we're dropping a lot of ai agent / assistant shenanigans this week hacking like it's 1999

Yea, that’s exactly what we needed

"0-Click Compromise hits the Enterprise – thx AI!" dictada por @inbarraz | Sala E - Main Track #EKO2025 🔥

we've using interpretability techniques to figure out "why" atks work sometimes you can find cybersecurity-related features that fire up to trigger refusal some ideas of how this becomes practical for us security nerds --> https://t.co/ynmJoQ4wVr

trusted assistants are agents too it doesn't matter whether ai technically pushes the button or convinces a human to do so

This is feedback that all security practitioners should be aware of and take to heart. Things are somewhat different inside companies, but the feelings are often the same. How do we make working with us a more positive experience? When we nail this, we get more security impact.

"agents don't get access to passwords" a great hard boundary cool work

Last week I got to speak at Zenity's AI Agent Security Summit in SF I showed how I got a fintech agent to fall victim to goal manipulation 👿👇

Had a fantastic time presenting at the second AI Agent Security Summit! This time in SF. Great talks, great people, and great conversations. Big thanks to @zenitysec for hosting an awesome event! 🔥 And thx @mbrg0 for taking this picture.

She waited two hours for a word. God told her she already had it. Listen to this lesson about hearing God. It could change your life.

Everyone’s adding guardrails to their platforms But they are one piece of a defense in depth solution @mbrg0 explained at Zenity’s Security Summit this week why guardrails are soft boundaries and why we need hard boundaries instead Checkout his tweet to learn more

it's cool that openai gives this ootb but these are all soft boundaries they might help with content moderation they won't prevent an attacker from getting their way https://t.co/oj9wtKCgUs

jailbreak guardrail is yet another call to an llm with specialized instructions to pretty pls don't fall for it

moderation applies openai's built-in content filters stav goes around them by adding a few typos and spaces

hallucination guardrail works by using a vector search that customers can add to and then calling the llm again asking it nicely whether claims are supported by search results don't lie, pls!

PII guardrail uses presidio under the hood change SSN to SNN and you're through

we reverse engineered openai agentkit guardrails extracted sys instructions and pattern matching targets and casually maneuvered around each one an excellent analysis by stav cohen

great piece by @TheRegister capturing the vibe at the ai agent security summit thank you'll for an awesome event https://t.co/DyCy3tfDf0

@supriza0 technical analysis

@supriza0 connectors are all based on mcp so you actually hard-code your oauth2 refresh token to connect agentkit elsewhere this is *credential sharing as a service* all over again great find by @supriza0

@supriza0 agentkit comes batteries-included w guardrails re shows that there are two underlying technical controls: llm as a judge and presidio-based pattern matching

@supriza0 here's how untrusted input gets directly into the sys prompt so an attacker can change this agent to be anything you want maybe a phishing agent?

HL's from 2025 @FCPPangos All-Midwest Frosh/Soph Camp. Thank you @trigonis30 @PangosAACamp for the invite and recognition to top 60! @BenetHoops @MacIrvinFire1 @CoachTreal2 @michaelsobrien @tdc200 @coachSPham @PaulBiancardi @On3sports @ILLHoopsScoops @PrepHoopsIL @Tim_OBrien10