Shows
The AI Security PodcastTo open or close model weights?In this episode, Tania and I discuss the debate around closed or open model weights. What do you think?The RAND report we mention: https://www.rand.org/pubs/research_reports/RRA2849-1.html2025-07-2327 minThe AI Security PodcastCreative prompt injection in the wildIn this episode, Tania and I talk through some creative examples of prompt injection/engineering we've seen in the wild.. think prompts hidden in papers, red-teaming and web-scraping.Your Brain on ChatGPT: https://arxiv.org/pdf/2506.08872Paper with hidden text (p. 12): https://arxiv.org/abs/2502.19918v2Interesting overview: https://www.theregister.com/2025/07/07/scholars_try_to_fool_llm_reviewers/Echoleak blog post: https://www.aim.security/lp/aim-labs-echoleak-m3652025-07-1631 minThe AI Security PodcastThreat intel digest: 23 June 2025This week we discussed multiple AI vulnerabilities, including Echolink in M365 Copilot, Agent Smith in Langchain, and a SQL injection flaw in Llama Index, all of which have been patched. We also covered a data exposure bug in Asana's MCP server and OWASP's project to create an AI vulnerability scoring system, while also outlining Google's defense layers for Gemini, Thomas Roccia's Proximity tool for MCP server security, news regarding AI and legal/security concerns, and research on AI hacking AI, prompt compression, multi-agent security protocols, and the security of reasoning models versus LLMs.2025-06-2552 minThe AI Security PodcastAI safety evaluations with InspectI'm back from holiday, and this week Tania and I talk about a project she completed as part of the ARENA AI safety curriculum to replicate the findings of evaluations on frontier AI capabilities.Link to reasoning paper: https://arxiv.org/abs/2502.09696Link to the Inspect dashboard: https://inspect-evals-dashboard.streamlit.app/ARENA AI Safety course: https://www.arena.education/2025-06-1632 minThe AI Security PodcastThreat intel digest: 9 June 2025This week we try a new condensed format for the AI security digest! we covered critical CVEs, including vulnerabilities in AWS MCP, Llama Index, GitHub MCP integration, and tool poisoning attacks. We also reported on malware campaigns using spoofed AI installers, a supply chain attack via fake PyTorch models, and the AI-guided discovery of a Linux kernel vulnerability by Sean Healin using OpenAI's 03 model. We addressed OpenAI's actions against malicious use of their models, Reddit's lawsuit against Anthropic for data scraping, the creation of an AI model for reconstructing 3D faces from DNA by Chinese researchers, a zero-trust framework...2025-06-1154 min
Lost In CyberiaBONUS EP: Entrepreneurship, AI Security, and Overcoming Biases with Harriet FarlowIn this episode, Harriet and Annie-Mei have a chat over wine and ice-cream sundaes from a hotel room in Sydney before heading to a Gracie Abrams concert. They explore Harriet's journey as the founder of Mileva Security Labs, an AI security company that addresses security risks to AI systems. Harriet shares insights into the challenges of starting and running a business, especially as a young woman in a male-dominated field. The discussion delves into issues of bias, gender, and ageism in the professional world, and the importance of resilience and adaptability. The conversation also touches on public speaking, the...2025-06-0936 minThe AI Security PodcastThreat intel digest: 26 May 2025Sign up to receive in your inbox: http://eepurl.com/i7RgRMTania Sadhani and Miranda R discussed various AI security topics, including critical CVEs affecting platforms like ChatGPT and Hugging Face, the potential for SharePoint Copilot in internal reconnaissance, and malicious npm packages targeting Cursor developers. They also covered the OASP Gen AI security initiative's Agent Name Service (ANS), the proposed AI.txt for controlling AI agent interactions, and Unit 42's framework for agentic AI attacks. Furthermore, Miranda highlighted security guidance from international agencies, Anthropic triggering ASL 3 for Claude Opus 4, Microsoft's AI red teaming playground, a...2025-05-3039 minThe AI Security PodcastAI Vulnerability Research with Aditya RanaEver wondered how security vulnerabilities are found in AI? Join us as we chat with Aditya, a Vulnerability Researcher at Mileva Security Labs!2025-05-2038 min
