The AI Security Podcast

If you’re trying to break into AI security, it can feel confusing — do you need to be a machine learning expert, a cybersecurity professional, or both? In this episode, we break down practical tips for getting hired in AI security, from the skills that actually matter to the types of projects and experience that can help you stand out. We discuss how to build relevant expertise in areas like adversarial machine learning, AI risk, and model security, as well as how to position yourself for roles in startups, research labs, and large tech companies. Whether you’re coming from a cybersecurity, data science, or general tech background, this episode will give you actionable advice on how to start building a career in one of the fastest-growing areas of technology. 🚀

In this episode, we dig into model weight security — what it means, why it’s emerging as a critical issue in AI security, and whether the framing in the recent RAND report on securing AI model weights actually helps defenders and policymakers.We discuss the RAND report Securing AI Model Weights: Preventing Theft and Misuse of Frontier Models — exploring its core findings, including how model weights (the learnable parameters that encode what a model “knows”) are becoming high-value targets and the kinds of attack vectors that threat actors might use to steal or misuse them.#ai #aisecurity #cybersecurity 👉 Read the full RAND report here:https://www.rand.org/pubs/research_reports/RRA2849-1.html

As promised, I’m back with Tania for a deep dive into the wild world of agentic AI security — how modern AI agents break, misbehave, or get exploited, and what real case studies are teaching us. We’re unpacking insights from the Taxonomy of Failure Modes in Agentic AI Systems, the core paper behind today’s discussion, and exploring what these failures look like in practice.We also break down three great resources shaping the conversation right now:Microsoft’s Taxonomy of Failure Modes in Agentic AI Systems — a super clear breakdown of how agent failures emerge across planning, decision-making, and action loops: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/Taxonomy-of-Failure-Mode-in-Agentic-AI-Systems-Whitepaper.pdfOWASP’s Agentic AI Threats & Mitigations — a practical, security-team-friendly guide to common attack paths and how to defend against them: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/Unit 42’s Agentic AI Threats report — real-world examples of adversarial prompting, privilege escalation, and chain-of-trust issues showing up in deployed systems: https://unit42.paloaltonetworks.com/agentic-ai-threats/Join us as we translate the research, sift through what’s real vs. hype, and talk about what teams should be preparing for next 🚨🛡️.

In this episode, I’m joined by Bandana Kaur — a cybersecurity researcher, speaker, and all-round superstar who somehow managed to do in her teens what most people are still figuring out in their thirties. 🤔Bandana is just 18 years old, entirely self-taught in cybersecurity, already working in the field, and recently gave three talks at Black Hat. Yes, three! 😱We talk about how she taught herself cybersecurity as a teenager, how she broke into the industry without a traditional pathway, and what it’s actually like being young (and very competent) in a field that still struggles with gatekeeping. Bandana shares what she focused on while learning, how she approached opportunities like conference speaking, and what she thinks matters most for people trying to get into security today.This conversation is part career advice, and part reminder that you don’t need permission — or a perfectly linear path — to do meaningful work in cybersecurity.Follow Bandana: @hackwithher

This week I invited myself over to Greg Sadler's place, the CEO of Good Ancestors, about AI safety. I brought sushi but I didn't have lunch so I ate most of it, and then I almost made him late for his next meeting. We specifically chat through AI capabilities, his work in policy, and building a not-profit. Greg is the kind of person who is so smart and cool that I feel like an absolute dummy interviewing him - so I know you're all going to like this episode. Stay tuned for part 2 where we dive into effective altruism and its intersection with AI!Check out Greg's work here: https://www.goodancestors.org.au/MIT AI Risk Repository: https://airisk.mit.edu/The Life You Can Save (book): https://www.thelifeyoucansave.org/book/80,000 hours: https://80000hours.org/Learn more about AI capability and impacts: https://bluedot.org/

