This AI security flaw might be impossible to fix

This AI security flaw might be impossible to fix

From Smashing Security by Graham Cluley

June 3, 2026 · 58 min · Episode 470

About this episode

The episode discusses a serious AI security flaw and features an interview with Andrea Sivieri about hacking Microsoft 365 environments.

A website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren't. And when a journalist tried to warn the company, it was lawyers who responded. Meanwhile, a paper from Cornell suggests that prompt injection - the technique malicious actors use to trick AI agents into doing things they really shouldn't - may be fundamentally unsolvable. Which is err... awkward, because everyone is rushing to plug AI agents into their email, files, and corporate networks. Plus don't miss our featured interview with Andrea Sivieri of CoreView, who tells us how hackers can lock your entire organisation out of its Microsoft 365 environment... without having to trick you into running a single piece of malicious code or handing over a password. All this and more in episode 470 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Tanya Janca. EPISODE LINKS: Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked - 404 Media. Canon Printer Vulnerability Leaks Plaintext…

People in this episode

Host: Graham Cluley

Guests: Tanya Janca, Andrea Sivieri

Topics covered

  • AI security
  • data privacy
  • cybersecurity
  • prompt injection
  • Microsoft 365
  • hacking techniques

Keywords

  • AI security flaw
  • UK visa portal
  • prompt injection
  • cybersecurity
  • Microsoft 365
  • hacking
  • data privacy

Mentioned in this episode

Organizations: UK visa portal, Meta, Canon, Dashlane, TechCrunch, Praetorian, ArXiv, MCP Security

More episodes of Smashing Security

Explore listener stats, chart rankings, contacts and more on the Smashing Security podcast page.