#070 - Cyber AI Chronicle

PRESENTED BY

Cyber AI Chronicle

By Simon Ganiere · 23^nd June 2025

Welcome back!

📓 Editor's Note

Here's the uncomfortable truth: the good guys have been busy deploying AI everywhere, whilst the attackers have been studying the attack surface those same deployments are creating.

EchoLeak is the first - that I know - zero click vulnerability for an AI system. This will sound familiar to people in the cyber security field. To the others, you have to understand that AI systems have access to a significant amount of data by design and this will be used against us.

Here's what we need to do differently:

• As with traditional cyber security, embedded the controls as early as possible

• Segregation of environment is still very important (e.g. AI systems vs. data)

• Monitoring of AI interactions is critical (e.g. API, access, prompt, etc.)

• AI is still categorized as emerging technology, but it will become critical infrastructure very soon. Treat it as such already now.

You can’t stop the AI adoption - it is going to fast already. It's to get ahead of this curve by making security part of our AI story from the beginning. When we embed security thinking into AI procurement and deployment decisions, we're not slowing things down. We're building the foundation that lets our organizations innovate confidently instead of crossing our fingers and hoping nothing breaks.

The question facing every CISO today: Will you lead your organization's AI transformation, or will you be explaining to the board why you didn't see this coming?