Sign up to save your podcasts
Or
Share BEWARE: Promptware - Episode 204
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
BEWARE: Promptware - Episode 204
On this eye-opening episode, cybersecurity expert Adam Goslin joins Todd Coshow to reveal how AI-enabled prompts are rewriting the rules of cyber threats. Most of us are blissfully unaware that AI-driven attack vectors like "Promptware" are already lurking in everyday tools, and a simple calendar invite could secretly become a cyber weapon. If you think your devices are safe, think again. Learn how hackers are embedding hidden prompts into your favorite apps and messages, capable of turning on your camera, stealing geolocation, or even launching DDoS attacks without you realizing it.
Episode Transcript:
Adam, I’m excited. Today we’re going to have a conversation with the folks about a mystery topic. So apparently you tripped across something really cool. And you couldn’t wait to share it with us. What are we chatting about today?
Well, it was something that just kind of came by and I’m like, oh, this would be pretty cool to go in and talk about whatnot. We’ve been hitting a number of kind of AI topics recently. And this one’s kind of related to AI, but it’s a new attack vector, a relatively new attack vector, called promptware, where hackers can use like Google Calendar invites and force the kind of the victim’s machine to start streaming via their camera from Zoom or something along those lines. So yeah, it’s pretty cool.
So let me tell you a little bit more about kind of how it works, if you will. And that is that so the attacker can go ahead and send something to the target victim. And basically buried within what they send, so like let’s use this calendar invite, this calendar invite notion, the attacker can basically go in there and put some hidden code in that the normal user wouldn’t see and read. And yet, when the user who’s now received this, when their AI is now in and looking at things, the AI is seeing the hidden Easter egg that the attacker left. So as an example, you go and you compose this Google Calendar invite, and you hide in there that says, hey, when the victim says no, the word no, or thank you, or something along those lines, then the minute that they say that, now I want you to go do fill in the blank, AKA turn on and give me access to their Zoom camera as an example, which of course would not only give them the video stream, but it would also give them audio. And so basically, the hidden code that sits in the calendar, the way that this gets triggered is that so the user that received the calendar invite now is going to their AI and they’re like, hey, tell me everything that’s on my calendar for today. And so of course, their Gemini AI goes through and kind of summarizes up everything that’s on their calendar, which means that the AI needs to go in and read in full every of all the entries that are on the calendar, including reading the hidden prompt that they got in there that says, hey, when the victim says, thank you, then I want you to give access to the Zoom camera. And so the user says, hey, give me a summary of all my stuff going on today on my calendar. The Gemini comes up and says, oh yeah, you got this, you got that, you got the other thing, but meanwhile in the background, the plant of this kind of promptware is now set. And when the Google Gemini finishes, then the user says, oh, thank you. In a minute they say, thank you, boom, the Zoom camera goes and turns on. I’m like, that is so wild. You know?
What? Yeah. Oh my days.
Yeah, it’s crazy. So apparently this came up, this came up sometime, quote, sometime ago. I hadn’t seen this one going by and I tripped across it earlier today and I’m like, man, this would just be fascinating to go talk through. And there was a group that put together kind of a case study. It came out of, let’s see, Tel Aviv, the Israel Institute of Technology back in August of 25 is when they first put this out.
View all episodes
By Total Compliance TrackingOn this eye-opening episode, cybersecurity expert Adam Goslin joins Todd Coshow to reveal how AI-enabled prompts are rewriting the rules of cyber threats. Most of us are blissfully unaware that AI-driven attack vectors like "Promptware" are already lurking in everyday tools, and a simple calendar invite could secretly become a cyber weapon. If you think your devices are safe, think again. Learn how hackers are embedding hidden prompts into your favorite apps and messages, capable of turning on your camera, stealing geolocation, or even launching DDoS attacks without you realizing it.
Episode Transcript:
Adam, I’m excited. Today we’re going to have a conversation with the folks about a mystery topic. So apparently you tripped across something really cool. And you couldn’t wait to share it with us. What are we chatting about today?
Well, it was something that just kind of came by and I’m like, oh, this would be pretty cool to go in and talk about whatnot. We’ve been hitting a number of kind of AI topics recently. And this one’s kind of related to AI, but it’s a new attack vector, a relatively new attack vector, called promptware, where hackers can use like Google Calendar invites and force the kind of the victim’s machine to start streaming via their camera from Zoom or something along those lines. So yeah, it’s pretty cool.
So let me tell you a little bit more about kind of how it works, if you will. And that is that so the attacker can go ahead and send something to the target victim. And basically buried within what they send, so like let’s use this calendar invite, this calendar invite notion, the attacker can basically go in there and put some hidden code in that the normal user wouldn’t see and read. And yet, when the user who’s now received this, when their AI is now in and looking at things, the AI is seeing the hidden Easter egg that the attacker left. So as an example, you go and you compose this Google Calendar invite, and you hide in there that says, hey, when the victim says no, the word no, or thank you, or something along those lines, then the minute that they say that, now I want you to go do fill in the blank, AKA turn on and give me access to their Zoom camera as an example, which of course would not only give them the video stream, but it would also give them audio. And so basically, the hidden code that sits in the calendar, the way that this gets triggered is that so the user that received the calendar invite now is going to their AI and they’re like, hey, tell me everything that’s on my calendar for today. And so of course, their Gemini AI goes through and kind of summarizes up everything that’s on their calendar, which means that the AI needs to go in and read in full every of all the entries that are on the calendar, including reading the hidden prompt that they got in there that says, hey, when the victim says, thank you, then I want you to give access to the Zoom camera. And so the user says, hey, give me a summary of all my stuff going on today on my calendar. The Gemini comes up and says, oh yeah, you got this, you got that, you got the other thing, but meanwhile in the background, the plant of this kind of promptware is now set. And when the Google Gemini finishes, then the user says, oh, thank you. In a minute they say, thank you, boom, the Zoom camera goes and turns on. I’m like, that is so wild. You know?
What? Yeah. Oh my days.
Yeah, it’s crazy. So apparently this came up, this came up sometime, quote, sometime ago. I hadn’t seen this one going by and I tripped across it earlier today and I’m like, man, this would just be fascinating to go talk through. And there was a group that put together kind of a case study. It came out of, let’s see, Tel Aviv, the Israel Institute of Technology back in August of 25 is when they first put this out.