Posts

Showing posts from March, 2026

Prompt Injection and the New AI Attack Surface

Prompt injection has moved from a research curiosity to an operational security problem. In plain terms, it is the process of embedding hostile instructions within content that an AI system reads, then causing the model to treat that content as guidance rather than data. That failure occurs because large language models process everything as tokens in a single stream. Human beings see a difference between policy, instructions, retrieved text, email content, and tool output. The model sees sequence, probability, and salience. That design reality makes prompt injection one of the central risks in modern AI systems. Current reporting and primary research indicate that prompt injection has already led to real security consequences. Microsoft’s Copilot vulnerability, tracked as CVE-2025-32711, demonstrated that malicious content could trigger unauthorized network disclosure. Research on EchoLeak documented a zero-click prompt-injection chain in a production LLM environment. Unit 42 also rep...

AI Security and You

AI security is the discipline of protecting AI-enabled systems, the data they use, and the environments that support them, while also using AI to strengthen cyber defense. In practice, this means two things. First, security teams use AI to improve detection, triage, threat hunting, and response. Second, they secure the AI stack itself, including models, prompts, training data, inference endpoints, APIs, vector databases, orchestration layers, plugins, service accounts, and the cloud infrastructure that carries the whole system. Both sides matter. One strengthens defense. The other keeps the new technology from becoming a fresh path to compromise. For technical teams, the first step is inventory. Identify every AI-enabled application in the environment. Include public chat interfaces, internal copilots, document assistants, coding assistants, agent-based workflows, retrieval-augmented generation systems, embedded AI features in SaaS platforms, and third-party APIs. For each system, dete...