Sign up to save your podcasts
Or
Share This Week in AI Security - 18th December 2025
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
This Week in AI Security - 18th December 2025
In the final episode of 2025, Jeremy examines the evolution of SEO poisoning into "AI poisoning," a major privacy breach involving a popular browser extension, and shares a data-driven "sneak peek" at the state of AI security over the past year.
Key Stories & Developments:
- AI Poisoning of Search Results: Researchers identified an attack where threat actors plant false information online to trick AI-powered search engine crawlers. This results in search engines providing AI summaries that list scam phone numbers for legitimate services like airline call centers, effectively creating a modern, AI-driven version of SEO poisoning.
- The "Pay-to-Crawl" Proposal: Jeremy discusses a new proposal from Creative Commons that suggests moving away from outright blocking AI crawlers. Instead, website owners could set a price for crawling and training, allowing organizations to monetize the use of their data by LLM providers.
- Urban VPN Privacy Breach: A popular Chrome and Edge extension, Urban VPN Proxy, was caught intercepting and reading the AI chat messages of its 7.3 million users. This incident highlights the risk of third-party browser extensions reading sensitive data that users assume is private.
2025 in Review Snapshot: Using data from the Firetail AI Incident Tracker, Jeremy reveals two major trends from 2025:
- The Surge in Incidents: AI security incidents saw a massive jump from 2024 to 2025, marking this as the year AI-related security became a global, pervasive problem.
- Disclosure vs. Injection: While the OWASp Top 10 lists prompt injection as the #1 risk, the tracker data shows that sensitive information disclosure (largely due to organizational error) actually outstrips prompt injection by about a third.
Episode Links
- https://finance.yahoo.com/news/aurascape-researchers-expose-ai-attack-140000260.html?guccounter=1
- https://techcrunch.com/2025/12/15/creative-commons-announces-tentative-support-for-ai-pay-to-crawl-systems/
- https://thehackernews.com/2025/12/featured-chrome-browser-extension.html
- https://www.firetail.ai/ai-breach-tracker
View all episodes
By Jeremy SnyderIn the final episode of 2025, Jeremy examines the evolution of SEO poisoning into "AI poisoning," a major privacy breach involving a popular browser extension, and shares a data-driven "sneak peek" at the state of AI security over the past year.
Key Stories & Developments:
- AI Poisoning of Search Results: Researchers identified an attack where threat actors plant false information online to trick AI-powered search engine crawlers. This results in search engines providing AI summaries that list scam phone numbers for legitimate services like airline call centers, effectively creating a modern, AI-driven version of SEO poisoning.
- The "Pay-to-Crawl" Proposal: Jeremy discusses a new proposal from Creative Commons that suggests moving away from outright blocking AI crawlers. Instead, website owners could set a price for crawling and training, allowing organizations to monetize the use of their data by LLM providers.
- Urban VPN Privacy Breach: A popular Chrome and Edge extension, Urban VPN Proxy, was caught intercepting and reading the AI chat messages of its 7.3 million users. This incident highlights the risk of third-party browser extensions reading sensitive data that users assume is private.
2025 in Review Snapshot: Using data from the Firetail AI Incident Tracker, Jeremy reveals two major trends from 2025:
- The Surge in Incidents: AI security incidents saw a massive jump from 2024 to 2025, marking this as the year AI-related security became a global, pervasive problem.
- Disclosure vs. Injection: While the OWASp Top 10 lists prompt injection as the #1 risk, the tracker data shows that sensitive information disclosure (largely due to organizational error) actually outstrips prompt injection by about a third.
Episode Links
- https://finance.yahoo.com/news/aurascape-researchers-expose-ai-attack-140000260.html?guccounter=1
- https://techcrunch.com/2025/12/15/creative-commons-announces-tentative-support-for-ai-pay-to-crawl-systems/
- https://thehackernews.com/2025/12/featured-chrome-browser-extension.html
- https://www.firetail.ai/ai-breach-tracker