CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 04, 2026

Smashing Security podcast #470: This AI security flaw might be impossible to fix

Graham Cluley Archived Jun 04, 2026 ✓ Full text saved

A website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren't. And when a journalist tried to warn the company, it was lawyers who responded. Meanwhile, a paper from Cornell suggests that prompt injection - the technique malicious actors use to trick AI agents into doing things they really shouldn't - may be fundamentally unsolvable. Which is err... awkwa

Full text archived locally
✦ AI Summary · Claude Sonnet


    Graham Cluley @ 12:15 am, June 4, 2026  @grahamcluley.com  / grahamcluley A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t. And when a journalist tried to warn the company, it was lawyers who responded. Meanwhile, a paper from Cornell suggests that prompt injection – the technique malicious actors use to trick AI agents into doing things they really shouldn’t – may be fundamentally unsolvable. Which is err… awkward, because everyone is rushing to plug AI agents into their email, files, and corporate networks. Plus don’t miss our featured interview with Andrea Sivieri of CoreView, who tells us how hackers can lock your entire organisation out of its Microsoft 365 environment… without having to trick you into running a single piece of malicious code or handing over a password. All this and more in episode 470 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Tanya Janca. Smashing Security #470 This AI security flaw might be impossible to fix ↺ 15 ↻ 30 0:00 0:00 0:00 0:00 1× Show full transcript ▼ Host: Graham Cluley:  @grahamcluley.com  @gcluley@mastodon.green  / grahamcluley Guest: Tanya Janca:  @shehackspurple.bsky.social  / tanya-janca Episode links: Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked – 404 Media. Canon Printer Vulnerability Leaks Plaintext Credentials – Praetorian. Password manager Dashlane says hackers stole some customers’ password vaults – TechCrunch. UK Visa Portal exposed thousands of applicants’ passports and selfies — then called the lawyers on us – TechCrunch. AI Agents May Always Fall for Prompt Injections – ArXiv. MCP Security Crisis: Systemic Design Flaws in AI Agent Infrastructure – Cloud Security Alliance. From Preventive to Reactive: How AI Coding Assistants Transform Developers’ Security Awareness – ArXiv. Design details that feel like magic – Design Spells. Singing lessons. Smashing Security merchandise (t-shirts, mugs, stickers and stuff) Sponsored by: Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off! CoreView – How secure is your Microsoft 365 tenant? Find out with CoreView’s free Microsoft 365 Tenant Security Scanner. ESET – 30 years of threat research behind unique global telemetry, AI-native technology, and human expertise working together to keep your business protected. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser. Join Smashing Security PLUS for ad-free episodes and our early-release feed! Follow us: Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes. Thanks: Theme tune: “Vinyl Memories” by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Found this article interesting? Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post. AI Data loss Podcast Privacy Vulnerability #AI #artificial intelligence #data breach #passport #Podcast #Privacy #Smashing Security #UK government #Visa Graham Cluley Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on TikTok, LinkedIn, Bluesky and Mastodon, or drop him an email.
    💬 Team Notes
    Article Info
    Source
    Graham Cluley
    Category
    ◇ Industry News & Leadership
    Published
    Jun 04, 2026
    Archived
    Jun 04, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