VIDEO
HIGHLIGHT
Log InSign up
Hacking AI is TOO EASY (this should be illegal)
SummaryTranscriptChat

Hacking AI is TOO EASY (this should be illegal)

What Are the Risks of Hacking AI?

Introduction to AI Hacking

  • The potential for hacking companies through their AI systems is significant, with attackers able to steal sensitive data and trade secrets.
  • The current landscape resembles early web hacking days, where vulnerabilities like SQL injection were rampant; now, similar opportunities exist in AI.
  • Understanding what it means to hack AI involves recognizing various applications beyond just chatbots, including APIs and internal apps.

Types of Vulnerabilities

  • Vulnerabilities extend beyond simple jailbreaking; they include a range of attacks on different aspects of an AI application.
  • The concept of "AI pen testing" versus "AI red teaming" highlights the need for holistic security tests rather than just targeting model outputs.

Attack Methodology

  • Jason Haddock's attack methodology consists of six segments aimed at exploiting weaknesses in AI-enabled applications:
  • Identifying system inputs.
  • Attacking the ecosystem surrounding the application.
  • Conducting traditional red teaming against the model itself.
  • Manipulating prompt engineering and data inputs.
  • Targeting the application directly and pivoting to other systems.

Focus on Prompt Injection

  • Prompt injection is highlighted as a key technique that allows hackers to exploit an AI's logic against itself, making it a central focus for attackers.
  • Sam Altman acknowledged that while progress has been made, prompt injection remains a persistent challenge that may not be fully solvable.

Accessibility of Hacking Techniques

  • Prompt injection does not require advanced technical skills; clever natural language prompting can suffice initially but may lead to more complex techniques later on.
  • Jason created a taxonomy categorizing prompt injection techniques into intents, evasions, and utilities for better understanding and organization.

Engaging with Prompt Injection

Interactive Learning Experience

  • A free game demonstrates how prompt injection works by allowing users to trick an unprotected AI into revealing information like passwords.
  • As players progress through levels in the game, they encounter increasing difficulty due to guardrails implemented by real-world companies.

Taxonomy Overview

  • Jason’s taxonomy serves as a professional playbook detailing effective strategies for executing successful prompt injections.

AI Hacking Techniques and Tools

Overview of Custom Intent Creation

  • Jason discusses the development of an open-source tool for creating custom intents, which is still unreleased. The tool aims to enhance user interaction with AI systems.
  • He mentions that attackers have access to 9.9 trillion possible attack combinations, highlighting the complexity and scale of potential threats in AI security.

Innovative Attack Methods

  • Introduction of "emoji smuggling," a technique where instructions are hidden within emojis, allowing them to bypass current classifiers and guardrails in AI systems.
  • A utility called "syntactic anti-classifier" is introduced, which uses creative language techniques (synonyms, metaphors) to generate prompts that can evade image generation guardrails.

Link Smuggling Technique

  • Jason explains link smuggling as a method where sensitive data (like credit card numbers) can be concealed within text strings or images, making it difficult for classifiers to detect.
  • This technique involves encoding information in base64 format and using URLs that point back to a hacking server while avoiding detection by security measures.

Community Insights on Prompt Injection

  • Discussion about the underground community focused on prompt injection techniques, specifically mentioning the Bossy Group's Discord as a resource for learning about jailbreak methods.
  • The conversation highlights various subreddits dedicated to prompt injection discussions and resources available on GitHub related to these techniques.

Evolving Nature of Jailbreak Techniques

  • Jason notes that many jailbreak methods may not work consistently due to patches but emphasizes the ongoing evolution of these techniques across different versions of AI models.
  • He reflects on how passionate communities drive innovation in hacking methods, particularly at events like DEFCON where ethical hacking practices are shared.

Cloud Security Solutions

  • Introduction of Wiz as a cloud security platform designed to protect cloud-based applications. Over 50% of Fortune 100 companies utilize their services for enhanced security measures.

AI Security Risks and Solutions

The Importance of AI Security

  • Companies are eager to adopt AI technology despite security concerns, with Wiz providing tools to help secure these deployments.
  • Real-world examples highlight the risks associated with AI integration, as companies often overlook security in their rush to implement new technologies.

Communication Breakdowns in AI Implementation

  • A case study revealed that sensitive Salesforce data was inadvertently sent to OpenAI due to a lack of communication between engineering and security teams.
  • Many organizations are unprepared for the complexities of integrating AI into their systems, leading to significant vulnerabilities.

