0. Prologue: MITRE has finally realised that AI is a new attack surface For a long time, MITRE pretended that LLMs and AI systems were merely “new applications”.But after the 2024–2025 spike in attacks on AI tooling, the façade collapsed. In 2026, MITRE formally introduces ATT&CK-AI (v1.0) — an extension to the main matrix that…
Tag: promptinjection
CHAPTER 3/8 – Fireside Chat: Lessons in Building a Secure AI Foundation** (hard-edged, technical, irreverent, research-level)
Of the shaman are three hands And a wing from behind his shoulder grows, From the breath of him A candle’s flame is born and glows, And at times he knows himself, Himself, no longer knows, While his soul, flung open wide, Is straining, sings, and overflows. Of the shaman are three hands, The world…
EchoLeak: When Your Voice Becomes the Exploit (Hi, Cyberpunk, You’re Early)
hi. remember when voice assistants were just fun?“hey Siri, play my sad playlist” or “Alexa, order more coffee”?now imagine your own voice — from a Teams call — being replayed, misused, or even turned against you…yeah. not a dystopian novel. that’s EchoLeak. and it’s real. so what happened exactly? AIM Labs dropped a bomb with…
Prompt Injection vs. FIDES: How to Keep Your Copilot From Leaking Like a Sieve
hi. let’s talk about something that keeps security teams up at night: prompt injection. sounds cool, right? it’s not. it’s a nightmare dressed as a clever email. picture this: u build a sales copilot. it reads incoming customer emails, pulls CRM data, checks a price list, calculates discounts, writes replies. clean. automated. fast. no humans…