The Future of AI Security is Scaffolding, Agents & The Browser

Sep 9, 2025

View Show Notes and Transcript

Welcome to the 2025 State of AI Security. This year, the conversation has moved beyond simple prompt injection to a far more complex threat: attacking the entire ecosystem surrounding the LLM. In this deep-dive discussion, offensive security experts Jason Haddix (Arcanum Information Security) and Daniel Miessler (Unsupervised Learning) break down the real-world attack vectors they're seeing in the wild.The conversation explores why prompt injection remains an unsolved problem and how the LLM is now being used as a delivery system to attack internal developers and connected applications. We also tackle the critical challenge of incident response, questioning how you can detect or investigate a malicious prompt when privacy regulations in some regions prevent logging and observability.This episode is a must-listen for anyone looking to understand the true offensive and defensive landscape of AI security, from the DARPA Cyber Challenge to the race for AI to control the browser.

Questions asked:
‍00:00 Introduction
‍02:22 Who are Jason Haddix & Daniel Miessler?
‍03:40 The State of AI Security in 2025
‍06:20 It's All About the "Scaffolding", Not Just the Model
‍08:30 Why Prompt Injection is a Fundamental, Unsolved Problem
‍10:45 "Attacking the Ecosystem": Using the LLM as a Delivery System
‍12:45 The New Enterprise Protocol: Prompts in English
15:10 The Incident Response Dilemma: How Do You Detect Malicious Prompts?
‍16:50 The Challenge of Logging: When Privacy Laws Block Observability
‍21:30 Has Data Poisoning Become a Major Threat?
‍27:20 How Far Can Autonomous AI Go in Hacking Today?
‍28:30 An Inside Look at the DARPA AI Cyber Challenge (AIxCC)
‍40:45 Are Attackers Actually Using AI in the Wild?
‍47:30 The Evolution of the "Script Kitty" in the Age of AI
‍51:00 Would AGI Solve Security? The Problem of Politics & Context
‍59:15 Context is King: Why Prompt Engineering is a Critical Skill
‍01:03:30 What are the Best LLMs for Security & Productivity?
‍01:05:40 The Next Frontier: Why AI is Racing to Own the Browser
‍01:20:20 Does Using AI to Write Content Erode Trust?

No items found.

The Future of AI Security is Scaffolding, Agents & The Browser

A CISO's Blueprint for AI Security (From ML to GenAI)

Gen AI Threat Modeling vs. AI-Powered Defense: A Debate with Canva & Anthropic

Vibe Coding for CISOs: Managing Risk & Opportunity in AI Development

Vibe Coding, Slopsquatting, and the Future of AI in Software Development with Guy Podjarny

A CISO's Blueprint for AI Security (From ML to GenAI)

Gen AI Threat Modeling vs. AI-Powered Defense: A Debate with Canva & Anthropic

Vibe Coding for CISOs: Managing Risk & Opportunity in AI Development

Vibe Coding, Slopsquatting, and the Future of AI in Software Development with Guy Podjarny

Is Your Browser the Biggest AI Security Risk?

AI in Cybersecurity: Phil Venables (Formerly Google Cloud CISO) on Agentic AI & CISO Strategy

AI Red Teaming & Securing Enterprise AI with Leonard Tang of Haize Labs

RSA Conference 2025 Recap: Agentic AI Hype, MCP Risks & Cybersecurity's Future

MCP vs A2A Explained: AI Agent Communication Protocols & Security Risks

How to Hack AI Applications: Real-World Bug Bounty Insights

The Future of Digital Identity: Fighting AI Deepfakes & Identity Fraud

The Truth Behind AI Agents: Hype vs. Reality

How AI is changing Detection Engineering & SOC Operations?

What does your AI cybersecurity plan look like for 2025?

AI Cybersecurity Predictions 2025: Revolution or Reality?

AI Red Teaming in 2024 and Beyond

The Current State of AI and the Future for CyberSecurity in 2024

What is AI Native Security?

BlackHat USA 2024 AI Cybersecurity Highlights

Our insights from Google's AI Misuse Report