The AI Security Talkshow

The AI Security Talkshow · Episode 3 Ep3: AI Governance - Balancing Autonomy, Guardrails, Accountability and Regulations.In this episode: We tackle the critical governance challenges organisations face as they race to deploy autonomous AI systems. With AI safety incidents jumping 56% in just one year, the question isn't whether to use AI, but how to govern it properly. Drawing on real incidents including the Salesloft breach, the Air Canada chatbot ruling and the Grok meltdown, we examine who bears accountability when AI fails and provide practical frameworks for balancing automation with human oversight.What you will learnWhy autonomy and trust need to be earned, not granted by default, and how to implement a phased approach from low-risk automation to human-in-the-loop expansionThe value chain responsibility model that defines who's accountable when AI goes wrong: vendors, organisations and individualsWhy emerging roles like context engineers are essential for embedding security and ethical guardrails by designHow to prepare for regulations like the EU AI Act before the August 2026 compliance deadlineEpisode highlightsScenario A: How attackers breached Salesloft's Drift chatbot and walked into 700 companies using stolen authentication tokensScenario B: Why Air Canada lost a tribunal case when it tried arguing "the chatbot was responsible for its actions"Scenario C: How X's Grok chatbot went off the rails within hours of receiving new instructions, providing dangerous advice.Credits:This episode is based on the original blog post from ⁠⁠⁠⁠Madhul Sachdeva⁠⁠⁠⁠ of ⁠⁠⁠⁠Honestlabs⁠⁠⁠⁠.Read the blog:If you prefer to read the original article, use the link below:⁠⁠⁠AI Governance: Balancing Autonomy, Guardrails, Accountability & Regulations⁠⁠

The AI Security Talkshow · Episode 2 Ep2: Indirect Prompt Injection - Backdoor Risks Hidden in Trusted DataIn this episode : We explore indirect prompt injection, a subtle but dangerous attack vector in Retrieval‑Augmented Generation (RAG) systems. Unlike direct manipulation, these attacks embed hidden instructions inside trusted data sources, bypassing traditional input filters and turning your own documents, datasets and APIs into backdoors.What you will learn•  How adversaries weaponise everyday documents and datasets to compromise AI behaviour•  Why RAG systems blur the line between data and code, creating new attack surfaces•  Practical guardrails to secure ingestion, indexing, retrieval and runtime pipelines•  Real‑world risks in regulated sectors like fintech and healthcareEpisode highlights•  Scenario A: An internal fintech policy document nearly triggers a customer data breach•  Scenario B: A healthcare dataset introduces hidden debug prompts and leaks sensitive patient information•  Key takeaways: treat data as executable, defend every gate, and tailor threat models to industry contextCredits:This episode is based on the original blog post from ⁠Madhul Sachdeva⁠ of ⁠Honestlabs⁠. Read the blog: If you prefer to read the original article, use the link below:Indirect Prompt Injection in RAG Systems

The AI Security Talkshow · Episode 1 2025's - Real AI Breaches & OWASP LLM Top 10In this first episode of The AI Security Talkshow we step through real security attacks on production AI systems in 2025 that collectively resulted in significant damages and business impact. We unpack how these systems were compromised, the attack vectors used, the vulnerabilities exploited, and the practical security guardrails that could have prevented these incidents. We also map each attack back to the OWASP Top 10 for LLMs to show clear alignment between real-world failure modes and the most common risk categories. What you will learnAI Attack paths: How real adversaries chained prompt injection, data exfiltration, and tool misuse to breach AI systemsFailure points: Where guardrails, isolation, and output controls broke under pressureOWASP LLM Top 10 mapping: Clear links between incidents and categories like model manipulation, supply chain risks, and insecure plugin toolingPractical defenses: Guardrails, isolation strategies, policy enforcement, and monitoring patterns that raise the floorEpisode highlightsReal incidents: Production breaches with measurable impact on data, spend, and trustSystemic risks: Why agent orchestration and tool access magnify small mistakesActionable patterns: Controls you can adopt today without heavy re-architectureCredits:This episode is based on the original blog post from Madhul Sachdeva of Honestlabs. Read the blog: If you prefer to read the original article, use the link below:Biggest AI Systems Breaches 2025OWASP Top 10 for LLM - In plain english