Welcome back! 👋After taking a little break to reset and redesign everything behind the scenes, I’m back — and consolidating all my content. This episode is part of both The AI Security Podcast (on Spotify and Apple Podcasts) and my YouTube channel, HarrietHacks — so whether you prefer to listen or watch, you’ll get the same great conversations (and bad jokes) across both platforms.From now on, I’ll be posting at least fortnightly (with the occasional bonus episode when something big happens… like when I announced the book!).I’ve been in a few conversations lately where people have tried to convince me that AI Security is just Application Security in disguise. Naturally, I disagree. 🤷♀️ So in this episode, we dive into AI Security vs Application Security — how they overlap, where they diverge, and why securing AI systems demands new thinking beyond traditional AppSec.💌 Sign up for the newsletter: http://eepurl.com/i7RgRM📘 Pre-order The AI Security Handbook: [link coming soon]🎥 Watch this episode and more on YouTube: https://www.youtube.com/@HarrietHacks🔗 Useful LinksSQL Injection Examples (W3Schools): https://www.w3schools.com/sql/sql_injection.aspApplication Security Blog (Medium): https://medium.com/@pixelprecisionengineering1/application-security-appsec-in-cybersecurity-855ad9ce5e5eEcholeak Zero-Click Copilot Exploit (Dark Reading): https://www.darkreading.com/application-security/researchers-detail-zero-click-copilot-exploit-echoleakTraditional AppSec vs AI Security (Pillar Security): https://www.pillar.security/blog/traditional-appsec-vs-ai-security-addressing-modern-risks
--------
30:22
--------
30:22
Agentic AI Security: A Primer
For a while we've been wanting to talk about Agentic AI Security.. the thing is that we could spend multiple episodes talking about it! So we decided to do just that. This is part 1 - a primer - where we talk about exactly what AI agents are and why we may need to consider their security a bit differently. Stay tuned for the rest of the series!
--------
19:02
--------
19:02
How Likely Are AI Security Incidents? Updates From Our Final Report!
Six months ago Tania and I made an episode about the interim report for our AI Security Likelihood Project.. and it is finally time to discuss the final report! You'll see it live at this link shortly: https://www.aisecurityfundamentals.com/The premise was simple: are AI security incidents happening in the wild? What can we learn about future incidents from these historic ones? We answer some of these questions.
--------
31:28
--------
31:28
To open or close model weights?
In this episode, Tania and I discuss the debate around closed or open model weights. What do you think?The RAND report we mention: https://www.rand.org/pubs/research_reports/RRA2849-1.html
--------
27:52
--------
27:52
Creative prompt injection in the wild
In this episode, Tania and I talk through some creative examples of prompt injection/engineering we've seen in the wild.. think prompts hidden in papers, red-teaming and web-scraping.Your Brain on ChatGPT: https://arxiv.org/pdf/2506.08872Paper with hidden text (p. 12): https://arxiv.org/abs/2502.19918v2Interesting overview: https://www.theregister.com/2025/07/07/scholars_try_to_fool_llm_reviewers/Echoleak blog post: https://www.aim.security/lp/aim-labs-echoleak-m365
I missed the boat in computer hacking so now I hack AI instead. This podcast discusses all things at the intersection of AI and security. Hosted by me (Harriet Farlow aka. HarrietHacks) and Tania Sadhani and supported by Mileva Security Labs. Chat with Mileva Security Labs for your AI Security training and advisory needs: https://milevalabs.com/Reach out to HarrietHacks if you want us to speak at your event: https://www.harriethacks.com/
Australia