 - Claude for coding in Python & Golang, but not great at Java 16:35 - Derek - Initial prompt improvement in Chat GPT, then go to Claude 17:37 - NotebookLM for students (https://notebooklm.google/) 20:01 - Invest your time in prompt engineering - applicable to any model 22:38 - Double check code, understand what it means, do not blindly trust AI output 25:17 - Q - How to discuss AI with a non-technical audience 28:08 - Talk to LLMs like a child 28:54 - AI is not sentient, it's just drawing relevant correlations 31:48 - Ask them clarifying questions - what are they trying to ask? What's the context? 33:37 - Q - How can you do "Human in the Loop?" 35:24 - Don't give your agentic AI too much power - treat it like a junior assistant

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com  Augmenting Red Teaming with AI | Episode 13 In Episode 13 of the AI Security Ops Podcast, hosts Joff Thyer, Derek Banks, and Brian Fehrman dive into the exciting world of **Agentic AI in Red Teaming**.  Discover how augmenting red teams with AI-driven tools helps automate penetration testing, tackle low-hanging fruit vulnerabilities, and provide comprehensive security coverage. The team discusses the importance of prompt engineering, maintaining human oversight, and navigating potential risks, including unintended actions by autonomous AI agents.  Tune in to explore how AI is reshaping cybersecurity and learn practical strategies to effectively integrate Agentic AI into your security assessments. #AI #CyberSecurity #RedTeaming #AgenticAI #Automation #SecurityOps

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Regulating the Machine: Global AI Laws and the Impact of GDPR | Episode 12 In Episode 12 the hosts discuss the complexities of regulating artificial intelligence (AI) technology across the globe.  Highlighting the rapid advancement of AI and its challenges for lawmakers, the episode explores how the GDPR framework in the European Union provides clear guidelines addressing AI-related issues like data privacy, consent, and accountability. The discussion also contrasts the European regulatory-first approach with the U.S.'s innovation-driven stance, considering implications for privacy, intellectual property, and technology advancement. Additionally, the podcast addresses the fragmented nature of AI regulations within U.S. states, emphasizing the need for effective information security practices, audit mechanisms, and risk management frameworks.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com  In this episode of AI Security Ops, we explore major AI news, including the Scale AI data leak impacting giants like Google and Meta, a novel jailbreak attack technique dubbed the Echo Chamber, and Anthropic's Claude-Gov, tailored for U.S. national security. We discuss ethical AI management solutions, the innovative use of AI to detect shoplifting via behavioral gestures, IBM's WatsonX platform, and critical insights into AI red teaming and SQL injection vulnerabilities affecting AI applications.  Join us as we uncover how traditional security practices remain crucial in today's AI-driven landscape. News Links Referenced: Scale AI exposed sensitive data about clients like Meta and xAI in public Google Docs, BI finds https://www.businessinsider.com/scale-ai-public-google-docs-security-2025-6 AI Security Turning Point: Echo Chamber Jailbreak Exposes Dangerous Blind Spot https://www.techrepublic.com/article/news-echo-chamber-jailbreak-manipulates-llms/ Anthropic's "Claude Gov" for National Security https://techcrunch.com/2025/06/05/anthropic-unveils-custom-ai-models-for-u-s-national-security-customers/ Veesion - AI That Catches Shoplifters by Their Gestures https://www.businessinsider.com/veesion-ai-tech-startup-shoplifting-prevention-alerts-security-suspicious-gestures-2025-6 IBM's New Platform for Managing "Agentic AI" https://thejournal.com/articles/2025/06/24/ibm-launches-agentic-ai-governance-and-security-platform.aspx How a Classic Bug Can Poison Modern AI Agents https://www.trendmicro.com/en_us/research/25/f/why-a-classic-mcp-server-vulnerability-can-undermine-your-entire-ai-agent.html The "False Sense of Security" in AI Red Teaming https://www.forbes.com/councils/forbestechcouncil/2025/06/16/the-false-sense-of-security-in-ai-red-teaming/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Explore the rising security risks and challenges associated with agentic AI in Episode 10 of AI Security Ops.  Join Cybersecurity experts Joff Thyer, Bronwen Aker, Derek Banks, and Brian Ferhman as they unpack the complexities of AI gaining autonomy and agency. This episode covers key topics such as defining agentic AI, real-world vulnerabilities like prompt injection, potential implications for cybersecurity, and effective mitigation strategies like implementing guardrails and maintaining granular logging.  Valuable information for cybersecurity professionals, AI developers, and anyone interested in the future of artificial intelligence security. #AgenticAI #AISecurity #Cybersecurity #LLMs #PromptInjection #RedTeaming #AIrisks---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com Episode 9 of AI Security Ops! AI Model Usage and Comparisons In this exciting episode, we explore practical uses and comparisons of popular AI models including OpenAI, Claude, Gemini, and Copilot.  Join our expert panelists as they discuss personal workflows, share experiences with AI-driven coding and text processing, and examine strengths and weaknesses of these powerful technologies. Discover insights into the exponential growth of AI capabilities, the emerging specialization of models, and practical advice for effectively integrating AI tools into your cybersecurity practices.  Tune in to stay ahead in the rapidly evolving landscape of AI and cybersecurity. #AISecurityOps #AIModels #Cybersecurity #OpenAI #ClaudeAI #GeminiAI #Copilot #AITools #ArtificialIntelligence #TechTrends #AIInsights #CyberSec ---------------------------------------------------------------------------------------------- Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/ Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/ Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com  AEO vs SEO | Episode 8 Explore how Artificial Intelligence (AI) is revolutionizing online search in this insightful episode of the AI Security Ops Podcast.  Learn about Search Engine Optimization (SEO) versus Answer Engine Optimization (AEO), and understand the shift from link-based results to rich, AI-driven answers. Discover the security challenges and ethical implications surrounding the use of AI in search engines, including risks like misinformation, deepfakes, and data privacy concerns. Gain practical insights on how critical thinking and verification are becoming essential skills in navigating this new era of AI-enhanced search. #SEO #AEO #ArtificialIntelligence #Cybersecurity #AI #InformationSecurity #SearchEngines #AIOptimization #OnlineSecurity #DigitalPrivacy

