Cyber Security Headlines LLM legalese prompts, Maryland Transit cyberattack, hacking into university
11 snips
Sep 2, 2025 The conversation dives into the clever use of legal jargon to hide prompts within contracts, revealing potential risks in AI usage. A significant cyberattack on Maryland Transit is under investigation, highlighting vulnerabilities in public infrastructure. The troubling case of a hacker attempting to breach a Spanish university showcases the ongoing threats faced by educational institutions. Additionally, new ransomware like Cephalus is discussed, emphasizing the ever-evolving landscape of cyber threats.
AI Snips
Chapters
Transcript
Episode notes
LLMs Misread Instructions Inside Legalese
- LLMs can’t reliably distinguish user instructions from instructions embedded in ingested text, which attackers exploit.
- Hidden prompts in long legal contract paragraphs can jailbreak models while remaining inconspicuous to humans.
Sanitize And Test Inputs For Hidden Prompts
- Monitor model inputs and sanitize ingested documents to remove embedded directives and suspicious phrasings.
- Test models against prompts hidden in common document types like contracts and calendars to detect jailbreaks.
Maryland Transit Systems Breached
- Maryland Transit Administration confirmed hackers accessed operations, call centers, and information systems but did not disclose full scope.
- The breach announcement came close in time to a Nevada state systems breach, hinting at broader targeting of public-sector infrastructure.