Sign up to save your podcasts
Or
Share Hacking AI: Why Most AI Systems Are Insecure by Default
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Hacking AI: Why Most AI Systems Are Insecure by Default
Hosts: Miriah Peterson, Matt Sharp, Chris Brousseau
Recorded: April 2026
Status: Released
Most AI systems today are designed to be helpful — not secure.
In this episode, we break down how AI systems actually get exploited in production:
- a real supply chain attack on a widely used AI dependency
- prompt injection and why it still works
- image-based (multimodal) exploits
- tool and agent abuse
If you’re building AI — especially at a startup — you are the security team.
A widely used AI dependency was compromised via a malicious .pth file:
- executes automatically when Python starts
- no import required
- targets credentials, SSH keys, and environment variables
👉 Just installing the package was enough.
This highlights a critical reality:
Your AI system is only as secure as your dependencies.
- Models cannot distinguish between instructions and data
- External content can override system behavior
- Still one of the most common AI vulnerabilities
🔗 https://learnprompting.org/docs/prompt_hacking/injection
- Hidden instructions embedded in images
- AI interprets images differently than humans
- Expands the attack surface significantly
🔗 https://arxiv.org/abs/2306.11698
- AI systems can take real-world actions via tools
- Prompt injection → API calls, data leaks, unintended execution
- Agents amplify risk through autonomy and retries
If you’re building AI systems today:
- separate instructions from data
- limit tool permissions
- treat outputs as untrusted
- validate everything before execution
- AI systems have an internet-sized attack surface
- Supply chain attacks bypass all AI safeguards
- Prompt injection is a fundamental problem
- AI doesn’t fail safely — it fails wherever your system is weakest
- LiteLLM incident: https://github.com/BerriAI/litellm/issues/24512
- Attack breakdown: https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/
- LLM attack techniques: https://llm-attacks.org/
- OWASP LLM Top 10: https://owasp.org/www-project-top-10-for-large-language-model-applications/
- Gandalf challenge: https://gandalf.lakera.ai/
We’ve launched a Patreon for Domesticating AI 🎉
Get:
- early access to episodes
- behind-the-scenes content
- bloopers and uncut moments
👉 https://patreon.com/DomesticatingAIPodcast
- 🎥 YouTube: https://youtu.be/HTTxE7Y1sko
What’s the weirdest way an AI system has broken for you?
Keep your AI on a leash.
View all episodes
By SoyPete TechHosts: Miriah Peterson, Matt Sharp, Chris Brousseau
Recorded: April 2026
Status: Released
Most AI systems today are designed to be helpful — not secure.
In this episode, we break down how AI systems actually get exploited in production:
- a real supply chain attack on a widely used AI dependency
- prompt injection and why it still works
- image-based (multimodal) exploits
- tool and agent abuse
If you’re building AI — especially at a startup — you are the security team.
A widely used AI dependency was compromised via a malicious .pth file:
- executes automatically when Python starts
- no import required
- targets credentials, SSH keys, and environment variables
👉 Just installing the package was enough.
This highlights a critical reality:
Your AI system is only as secure as your dependencies.
- Models cannot distinguish between instructions and data
- External content can override system behavior
- Still one of the most common AI vulnerabilities
🔗 https://learnprompting.org/docs/prompt_hacking/injection
- Hidden instructions embedded in images
- AI interprets images differently than humans
- Expands the attack surface significantly
🔗 https://arxiv.org/abs/2306.11698
- AI systems can take real-world actions via tools
- Prompt injection → API calls, data leaks, unintended execution
- Agents amplify risk through autonomy and retries
If you’re building AI systems today:
- separate instructions from data
- limit tool permissions
- treat outputs as untrusted
- validate everything before execution
- AI systems have an internet-sized attack surface
- Supply chain attacks bypass all AI safeguards
- Prompt injection is a fundamental problem
- AI doesn’t fail safely — it fails wherever your system is weakest
- LiteLLM incident: https://github.com/BerriAI/litellm/issues/24512
- Attack breakdown: https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/
- LLM attack techniques: https://llm-attacks.org/
- OWASP LLM Top 10: https://owasp.org/www-project-top-10-for-large-language-model-applications/
- Gandalf challenge: https://gandalf.lakera.ai/
We’ve launched a Patreon for Domesticating AI 🎉
Get:
- early access to episodes
- behind-the-scenes content
- bloopers and uncut moments
👉 https://patreon.com/DomesticatingAIPodcast
- 🎥 YouTube: https://youtu.be/HTTxE7Y1sko
What’s the weirdest way an AI system has broken for you?
Keep your AI on a leash.