logo

Smashing Security podcast #470: This AI security flaw might be impossible to fix

ID: 151a3bf7-504a-521a-bcbe-66a2a59ab02f

STIX ID: report--151a3bf7-504a-521a-bcbe-66a2a59ab02f

Feed Name: Graham Cluley

Threat Score
68/100

Date Published: 2026-06-03

Date Updated: 2026-06-04

Author: Graham Cluley

...
...

This podcast episode discusses three primary security concerns: a major data exposure where a third‑party UK visa portal left passport scans, selfies (with embedded geolocation), and other sensitive files publicly accessible in a misconfigured Amazon S3 bucket; academic research from Cornell warning that prompt‑injection attacks against LLMs are difficult to fully eliminate and pose risks when agents have privileged access; and active Teams‑based social engineering attacks that abuse legitimate Microsoft 365 features (Quick Assist, admin controls) to obtain remote access and potentially lock organizations out of their tenants.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.