Pulse 15: Your AI Has a Trust Model. You Didn't Write It.

Impossible d'ajouter des articles

Désolé, nous ne sommes pas en mesure d'ajouter l'article car votre panier est déjà plein.

Veuillez réessayer plus tard

Échec de l’élimination de la liste d'envies.

Veuillez réessayer plus tard

Impossible de suivre le podcast

Impossible de ne plus suivre le podcast

Pulse 15: Your AI Has a Trust Model. You Didn't Write It.

Écouter gratuitement

Voir les détails

Your AI has a trust model. You didn't write it.

Episode 15 is the audio cut of Pulse #15. Pillar Security disclosed a CVSS 10 in Google's Gemini CLI last month, an exploit chain that started with one public GitHub issue and ended with arbitrary code on the main branch of a Google repo. The same pattern showed up in eight other Google-maintained repos. Host Jane walks through why this isn't a coding flaw, why prompt injection understates what happened, and the question every security review of an AI tool should be asking but isn't: what is this agent authorized to trust, and did anyone define that before we deployed it?

Featuring Bruce Schneier on trust as a design decision, and why the patch closed the vulnerability but not the governance gap.

→ Signal Score: echocyber.io/assessment

→ Newsletter: signal.echocyber.io

Editorial: Mike Faas, fractional CTO/CISO at Echo Cyber. Voice by ElevenLabs.

Aucun commentaire pour le moment