This AI security flaw might be impossible to fix

from Smashing Security · host Graham Cluley

A website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren't. And when a journalist tried to warn the company, it was lawyers who responded.Meanwhile, a paper from Cornell suggests that prompt injection - the technique malicious actors use to trick AI agents into doing things they really shouldn't - may be fundamentally unsolvable. Which is err... awkward, because everyone is rushing to plug AI agents into their email, files, and corporate networks.Plus don't miss our featured interview with Andrea Sivieri of CoreView, who tells us how hackers can lock your entire organisation out of its Microsoft 365 environment... without having to trick you into running a single piece of malicious code or handing over a password.All this and more in episode 470 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Tanya Janca.EPISODE LINKS:Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked - 404 Media.Canon Printer Vulnerability Leaks Plaintext Credentials - Praetorian.Password manager Dashlane says hackers stole some customers' password vaults - TechCrunch.UK Visa Portal exposed thousands of applicants’ passports and selfies — then called the lawyers on us - TechCrunch.AI Agents May Always Fall for Prompt Injections - ArXiv.MCP Security Crisis: Systemic Design Flaws in AI Agent Infrastructure - Cloud Security Alliance.From Preventive to Reactive: How AI Coding Assistants Transform Developers' Security Awareness - ArXiv.Design details that feel like magic - Design Spells.Singing lessons.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!CoreView - How secure is your Microsoft 365 tenant? Find out with CoreView's free Microsoft 365 Tenant Security Scanner.ESET - 30 years of threat research behind unique global telemetry, AI-native technology, and human expertise working together to keep your business protected.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacy

NOW PLAYING

0:00 57:50

1×

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

No similar episodes found.

Similar Podcasts

The Wall Ronald W. Chapman II and Sean Weiss The Wall protects our republic by safeguarding our democratic processes, civil liberties, and national security through laws and institutions. Its role in protecting the republic involves balancing security concerns with humanitarian and legal considerations.With over 50 years of legal and government experience combined, Ron Chapman and Sean M. Weiss pull back the curtain on the US government, the U.S. Judicial System, and some of the most influential trials in history that continue to shape our nation today.Join every week for unfiltered conversations, in-depth analysis, and commentary from some of America’s boldest thought leaders.Be sure to follow the podcast on your favorite platform so you never miss a new episode. From Passion to Profit: Heart Centered Strategies for FitPros Nichola Page Welcome to From Passion to Profit, the ultimate resource for fitness professionals driven by their passion to inspire and empower others on their business journey. Hosted by Nichola Page, a seasoned health and fitness business specialist, this show is tailored for FitPros and Studio Owners looking to supercharge their small business.Discover game-changing strategies and actionable tactics that will not only help you attract and retain clients but also transform your health & fitness venture into a thriving small business. Dive deep into topics like marketing, sales, financials, client retention, and business scalability. Learn how to master the art of growing a health & fitness business, and unlock the secrets to financial security, freedom, and flexibility.Join Nichola each week as she and her industry guests provides invaluable insights to guide you towards a successful and sustainable fitness business. Whether you've had your business for years or just starting ou Iran's Gambit Ali Alfoneh "Iran's Gambit" is a weekly podcast produced by Ali Alfoneh, on Iranian politics, and Iran's national security strategy, intentions, capabilities and impact. Mark Kollar’s Financial Cornerstone Mark Kollar Mark Kollar is a well-known financial educator in the Chicago area and hosts the popular weekly financial radio show, Retirement and Income Radio. He is sought after throughout the state of Illinois for his expertise in retirement planning and retirement income planning. His clients include retirees from United Airlines, AT&T, McDonald’s, Chicago Transit Authority, and HFC.As a retirement and income planning specialist, Mark helps retirees and those near retirement protect their savings, reduce income taxes and taxes on social security benefits and create a retirement income guaranteed to last as long as they do. Mark graduated from Loyola University of Chicago where he received his B.B.A. degree. He is a Registered Financial Consultant and a Certified Estate Planning Professional and has pledged always to put the needs of his clients above his own.

Frequently Asked Questions

How long is this episode of Smashing Security?

This episode is 57 minutes long.

When was this Smashing Security episode published?

This episode was published on June 3, 2026.

What is this episode about?

Can I download this Smashing Security episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.

URL copied to clipboard!