About this episode
Your AI reads the small print, and that's a problem. This week in episode 433 of "Smashing Security" we dig into LegalPwn - malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator).Meanwhile, new research from Anthropic reveals that hackers have already used AI agents to break into networks, steal passwords, sift through stolen data, and even write custom ransom notes. In other words, one hacker with an AI helper can work like an entire team of cybercriminals.Plus: a joyous geek detour into keyboard history, and the most diabolically annoying, fully functional AI-generated CAPTCHA that you will love to inflict on your friends.EPISODE LINKS:LegalPwn: Abusing Legal Disclaimers to Trigger Prompt Injections - Pangea Labs.LegalPwn: Tricking LLMs by burying badness in lawyerly fine print - The Register.LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code - HackRead.One long sentence is all it takes to make LLMs misbehave - The Register.Londoners give up eldest children in public Wi-Fi security horror show - The Guardian.Targeted social engineering is en vogue as ransom payment sizes increase - Coveware.State of Malware 2025 - ThreatDown.Cybercrime in the Age of AI - ThreatDown.Threat Intelligence Report: August 2025 - Anthropic.The Day Return Became Enter - Marcin Wichary.Ethan Mollick’s terrible AI-generated CAPTCHAs - Twitter.The very worst AI-generated CAPTCHA? - Claude.ai.Smashing Security merchandise (t-shirts, mugs, sticker
