EchoLeak - der "Dosenöffner" für KI‑Sicherheitsrealitäten!
Es war nur eine Frage der Zeit – und hier ist sie: eine Zero‑Click‑Attacke auf ein KI-System wurde Realität. Die Schwachstelle, bekannt als EchoLeak, nutzt nur eine einzige manipulierte E‑Mail – kein Klick, kein Download, keine Warnung – und Copilot exfiltriert heimlich sensible Unternehmensdaten. #CyberSecurity #AIsecurity #Copilot #Microsoft365 #EchoLeak #ZeroTrust #Cybercrime
https://www.europesays.com/2173702/ IBM Creates Integrated Solution for AI Security and Governance #AI #AIRisk #AISafety #AISecurity #ArtificialIntelligence #EUAIAct #IBM #News #PYMNTSNews #security #technology #What'sHot
Ever heard of "data poisoning" or "prompt injection" attacks on AI? It's not sci-fi! Hackers can actually manipulate AI models used in supply chains by corrupting their training data or tricking their outputs. Fascinatingly scary stuff. #AISecurity #Tech
https://archive.is/Wjoh0
Okay, this is a bit sci-fi: imagine hackers sending secret instructions to your AI assistant, hidden in a normal-looking email, to steal your data. 
That's kinda what happened with a (now patched) Microsoft Copilot vulnerability. Spooky! #AIsecurity #Tech
https://archive.is/Xg0r5
What Happens When AI Goes Rogue?
From blackmail to whistleblowing to strategic deception, today's AI isn't just hallucinating — it's scheming.
In our new Cyberside Chats episode, LMG Security’s @sherridavidoff and @MDurrin share new AI developments, including:
• Scheming behavior in Apollo’s LLM experiments
• Claude Opus 4 acting as a whistleblower
• AI blackmailing users to avoid shutdown
• Strategic self-preservation and resistance to being replaced
• What this means for your data integrity, confidentiality, and availability
Watch the video: https://youtu.be/k9h2-lEf9ZM
Listen to the podcast: https://www.chatcyberside.com/e/ai-gone-rogue-from-schemes-to-whistleblowing/?token=a0a79bc031829d23746df1392fa6122a
Microsoft 365 Copilot: Critical 'EchoLeak' Flaw Turned Microsoft's Own AI Into Data Thief
#AI #AISecurity #Microsoft #Copilot #CyberSecurity #EchoLeak #Vulnerability #DataBreach #LLM #InfoSec #Microsoft365 #EnterpriseSecurity
Shadow AI: Examples, Risks, and 8 Ways to Mitigate Them – Source: securityboulevard.com https://ciso2ciso.com/shadow-ai-examples-risks-and-8-ways-to-mitigate-them-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #ApplicationSecurity #CyberSecurityNews #SecurityBoulevard #AIModelsRisk #AIsecurity
Mitigating prompt injection attacks with a layered defense strategy – Source:security.googleblog.com https://ciso2ciso.com/mitigating-prompt-injection-attacks-with-a-layered-defense-strategy-sourcesecurity-googleblog-com/ #GoogleOnlineSecurityBlogRSSFeed #GoogleOnlineSecurityBlog #rssfeedpostgeneratorecho #1CyberSecurityNewsPost #rssfeedsAutogenerated #GoogleSecurityBlog #CyberSecurityNews #AISecurity
Hello World! #introduction
Work in cybersec for 25+ years. Big OSS proponent.
Latest projects:
VectorSmuggle is acomprehensive proof-of-concept demonstrating vector-based data exfiltration techniques in AI/ML environments. This project illustrates potential risks in RAG systems and provides tools and concepts for defensive analysis.
https://github.com/jaschadub/VectorSmuggle
SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks (aka MCP Rug Pulls).
https://github.com/ThirdKeyAI/SchemaPin
New AI Security Risk Uncovered in Microsoft 365 Copilot
A zero-click vulnerability has been discovered in Microsoft 365 Copilot—exposing sensitive data without any user interaction. This flaw could allow attackers to silently extract corporate data using AI-integrated tools.
If your organization is adopting AI in productivity platforms, it’s time to get serious about AI risk management:
• Conduct a Copilot risk assessment
• Monitor prompt histories and output
• Limit exposure of sensitive data to AI tools
• Update your incident response plan for AI-based threats
AI can boost productivity, but it also opens new doors for attackers. Make sure your cybersecurity program keeps up. Contact our LMG Security team if you need a risk assessment or help with AI policy development.
