"Claude’s ability to autonomously use dev tools s.a. reading network requests and executing JS poses great risk. Since the browser first appeared a great amount of effort was invested into preventing one of the worst web vulnerabilities out there. XSS. Roll in, Claude in Chrome... XSS-as-a-service."

we're stuck replicating the first AI-human interface that caught on The Chat we can do better www.mbgsec.com/posts/2025-0...

’tis the season to be pwning #BHUSA

You missed one thing in your (excellent) analysis: the attacker was clever enough to pull this off (and it is amazingly done), but still wasn't able to solve for Amazon Q CLI's dogshit ergonomics.

AWS security bulletin: aws.amazon.com/security/sec... "This issue did not affect any production services or end-users." Weird how customer logs show the wiper prompt executing. Anyone else see "clean a system to a near-factory state" in your logs?

After several hours of GitHub dorking on the Amazon Q infection we have: - hacker's user and intent - downloader - prompt payload - evasion techniques - timeline from july 13 thru was mitigation and cover big open questions: how did lkmanka58 gain initial access? is this the only user involved?

benchmarks go up attackers pwning like its the 90s www.mbgsec.com/posts/2025-0...

0click chain on a copilot studio agent via email bypass msft's defense, jailbreak 4o, recon for accessible data, dump the entire salesforce crm one prompt labs.zenity.io/p/a-copilot-...

this manus post has changed my todo for the weekend the way in which they constrain model logits by manipulating prefixes is brilliant manus.im/blog/Context...

its been 9 months since #BHUSA and living off microsoft copilot ppl have been asking if things are better now well.. they are much better. but for whom? 😈😈😈 catch the sequel at hacker summer camp featuring very disturbing shenanigans @blackhatevents.bsky.social

an ai system is the top hacker at h1 us leaderboard www.mbgsec.com/posts/2025-0...

incredible vibes at openai's security conf last week I came out both humbled and excited and with a greater conviction -- you can just do things!

AI vendors have been creating vuln disclosure programs asking that every bad prompt be responsibly disclosed blocking a specific prompt does little to protect users it creates an illusion of security that leaves users exposed www.mbgsec.com/posts/2025-0...

good morning folks! thanks again to everyone who attended my talks this week ai assistants create a new initial access vector prompt injection is not a bug to fix, its a problem to manage slides, hacking demos, security program -> labs.zenity.io/p/zenity-res...

we conflate *the problem* with the term prompt injection the problem is that AI inherently does not follow instructions, and we act like it does it follows our goals, an attacker’s, or its own just the same attackers exploit this hijacking your AI for their goals www.mbgsec.com/posts/2025-0...

tmrw (Dec 5) at 10am PT Microsoft is releasing a convo by @donasarkar.bsky.social @sarahyo.com and I where we go into using m365 copilot & copilot studio securely this was a great attacker-defender interaction join us! we'll be there for live questions in comments

first time at INTENT met lots of talented folks and the vibes were great ty this was awesome!

ok we’re having a sequel to living off microsoft copilot

Aaron Costello found 1.1 million NHS employee PII records exposed due to a Power Pages misconfig new powerpwn module is out! by avishai efrat and ofri nachfolger scan your environment for public facing Pages and Dataverse tables github.com/mbrg/power-p...

is there any popular formal definition of the ‘halting problem’ for AI? i.e. can we build a kill switch?

55k devs 90k copilots 500k apps 1.1m automations 10m creds !

Microsoft has >1.5 million low-code/no-code apps including 90K bots and AI copilots this is how together we built a security program that managed to remediate 95% of vulns within 4m I’m really excited to finally be able to share this - www.youtube.com/watch?v=0jGU...

hello world