Hosts: Miriah Peterson, Matt Sharp, Chris Brousseau
Recorded: April 2026
Status: Released

Most AI systems today are designed to be helpful — not secure.

In this episode, we break down how AI systems actually get exploited in production:

• a real supply chain attack on a widely used AI dependency
• prompt injection and why it still works
• image-based (multimodal) exploits
• tool and agent abuse

If you’re building AI — especially at a startup — you are the security team.

A widely used AI dependency was compromised via a malicious .pth file:

• executes automatically when Python starts
• no import required
• targets credentials, SSH keys, and environment variables

👉 Just installing the package was enough.

This highlights a critical reality:

Your AI system is only as secure as your dependencies.

• Models cannot distinguish between instructions and data
• External content can override system behavior
• Still one of the most common AI vulnerabilities

🔗 https://learnprompting.org/docs/prompt_hacking/injection

• Hidden instructions embedded in images
• AI interprets images differently than humans
• Expands the attack surface significantly

🔗 https://arxiv.org/abs/2306.11698

• AI systems can take real-world actions via tools
• Prompt injection → API calls, data leaks, unintended execution
• Agents amplify risk through autonomy and retries

If you’re building AI systems today:

• separate instructions from data
• limit tool permissions
• treat outputs as untrusted
• validate everything before execution

• AI systems have an internet-sized attack surface
• Supply chain attacks bypass all AI safeguards
• Prompt injection is a fundamental problem
• AI doesn’t fail safely — it fails wherever your system is weakest

• LiteLLM incident: https://github.com/BerriAI/litellm/issues/24512
• Attack breakdown: https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/
• LLM attack techniques: https://llm-attacks.org/
• OWASP LLM Top 10: https://owasp.org/www-project-top-10-for-large-language-model-applications/
• Gandalf challenge: https://gandalf.lakera.ai/

We’ve launched a Patreon for Domesticating AI 🎉

Get:

• early access to episodes
• behind-the-scenes content
• bloopers and uncut moments

👉 https://patreon.com/DomesticatingAIPodcast

• 🎥 YouTube: https://youtu.be/HTTxE7Y1sko

What’s the weirdest way an AI system has broken for you?

Keep your AI on a leash.

AI can write code — but that doesn’t mean you should trust it.

In this episode of Domesticating AI, we’re joined by Tyler Folkman (author of The AI Architect) to break down how engineers are actually using AI to build software — and why most people are still just vibe coding.

• Vibe coding vs real engineering
• Reasoning models vs coding models
• How to plan and prompt AI effectively
• When to let AI take the wheel (and when not to)
• Local vs cloud coding agents
• Token costs vs owning hardware

• Tyler Folkman — The AI Architect
  

• Anthropic
  https://www.anthropic.com
• OpenAI
  https://openai.com
• Ollama
  https://ollama.com
• MiniMax-M2.5
  https://ollama.com/library/minimax-m2.5
• GLM-5
  https://ollama.com/library/glm-5

• AmpCode Chronicle
  https://ampcode.com/chronicle
• Andrej Karpathy on Context Engineering
  https://x.com/karpathy
• “Human in the Loop is Tired”
  (add link if you have it)

Domesticating AI is a bi-weekly podcast about practical AI for developers.

We help you brace the feral open-source AI landscape — so you can tame it instead of getting dragged by it.

contact@domesticatingai.com

Spotify
https://open.spotify.com/show/2WsAR4fvcXzp3vVZGVlkE2

Apple Podcasts
https://podcasts.apple.com/us/podcast/domesticating-ai/id1873338950

Are you vibe coding — or engineering with AI?

Let us know your setup.

Keep your AI on a leash.

🧠 What We Cover🔗 Links & ResourcesGuestModels & ToolsArticles / Mentions🎧 About the Podcast📬 Contact🔥 Follow👇 Join the Discussion

📅 Recorded: February 6, 2026

In this episode of Domesticating AI, we discuss why scaling AI systems with more compute often hides weak engineering decisions — especially in agent workflows. We explore constrained hardware, context management, tool calling, logit manipulation, and why small models can make you a better AI engineer.

• Moltbot / Clawdbot overview (The Verge)
  https://www.theverge.com/report/869004/moltbot-clawdbot-local-ai-agent

• Fake Moltbot VS Code extension spreading malware
  https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html

• Exposed Moltbot admin panels and credential leaks
  https://www.bitdefender.com/en-us/blog/hotforsecurity/moltbot-security-alert-exposed-clawdbot-control-panels-risk-credential-leaks-and-account-takeovers

• Cloudflare Moltworker (self-hosted agent on Workers)
  https://blog.cloudflare.com/moltworker-self-hosted-ai-agent/

• LangGraph – https://www.langchain.com/langgraph

• LangChain – https://www.langchain.com/

• Langfuse – https://langfuse.com/

• Pydantic AI – https://github.com/pydantic/pydantic-ai

• Instructor – https://github.com/jxnl/instructor

• Hugging Face SmolAgents – https://huggingface.co/blog/smolagents

Have a topic suggestion or want to sponsor the show?

📩 contact@domesticatingai.com

Episode 3 is a hardware-first guide to running AI at home. We break down what CPUs vs GPUs vs NPUs vs TPUs actually do in the inference pipeline, why memory capacity isn’t the same as performance (model loading, KV cache, and MoE), why backends/runtimes are real constraints (CUDA vs ROCm vs Metal/MLX vs CPU), and how to scale from one box to multi-GPU and multi-machine setups.

Keep your AI on a leash.

Links mentioned:

- GPU Glossary (Modal): https://modal.com/gpu-glossary

- CUDA → ROCm headline: https://wccftech.com/the-claude-code-has-managed-to-port-nvidia-cuda-backend-to-rocm-in-just-30-minutes/

- Unsloth PR: https://github.com/unslothai/unsloth/pull/3856