David Bombal

#515: Phishing the AI: Zero-Click NIGHTMARE

Sep 24, 2025
In this discussion, cybersecurity expert Pascal Geenens dives into the chilling world of AI vulnerabilities. He explains how 'agents' pose new insider risks and can be manipulated through phishing—a method he terms 'ShadowLeak.' Pascal warns about the dangers of prompt injection and highlights how automated tools empower attackers. He also touches on the growing opportunities in cybersecurity for newcomers, encouraging a proactive approach to secure AI deployment. With insights into the evolving threat landscape, this chat is a must-listen for anyone concerned about digital security!
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Adopt AI With Security First

  • AI adoption is inevitable but must be security-first to avoid a second 'cloud disaster'.
  • Organizations often bypass security for business goals, creating large risk with agent deployments.
INSIGHT

Agents As The New Insider Threat

  • Co-pilots and agents become the new insider threat because they access emails, ERP and files.
  • Agents accept instructions from external sources with the same trust level as the user.
ADVICE

Control MCP Integrations

  • Restrict which MCP services corporate agents may use and manage the supply chain for MCP servers.
  • Sanitize and monitor MCP repositories to prevent malicious or typo-squatted services.
Get the Snipd Podcast app to discover more snips from this episode
Get the app