Rogue Azure AD Guests Can Steal Data via Power Apps
A few default guest setting manipulations in Azure AD and over-promiscuous low-code app developer connections can upend data protections.
You May Also Enjoy
First Public Confirmation of Threat Actors Targeting AI Systems
Over the past year I’ve been asking people the same question over and over again: when our AI systems are targeted, will you know?
Make Real Progress In Security From AI
I gave a talk at the AI Agent Security Summit by Zenity Labs on October 8th in San Francisco. I’ll post a blog version of that talk here shortly.
How Should AI Ask for Our Input?
Enterprise systems provide a terrible user experience. That’s common knowledge. Check out one of the flash keynotes about the latest flagship AI product by ...
Pwn the Enterprise - thank you AI! Slides, Demos and Techniques
We’re getting asks for more info about the 0click AI exploits we dropped this week at DEFCON / BHUSA. We gave a talk at BlackHat, but it’ll take time bef...