meta_pixel
Tapesearch Logo
Log in
Smashing Security

This AI security flaw might be impossible to fix

Smashing Security

Graham Cluley

News, Tech News, Technology

4.7 • 579 Ratings

🗓️ 3 June 2026

⏱️ 58 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

A website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren't. And when a journalist tried to warn the company, it was lawyers who responded.

Meanwhile, a paper from Cornell suggests that prompt injection - the technique malicious actors use to trick AI agents into doing things they really shouldn't - may be fundamentally unsolvable. Which is err... awkward, because everyone is rushing to plug AI agents into their email, files, and corporate networks.

Plus don't miss our featured interview with Andrea Sivieri of CoreView, who tells us how hackers can lock your entire organisation out of its Microsoft 365 environment... without having to trick you into running a single piece of malicious code or handing over a password.

All this and more in episode 470 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Tanya Janca.


EPISODE LINKS:



SPONSORS:

  • Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
  • CoreView - How secure is your Microsoft 365 tenant? Find out with CoreView's free Microsoft 365 Tenant Security Scanner.
  • ESET - 30 years of threat research behind unique global telemetry, AI-native technology, and human expertise working together to keep your business protected.


SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!


FOLLOW THE SHOW:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.


THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.





Privacy & Opt-Out: https://redcircle.com/privacy

Transcript

Click on a timestamp to play from that location

0:00.0

So it's spin doctors, it's lawyers, because that's what you do when you have a serious security hole, isn't it?

0:08.3

That's what they used to do, though.

0:10.1

Like, when you used to report a bug, companies would sue you.

0:14.1

Yes, you must be a hacker.

0:15.2

Yeah.

0:15.5

We're going to send the cops around.

0:33.9

Yeah. Smashing Security, Episode 470, this AI security floor might be impossible to fix, with Graham Cluelly and special guest, Tanya Janker.

0:36.4

Hello, hello, and welcome to Smashing Security episode 470. My name is Graham Cluley. And I'm Tanya Janker. Tanya, great to have you back on the show. Real delight to have you here. Now, you were on the show a little while ago, but you've got some exciting news. You're going to be signing copies of your new book. Tell us about it. Yes. I recently

0:56.0

met some of the wonderful people at ESET. And we were discussing how I was coming down to Vegas

1:01.5

because I'm going to do a bunch of things at DefCon. And they said, well, we have a booth at

1:06.0

Black Hat. Did you want to show up at our booth and sign some books? So they have bought a ton of

1:10.8

books. And so both days at Black Hat, I'm going to hang out at our booth and sign some books. So they have bought a ton of books. And so both

1:11.7

days at Black Hat, I'm going to hang out at their booth and just give tons of books way and sign books and hang out. I'm really excited. The folks that you said are so great. Oh, they're a nice bunch. Yeah, I've done some work with them in the past. And they're actually sponsoring this episode of the podcast. They've got a really good antivirus product, but it's good to know that they'll also be handed out copies of your book. So this is the latest book from She Hacks Purple, right? Yes, it's Alice and Bob Learn Secure Coding. And so if you write code or, quite frankly, if you're working with an LLM and it's writing code for you and you need to make sure that code is actually safe. This is the book for you, for sure. Yeah, make sure you go and visit the ESET booth at Black Hat and you may well bump into Tanya and get her to sign you a free copy of her book. Very nice. Not bad at all, right? Now, before we kick off, let's thank this week's wonderful sponsors.

2:01.6

Corvue, Venter and ESET.

2:03.6

We'll be hearing more about them later on in the podcast.

2:08.7

This week on Smashing Security.

2:11.1

We're not going to be talking about how hackers were able to get Meta's AI to help them hack into Meta Instagram accounts.

2:19.9

You'll hear no discussion of how Canon has released firmware updates to pick security

2:25.2

holes in more than 200 of its enterprise printers that could allow remote hackers to steal

2:30.7

local domain passwords.

2:34.0

And we won't even mention how hackers managed to steal local domain passwords.

2:35.7

And we won't even mention.

...

Transcript will be available on the free plan in 27 days. Upgrade to see the full transcript now.

Disclaimer: The podcast and artwork embedded on this page are from Graham Cluley, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Graham Cluley and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.