Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore critical security vulnerabilities in AI-powered coding and computer-use agents through this 59-minute conference talk from 39C3. Discover end-to-end prompt injection exploits that compromise major agentic systems including Anthropic's Claude Code, GitHub Copilot, Google Jules, Devin AI, ChatGPT Operator, Amazon Q, and AWS Kiro. Learn how these exploits impact confidentiality and system integrity through remote code execution, sensitive data exfiltration including access tokens, and the creation of "ZombAIs" - AI agents connected to traditional command and control infrastructure. Examine how nation-state tactics like ClickFix adapt to Computer-Use systems through "AI ClickFix" techniques that enable full system compromise. Understand the AI Kill Chain involving prompt injection, confused deputy behavior, and automatic tool invocation, while exploring systemic flaws such as over-reliance on LLM behavior for trust decisions and inadequate sandboxing. Gain insights from the Month of AI Bugs research where over two dozen security vulnerabilities were responsibly disclosed across major AI coding assistants, including how AI was leveraged to discover vulnerabilities quickly. Review vendor responses ranging from quick patches and CVEs to prolonged silence, and discover how combined vulnerabilities could lead to an AI virus through the AgentHopper concept. Access practical mitigation strategies and forward-looking recommendations for reducing the attack surface of probabilistic, autonomous AI systems.