Welcome back! 👋After taking a little break to reset and redesign everything behind the scenes, I’m back — and consolidating all my content. This episode is part of both The AI Security Podcast (on Spotify and Apple Podcasts) and my YouTube channel, HarrietHacks — so whether you prefer to listen or watch, you’ll get the same great conversations (and bad jokes) across both platforms.From now on, I’ll be posting at least fortnightly (with the occasional bonus episode when something big happens… like when I announced the book!).I’ve been in a few conversations lately where people have tried to convince me that AI Security is just Application Security in disguise. Naturally, I disagree. 🤷‍♀️ So in this episode, we dive into AI Security vs Application Security — how they overlap, where they diverge, and why securing AI systems demands new thinking beyond traditional AppSec.💌 Sign up for the newsletter: http://eepurl.com/i7RgRM📘 Pre-order The AI Security Handbook: [link coming soon]🎥 Watch this episode and more on YouTube: https://www.youtube.com/@HarrietHacks🔗 Useful LinksSQL Injection Examples (W3Schools): https://www.w3schools.com/sql/sql_injection.aspApplication Security Blog (Medium): https://medium.com/@pixelprecisionengineering1/application-security-appsec-in-cybersecurity-855ad9ce5e5eEcholeak Zero-Click Copilot Exploit (Dark Reading): https://www.darkreading.com/application-security/researchers-detail-zero-click-copilot-exploit-echoleakTraditional AppSec vs AI Security (Pillar Security): https://www.pillar.security/blog/traditional-appsec-vs-ai-security-addressing-modern-risks

Six months ago Tania and I made an episode about the interim report for our AI Security Likelihood Project.. and it is finally time to discuss the final report! You'll see it live at this link shortly: https://www.aisecurityfundamentals.com/The premise was simple: are AI security incidents happening in the wild? What can we learn about future incidents from these historic ones? We answer some of these questions.

In this episode, Tania and I talk through some creative examples of prompt injection/engineering we've seen in the wild.. think prompts hidden in papers, red-teaming and web-scraping.Your Brain on ChatGPT: https://arxiv.org/pdf/2506.08872Paper with hidden text (p. 12): https://arxiv.org/abs/2502.19918v2Interesting overview: https://www.theregister.com/2025/07/07/scholars_try_to_fool_llm_reviewers/Echoleak blog post: https://www.aim.security/lp/aim-labs-echoleak-m365

I'm back from holiday, and this week Tania and I talk about a project she completed as part of the ARENA AI safety curriculum to replicate the findings of evaluations on frontier AI capabilities.Link to reasoning paper: https://arxiv.org/abs/2502.09696Link to the Inspect dashboard: https://inspect-evals-dashboard.streamlit.app/ARENA AI Safety course: https://www.arena.education/

Sign up to receive in your inbox: http://eepurl.com/i7RgRMTania Sadhani and Miranda R discussed various AI security topics, including critical CVEs affecting platforms like ChatGPT and Hugging Face, the potential for SharePoint Copilot in internal reconnaissance, and malicious npm packages targeting Cursor developers. They also covered the OASP Gen AI security initiative's Agent Name Service (ANS), the proposed AI.txt for controlling AI agent interactions, and Unit 42's framework for agentic AI attacks. Furthermore, Miranda highlighted security guidance from international agencies, Anthropic triggering ASL 3 for Claude Opus 4, Microsoft's AI red teaming playground, a significant data leak from an AI vendor, and the Israeli police's use of AI-hallucinated laws.

Sign up to receive in your inbox: http://eepurl.com/i7RgRMThis week we note regular CVEs in AI libraries such as Nvidia TensorFlow and PyTorch. We discuss a novel prompt injection technique called "policy puppetry", along with malware dispersal through fake AI video generators and Meta's release of an open-source AI security tool set including Llama Firewall. We also covered Israel's experimental use of AI in warfare, Russia's AI-enabled drones in Ukraine, China's crackdown on AI misuse, Dreadnode's research on AI in red teaming, geolocation doxing via multimodal LLMs, safety research on autonomous vehicle attacks targeting inference time, Config Scan for analyzing malicious configurations on Hugging Face, Spotlight as a physical solution against deepfakes, and Reply Bench for benchmarking autonomous replication of LLM agents.

We talk about Stanford Human-Centred AI's latest AI Index report, check it out here: https://hai.stanford.edu/ai-index/2025-ai-index-report

My friend Shain joins me on the podcast to talk about his work with the OWASP MLSec Top 10 list and organisational guidance, as well as how he got here!For info about the list and how to contribute, check out the link: https://owasp.org/www-project-machine-learning-security-top-10/