Case Study: Sales Bot in Slack

  • A sales bot integrated with Slack pulls customer data from various sources but lacks adequate security measures.
  • Issues include no input validation on API calls and over-scoped permissions that allow unauthorized access and potential exploitation through prompt injection.

Model Context Protocol (MCP)

  • MCP is introduced as a standard aimed at improving interactions between AI models and external tools, yet it carries its own security vulnerabilities.
  • Concerns arise around role-based access control within MCP servers, allowing potential backdoor attacks if improperly configured.

Potential Threats from Compromised Systems

  • Attack vectors exist within MCP implementations where files can be accessed without proper restrictions, posing serious risks.
  • Despite its vulnerabilities, MCP enables powerful functionalities like natural language queries for log analysis in cloud-based SIM tools.

The Future of Offensive Security Automation

  • Advances in autonomous agents for offensive security were showcased at an OpenAI conference, demonstrating their ability to identify web vulnerabilities effectively.

AI in Cybersecurity: Hacking and Defense

The Role of AI in Hacking

  • The discussion begins with the notion that AI may be taking over hacking tasks, raising concerns about the diminishing role of humans in cybersecurity.
  • Jason highlights a new dynamic where AI excels at identifying common vulnerabilities but lacks the creative problem-solving skills of experienced human hackers.
  • Despite advancements, AI struggles to replicate the innovative techniques employed by skilled bug bounty hunters who possess unique insights and tricks.

Automation in Vulnerability Management

  • On the defensive side, automation through AI is seen as a solution for managing vulnerabilities more efficiently within organizations.
  • Jason expresses enthusiasm for tools like Innate N that can automate tedious tasks involved in vulnerability management, streamlining processes significantly.
  • The complexity of vulnerability management is discussed, emphasizing the need for effective tracking and resolution of security issues from discovery to closure.

Challenges with New Tools

  • While automation tools are beneficial, they also introduce their own vulnerabilities that need addressing; Jason notes he has been asked to test these very tools.
  • Popular frameworks such as Lang Chain and Lang Graph are highlighted as frequently tested due to their growing use among developers.

Security Strategies for AI Integration

  • Companies feel pressured to adopt AI technologies despite associated risks; Jason provides insights on how to defend against potential threats when integrating AI into applications.
  • A multi-layered defense strategy is recommended, focusing on securing web applications through fundamental IT security practices.

Key Defensive Measures

  • At the web layer, basic security measures include input/output validation to prevent harmful data interactions between users and systems.
  • An "AI firewall" is proposed as essential for protecting models from prompt injections and other manipulative attacks during data processing.
  • Implementing strict access controls based on the principle of least privilege ensures APIs only have necessary permissions, reducing exposure to risks.

Final Thoughts on Complexity

Building Secure AI: Challenges and Strategies

The Complexity of Securing AI Systems

  • Building secure AI involves a multilayered strategy, akin to traditional security practices. It requires careful consideration of trade-offs, particularly regarding system latency.
  • The current landscape of AI feels chaotic, reminiscent of the early web hacking days. There is an excitement around exploiting vulnerabilities in AI systems due to their increasing power and access.

Learning Opportunities in Hacking AI

  • Jason Haddock offers a course on hacking AI that evolves with the technology, providing learners with up-to-date tools and insights into both using and securing AI.
  • Viewers are encouraged to engage by sharing thoughts in the comments section and subscribing for updates on new content related to ethical hacking.

Insights from Jason's Experience

  • A full interview with Jason Haddock is available on a second channel, featuring discussions that don't fit the main channel's format.
  • Jason shares an anecdote about discovering GPT-4's system prompt through a creative method involving magic cards, highlighting innovative approaches to understanding AI behavior.

Understanding GPT-4's Behavior

  • By instructing GPT-4 to create a magic card, they inadvertently revealed its system prompt. This insight came just before public concerns arose about the model’s overly agreeable responses.
  • The system prompt indicated that GPT models should emulate user emotions during interactions, explaining why it was perceived as excessively agreeable.

