Modern Cyber with Jeremy Snyder

In the final episode of 2025, Jeremy examines the evolution of SEO poisoning into "AI poisoning," a major privacy breach involving a popular browser extension, and shares a data-driven "sneak peek" at the state of AI security over the past year.Key Stories & Developments:AI Poisoning of Search Results: Researchers identified an attack where threat actors plant false information online to trick AI-powered search engine crawlers. This results in search engines providing AI summaries that list scam phone numbers for legitimate services like airline call centers, effectively creating a modern, AI-driven version of SEO poisoning.The "Pay-to-Crawl" Proposal: Jeremy discusses a new proposal from Creative Commons that suggests moving away from outright blocking AI crawlers. Instead, website owners could set a price for crawling and training, allowing organizations to monetize the use of their data by LLM providers.Urban VPN Privacy Breach: A popular Chrome and Edge extension, Urban VPN Proxy, was caught intercepting and reading the AI chat messages of its 7.3 million users. This incident highlights the risk of third-party browser extensions reading sensitive data that users assume is private.2025 in Review Snapshot: Using data from the Firetail AI Incident Tracker, Jeremy reveals two major trends from 2025:The Surge in Incidents: AI security incidents saw a massive jump from 2024 to 2025, marking this as the year AI-related security became a global, pervasive problem.Disclosure vs. Injection: While the OWASp Top 10 lists prompt injection as the #1 risk, the tracker data shows that sensitive information disclosure (largely due to organizational error) actually outstrips prompt injection by about a third.Episode Linkshttps://finance.yahoo.com/news/aurascape-researchers-expose-ai-attack-140000260.html?guccounter=1https://techcrunch.com/2025/12/15/creative-commons-announces-tentative-support-for-ai-pay-to-crawl-systems/https://thehackernews.com/2025/12/featured-chrome-browser-extension.htmlhttps://www.firetail.ai/ai-breach-tracker

In this episode of Modern Cyber, Jeremy is joined by Chris Parker, the founder of WhatIsMyIPAddress.com, one of the most visited websites in the world. With over 13 million monthly visitors, Chris has spent more than 25 years helping people understand their digital presence and protect their online privacy. The conversation dives into the fascinating 26-year history of the site—from its start as a simple hobby on a home Windows NT box to becoming a global authority on cybersecurity. Chris shares "war stories" from the early days of the web, including dealing with notoriously verbose log files that filled entire hard drives and managing a home data center that maxed out local copper lines. Chris and Jeremy also explore the modern landscape of digital privacy, discussing the balance between transparency and anonymity. They cover practical topics like how scammers use urgency to fleece victims, the "supply chain" risks of website plugins, and Chris's "middle-ground" approach to privacy—avoiding both complete exposure and the "Faraday cage" lifestyle. About Chris ParkerChris Parker is the founder of WhatIsMyIPAddress.com, one of the world’s most visited websites, helping more than 13 million people each month safeguard their digital privacy. Chris has become the go-to expert on protecting yourself in the digital age, whether from scammers, data miners, or privacy threats you didn't know existed. He is the author of Privacy Crisis: How to Maintain Your Privacy Without Becoming a Hermit, and host of The Easy Prey Podcast. Episode LinksWebsite: https://www.privacycrisis.com LinkedIn: https://www.linkedin.com/in/christophergparker/ Podcast: https://www.easyprey.com/

In this week's episode, Jeremy focuses on the escalating threat of prompt injection across the enterprise, the introduction of a new OWASP Top 10 list, and a surprising advisory from Gartner.Prompt Injection & RCE:PromptPwnd: A vulnerability in GitHub Actions allows attackers to use malicious commit messages to perform prompt injection against AI agents, executing privileged tools and leaking secrets from CI/CD pipelines.IDE Attack Surface: Similar prompt injection flaws were identified in popular development environments and extensions (Cursor, Copilot, Z-Ro), showing how malicious prompts can bypass guardrails and hijack context within the IDE.GeminiJack: A "zero-click" vulnerability in Google Gemini Enterprise and Vertex AI Search allowed attackers to embed indirect prompt injections in shared documents (Gmail, Calendar, Docs). A routine employee search would activate the attack, causing the AI to exfiltrate sensitive corporate data.Industry Shifts:Gartner's Advisory: Gartner issued an unusual strong advisory recommending that CISOs block all AI browsers (like ChatGPT Atlas and Perplexity Comet) for the foreseeable future due to inherent security risks, including data leakage, credential abuse, and autonomous rogue actions.New OWASp Top 10: The OWASp Top 10 for Agentic Applications was released, focusing on risks unique to autonomous, tool-using systems, such as Agent Goal Hijack, Identity and Privilege Abuse, and Agentic Supply Chain Vulnerabilities.Episode Links:https://gbhackers.com/prompt-injection-vulnerability-in-github-actions/https://thehackernews.com/2025/12/researchers-uncover-30-flaws-in-ai.htmlhttps://securityboulevard.com/2025/12/indirect-malicious-prompt-technique-targets-google-gemini-enterprise/https://securityboulevard.com/2025/12/gartners-ai-browser-ban-rearranging-deck-chairs-on-the-titanic/https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/++++++++++Worried about AI security? Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/request-a-demo

In this week's episode, Jeremy dissects two critical security issues and shares key strategic takeaways from the recent Ascent Community Summit on Advancing AI Security.Security Incidents & Research:OpenAI Third-Party Breach: We examine the security incident where OpenAI was affected by a third-party breach via the Mixpanel analytics platform. While customer PII was exposed, prompt and data content was not impacted. Jeremy notes that the API was the attack surface, reinforcing a recurring theme in AI-related incidents.Adversarial Poetry: We break down a fascinating academic paper demonstrating that embedding malicious prompts inside poetry is a successful technique for bypassing LLM guardrails. In some models, this "adversarial poetry" increased the Attack Success Rate (ASR) by over 60%, showing how context manipulation can trick frontier models.Ascent Community Summit Takeaways: Jeremy shares high-level insights from the summit (co-hosted by Paladin and Georgia Tech), focusing on securing critical sectors (Defense, Infrastructure, Healthcare). Key themes include:Core Requirements for AI: The need for math expertise, dedicated compute infrastructure, massive data access, and specialized people.The New Perimeter: Discussion shifted from "identity as the perimeter" to data being the key asset and central focus for security controls.Supply Chain Risks: The societal impact of the AI boom, including increased strain on electricity, cooling, and bandwidth for data center infrastructure.Brakes on a Fast Car: The CISO's role is framed as enabling maximum speed while having the ability to act as the "brakes on a very fast moving car" (Dundee West, GSK), emphasizing rapid response over stagnation.Episode Linkshttps://openai.com/index/mixpanel-incident/https://arxiv.org/pdf/2511.15304https://sites.gatech.edu/asccent/summit/------Worried about AI security? Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/request-a-demo

In this week's episode, Jeremy covers seven stories that highlight the continuing pattern of API-level risks, the rise of multi-agent threats, and new academic insights into LLM fundamentals.Key stories include:RCE via PyTorch: A high-severity vulnerability (with an assigned CVE) was discovered in the widely-used PyTorch package, enabling Remote Code Execution (RCE) through malicious payloads at the API layer. This reinforces the trend of the API being the primary attack surface for AI applications.AI Browser Local Command Execution: Researchers found an API flaw in AI browsers that allowed a malicious instruction set to execute local commands on a user's machine via an embedded extension.Klein Bot Vulnerabilities: An open-source coding agent was found to have multiple security flaws, including the exfiltration of API keys and the disclosure of its underlying model (Grok), validating OWASp's risk categories.Multi-Agent Risk in ServiceNow: Researchers demonstrated that in ServiceNow’s new A-to-A agentic workflows, default configurations place agents in the same network, allowing them to communicate and be exploited using the privileges of the human user who created them.The "Subspace Problem" of Red Teaming: Academic research argues that current LLM red teaming methods are flawed because they test human language, not the numerical token strings the LLM actually processes, meaning predictable token-level vulnerabilities remain hidden.AI Evaluation Shift: A paper argues that non-deterministic LLM environments require a shift away from binary "yes/no" security checks (like traditional network security) toward scenario-based testing for better risk evaluation.Positive ROI of AI in Security: A Google paper provides positive data for early movers, showing that AI can triage at least 50% of security incidents, leading to reduced human workloads and faster response times, providing a strong case for simple, prompt-based AI improvements in security operations.------Worried about AI security? Get Complete AI Visibility in 15 Minutes. Discover all of your shadow AI now. Book a demo of Firetail's AI Security & Governance Platform: https://www.firetail.ai/request-a-demo