Artificial Idiots (AI)
Artificial Idiots (AI) is the podcast for AI builders, breakers, and believers who only know half the story.
Hosted by Jenna (the power user), Randy (the entrepreneur), Jack (the developer), and Josh (the philosopher), we tackle the real-world problems in artificial intelligence—from broken development cycles and biased models to regulatory nightmares and ethical landmines.
Whether you're deploying AI in production or wrestling with its implications, we help you navigate the uncharted waters of machines with sharp insights, open debate, and it's fool proof.
Artificial Idiots (AI)
A Practical AI Security Stack For Agents And Accounts
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
AI security isn’t heading toward one magic “AI firewall.” It’s turning into a layered stack where identity, permissions, audit logs, sandboxing, and human approval gates decide whether your AI agent is helpful or dangerous. We walk through the biggest signals from the week and translate them into practical guidance you can actually use, especially if you’re trying to secure AI tools inside a real business with real data.
We start with a blunt shift: account takeover is now an AI security problem. As ChatGPT and coding assistants become as sensitive as email, GitHub, or cloud admin accounts, stronger authentication and safer recovery paths stop being optional. We also dig into why AI coding tools are evolving into security products that scan codebases for vulnerabilities and generate fixes, and what that means for your secure software development lifecycle, validation process, and vendor risk.
Then we focus on the hot zone: agent security. The scariest risk isn’t a weird chatbot reply, it’s an agent with access to your inbox, files, repos, CRM, and cloud tools taking actions on your behalf. We break down OWASP LLM Top 10 themes like prompt injection, insecure output handling, sensitive data disclosure, and excessive agency, and we zoom in on indirect prompt injection where malicious instructions hide inside content an agent later retrieves and obeys. Finally, we cover how frameworks like NIST’s AI cybersecurity profile help operationalize AI risk, why cyber capable frontier models are being gated, and how defense adoption raises the stakes around supply chain security and vendor trust.
Subscribe for weekly AI security news, share this with a teammate who’s rolling out agents, and leave a review with the one AI security question you want answered next.
The New AI Security Stack
SPEAKER_00In the near future, your new security AI stack is gonna look less like install an AI firewall and more like identity plus permissions plus audit logs plus sandboxing plus controls plus human approval gates plus red team testing plus vendor governance. It's a lot to keep track of, but we can do it. And for SMBs, the easiest place to start is don't give AI agents broad permissions. Treat every agent like a junior employee with a laptop, access to sensitive systems, and a habit of believing whatever it reads. I'm Josh Brunning, and I keep up with AI so you don't have to. We have a lot in the news, and I know you're busy, and so let's get right to it.
Account Takeovers Hit AI Tools
SPEAKER_00Number one, account takeover risk is now an AI security issue. OpenAI just rolled out advanced account security for high-risk Chat GPT or Codex users. It requires phishing resistant authentication, such as physical security keys or pass keys, and it disables weaker recovery paths like email or SMS. It shortens sessions, adds login visibility, and disables training on user data by default. That's pretty good. May cause some constraints for some folks, but hey, that's a trade-off with security. And that tells you something important. Your AI account is becoming as sensitive as your email, GitHub, or cloud admin accounts.
Coding Assistants Become Security Tools
SPEAKER_00Number two, AI coding tools are becoming security products. Anthropic just launched cloud security in public beta for enterprise customers. And this is aimed at scanning code bases for vulnerabilities and generating fixes. And that is a major shift. Well, I don't know if I would say super major because there are some other tools that have been doing this before, like Replit, but I think it's becoming more mainstream. Frontier Labs are no longer just selling the AI assistance, they are packaging AI as a part of the secure software development lifecycle. So yay for security.
Agent Risks And OWASP Top 10
SPEAKER_00Number three, agent security is the hot zone. The risk is no longer just the chatbot says something weird. The risk is the agent has access to your email files, your code, your CRM, like Slack or HubSpot, your cloud systems or financial tools, and then takes action, which we've all wanted. And now that we've got it, there are problems. OWASP's LLM top 10 still puts prompt injection at the top of the list, with other major risks including insecure output handling, training data poisoning, supply chain vulnerabilities, sensitive data disclosure, and excessive agency. So make sure that you are staying in the driver's seat when it comes to your agents.
Indirect Prompt Injection Explained
SPEAKER_00Number four, one of the nastiest patterns is indirect prompt injection. So let's let's zero in on that just a little bit. An attacker hides malicious instructions inside a web page, email, document ticket, or repository, and the AI agent later reads it and obeys it. That matters because the user may never directly type the malicious command. The model will retrieve it, depending on whoever typed it in, and it's gonna think that it's from a trusted context and it's gonna execute and that's gonna mess everything up. So watch out for
NIST Brings A Clear Framework
SPEAKER_00that. Number five, governments are formalizing AI cybersecurity. Great. NIST is always leading a pact, drafted its cybersecurity framework profile for artificial intelligence, and it frames AI security around these three key areas: securing AI systems, using AI for cyber defense, and defending against AI-enabled attacks. That is probably the clearest current framework for enterprises trying to make this operational instead of treating AI risk as a vague policy problem. So when in doubt, returned a nice. Number six, cyber capable frontier models, and when I say frontier models, I mean like the major LLMs, are getting
Gating Cyber Capable Frontier Models
SPEAKER_00gated. OpenAI has expanded its cybersecurity program for, you know, cyber-specific models and vetted defenders. Then Anthropic has also been talking about highly capable security models through efforts like Project Glasswing and Claude Mythos Preview. The direction is obvious. Frontier AI can dramatically help defenders, but the same capability raises concerns around automated vulnerability discovery and exploit generation. So watch out for that,
Defense Adoption Raises The Stakes
SPEAKER_00I guess. Number seven, defense and national security adoption is accelerating. The Pentagon announced agreements with major AI companies, including OpenAI, Google, Microsoft, AWS, Nvidia, SpaceX, and others to bring AI into classified defense department environments. That raises the stakes around model security control, supply chain risk, and whether AI vendors can be trusted inside sensitive networks. So that's it for today's Friday news roundup.
How To Reach Me And Subscribe
SPEAKER_00If you have any questions, feel free to reach out to me on LinkedIn, send me a message, or shoot me an email and check out Artificial Idiots every week, wherever you get your podcasts. Bye.