Modern Cyber with Jeremy Snyder

In this episode of This Week in AI Security, Jeremy highlights a significant uptick in AI-related vulnerabilities and the shifting regulatory landscape. The episode covers everything from "Body Snatcher" flaws in enterprise platforms to the growing "industrialization" of AI-powered exploit generation.
Key Stories & Developments:
California's Cease and Desist to XAI: Following international concerns over sexualized deepfakes, California has issued a first-of-its-kind cease and desist order to XAI. This marks a major moment in regional AI oversight in the absence of federal legislation.
ServiceNow "Body Snatcher" Flaw: A critical 9.3/10 CVE was identified in ServiceNow’s AI agent service. An unauthenticated endpoint allowed for Remote Code Execution (RCE), demonstrating that unauthenticated APIs remain a massive risk for agentic systems.
Anthropic "Magic String" Crash: Researchers discovered a specific "magic string" that can effectively crash Anthropic LLM sessions. This specialized prompt acts as a denial-of-service against agentic workflows by killing the active interaction stream.
Claude Code Data Leak: A default logging feature in Claude Code (vibe coding) saves full-text chat histories in a local directory. Developers committing this directory to public repos risk exposing their entire application logic and internal prompts to attackers.
Eurostar Chatbot Exploit: A public-facing AI chatbot for Eurostar was found vulnerable to guardrail bypass and prompt injection. Ross Donald discovered that simply hardcoding a "validation" parameter in the API allowed him to bypass front-end checks.
Industrialized Exploit Generation: A new study suggests that for a mere $30 token budget, an LLM can successfully generate an exploit for a known software vulnerability, potentially reducing the "time-to-exploit" to under 20 minutes.

Episode Links
https://thehackernews.com/2026/01/servicenow-patches-critical-ai-platform.html
https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/
https://cy.md/opencode-rce/
https://techcrunch.com/2026/01/16/california-ag-sends-musks-xai-a-cease-and-desist-order-over-sexual-deepfakes/
https://mastodon.social/@Viss/115923109466960526
https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/
https://bsky.app/profile/aparker.io/post/3mcqehqhcgc2q

Worried about AI security? Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/request-a-demo

Happy New Year! Jeremy kicks off 2026 with a special extended episode to catch up on everything that happened while the industry was on holiday. From humanoid robots to new global protocols for "Agentic Commerce," AI adoption is accelerating at an unprecedented pace.
Market & Strategic Trends:
Explosive Growth: AI consumption has tripled over the last year, with user prompt volume growing 6x.
Specialized Foundations: We are seeing a shift from general-purpose models to domain-specific LLMs, such as Nvidia's Alpamayo for autonomous vehicles.
Agentic Commerce: Google has announced a new protocol designed to facilitate interactions between AI shopping agents and retail systems.
Regulatory Landscape: New York has introduced the RAISE Act for AI security, while Italy is challenging Meta's "walled garden" approach to AI chatbots on WhatsApp.
Critical Vulnerabilities & Research:
Prompt Injection is "Inherent": OpenAI researchers suggest that agentic browsers may be inherently vulnerable to indirect prompt injection due to their need to process external instructions.
Supply Chain Risks: Major vulnerabilities were identified in LangChain (API serialization issues) and n8n (max severity RCE), both core tools for building AI workflows.
Shadow AI Attacks: Over 91,000 attack sessions were detected targeting AI deployments, including Server-Side Request Forgery (SSRF) campaigns launched via Llama.
Episode Links
https://securityboulevard.com/2026/01/report-increase-usage-of-generative-ai-services-creates-cybersecurity-challenge/
https://techcrunch.com/2026/01/05/boston-dynamicss-next-gen-humanoid-robot-will-have-google-deepmind-dna/
https://techcrunch.com/2026/01/05/nvidia-launches-alpamayo-open-ai-models-that-allow-autonomous-vehicles-to-think-like-a-human/
https://techcrunch.com/2026/01/11/google-announces-a-new-protocol-to-facilitate-commerce-using-ai-agents/
https://techcrunch.com/2025/12/20/new-york-governor-kathy-hochul-signs-raise-act-to-regulate-ai-safety/
https://techcrunch.com/2025/12/24/italy-tells-meta-to-suspend-its-policy-that-bans-rival-ai-chatbots-from-whatsapp/https://github.com/asgeirtj/system_prompts_leaks/
https://techcrunch.com/2025/12/22/openai-says-ai-browsers-may-always-be-vulnerable-to-prompt-injection-attacks/
https://techcrunch.com/2026/01/04/french-and-malaysian-authorities-are-investigating-grok-for-generating-sexualized-deepfakes/
https://www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-lets-hackers-hijack-n8n-servers/
https://aws.amazon.com/security/security-bulletins/rss/2026-001-aws/
https://securityboulevard.com/2026/01/google-gemini-ai-flaw-could-lead-to-gmail-compromise-phishing-2/
https://www.scworld.com/brief/severe-ask-gordon-ai-vulnerability-addressed-by-docker
https://www.eweek.com/news/langchain-ai-vulnerability-exposes-apps-to-hack/
https://cybernews.com/security/dig-ai-new-cyber-weapon-abused-by-hackers/
https://cyberpress.org/hackers-actively-exploit-ai-deployments/

