Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed
Graham CluleyArchived Jun 18, 2026✓ Full text saved
What if your AI coding assistant could be tricked into stealing your own company's secrets - by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told. Meanwhile, someone themselves Nightmare Eclipse has decided to teach Microsoft a lesson. The result? Three zero-days dropped on the internet, one of which lets a thief with a USB stick walk straight past BitLocker. Microsoft is furious. Plus don't miss our featu
Full text archived locally
✦ AI Summary· Claude Sonnet
Graham Cluley @ 12:10 am, June 18, 2026
@grahamcluley.com
/ grahamcluley
What if your AI coding assistant could be tricked into stealing your own company’s secrets – by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told.
Meanwhile, someone themselves Nightmare Eclipse has decided to teach Microsoft a lesson. The result? Three zero-days dropped on the internet, one of which lets a thief with a USB stick walk straight past BitLocker. Microsoft is furious.
Plus don’t miss our featured interview with Son Nguyen Kim of Proton Pass, who explains why plugging AI agents into your email and calendar without thinking twice is rather like hiring a new employee with the keys to everything – and skipping the background check.
All this and more in episode 472 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Paul Ducklin.
Smashing Security #472
AI gets hacked, and BitLocker gets bypassed
↺ 15 ↻ 30 0:00
0:00 0:00
0:00 1×
Show full transcript ▼
Host:
Graham Cluley:
@grahamcluley.com @gcluley@mastodon.green / grahamcluley
Guest:
Paul Ducklin:
@pducklin@infosec.exchange / pducklin
Episode links:
ShinyHunters claims 61M Sysco records – Cybernews.
Derbyshire police officer under investigation for using AI to create evidence – Derbyshire Times.
Maine forced to take down data breach portal after fake notices filed with authorities – Hot for Security.
A Fake Bug Report Hijacks Your AI Coding Agent – and Nothing Catches It. – Tenet Security.
Agentjacking: a fake bug report hijacks AI coding agents – TNW.
When anti-virus goes rogue – A trifecta of Defender zero-days – SolCyber.
BitLocker in crisis? The “YellowKey” zero-day in plain English – SolCyber.
Microsoft versus Full Disclosure: The ongoing Nightmare Eclipse saga – SolCyber.
BitLocker, Defender, zero-days, and bragging rights: More MS nightmares – SolCyber.
Inside the FBI’s Kinetic Cyber Range – FBI.
Inside the FBI’s Kinetic Cyber Range – YouTube.
Computer worm strikes International Space Station – Graham Cluley.
Raspberry Pi Zero W – Raspberry Pi.
There’s still life in old technology.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
Proton Pass – The password manager for businesses that can’t compromise on security or slow their team down. Start a free trial.
Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
CoreView – How secure is your Microsoft 365 tenant? Find out with CoreView’s free Microsoft 365 Tenant Security Scanner.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Join Smashing Security PLUS for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Found this article interesting? Follow Graham Cluley on LinkedIn, Bluesky, or Mastodon to read more of the exclusive content we post.
AI
Data loss
Encryption
Malware
Microsoft
Podcast
Windows
#AI
#artificial intelligence
#BitLocker
#data breach
#Microsoft
#Podcast
#Smashing Security
#vulnerability
Graham Cluley
Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on TikTok, LinkedIn, Bluesky and Mastodon, or drop him an email.