Smashing Security podcast #470: This AI security flaw might be impossible to fix

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t. And when a journalist tried to warn the company, it was lawyers who responded.

Meanwhile, a paper from Cornell suggests that prompt injection – the technique malicious actors use to trick AI agents into doing things they really shouldn’t – may be fundamentally unsolvable. Which is err… awkward, because everyone is rushing to plug AI agents into their email, files, and corporate networks.

Plus don’t miss our featured interview with Andrea Sivieri of CoreView, who tells us how hackers can lock your entire organisation out of its Microsoft 365 environment… without having to trick you into running a single piece of malicious code or handing over a password.

All this and more in episode 470 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Tanya Janca.