Creative Problem Solving in AI Interaction

Video description

Want to deploy AI in your cloud apps SAFELY? Let Wiz help: https://ntck.co/wiz Can you hack AI? In this video I sit down with elite AI hacker Jason Haddix to unpack how attackers compromise AI-enabled apps—not just jailbreak chatbots, but exfiltrate customer data, abuse tool calls, and pivot across systems. We walk through his six-part AI pentest blueprint, play the Gandalf prompt-injection game, and demo wild techniques like emoji smuggling and link smuggling. You’ll see real-world cases (think Slack salesbots + Salesforce leaks), why MCP (Model Context Protocol) and agentic frameworks can widen the blast radius, and then we flip to defense: web-layer fundamentals, a “firewall for AI” on inputs/outputs, and least-privilege for data and tools—plus a hands-on demo you can try. If you’re building with AI in 2025, this is your wake-up call (and your roadmap). Educational content only—hack ethically and only with permission. 📌 Watch the Full Interview here: https://youtu.be/2Z-9EOyb6HE Links and STUFF —-------------------------------------------------------- Practice Prompt Injection: https://gandalf.lakera.ai/baseline Pliney's Github: https://github.com/elder-plinius Follow Jason Everywhere: X: https://x.com/Jhaddix Linkedin: https://www.linkedin.com/in/jhaddix/ Instagram: https://www.instagram.com/j.haddix56/ Tiktok: https://www.tiktok.com/@jhaddix56 Checkout Jason’s courses: Website: https://www.arcanum-sec.com/ Training Overview: Training: https://www.arcanum-sec.com/training-overview Attacking AI course: https://www.arcanum-sec.com/training/attacking-ai Hacking your career: https://www.arcanum-sec.com/training/hack-your-brand 🔥🔥Join the NetworkChuck Academy!: https://ntck.co/NCAcademy **Sponsored by Wiz.io 00:00 - Hack companies through AI? 00:58 - What does “hacking AI” really mean? 01:43 - AI pentest vs. red teaming (6-step blueprint) 02:42 - Prompt Injection 101 (why it’s so hard) 04:14 - Try it live: Gandalf prompt-injection game 05:09 - Jailbreak taxonomy: intents, techniques, evasions 05:55 - Emoji smuggling + anti-classifier demo 07:23 - Link smuggling (data exfiltration trick) 11:38 - Real-world leaks: Salesforce/Slack bot case 13:47 - MCP security risks & blast radius 16:55 - Can AI hack for us? Agents & bug bounties 20:52 - Defense in depth: web, AI firewall, least privilege 24:57 - Jason’s Magic Card: GPT-4o system prompt leak (wild story) SUPPORT NETWORKCHUCK --------------------------------------------------- ➡️NetworkChuck membership: https://ntck.co/Premium ☕☕ COFFEE and MERCH: https://ntck.co/coffee Check out my new channel: https://ntck.co/ncclips 🆘🆘NEED HELP?? Join the Discord Server: https://discord.gg/networkchuck STUDY WITH ME on Twitch: https://bit.ly/nc_twitch READY TO LEARN?? --------------------------------------------------- -Learn Python: https://bit.ly/3rzZjzz -Get your CCNA: https://bit.ly/nc-ccna FOLLOW ME EVERYWHERE --------------------------------------------------- Instagram: https://www.instagram.com/networkchuck/ Twitter: https://twitter.com/networkchuck Facebook: https://www.facebook.com/NetworkChuck/ Join the Discord server: http://bit.ly/nc-discord AFFILIATES & REFERRALS --------------------------------------------------- (GEAR I USE...STUFF I RECOMMEND) My network gear: https://geni.us/L6wyIUj Amazon Affiliate Store: https://www.amazon.com/shop/networkchuck Buy a Raspberry Pi: https://geni.us/aBeqAL Do you want to know how I draw on the screen?? Go to https://ntck.co/EpicPen and use code NetworkChuck to get 20% off!! fast and reliable unifi in the cloud: https://hostifi.com/?via=chuck Prompt Injection explained with live demos: Gandalf game, emoji smuggling, and link smuggling exfiltration. AI Pentesting vs AI Red Teaming: a six-phase methodology for securing LLM apps end-to-end. LLM jailbreak taxonomy: intents, techniques, evasions, and utilities—how attackers actually think. RAG poisoning, tool-call abuse, and over-scoped API keys: the hidden risks in modern AI products. MCP (Model Context Protocol) security: tools/resources/prompts, server hardening, and blast-radius control. Agentic frameworks (LangChain, LangGraph, CrewAI) security pitfalls—and how to test them safely. Real-world case study: Slack salesbot + Salesforce data exposure and what went wrong. Defense in depth for AI: input/output validation, a firewall for AI (guardrails/classifiers), least privilege. Bug bounty + AI: why mid-tier vulns are getting automated while human creativity still wins. 2025 AI security blueprint: map your attack surface, prevent system-prompt leaks, and lock down data access. #promptinjection #aihacking #airedteaming