David Bombal #515: Phishing the AI: Zero-Click NIGHTMARE
Sep 24, 2025
In this discussion, cybersecurity expert Pascal Geenens dives into the chilling world of AI vulnerabilities. He explains how 'agents' pose new insider risks and can be manipulated through phishing—a method he terms 'ShadowLeak.' Pascal warns about the dangers of prompt injection and highlights how automated tools empower attackers. He also touches on the growing opportunities in cybersecurity for newcomers, encouraging a proactive approach to secure AI deployment. With insights into the evolving threat landscape, this chat is a must-listen for anyone concerned about digital security!
AI Snips
Chapters
Transcript
Episode notes
Agents As The New Insider Threat
- Co-pilots and agents become the new insider threat because they access emails, ERP and files.
- Agents accept instructions from external sources with the same trust level as the user.
Control MCP Integrations
- Restrict which MCP services corporate agents may use and manage the supply chain for MCP servers.
- Sanitize and monitor MCP repositories to prevent malicious or typo-squatted services.
Prompt Injection Is Social Engineering
- Prompt injection is social engineering the AI: rephrasing malicious intent as a benign request bypasses guardrails.
- Natural language attacks have near-infinite permutations and evade simple rule-based detection.