Sign up to save your podcasts
Or
Share The Future of AI Security is Scaffolding, Agents & The Browser
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Future of AI Security is Scaffolding, Agents & The Browser
Welcome to the 2025 State of AI Security. This year, the conversation has moved beyond simple prompt injection to a far more complex threat: attacking the entire ecosystem surrounding the LLM. In this deep-dive discussion, offensive security experts Jason Haddix (Arcanum Information Security) and Daniel Miessler (Unsupervised Learning) break down the real-world attack vectors they're seeing in the wild.
The conversation explores why prompt injection remains an unsolved problem and how the LLM is now being used as a delivery system to attack internal developers and connected applications. We also tackle the critical challenge of incident response, questioning how you can detect or investigate a malicious prompt when privacy regulations in some regions prevent logging and observability.
This episode is a must-listen for anyone looking to understand the true offensive and defensive landscape of AI security, from the DARPA Cyber Challenge to the race for AI to control the browser.
Questions asked:
(00:00) Introduction(02:22) Who are Jason Haddix & Daniel Miessler?(03:40) The State of AI Security in 2025(06:20) It's All About the "Scaffolding", Not Just the Model(08:30) Why Prompt Injection is a Fundamental, Unsolved Problem(10:45) "Attacking the Ecosystem": Using the LLM as a Delivery System(12:45) The New Enterprise Protocol: Prompts in English(15:10) The Incident Response Dilemma: How Do You Detect Malicious Prompts?(16:50) The Challenge of Logging: When Privacy Laws Block Observability(21:30) Has Data Poisoning Become a Major Threat?(27:20) How Far Can Autonomous AI Go in Hacking Today?(28:30) An Inside Look at the DARPA AI Cyber Challenge (AIxCC)(40:45) Are Attackers Actually Using AI in the Wild?(47:30) The Evolution of the "Script Kitty" in the Age of AI(51:00) Would AGI Solve Security? The Problem of Politics & Context(59:15) Context is King: Why Prompt Engineering is a Critical Skill(01:03:30) What are the Best LLMs for Security & Productivity?(01:05:40) The Next Frontier: Why AI is Racing to Own the Browser(01:20:20) Does Using AI to Write Content Erode Trust?
View all episodes
By Kaizenteq Team
4.9
99 ratings
Welcome to the 2025 State of AI Security. This year, the conversation has moved beyond simple prompt injection to a far more complex threat: attacking the entire ecosystem surrounding the LLM. In this deep-dive discussion, offensive security experts Jason Haddix (Arcanum Information Security) and Daniel Miessler (Unsupervised Learning) break down the real-world attack vectors they're seeing in the wild.
The conversation explores why prompt injection remains an unsolved problem and how the LLM is now being used as a delivery system to attack internal developers and connected applications. We also tackle the critical challenge of incident response, questioning how you can detect or investigate a malicious prompt when privacy regulations in some regions prevent logging and observability.
This episode is a must-listen for anyone looking to understand the true offensive and defensive landscape of AI security, from the DARPA Cyber Challenge to the race for AI to control the browser.
Questions asked:
(00:00) Introduction(02:22) Who are Jason Haddix & Daniel Miessler?(03:40) The State of AI Security in 2025(06:20) It's All About the "Scaffolding", Not Just the Model(08:30) Why Prompt Injection is a Fundamental, Unsolved Problem(10:45) "Attacking the Ecosystem": Using the LLM as a Delivery System(12:45) The New Enterprise Protocol: Prompts in English(15:10) The Incident Response Dilemma: How Do You Detect Malicious Prompts?(16:50) The Challenge of Logging: When Privacy Laws Block Observability(21:30) Has Data Poisoning Become a Major Threat?(27:20) How Far Can Autonomous AI Go in Hacking Today?(28:30) An Inside Look at the DARPA AI Cyber Challenge (AIxCC)(40:45) Are Attackers Actually Using AI in the Wild?(47:30) The Evolution of the "Script Kitty" in the Age of AI(51:00) Would AGI Solve Security? The Problem of Politics & Context(59:15) Context is King: Why Prompt Engineering is a Critical Skill(01:03:30) What are the Best LLMs for Security & Productivity?(01:05:40) The Next Frontier: Why AI is Racing to Own the Browser(01:20:20) Does Using AI to Write Content Erode Trust?
More shows like AI Security Podcast
View all
The a16z Show
1,092 Listeners
Risky Business
371 Listeners
CyberWire Daily
1,027 Listeners
Invest Like the Best with Patrick O'Shaughnessy
2,343 Listeners
NVIDIA AI Podcast
345 Listeners
Cybersecurity Today
178 Listeners
Practical AI
200 Listeners
Google DeepMind: The Podcast
202 Listeners
Cloud Security Podcast
58 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,220 Listeners
Cybersecurity Headlines
138 Listeners
Cloud Security Podcast by Google
40 Listeners
Honestly with Bari Weiss
8,771 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
638 Listeners
AI + a16z
34 Listeners