Read the article: https://www.bleepingcomputer.com/news/security/zero-click-ai-data-leak-flaw-uncovered-in-microsoft-365-copilot/
Researchers disclose "EchoLeak", a zero-click AI vuln in M365 Copilot enabling attackers to exfiltrate sensitive data via prompt injection without user interaction. Exploits flaws in RAG design and bypasses key defenses.
Heard of "data poisoning" for AI? 
It's like feeding your AI deliberately corrupted info. The NSA & its partners are sounding the alarm: protect your AI's training data, because bad data = bad (or dangerous) AI. #AISecurity #Tech
https://archive.is/tCZBh
Mind blown: Code doesn't always wait to be called to execute! 
In Langflow AI, a vulnerability (CVE-2025-3248) allowed unauthenticated RCE because Python function decorators (and even default arguments!) can run code just on *definition*. Patch up! #AIsecurity #Tech
https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
AI is the new attack surface—are you ready?
From shadow AI to deepfake-driven threats, attackers are finding creative ways to exploit your organization’s AI tools, often without you realizing it.
Watch our new 3-minute video, How Attackers Target Your Company’s AI Tools, for advice on:
The rise of shadow AI (yes, your team is probably using it!)
Real-world examples of AI misconfigurations and account takeovers
What to ask vendors about their AI usage
How to update your incident response plan for deepfakes
Actionable steps for AI risk assessments and inventories
Don’t let your AI deployment become your biggest security blind spot.
Watch now: https://youtu.be/R9z9A0eTvp0
Microsoft Unveils Free AI Security Program for EU Governments
#Cybersecurity #Microsoft #EuropeanUnion #AI #DigitalDefense #Privacy #InfoSec #EuropeanSecurityProgram #AIsecurity #GovTech
Only one week left to register for our next Cyberside Chats Live event! Join us June 11th to discuss what happens when an AI refuses to shut down—or worse, starts blackmailing users to stay online?
These aren’t science fiction scenarios. We’ll dig into two real-world incidents, including a case where OpenAI’s newest model bypassed shutdown scripts and another where Anthropic’s Claude Opus 4 generated blackmail threats in an alarming display of self-preservation.
Join us as we unpack: What “high-agency behavior” means in cutting-edge AI How API access can expose unpredictable and dangerous model actions Why these findings matter now for security teams What it all means for incident response and digital trust
Stick around for a live Q&A with LMG Security’s experts @sherridavidoff and @MDurrin. This session will challenge the way you think about AI risk!
Register today: https://www.lmgsecurity.com/event/cyberside-chats-live-june2025/
Europol Targets Over 2,000 Extremist Links Exploiting Minors Online – Source:hackread.com https://ciso2ciso.com/europol-targets-over-2000-extremist-links-exploiting-minors-online-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #AISecurity #CyberCrime #Extremism #Terrorism #Children #Grooming #Hackread #Europol
AI Attacks AI: Open WebUI Interface Used By Popular AI Chatbots Breached by Malware
#AI #AISecurity #Cybersecurity #Malware #AIThreats #OpenWebUI #CyberAttack #Infosec #AICybersecurity #ThreatIntel #Vulnerabilities
Almost every organization is using some type of AI, but are you securing it?
Download our free tip sheet: Adapting to AI Risks: Essential Cybersecurity Program Updates
From deepfake response plans to AI-specific access controls, this checklist helps you modernize your cybersecurity program and stay ahead of emerging threats.
Check it out: https://www.lmgsecurity.com/resources/adapting-to-ai-risks-essential-cybersecurity-program-updates/
A new Brand Story is live — this time with eSentire!
We sat down with Dustin Hillard, CTO at #eSentire, for a powerful conversation about #AgenticAI and what it really means to reach human equivalency in security operations.
From decision-making to autonomous action, this isn’t just theory — it’s a real-world look at outcomes when AI is trained and tuned with purpose.
Watch the video:
https://youtu.be/qmca7RCzSAQ
Read the full story:
https://www.itspmagazine.com/their-stories/reaching-human-equivalency-with-agentic-ai-a-real-world-look-at-security-outcomes-an-esentire-brand-story-with-dustin-hillard
Learn more about eSentire here:
https://itspm.ag/esentire-sorry4ek
Thanks to eSentire for supporting the conversation and helping us explore where AI meets security in the real world.
Sean Martin, CISSP & Marco Ciappelli
Co-Founders at ITSPmagazine
