My Personal Garden

"Exploiting Multi-Agent Systems: How Prompt Injection Turns Collaboration into Compromise" by Jeremy Richards from ServiceNow’s AI Red Team. OverviewThe presentation explores the emerging attack surface of multi-agent AI systems. As AI shifts from single chatbots to complex, multi-agent frameworks capable of autonomous tool use and long-term planning, the "blast radius" of prompt injection attacks significantly expands. Richards argues that the power of a prompt injection is entirely bounded by the implementation—specifically, the privileges and tools granted to the injected agent. Core Concepts: The Multi-Agent ArchitectureRichards explains the standard…

Agentic Edge AI: Threat Architecture, Attack Surfaces & Real-World Risk. Overview In this presentation, Numaan Huq, a Senior Threat Researcher at Trend Micro, explores the rapidly approaching future of Agentic Edge AI—autonomous AI systems deployed on physical devices rather than relying solely on the cloud. Huq outlines what these systems are, how they operate, and critically, the new and complex cybersecurity threats they will introduce over the next 3 to 5 years as they integrate into homes, workplaces, and public infrastructure. What is Agentic Edge AI? Huq begins…

"The Apex Adversary" by Jeff Sims: IntroductionJeff Sims, a Senior Staff Data Scientist at Infoblox, presents a near-horizon cybersecurity threat model called the Apex Adversary. He defines this not as a single AI, but as an orchestrator—a "system of systems"—that combines various agentic AI capabilities to create a fully autonomous cyber combatant. Sims breaks down the anatomy of the Apex Adversary into three core components: Code Synthesis, External Sensing, and High-Capacity Reasoning. 1. Code Synthesis (Prompt $\rightarrow$ Model $\rightarrow$ Executor)Sims explains how AI can be used to generate…

"From Prompts to Plans: Security and Safety Testing for Agentic AI" by Jason Stanley: The Core Problem: AI is Evolving Faster Than Our Testing MethodsStanley begins by highlighting the massive surge in AI adoption across enterprises. However, the nature of AI systems is fundamentally changing. We are moving away from simple, stateless "chat" interfaces (where a user inputs a prompt and gets a single reply) toward complex Agentic AI. These new agents have memory, access to external tools, complex architectures, and the ability to take multi-step actions in…

This video is a Black Hat USA 2025 talk titled “BinWhisper: LLM-Driven Reasoning for Automated Vulnerability Discovery Behind Hall-of-Fame” by Qinrun Dai and Yifei Xie. The core idea is that vulnerability research still depends heavily on either manual auditing or fuzzing, and the speakers argue that LLMs are most useful not as fully autonomous hackers, but as structured reasoning helpers inside a guided workflow. The talk starts with a manual reverse-engineering walkthrough of CVE-2024-34587, using a Samsung video/RTCP parsing path as the example. They show that the actual…

Summary Using Large Language Models (LLMs) for offensive security (vulnerability discovery) currently results in an overwhelming number of false positives. To solve this, Dolan-Gavitt proposes shifting away from asking AI to "grade its own homework." Instead, security teams must use Non-AI Deterministic Validation—forcing the AI agent to provide undeniable, mathematically verifiable proof that an exploit works. The Problem: The Specter of False Positives When LLMs are fed source code and asked to find vulnerabilities, they confidently hallucinate bugs. This is a mathematical inevitability due to the Bayesian Base Rate Fallacy.…