AI Injection Attacks – text/plain
A hot infosec topic these days is “How can we prevent abuse of AI agents?” While AI introduces awesome new capabilities, it also entails an enormous set of risks from the obvious and mu…| text/plain
A hot infosec topic these days is “How can we prevent abuse of AI agents?” While AI introduces awesome new capabilities, it also entails an enormous set of risks from the obvious and mu…| text/plain
The team recently got a false-negative report on the SmartScreen phishing filter complaining that we fail to block firstline-trucking.com. I passed it along to our graders but then took a closer look myself. I figured that maybe the legit site was probably at a very similar domain name, e.g. firstlinetrucking.com or something, but no suchContinue reading "Attack Techniques: Fake Literally Everything! (Escrow Scam)"| text/plain
Recently, there’s been a surge in the popularity of trojan clipboard attacks whereby the attacker convinces the user to carry their attack payload across a security boundary and compromise the device. Meanwhile, AI hype is all the rage. I recent had a bad experience in what I thought was a simple AI task (draw aContinue reading "Vibe-coding for security"| text/plain
Over the last several decades, the Windows team has added a stream of additional security mitigation features to the platform to help application developers harden their applications against exploi…| text/plain
Last November, I wrote a post about the basics of security software. In that post, I laid out how security software is composed of sensors and throttles controlled by threat intelligence. In today&…| text/plain
