The coming AI security crisis (and what to do about it) | Sander Schulhoff | Lenny's Podcast: Product | Career | Growth

In this episode of Lenny's Podcast, host Lenny Rachitsky interviews Sander Schulhoff, an AI security researcher, about the significant security vulnerabilities in current AI systems. Schulhoff argues that AI guardrails are ineffective against prompt injection and jailbreaking attacks, emphasizing that the industry's reliance on these measures creates a false sense of security. He highlights the potential for malicious actors to exploit AI agents and robots, leading to severe consequences such as data breaches, financial losses, and even physical harm. Schulhoff advises companies to focus on classical cybersecurity measures, proper data permissioning, and educating their teams about AI security risks, while also suggesting the use of frameworks like Camel to limit the actions AI systems can take. He predicts a market correction in the AI security industry as the ineffectiveness of current solutions becomes more apparent, urging foundational model companies to invest in adaptive evaluations and explore new architectures to improve adversarial robustness.

Outlines

Part 1: Introduction, Definitions

Part 2: Attack Examples, Real-World Risks

Part 3: The AI Security Industry, Methods

Part 4: Analysis of Current Defenses

Part 5: Mitigation Strategies, Solutions

Part 6: Agentic Systems, Technical Techniques

Part 7: Industry Outlook, Future

Sign in to continue reading, translating and more.

Continue

The coming AI security crisis (and what to do about it) | Sander Schulhoff

Lenny's Podcast: Product | Career | Growth

Part 1: Introduction, Definitions

Introduction to AI Security Risks

Defining AI Security and Sander Schulhoff's Background

The Insecurity of AI Guardrails

Jailbreaking vs. Prompt Injection: Definitions and Real-World Concerns

Part 2: Attack Examples, Real-World Risks

Examples of Jailbreak and Prompt Injection Attacks

Claude Code Cyber Attack and the Increasing Danger of AI

Part 3: The AI Security Industry, Methods

The AI Security Industry

Automated Red Teaming, AI Guardrails, and Adversarial Robustness

How AI Security Companies Work with AI Products

Part 4: Analysis of Current Defenses

The Core Issues: Automated Red Teaming and Ineffective Guardrails

Why AI Guardrails Do Not Work

The Reality of AI Security Testing and the Limitations of Guardrails

The Growing Danger of AI and the Capabilities Point

The Disconnect Between AI and Classical Cybersecurity

The Worst Defenses and a Summary of the Core Issues

Part 5: Mitigation Strategies, Solutions

What Can Be Done? Assessing the Problem and Limiting Damage

Classical Cybersecurity and the Jobs of the Future

The Value of AI Security Researchers and the Alignment Problem

AI Research Incubator Program and the Importance of Containment

Investing in Cybersecurity Plus AI and the Angry God Analogy

Part 6: Agentic Systems, Technical Techniques

Ensuring You're Running Just a Chatbot and the Dangers of Agentic Systems

The Comet Browser Issue and the Camel Technique

Camel's Limitations and the Importance of Education

Part 7: Industry Outlook, Future

Advice for Foundational Model Companies

Promising Directions for AI Security and the Difficulty of Solving Indirect Prompt Injection

Progress in AI Security and Companies Doing Good Work

Predictions for the Future of AI Security

Final Takeaways and Recommendations

The coming AI security crisis (and what to do about it) | Sander Schulhoff

Lenny's Podcast: Product | Career | Growth

Part 1: Introduction, Definitions

00:00Introduction to AI Security Risks

Introduction to AI Security Risks

02:55Defining AI Security and Sander Schulhoff's Background

Defining AI Security and Sander Schulhoff's Background

06:04The Insecurity of AI Guardrails

The Insecurity of AI Guardrails

08:27Jailbreaking vs. Prompt Injection: Definitions and Real-World Concerns

Jailbreaking vs. Prompt Injection: Definitions and Real-World Concerns

Part 2: Attack Examples, Real-World Risks

11:46Examples of Jailbreak and Prompt Injection Attacks

Examples of Jailbreak and Prompt Injection Attacks

15:57Claude Code Cyber Attack and the Increasing Danger of AI

Claude Code Cyber Attack and the Increasing Danger of AI

Part 3: The AI Security Industry, Methods

18:27The AI Security Industry

The AI Security Industry

20:23Automated Red Teaming, AI Guardrails, and Adversarial Robustness

Automated Red Teaming, AI Guardrails, and Adversarial Robustness

25:33How AI Security Companies Work with AI Products

How AI Security Companies Work with AI Products

Part 4: Analysis of Current Defenses

28:33The Core Issues: Automated Red Teaming and Ineffective Guardrails

The Core Issues: Automated Red Teaming and Ineffective Guardrails

31:04Why AI Guardrails Do Not Work

Why AI Guardrails Do Not Work

35:07The Reality of AI Security Testing and the Limitations of Guardrails

The Reality of AI Security Testing and the Limitations of Guardrails

38:22The Growing Danger of AI and the Capabilities Point

The Growing Danger of AI and the Capabilities Point

40:33The Disconnect Between AI and Classical Cybersecurity

The Disconnect Between AI and Classical Cybersecurity

42:21The Worst Defenses and a Summary of the Core Issues

The Worst Defenses and a Summary of the Core Issues

Part 5: Mitigation Strategies, Solutions

44:44What Can Be Done? Assessing the Problem and Limiting Damage

What Can Be Done? Assessing the Problem and Limiting Damage

47:52Classical Cybersecurity and the Jobs of the Future

Classical Cybersecurity and the Jobs of the Future

50:21The Value of AI Security Researchers and the Alignment Problem

The Value of AI Security Researchers and the Alignment Problem

54:23AI Research Incubator Program and the Importance of Containment

AI Research Incubator Program and the Importance of Containment

58:01Investing in Cybersecurity Plus AI and the Angry God Analogy

Investing in Cybersecurity Plus AI and the Angry God Analogy

Part 6: Agentic Systems, Technical Techniques

1:00:16Ensuring You're Running Just a Chatbot and the Dangers of Agentic Systems

Ensuring You're Running Just a Chatbot and the Dangers of Agentic Systems

1:03:58The Comet Browser Issue and the Camel Technique

The Comet Browser Issue and the Camel Technique

1:07:50Camel's Limitations and the Importance of Education

Camel's Limitations and the Importance of Education

Part 7: Industry Outlook, Future

1:11:32Advice for Foundational Model Companies

Advice for Foundational Model Companies

1:14:11Promising Directions for AI Security and the Difficulty of Solving Indirect Prompt Injection

Promising Directions for AI Security and the Difficulty of Solving Indirect Prompt Injection

1:17:52Progress in AI Security and Companies Doing Good Work

Progress in AI Security and Companies Doing Good Work

1:21:54Predictions for the Future of AI Security

Predictions for the Future of AI Security

1:25:33Final Takeaways and Recommendations

Final Takeaways and Recommendations