Cyber Security Headlines Department of Know: Prompt injection problems, California browser law, Hacklore's security myths
8 snips
Dec 2, 2025 Mathew Biby, Director of Cybersecurity at TixTrack, and Derek Fisher, Director at Temple University, dive into pressing security issues. They explore vulnerabilities in Fluent Bit and the implications of hashjack attacks on AI browsers. The conversation shifts to concerns about transparency in AI, specifically with Anthropic. They also discuss the risks related to M&A activities in cybersecurity. Finally, they debunk common security myths from Hacklore.org, emphasizing the need for evidence-based guidance in a fear-driven landscape.
AI Snips
Chapters
Transcript
Episode notes
Sanitize AI Inputs And Know Your Tools
- Sanitize inputs and outputs when integrating AI tools to reduce prompt injection risk.
- Review and inventory AI tools and user practices to know what your organization uses and where to apply controls.
Indirect Prompt Injection Through URL Fragments
- Prompt injection attacks are evolving into indirect methods like hiding payloads in URL fragments.
- These techniques exploit AI browsers that read client-side fragments, enabling data exfiltration or malicious guidance.
Communicate Auth UX Changes Before Updates
- Communicate changes in authentication UX proactively to reduce help-desk load and phishing confusion.
- Prepare user education when OS updates alter FIDO2 PIN or sign-in behavior.