The Future of AI Security is Scaffolding, Agents & The Browser

23 snips

Sep 9, 2025

Guest

Daniel Miessler

Guest

Jason Haddix

In this discussion, Jason Haddix, an offensive security expert from Arcanum, and Daniel Miessler, founder of Unsupervised Learning, dive into the 2025 landscape of AI security. They reveal how LLMs are leaking into broader ecosystems, becoming tools for malicious prompts and exploiting vulnerabilities. The duo highlights the critical yet unsolved problem of prompt injection and the challenges posed by privacy laws on incident response. They emphasize the need for innovative threat modeling and proactive security measures to navigate this evolving danger.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Agent Solved Several CTFs Quickly

Jason hooked an open-source model to an offensive agent framework and solved multiple CTFs using RAG and puppeteer/playwright.
He compared the agent's output to a junior pen tester in capability.

INSIGHT

Scaffolding Beats Raw Model Power

Most AI value comes from the scaffolding and system around models rather than raw model capability.
Stitching tools, pipelines and agents produces dependable, real-world results.

INSIGHT

Prompt Injection Is Fundamentally Hard

Prompt injection remains fundamentally hard because models are designed to answer and are non-deterministic.
Adding guardrails reduces accuracy and slows inference, so prompt injection persists as an open problem.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Welcome to the 2025 State of AI Security. This year, the conversation has moved beyond simple prompt injection to a far more complex threat: attacking the entire ecosystem surrounding the LLM. In this deep-dive discussion, offensive security experts Jason Haddix (Arcanum Information Security) and Daniel Miessler (Unsupervised Learning) break down the real-world attack vectors they're seeing in the wild.

The conversation explores why prompt injection remains an unsolved problem and how the LLM is now being used as a delivery system to attack internal developers and connected applications. We also tackle the critical challenge of incident response, questioning how you can detect or investigate a malicious prompt when privacy regulations in some regions prevent logging and observability.

This episode is a must-listen for anyone looking to understand the true offensive and defensive landscape of AI security, from the DARPA Cyber Challenge to the race for AI to control the browser.

Questions asked:

(00:00) Introduction(02:22) Who are Jason Haddix & Daniel Miessler?(03:40) The State of AI Security in 2025(06:20) It's All About the "Scaffolding", Not Just the Model(08:30) Why Prompt Injection is a Fundamental, Unsolved Problem(10:45) "Attacking the Ecosystem": Using the LLM as a Delivery System(12:45) The New Enterprise Protocol: Prompts in English(15:10) The Incident Response Dilemma: How Do You Detect Malicious Prompts?(16:50) The Challenge of Logging: When Privacy Laws Block Observability(21:30) Has Data Poisoning Become a Major Threat?(27:20) How Far Can Autonomous AI Go in Hacking Today?(28:30) An Inside Look at the DARPA AI Cyber Challenge (AIxCC)(40:45) Are Attackers Actually Using AI in the Wild?(47:30) The Evolution of the "Script Kitty" in the Age of AI(51:00) Would AGI Solve Security? The Problem of Politics & Context(59:15) Context is King: Why Prompt Engineering is a Critical Skill(01:03:30) What are the Best LLMs for Security & Productivity?(01:05:40) The Next Frontier: Why AI is Racing to Own the Browser(01:20:20) Does Using AI to Write Content Erode Trust?