

#515: Phishing the AI: Zero-Click NIGHTMARE
Sep 24, 2025
In this discussion, cybersecurity expert Pascal Geenens dives into the chilling world of AI vulnerabilities. He explains how 'agents' pose new insider risks and can be manipulated through phishing—a method he terms 'ShadowLeak.' Pascal warns about the dangers of prompt injection and highlights how automated tools empower attackers. He also touches on the growing opportunities in cybersecurity for newcomers, encouraging a proactive approach to secure AI deployment. With insights into the evolving threat landscape, this chat is a must-listen for anyone concerned about digital security!
AI Snips
Chapters
Transcript
Episode notes
Adopt AI With Security First
- AI adoption is inevitable but must be security-first to avoid a second 'cloud disaster'.
- Organizations often bypass security for business goals, creating large risk with agent deployments.
Agents As The New Insider Threat
- Co-pilots and agents become the new insider threat because they access emails, ERP and files.
- Agents accept instructions from external sources with the same trust level as the user.
Control MCP Integrations
- Restrict which MCP services corporate agents may use and manage the supply chain for MCP servers.
- Sanitize and monitor MCP repositories to prevent malicious or typo-squatted services.