If you read my posts on here, you enjoy the same things I do. So, I wanted to let you know about stuff I’ve made (or contributed to) in other places over the last month or two just in case you wanted to check them out.
Written Content
- The Promptfather: An offer AI can’t refuse: This is a guest blog I wrote for Bugcrowd detailing my methodology for hacking LLM-powered features or applications.
- How to use AI and Automation for Ethical Hacking and Vulnerability Assessment: This was a post I wrote for an awesome AI-hacker automation company called Ethiack. It covers a variety of topics like The Role of AI in Ethical Hacking, some AI Hacking Tools, the Best Practices for Integrating AI Tools in Ethical Hacking, and some ethical considerations of using AI for hacking.
- A CISO’s AI Guide: Part 1 | Misconceptions about AI Security: I wrote a CISO Guide to AI that will be coming out over the next couple weeks. This is the first part. It’s a fun hook hopefully challenging some misconceptions about AI Security. The future Parts are much more practical, and I think you’re going to love them.
- Hacking Google Bard - From Prompt Injection to Data Exfiltration: This write up by Johann Rehberger is how he, Kai Greshake, and myself hacked Google Bard’s new Email & Drive feature with prompt injection in less than 24 hours from the launch. It’s a great piece.
- The SaaS Security Future: 3 Ways LLMs are Revolutionizing SaaS: This piece is the only piece not from the last month or two. I wrote this in May, but all three points remain true for AI and SaaS. I think it’s well-worth the couple of minutes it takes to read it if you’re interested.
- Chat History Exfiltration via Image-Based Prompt Injection in GPT4+Vision.: A cool POC of image-based prompt injection in GPT4 Vision.
- And of course check out my posts on the main page of this site if you haven’t. My post on AI Security’s terminology issues is quite important, I believe.
Video Content
- Critical Thinking Bug Bounty Podcast with Daniel Miessler and Rez0: Hacking with AI: Daniel Miessler and I were on the Critical Thinking bug bounty podcast to discuss hacking AI as well as using AI to be better at hacking.
- Bug Bounty Reports Explained Podcast: AI and Hacking: I was on Greg’s podcast where I talk about how I got into hacking and eventually into AI stuff. I talk a lot about hacking AI systems, and make a bold claim that AI agents can absolutely do manual testing and will slowly increase in their abilities to find bugs we never thought possible before.
Features
- Hackerone’s 7th Annual Security Report: I was fortunate enough to get a full page spread and quote about AI in Hackerone’s recent annual report. Thanks Hackerone 😊 I’ve really enjoyed finding all the bugs in AI-related programs recently.
- Microsoft Takes on Cyber-Threats with New Secure Future Initiative: I was an expert opinion on this piece of journalism where I discuss Microsoft’s new initiative which includes using and focusing on AI.
- Google’s reward criteria for reporting bugs in AI products: I had the opportunity to give Google feedback on this criteria before it went live which was a real honor. It’s a great template and framework for what to reward (and what not to reward) in regards to vulnerabilities in AI products or features.
- Joseph
To know when I publish a new post, join my email list. No spam, just an update when I put out a new piece of content.
