Brutkey

Darren Meyer :donor:
@darrenpmeyer@infosec.exchange
Darren Meyer :donor:
@darrenpmeyer@infosec.exchange

Level 3 autonomous agents have a feedback loop that means that once something is injected it continues to operate in a compromised mode, even actively collaborating with attackers to make attacks succeed – Lynch & Harang #BHUSA #LivePost

Darren Meyer :donor:
@darrenpmeyer@infosec.exchange

Replit incident mentioned. – Lynch & Harang #BHUSA #LivePost

Darren Meyer :donor:
@darrenpmeyer@infosec.exchange

We defend using fairly traditional analysis tactics like a kill chain analysis – Lynch & Harang #BHUSA #LivePost

Darren Meyer :donor:
@darrenpmeyer@infosec.exchange

So now how do we secure agents against this sort of thing? – Lynch & Harang #BHUSA #LivePost

Darren Meyer :donor:
@darrenpmeyer@infosec.exchange

Since #cursor has an auto-run mode, vulnerabilities to prompt injections are effectively auto-pwn mode – Lynch & Harang #BHUSA #LivePost

Darren Meyer :donor:
@darrenpmeyer@infosec.exchange

Agents like #Cursor can be injected by comments and dotfiles, attacking developer machines – Lynch & Harang #BHUSA #LivePost

Darren Meyer :donor:
@darrenpmeyer@infosec.exchange

Nap-oleon and I starting to go to talks! #BHUSA

A stuffed sloth in a presentation room at BlackHat
Darren Meyer :donor:
@darrenpmeyer@infosec.exchange

Example: client agents which use LLM to decide what to execute on client machine — wide open to watering-hole attacks, and effectively an OSS supply-chain attack. – Lynch & Harang #BHUSA #LivePost

Darren Meyer :donor:
@darrenpmeyer@infosec.exchange

Example: instructing #PandasAI to execute code "for analysis" by telling it the code has already been written – Lynch & Harang #BHUSA #LivePost

Darren Meyer :donor:
@darrenpmeyer@infosec.exchange

Example: the Copilot RAG vuln #EchoLeak and its precursor – Lynch & Harang #BHUSA #LivePost