Episode 152: GeminiJack and Agentic Security with Sasi Levi

DEC 11, 202581 MIN

Episode 152: GeminiJack and Agentic Security with Sasi Levi

DEC 11, 202581 MIN

Description

Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Vertex Bug, and debate if Prompt Injection is a real Vuln.Follow us on twitter at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:[email protected]">[email protected]</a>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater">https://x.com/Rhynorater</a><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__">https://x.com/rez0__</a><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/gr3pme">https://x.com/gr3pme</a>====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">https://ctbb.show/discord</a>!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.CHeck out our New Christmas Swag at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">https://ctbb.show/merch</a>!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control<a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/tl-ec">https://ctbb.show/tl-ec</a>And Noma Security! <a target="_blank" rel="noopener noreferrer nofollow" href="https://noma.security/">https://noma.security/</a>Today’s Guest: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/sasi2103">https://x.com/sasi2103</a>====== This Week in Bug Bounty ======<a target="_blank" rel="noopener noreferrer nofollow" href="https://hackerone.com/vercel_platform_protection?type=team">Vercel Platform Protection</a><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/cramforce/status/1998072892391592195?s=20">Dedicated HackerOne program for Vercel WAF</a><a target="_blank" rel="noopener noreferrer nofollow" href="https://yeswehack.com/programs?scopeType%5B%5D=open-source&page=1">YesWeHack Open Source Programs</a><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.yeswehack.com/learn-bug-bounty/android-recon-bug-bounty-guide">Android recon for Bug Bounty hunters</a>====== Resources ======<a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/sasi2103/status/608349038778437632">Sasi's Tweet from 2015</a><a target="_blank" rel="noopener noreferrer nofollow" href="https://noma.security/blog/forcedleak-agent-risks-exposed-in-salesforce-agentforce/">ForcedLeak: AI Agent risks exposed in Salesforce AgentForce</a><a target="_blank" rel="noopener noreferrer nofollow" href="https://danielmiessler.com/blog/is-prompt-injection-a-vulnerability">Is Prompt Injection a Vulnerability?</a>====== Timestamps ======(00:00:00) Introduction(00:09:16) Google Vertex AI Bug(00:29:28) Sasi's Background and Bug Bounty Journey(00:38:55) Resources for AI and Agentic Security Methodology(00:50:34) ForcedLeak(01:02:06) Is Prompt Injection a Vuln?