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com R.A.G. (Retrieval Augmented Generation) is a powerful technique for enhancing Large Language Model (LLM) outputs with real-time, external data. RAG bridges the gap between static model knowledge and dynamic, context-aware responses. Join hosts Brian Fehrman, Derek Banks, Bronwen Aker, and Ben Bowman as they break down how RAG improves the reliability and relevance of generative AI systems. You’ll learn why context retrieval matters, what problems RAG solves, and where it fits into modern AI security practices.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –  https://poweredbybhis.com  Episode 6: LLM Guardrails We dive deep into the evolving world of LLM guardrails.  We explore why guardrails are essential for securing large language models, the challenges of implementing them effectively, and how current approaches often resemble the patchwork fixes of early InfoSec days. From input/output filtering and prompt injection defenses to the emerging trend of LLMs guarding other LLMs, we analyze real-world assessments, highlight security pitfalls, and discuss the need for layered, deterministic defenses. Plus, Brian Teases the next [ segments ] episode utilizing Prompt Guard within open web pipelines.

ChatGTP created summary, because of course we're gonna use A.I. on our A.I. podcast: In this episode of the AI Security Ops podcast, the panel discusses the challenges and risks of harmful content generated by AI, particularly focusing on generative models like GPT. They explore how powerful prompt engineering can lead to the creation of misleading or dangerous outputs, and highlight the importance of detection methods, ethical oversight, and regulatory standards. The conversation emphasizes the need for responsible use of AI, stressing that while these models are incredibly capable, safeguards and human accountability are essential to prevent misuse. Is this summary misleading?

In this episode, we dive into how AI is revolutionizing cybersecurity—especially in spam detection using classic machine learning models like logistic regression and support vector machines. Join us as we explore real-world applications, teaching approaches in AI courses, and why your spam folder is smarter than ever. Topics : AI in email spam detectionTeaching machine learning through real datasetsNLP's role in cybersecurityBehind-the-scenes on building practical AI models

Welcome to another thought-provoking episode of AI Security Ops, hosted by Joff Thyer alongside Brian Fehrman and Derek Banks. In this episode, we dive deep into one of the most alarming developments in artificial intelligence—AI-generated deepfakes. 🔍 What We Cover: What deepfakes are and how they’re created using generative adversarial networks (GANs) and diffusion modelsReal-world deepfake incidents, including multimillion-dollar fraudThe growing accessibility of deepfake tools and the implications for social engineeringDetection and mitigation strategies: How to spot a deepfake and protect yourself or your organizationEthical and legal challenges in legislating deepfake technologyBest practices for experimenting responsibly with deepfake tools⚠️ With AI making deepfakes more realistic and accessible than ever, this isn’t just a tech curiosity—it’s a major infosec concern. Whether you're a cybersecurity pro, a tech enthusiast, or just curious about AI's darker side, this episode is a must-watch. 💬 Don’t forget to LIKE, COMMENT, and SUBSCRIBE for more insights on AI and cybersecurity! #AI #Deepfakes #CyberSecurity #InfoSec #SocialEngineering #GenerativeAI #EthicalAI #AITrends #Podcast #AIForGood #BlackHillsInfoSec

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Welcome to Episode 2 of AI Security Ops! In this episode, Joff Thyer, Derek Banks, Brian Fehrman, and Ben "The Heretic" Bowman take a deep dive into Prompt Injection — one of the most fascinating and misunderstood attack techniques in the AI space. We break down: 🛠️ What large language models (LLMs) are and how they work 💣 What prompt injection is, and why it matters for AI security 🎭 How attackers manipulate system prompts and personas 🔐 The difference between prompt injection and jailbreaking 👩‍💻 Practical examples, stories, and hands-on resources you can explore 🎯 How to start your journey as an AI hacker and why web app pen testing skills are more relevant than ever Plus: 👉 Real-world cases of prompt attacks on Bing, Amazon, and more👉 Tools and labs you can play with right now to test your skills👉 Be sure to check out this weeks Tech Demo on YouTube! Brought to you by the cybersecurity experts at Black Hills Information Securityhttps://blackhillsinfosec.com

Welcome to the first episode of AI Security Ops! This week, join Brian Fehrman, Derek Banks, and Joff Thyer as they dive into why AI security matters more than ever. From how large language models work to the risks of prompt injection, jailbreaking, and AI-powered social engineering, this episode unpacks the challenges and opportunities at the intersection of AI and cybersecurity.