0. Prologue: “Zero Trust used to be about people. Zero Trust 2026 is about models.” Most organisations still believe Zero Trust is simply: MFA Conditional Access geography filters compliant devices Access Packages and a few glossy dashboards But in 2026, Zero Trust means something entirely different: Zero Trust = Verify the AI, its tools, its…
Tag: promptinjection
CHAPTER 5/8 Deep-Dive: MITRE ATT&CK for AI Systems (2026 Edition)
0. Prologue: MITRE has finally realised that AI is a new attack surface For a long time, MITRE pretended that LLMs and AI systems were merely “new applications”.But after the 2024–2025 spike in attacks on AI tooling, the façade collapsed. In 2026, MITRE formally introduces ATT&CK-AI (v1.0) — an extension to the main matrix that…
CHAPTER 3/8 – Fireside Chat: Lessons in Building a Secure AI Foundation** (hard-edged, technical, irreverent, research-level)
Of the shaman are three hands And a wing from behind his shoulder grows, From the breath of him A candle’s flame is born and glows, And at times he knows himself, Himself, no longer knows, While his soul, flung open wide, Is straining, sings, and overflows. Of the shaman are three hands, The world…
EchoLeak: When Your Voice Becomes the Exploit (Hi, Cyberpunk, You’re Early)
hi. remember when voice assistants were just fun?“hey Siri, play my sad playlist” or “Alexa, order more coffee”?now imagine your own voice — from a Teams call — being replayed, misused, or even turned against you…yeah. not a dystopian novel. that’s EchoLeak. and it’s real. so what happened exactly? AIM Labs dropped a bomb with…
Prompt Injection vs. FIDES: How to Keep Your Copilot From Leaking Like a Sieve
hi. let’s talk about something that keeps security teams up at night: prompt injection. sounds cool, right? it’s not. it’s a nightmare dressed as a clever email. picture this: u build a sales copilot. it reads incoming customer emails, pulls CRM data, checks a price list, calculates discounts, writes replies. clean. automated. fast. no humans…