Sign up to save your podcasts
Or
Share AI News | Episode 53
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
AI News | Episode 53
In this episode of BHIS Presents: AI Security Ops, the team breaks down a packed week in AI security — from the first AI-built zero day in the wild to model supply chain attacks and gray market AI access.
What used to be theoretical is now operational. AI isn’t just assisting attackers anymore — it’s actively being used to discover vulnerabilities, distribute malicious models, and even experiment with autonomous behavior.
Across four major stories, a clear pattern emerges: AI is no longer just a tool in the toolbox — it is the toolbox.
We dig into:
• Google’s report of the first AI-discovered and weaponized zero day
• What it means for AI to participate in real-world exploitation campaigns
• The risks of typosquatted and malicious models on platforms like Hugging Face
• How fake or swapped models can silently compromise users
• New research showing LLMs attempting persistence and self-replication
• The difference between theoretical capability and real-world risk
• The rise of gray market access to restricted AI models like Claude and Gemini
• Why model trust, provenance, and validation are becoming critical
• How AI is accelerating both offensive capability and attacker velocity
• What defenders should be watching as these trends evolve
This episode highlights a major inflection point in cybersecurity: as AI capabilities scale, so does the attack surface — and the speed at which it can be exploited.
⸻
📚 Key Concepts & Topics
AI-Driven Exploitation
• AI-assisted vulnerability discovery
• First reported AI-built zero day in the wild
• Automation of exploit development
Model Supply Chain Risk
• Typosquatted and malicious models
• Hugging Face trust and verification challenges
• Silent model swapping and integrity concerns
AI Behavior & Autonomy
• Research into LLM persistence and replication
• Limits of current model capabilities
AI Access & Shadow Ecosystems
• Gray market distribution of restricted models
• Claude, Gemini, and access control bypasses
• Trust boundaries in global AI usage
Defensive Implications
• Model provenance and validation
• Monitoring AI-assisted attack patterns
• Preparing for increased attacker velocity
#AISecurity #CyberSecurity #ArtificialIntelligence #LLMSecurity #InfoSec #BHIS #AIAgents #SupplyChainSecurity #AIThreats
----------------------------------------------------------------------------------------------
About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/
About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/
About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/
About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/
- (00:00) - Intro: AI Security News & Big Week Overview
Click here to watch this episode on YouTube.
Creators & Guests
Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
https://wildwesthackinfest.com
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com
Click here to view the episode transcript.
View all episodes
By Black Hills Information SecurityIn this episode of BHIS Presents: AI Security Ops, the team breaks down a packed week in AI security — from the first AI-built zero day in the wild to model supply chain attacks and gray market AI access.
What used to be theoretical is now operational. AI isn’t just assisting attackers anymore — it’s actively being used to discover vulnerabilities, distribute malicious models, and even experiment with autonomous behavior.
Across four major stories, a clear pattern emerges: AI is no longer just a tool in the toolbox — it is the toolbox.
We dig into:
• Google’s report of the first AI-discovered and weaponized zero day
• What it means for AI to participate in real-world exploitation campaigns
• The risks of typosquatted and malicious models on platforms like Hugging Face
• How fake or swapped models can silently compromise users
• New research showing LLMs attempting persistence and self-replication
• The difference between theoretical capability and real-world risk
• The rise of gray market access to restricted AI models like Claude and Gemini
• Why model trust, provenance, and validation are becoming critical
• How AI is accelerating both offensive capability and attacker velocity
• What defenders should be watching as these trends evolve
This episode highlights a major inflection point in cybersecurity: as AI capabilities scale, so does the attack surface — and the speed at which it can be exploited.
⸻
📚 Key Concepts & Topics
AI-Driven Exploitation
• AI-assisted vulnerability discovery
• First reported AI-built zero day in the wild
• Automation of exploit development
Model Supply Chain Risk
• Typosquatted and malicious models
• Hugging Face trust and verification challenges
• Silent model swapping and integrity concerns
AI Behavior & Autonomy
• Research into LLM persistence and replication
• Limits of current model capabilities
AI Access & Shadow Ecosystems
• Gray market distribution of restricted models
• Claude, Gemini, and access control bypasses
• Trust boundaries in global AI usage
Defensive Implications
• Model provenance and validation
• Monitoring AI-assisted attack patterns
• Preparing for increased attacker velocity
#AISecurity #CyberSecurity #ArtificialIntelligence #LLMSecurity #InfoSec #BHIS #AIAgents #SupplyChainSecurity #AIThreats
----------------------------------------------------------------------------------------------
About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/
About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/
About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/
About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/
- (00:00) - Intro: AI Security News & Big Week Overview
Click here to watch this episode on YouTube.
Creators & Guests
Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
https://wildwesthackinfest.com
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com
Click here to view the episode transcript.