Smashing Security podcast #470: This AI security flaw might be impossible to fix
ID: 151a3bf7-504a-521a-bcbe-66a2a59ab02f
STIX ID: report--151a3bf7-504a-521a-bcbe-66a2a59ab02f
Feed Name: Graham Cluley
This podcast episode discusses three primary security concerns: a major data exposure where a third‑party UK visa portal left passport scans, selfies (with embedded geolocation), and other sensitive files publicly accessible in a misconfigured Amazon S3 bucket; academic research from Cornell warning that prompt‑injection attacks against LLMs are difficult to fully eliminate and pose risks when agents have privileged access; and active Teams‑based social engineering attacks that abuse legitimate Microsoft 365 features (Quick Assist, admin controls) to obtain remote access and potentially lock organizations out of their tenants.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
