September 4, 2025 37:17 E19

News of the Month | Episode 19

Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

AI News of the Month | Episode 19

In Episode 19,Brianand Derek cover a zero-click indirect prompt injection attack against ChatGPT connectors and seemingly innocent Google Calendar events that hijack smart homes via Gemini, with possible consequences for the power grid.

They'll discuss the impact of Microsoft patching a critical Azure OpenAI SSRF vulnerability and go over new NIST AI security standards, IBM’s study on shadow AI and breach costs, OpenAI’s response to chat indexing leaks, and a malicious VS Code extension that stole $500K in cryptocurrency.

#AI #CyberSecurity #PromptInjection #Malware #InfoSec #AIThreats #Hacking #GenerativeAI #Deepfakes #LLM #ShadowAI

“Poisoned doc” exfiltrates data via ChatGPT Connectors (AgentFlayer) — Aug 6, 2025
- Primary: https://www.wired.com/story/poisoned-document-could-leak-secret-data-chatgpt/
- Tech write-up: https://labs.zenity.io/p/agentflayer-chatgpt-connectors-0click-attack-5b41

Poisoned Google Calendar invite hijacks Gemini to control a smart home — Aug 6–10, 2025
- Primary: https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home/
- Bug/patch coverage: https://www.bleepingcomputer.com/news/security/google-calendar-invites-let-researchers-hijack-gemini-to-leak-user-data/

Microsoft August Patch Tuesday adds AI-surface fixes; critical Azure OpenAI vuln (CVE-2025-53767) — Aug 12–13, 2025
- Release coverage: https://www.techradar.com/pro/security/microsofts-latest-major-patch-fixes-a-serious-zero-day-flaw-and-a-host-of-other-issues-so-update-now
- CVE entry: https://nvd.nist.gov/vuln/detail/CVE-2025-53767 (NVD)
- Overview: https://www.tenable.com/blog/microsofts-august-2025-patch-tuesday-addresses-107-cves-cve-2025-53779 (Tenable®)

NIST proposes SP 800-53 “Control Overlays for Securing AI Systems” — Aug 14, 2025
- Announcement: https://www.nist.gov/news-events/news/2025/08/nist-releases-control-overlays-securing-ai-systems-concept-paper
- Concept paper (PDF): https://csrc.nist.gov/csrc/media/Projects/cosais/documents/NIST-Overlays-SecuringAI-concept-paper.pdf

IBM 2025 “Cost of a Data Breach”: AI is both breach vector and defender — Jul 30, 2025
- Press release: https://newsroom.ibm.com/2025-07-30-ibm-report-13-of-organizations-reported-breaches-of-ai-models-or-applications%2C-97-of-which-reported-lacking-proper-ai-access-controls
- Report: https://www.ibm.com/reports/data-breach
- Analysis: https://venturebeat.com/security/ibm-shadow-ai-breaches-cost-670k-more-97-of-firms-lack-controls/ (VentureBeat)

OpenAI considers encrypting Temporary Chats; privacy clean-ups after search-indexing scare — Aug 18, 2025
- Interview: https://www.axios.com/2025/08/18/altman-openai-chatgpt-encrypted-chats
- Context: https://arstechnica.com/tech-policy/2025/08/chatgpt-users-shocked-to-learn-their-chats-were-in-google-search-results/
- Help center (retention): https://help.openai.com/en/articles/8914046-temporary-chat-faq

Fake VS Code extension for Cursor leads to $500K crypto theft — July 11, 2025

----------------------------------------------------------------------------------------------
Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/
Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/
Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

(00:00) - Intro
(00:31) - “Poisoned doc” exfiltrates data via ChatGPT Connectors (AgentFlayer)
(01:15) - A zero-click prompt injection
(02:12) - url_safe bypassed using URLs from Microsoft’s Azure Blob cloud storage
(07:08) - Poisoned Google Calendar invite hijacks Gemini to control a smart home
(08:35) - The intersection of AI and IOT
(09:53) - Be careful what you hook AI up to
(10:23) - Derek warns of threat to power grid
(11:54) - Mitigations - restrict permissions, sanitize calendar content
(13:56) - Patch Tuesday - AI-surface fixes; critical Azure OpenAI vuln
(15:49) - NIST proposes SP 800-53 “Control Overlays for Securing AI Systems”
(18:43) - IBM “Cost of a Data Breach”: AI is both breach vector and defender
(19:16) - Shadow AI
(21:49) - “The AI adoption curve is outpacing controls”
(23:02) - OpenAI considers encrypting Temporary Chats
(26:39) - Data storage and logging LLM interactions
(29:59) - Fake VS Code extension for Cursor leads to $500K crypto theft
(30:37) - Danger of using pip install as root on a server

Episode Video

Creators and Guests

Host

Brian Fehrman

Brian Fehrman is a long-time BHIS Security Researcher and Consultant with extensive academic credentials and industry certifications who specializes in AI, hardware hacking, and red teaming, and outside of work is an avid Brazilian Jiu-Jitsu practitioner, big-game hunter, and home-improvement enthusiast.

Host

Derek Banks

Derek is a BHIS Security Consultant, Penetration Tester, and Red Teamer with advanced degrees, industry certifications, and broad experience across forensics, incident response, monitoring, and offensive security, who enjoys learning from colleagues, helping clients improve their security, and spending his free time with family, fitness, and playing bass guitar.