Vulnerabilities In Enterprise AI Workflows With Nicolas Dupont
As AI systems become increasingly integrated into enterprise workflows, a new security frontier is emerging. In this episode of The Secure Developer, host Danny Allan speaks with Nicolas Dupont about the often-overlooked vulnerabilities hiding in vector databases and how they can be exploited to expose sensitive data.
Episode 171 of the The Secure Developer podcast, hosted by Nicolas Dupont, Danny Allan, titled "Vulnerabilities In Enterprise AI Workflows With Nicolas Dupont" was published on December 2, 2025 and runs 34 minutes.
December 2, 2025 ·34m · The Secure Developer
Summary
As AI systems become increasingly integrated into enterprise workflows, a new security frontier is emerging. In this episode of The Secure Developer, host Danny Allan speaks with Nicolas Dupont about the often-overlooked vulnerabilities hiding in vector databases and how they can be exploited to expose sensitive data.
Episode Description
Episode Summary
As AI systems become increasingly integrated into enterprise workflows, a new security frontier is emerging. In this episode of The Secure Developer, host Danny Allan speaks with Nicolas Dupont about the often-overlooked vulnerabilities hiding in vector databases and how they can be exploited to expose sensitive data.
Show Notes
As organizations shift their focus from training massive models to deploying them for inference and ROI, they are increasingly centralizing proprietary data into vector databases to power RAG (Retrieval-Augmented Generation) and agentic workflows. However, these vector stores are frequently deployed with insufficient security measures, often relying on the dangerous misconception that vector embeddings are unintelligible one-way hashes.
Nicolas Dupont explains that vector embeddings are simply dense representations of semantic meaning that can be inverted back to their original text or media formats relatively trivially. Because vector databases traditionally require plain text access to perform similarity searches efficiently, they often lack encryption-in-use, making them susceptible to data exfiltration and prompt injection attacks via context loading. This is particularly concerning when autonomous agents are over-provisioned with write access, potentially allowing malicious actors to poison the knowledge base or manipulate system prompts.
The discussion highlights the need for a "secure by inception" approach, advocating for granular encryption that protects data even during processing without incurring massive performance penalties. Beyond security, this architectural rigor is essential for meeting privacy regulations like GDPR and HIPAA in regulated industries. The episode concludes with a look at the future of AI security, emphasizing that while AI can accelerate defense, attackers are simultaneously leveraging the same tools to create more sophisticated threats.
Links
Follow Us
Similar Episodes
Apr 9, 2026 ·17m
Apr 6, 2026 ·51m
Mar 26, 2026 ·25m
Mar 25, 2026 ·62m
Mar 22, 2026 ·32m
Mar 17, 2026 ·30m