Secure By Dezign

Episode 67: Claude Mythos Project Glasswing Ai Safety Capabilities

Episode 66: Xss Cross Site Scripting Persistent Web Vulnerability

Episode 65: Pass The Hash Credential Free Lateral Movement Windows

Episode 64: Kubernetes Pod Escape Cloud Takeover

Episode 63: Supply Chain Attacks Solarwinds Playbook Revisited

Episode 62: Securing Hybrid Enterprise Layered Defense Architecture

Episode 61: Living Off The Land Lotl Attacks Weaponizing Built In Os Tools

Episode 60: Business Email Compromise Social Engineering Attack Deep Dive

Episode 59: Ssrf Pivoting Through Your Own Infrastructure

Episode 58: Kerberoasting Extracting Service Account Credentials Active Directory

Episode 57: Double Extortion Ransomware Anatomy Kill Chain

Episode 56: Sql Injection 2025 Undying King Web Exploitation

Episode 55: Agentic Ai Exploitation Tool Abuse Goal Manipulation

Episode 54: Goal Misgeneralization Ai Pursues Wrong Objective

Episode 53: Reward Hacking Manipulating Reinforcement Learning Systems

Episode 52: Ml Framework Dependency Attacks Pytorch Tensorflow

Episode 51: Pickle File Attacks Weaponizing Ai Model Weights

Episode 50: Model Watermark Removal Destroying Ip Protection

Episode 49: Adversarial Examples Fooling Ai Imperceptible Perturbations

Episode 48: Model Extraction Stealing Ai Models Api Queries

Episode 47: Training Data Memorization Llm Leak Secrets

Episode 46: Membership Inference Attacks Proving Data In Training Set

Episode 45: Gradient Inversion Reconstructing Private Data From Model Updates

Episode 44: Model Supply Chain Poisoning Trojan Horse Ai Pipeline

Episode 43: Rag Poisoning Corrupting Knowledge Base Ai Trusts

Episode 42: Attacking Ml Api Gateways Behavioral Drift Model Poisoning

Episode 41: Federated Learning Poisoning Weaponizing Collaborative Ai

Episode 40: Backdoor Attacks Trojaned Neural Networks

Episode 39: Clean Label Poisoning Invisible Training Data Attack

Episode 38: Payload Splitting Bypassing Ai Filters

How attackers weaponize conversational context to make LLMs forget their guardrails across multi-turn interactions — and how to build defenses that persist across the full conversation window.

When your image is the attack vector, every picture becomes a potential payload. Technical walkthrough of visual prompt injection against multimodal LLMs including GPT-4V and Gemini Vision.

Set up a local LLM agent with dangerous tools, then systematically exploit it with tool injection, privilege escalation, memory hijacking, and DoS. Full hands-on lab walkthrough.

Your trusted knowledge base is an injection surface — here's how attackers exploit it. Hands-on lab covering document poisoning, embedding manipulation, and retrieval hijacking.

Your airgapped playground for prompt injection, jailbreaking, and system prompt extraction. No API keys, no rate limits, no excuses. Complete setup and attack walkthrough with Ollama.

Exploiting the gap between human-readable text and machine tokenization to bypass every filter you've built. Covers homoglyph attacks, whitespace injection, and tokenizer-aware defenses.

Why your carefully aligned model is one clever prompt away from chaos. Covers DAN variants, many-shot jailbreaking, adversarial suffixes, and the cat-and-mouse dynamics of safety alignment.

When your LLM trusts external content, attackers don't need access to your users — they just need a webpage. Technical walkthrough of indirect prompt injection with real-world exploitation chains.

A strategic allocation framework for securing AI systems while demonstrating ROI to the board — including tooling prioritization, build vs. buy decisions, and budget defense strategies.

Your model is only as trustworthy as the data that built it. A practitioner's guide to defending every stage of the ML data pipeline — from ingestion to labeling to preprocessing.

The executive playbook for vetting AI suppliers in an era of opaque models and expanding attack surfaces. What contractual, technical, and audit controls CISOs must demand.

A practitioner's guide to implementing AI-SPM frameworks before regulatory mandates force your hand — covering emerging standards, tooling, and continuous posture assessment.

Technical strategies for embedding, detecting, and enforcing ownership claims in production ML systems — including robustness testing against removal attacks.

Building enforceable AI governance that survives first contact with production systems. Covers NIST AI RMF, EU AI Act, ISO 42001, and practical implementation strategies.

From technical threat models to boardroom presentations: a strategic blueprint for enterprise AI governance that earns budget and executive buy-in.

A strategic playbook for translating AI security risks into boardroom language and defensible governance frameworks — including FAIR quantification for ML-specific threats.

Why your API gateway's rate limiter is just the bouncer, not the security system. Defense-in-depth architecture for the LLM era — from auth to output filtering to abuse detection.

A strategic playbook for quantifying, communicating, and mitigating AI risk at the enterprise level — with frameworks CISOs can present to any board.

When your AI becomes an unwitting data exfiltration tool. Technical breakdown of model inversion, membership inference, and training data extraction attacks with defensive countermeasures.

Your helpful AI assistant might be the most sophisticated insider threat you've ever deployed. A technical walkthrough of how enterprise chatbots become data exfiltration vectors.