Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

AI coding assistants can be tricked into leaking sensitive company information through specially crafted bug reports, bypassing traditional security measures like phishing emails or malware. This vulnerability arises from the extensive trust and access granted to these AI tools, which can read code, browse file systems, and execute commands.
The attack vector involves a booby-trapped bug report that, when processed by an AI coding assistant, prompts the AI to inadvertently reveal confidential data. This method bypasses the need for malware, stolen credentials, or social engineering tactics, making it a novel threat to software development environments.

Furthermore, a security researcher known as Nightmare Eclipse has reportedly released three zero-day vulnerabilities affecting Microsoft products. One of these vulnerabilities allows an attacker with physical access to a USB drive to bypass BitLocker, Microsoft's full-disk encryption software. The release of these vulnerabilities has reportedly angered Microsoft.
The discussion about these security issues took place on the Smashing Security podcast, episode 472, featuring cybersecurity expert Graham Cluley and special guest Paul Ducklin. They also interviewed Son Nguyen Kim of Proton Pass, who highlighted the risks associated with integrating AI agents into email and calendar systems without proper security vetting.
AI coding agents, such as Claude Code and Cursor, are designed to assist developers by reading code, accessing file systems, and executing commands. Microsoft's Copilot, integrated into tools like Visual Studio Code, is also mentioned as an example of such an assistant, with its Autopilot feature enabled by default in recent updates. These tools are granted significant trust and access, which can be exploited.

Sentry, an error monitoring tool used in software development for over a decade, plays a role in this attack. When software encounters errors in real-world use, Sentry logs these issues for developers to investigate. This system, akin to a smoke alarm for code, provides valuable feedback but can also be leveraged in the described attack.
The podcast also featured a sponsorship from Proton Pass, a password manager developed by the team behind ProtonMail. Proton Pass offers secure storage and sharing of team credentials with end-to-end encryption, open-source code, and data hosted outside of US jurisdiction. It is highlighted as a solution to common insecure password-sharing practices, such as using spreadsheets or unsecured messaging.
The interview with Son Nguyen Kim of Proton Pass focused on the security implications of AI agents. Connecting these agents to sensitive systems like email and calendars without thorough security checks is likened to giving a new employee unrestricted access to company resources without a background investigation. This underscores the broader concern about the security posture of AI integrations in business environments.





