Your AI reads the small print, and that’s a problem. This week in episode 433 of “Smashing Security” we dig into LegalPwn – malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator).
Meanwhile, new research from Anthropic reveals that hackers have already used AI agents to break into networks, steal passwords, sift through stolen data, and even write custom ransom notes. In other words, one hacker with an AI helper can work like an entire team of cybercriminals.
Plus: a joyous geek detour into keyboard history, and the most diabolically annoying, fully functional AI-generated CAPTCHA that you will love to inflict on your friends.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by Mark Stockley.
Warning: This podcast may contain nuts, adult themes, and rude language.
Smashing Security #433:
How hackers turned AI into their new henchman
Host:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Guest:
Mark Stockley:
Episode links:
- LegalPwn: Abusing Legal Disclaimers to Trigger Prompt Injections – Pangea Labs.
- LegalPwn: Tricking LLMs by burying badness in lawyerly fine print – The Register.
- LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code – HackRead.
- One long sentence is all it takes to make LLMs misbehave – The Register.
- Londoners give up eldest children in public Wi-Fi security horror show – The Guardian.
- Targeted social engineering is en vogue as ransom payment sizes increase – Coveware.
- State of Malware 2025 – ThreatDown.
- Cybercrime in the Age of AI – ThreatDown.
- Threat Intelligence Report: August 2025 – Anthropic.
- The Day Return Became Enter – Marcin Wichary.
- Ethan Mollick’s terrible AI-generated CAPTCHAs – Twitter.
- The very worst AI-generated CAPTCHA? – Claude.ai.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
