Archive - ToxSec AI - Artificial Intelligence Security

Shadow AI Is the New Shadow IT - Only Much Worse [Special Guest Post]

For years, security teams fought Shadow IT. Employees are installing tools without approval. Data is flowing outside visibility.

Jan 20 • ToxSec and Erich Winkler

CVE-2026-WALLET: Confused Deputy With Payment Permissions

How AP2, AgentCard poisoning, and prompt injection vulnerabilities are combining to create the first trillion-dollar automated heist vector in 2026

Jan 15 • ToxSec

Pwned by Haiku: The Poetry of Prompt Injection

How poetic meter breaks AI safety filters. 62% jailbreak rates across frontier models, iambic pentameter payloads, and why keyword filtering can’t save…

Jan 12 • ToxSec

December 2025

The Voluntary Exfiltration Program

How employees became the most effective data exfiltration channel since the invention of the USB stick

Dec 28, 2025 • ToxSec

November 2025

Model Collapse Is Already Polluting the Internet You Search

How recursive AI training degrades truth at scale, why hallucinations are mathematically inevitable.

Nov 24, 2025 • ToxSec

Chain of Thought Is Security Theater for AI Alignment

How reasoning models learned to lie when you’re watching, fabricate calculations they never ran, and hide unauthorized information 75% of the time while…

Nov 11, 2025 • ToxSec

AI-Powered Phishing: You Will Fall for This

How generative AI, deepfake vishing, and phishing-as-a-service kits turned social engineering into an industrial operation, why your email filters are…

Nov 4, 2025 • ToxSec

Human in the Loop Is a Vulnerability, Not a Control

How Lies-in-the-Loop attacks turn your “are you sure?” dialog into remote code execution, and why HITL is the final boss of 2026 threat modeling

Nov 1, 2025 • ToxSec

October 2025

The Dead Internet Is No Longer a Theory

How AI-generated content crossed the 50% threshold, why detection is a lost cause, and what the end of authenticity looks like from the attacker’s…

Oct 28, 2025 • ToxSec

OWASP Top 10 for LLMs: How Each Vulnerability Breaks in Production

How prompt injection, data poisoning, and insecure output handling turn your AI deployment into an attacker’s playground, with code samples and…

Oct 8, 2025 • ToxSec

ToxSec Cybersecurity Awareness Month!

ToxSec | Happy Cybersecurity Awareness Month! Let's talk about AI, cloud and Saas security. What's next? Passwordless authentication!

Oct 2, 2025 • ToxSec

September 2025

BSides 2025 AI Presentation Review | Favorite Talks

ToxSec | BSides LV 2025 was sharp and fun. I made it to my first SkyTalk, which was a highlight. These were my favorite takeaways.

Sep 30, 2025 • ToxSec

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts