Sign up to save your podcasts
Or
Share AI Installed the Backdoor. Now What?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
AI Installed the Backdoor. Now What?
Imagine this. A developer opens their laptop. Gets a routine VS Code update notification. Clicks install. Goes back to work.
What they don't know is that an AI triage bot the kind built to make their team more efficient just read a manipulated GitHub Issue title, followed hidden instructions, stole three publishing tokens, and silently installed a rogue AI agent on their machine. One that survives reboots. One that takes remote commands. One that they never heard of, never evaluated, and never consented to.
This wasn't a nation-state. This wasn't a zero-day. This was one sentence in a GitHub Issue title and it compromised 4,000 developer machines in 8 hours.
We are living in a moment where AI is installing AI and our security tools were not built for this.
Special guest: Liran Baron, CPO of SaaS Alerts.
Article: https://www.cremit.io/blog/ai-supply-chain-attack-clinejection
View all episodes
By Andrew Morgan
4.7
1616 ratings
Imagine this. A developer opens their laptop. Gets a routine VS Code update notification. Clicks install. Goes back to work.
What they don't know is that an AI triage bot the kind built to make their team more efficient just read a manipulated GitHub Issue title, followed hidden instructions, stole three publishing tokens, and silently installed a rogue AI agent on their machine. One that survives reboots. One that takes remote commands. One that they never heard of, never evaluated, and never consented to.
This wasn't a nation-state. This wasn't a zero-day. This was one sentence in a GitHub Issue title and it compromised 4,000 developer machines in 8 hours.
We are living in a moment where AI is installing AI and our security tools were not built for this.
Special guest: Liran Baron, CPO of SaaS Alerts.
Article: https://www.cremit.io/blog/ai-supply-chain-attack-clinejection