Mitigating attacks against AI-enabled Apps, Replacing the CIA triad, Enterprise News - David Brauchler - ESW #429

Mitigating attacks against AI-enabled Apps, Replacing the CIA triad, Enterprise News - David Brauchler - ESW #429

Author: Security Weekly Productions October 20, 2025 Duration: 1:38:26
Enterprise Security Weekly (Video)
NewsTechnology

Segment 1: David Brauchler on AI attacks and stopping them

David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks.

NCC Group's AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test complex agentic systems and how to model trust flows in agentic environments. He also provided information about what architectural decisions can mitigate prompt injection and other model manipulation risks, even when AI systems are exposed to untrusted sources of data.

More about David's Black Hat talk:

Additional blogs by David about AI security:

Segment 2: Should we replace the CIA triad?

An op-ed on CSO Online made us think - should we consider the CIA triad 'dead' and replace it? We discuss the value and longevity of security frameworks, as well as the author's proposed replacement.

Segment 3: The Weekly Enterprise News

Finally, in the enterprise security news,

  1. Slow week for funding, older companies raising via debt financing
  2. A useful AI framework from the Cloud Security Alliance
  3. two interesting essays, one of which is wrong
  4. Folks are out here blasting unencrypted data to and from Satellites, while anyone can sniff and capture it
  5. getting hacked during a job interview
  6. LLM poisoning is far easier than previously thought
  7. F5 got breached
  8. Be careful when patching your Jeep ('s software)

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-429


Hosted by Adrian Sanabria, Enterprise Security Weekly (Video) is a deep dive into the complex world of protecting large organizations. This isn't just a headline recap; it's a practical, analyst-level discussion for security professionals who need to understand the "why" behind the news. Each episode from Security Weekly Productions brings together a seasoned panel including co-hosts like Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, and Sean Metcalf to dissect emerging threats, architectural shifts, and the tools that promise to help. You'll hear candid evaluations as they put security vendors and their claims under the microscope, separating hype from genuine utility. The conversation revolves around actionable intelligence and strategic trends that empower defenders to build more resilient environments. Tuning into this podcast provides a consistent, informed perspective that cuts through the noise of the daily alert cycle, offering clarity and context that's often hard to find. It’s a video format that adds a layer of connection and detail to these technical discussions, making complex topics more accessible. If your work involves making critical decisions about enterprise security posture, this series serves as a vital resource for staying informed and ahead of the curve.
Author: Language: English Episodes: 100

Official website RSS
instagramyoutubediscordlinkedinspotifygithub
Enterprise Security Weekly (Video)
Podcast Episodes

12345...10»