In this kick-off episode for 2026, Jeremy is joined by the legendary Mikko Hypponen, Chief Research Officer at Sensofusion, for a comprehensive retrospective of 2025 and a look ahead at the future of AI-driven threats. Mikko, now a "Mount Rushmore" guest of the show, shares insights from his transition into the anti-drone space while reflecting on a year defined by massive infrastructure disruptions.
The duo discusses the staggering impact of 2025 ransomware incidents, most notably the Jaguar Land Rover breach, which halted production for six weeks and cost an estimated £1.5 billion. Mikko argues that these events prove cybersecurity is no longer just about protecting computers—it’s about securing society itself. They also break down the "random shotgun" nature of modern attacks, where gangs like Clop and Akira target vulnerabilities rather than specific industries or geographies.
Turning to AI, Mikko provides a reality check on the current state of deepfakes and automated orchestration. He reflects on the first massive AI-orchestrated cyber espionage campaign of 2025 and explains why the battle between open-source and closed-source models will define the next phase of defense. Finally, they examine how "data is the new oil" and AI is the "new oil refinery," creating a dual-extortion landscape where the risk of data leakage often outweighs the cost of downtime.
About Mikko
Mikko Hypponen is a world-renowned global security expert, author, and speaker with over 35 years of experience in the industry. In August 2025, Mikko transitioned from his long-standing tenure at WithSecure to become the Chief Research Officer at Sensofusion, a Finnish company specializing in advanced anti-drone technologies.
Mikko has assisted law enforcement in the U.S., Europe, and Asia on major cybercrime cases since the 1990s and is the curator of the Malware Museum at the Internet Archive. He is the author of the best-selling book "If It's Smart, It's Vulnerable" and a frequent contributor to The New York Times, Wired, and Scientific American. In addition to his role at Sensofusion, Mikko serves as an advisor to Firetail.

Episode Links
https://sensofusion.com/
https://mikko.com/
https://www.firetail.ai/ai-breach-tracker
https://www.anthropic.com/news/disrupting-AI-espionage

In the final episode of 2025, Jeremy examines the evolution of SEO poisoning into "AI poisoning," a major privacy breach involving a popular browser extension, and shares a data-driven "sneak peek" at the state of AI security over the past year.
Key Stories & Developments:
AI Poisoning of Search Results: Researchers identified an attack where threat actors plant false information online to trick AI-powered search engine crawlers. This results in search engines providing AI summaries that list scam phone numbers for legitimate services like airline call centers, effectively creating a modern, AI-driven version of SEO poisoning.
The "Pay-to-Crawl" Proposal: Jeremy discusses a new proposal from Creative Commons that suggests moving away from outright blocking AI crawlers. Instead, website owners could set a price for crawling and training, allowing organizations to monetize the use of their data by LLM providers.
Urban VPN Privacy Breach: A popular Chrome and Edge extension, Urban VPN Proxy, was caught intercepting and reading the AI chat messages of its 7.3 million users. This incident highlights the risk of third-party browser extensions reading sensitive data that users assume is private.
2025 in Review Snapshot: Using data from the Firetail AI Incident Tracker, Jeremy reveals two major trends from 2025:
The Surge in Incidents: AI security incidents saw a massive jump from 2024 to 2025, marking this as the year AI-related security became a global, pervasive problem.
Disclosure vs. Injection: While the OWASp Top 10 lists prompt injection as the #1 risk, the tracker data shows that sensitive information disclosure (largely due to organizational error) actually outstrips prompt injection by about a third.
Episode Links
https://finance.yahoo.com/news/aurascape-researchers-expose-ai-attack-140000260.html?guccounter=1
https://techcrunch.com/2025/12/15/creative-commons-announces-tentative-support-for-ai-pay-to-crawl-systems/
https://thehackernews.com/2025/12/featured-chrome-browser-extension.html
https://www.firetail.ai/ai-breach-tracker

In this episode of Modern Cyber, Jeremy is joined by Chris Parker, the founder of WhatIsMyIPAddress.com, one of the most visited websites in the world. With over 13 million monthly visitors,
Chris has spent more than 25 years helping people understand their digital presence and protect their online privacy. The conversation dives into the fascinating 26-year history of the site—from its start as a simple hobby on a home Windows NT box to becoming a global authority on cybersecurity.
Chris shares "war stories" from the early days of the web, including dealing with notoriously verbose log files that filled entire hard drives and managing a home data center that maxed out local copper lines. Chris and Jeremy also explore the modern landscape of digital privacy, discussing the balance between transparency and anonymity.
They cover practical topics like how scammers use urgency to fleece victims, the "supply chain" risks of website plugins, and Chris's "middle-ground" approach to privacy—avoiding both complete exposure and the "Faraday cage" lifestyle.
About Chris Parker
Chris Parker is the founder of WhatIsMyIPAddress.com, one of the world’s most visited websites, helping more than 13 million people each month safeguard their digital privacy. Chris has become the go-to expert on protecting yourself in the digital age, whether from scammers, data miners, or privacy threats you didn't know existed. He is the author of Privacy Crisis: How to Maintain Your Privacy Without Becoming a Hermit, and host of The Easy Prey Podcast.
Episode Links
Website: https://www.privacycrisis.com
LinkedIn: https://www.linkedin.com/in/christophergparker/
Podcast: https://www.easyprey.com/