Business Disrupted'The Intersection of AI and Security'Can AI be fooled? What happens when machines are manipulated?In this episode, we sit down with Harriet Farlow, founder of Mileva Security Labs and a leading expert in AI security, to explore the world of adversarial attacks, ethical hacking, and the urgent need for responsible AI governance.With over 10 years of experience and a PhD in AI Security, Harriet breaks down how AI systems can be exploited, why ethics must be at the core of AI development, and what business leaders need to do now to stay ahead of emerging threats. She also shares...2025-05-1648 minThe AI Security PodcastThreat intel digest: 12 May 2025Sign up to receive in your inbox: http://eepurl.com/i7RgRMThis week we note regular CVEs in AI libraries such as Nvidia TensorFlow and PyTorch. We discuss a novel prompt injection technique called "policy puppetry", along with malware dispersal through fake AI video generators and Meta's release of an open-source AI security tool set including Llama Firewall. We also covered Israel's experimental use of AI in warfare, Russia's AI-enabled drones in Ukraine, China's crackdown on AI misuse, Dreadnode's research on AI in red teaming, geolocation doxing via multimodal LLMs, safety research on a...2025-05-1248 minThe AI Security PodcastThe evolution of data science and AI ethics with Dr Alberto ChiericiThis week I'm joined by my friend Alberto, he has an incredible storied career - from data science, insurance, AI risk, advising Tesla.. check out his book here! https://www.amazon.com.au/Ethics-I-Facts-Fictions-Forecasts/dp/16367636502025-05-0749 minThe AI Security PodcastStanford's 2025 AI Index ReportWe talk about Stanford Human-Centred AI's latest AI Index report, check it out here: https://hai.stanford.edu/ai-index/2025-ai-index-report2025-04-3035 minThe AI Security PodcastThreat intel digest: 28 April 2025Did you know we have a fortnightly threat intel newsletter? We decided there was so much good research in there we have to talk about it here! We're joined by threat intel lead Miranda for this fortnight's biggest AI security news, coming out in this week's digest! http://eepurl.com/i7RgRM2025-04-2837 minThe AI Security PodcastEpisode 28: the OWASP ML Security Top 10 with co-lead Shain SinghMy friend Shain joins me on the podcast to talk about his work with the OWASP MLSec Top 10 list and organisational guidance, as well as how he got here!For info about the list and how to contribute, check out the link: https://owasp.org/www-project-machine-learning-security-top-10/ 2025-04-2352 minThe AI Security PodcastEpisode 27: all about AI red teamingThis week we talk about AI red teaming.. I can't quite believe we haven't talked about it already! We cover the origins of red teaming in the military, how red teaming is done in cyber security, and the fundamentals of AI red teaming. Resources:https://academy.hackthebox.com/course/preview/introduction-to-red-teaming-aihttps://tryhackme.com/path/outline/redteaming2025-04-1757 minThe AI Security PodcastEpisode 26: Microsoft's L33t Sp3ak AI security series ft. meI didn't manage to get my act into gear to record a fresh episode between getting back from the UK and heading to New Zealand so I've pulled one from the vault.. it's a good one though! A year ago I was interviewed by Microsoft for their AI security series. Massive thanks to Microsoft for having me and Sarah Young for excellent interviewing. Check out the rest of the series, they have some really cool people on. This is also a good episode for anyone new to AI security, it covers most of the bases.Link here...2025-04-0230 minThe AI Security PodcastEpisode 25: conversations at AI UK in LondonI didn't want to do a solo episode so instead I enlist free content support by speaking to the vendors at AI UK, run by the Alan Turing Institute, in London! Thanks very much to those people, links below here:Datambit: https://datambit.com/RAISE: https://raise-project.uk/Contact us at contact@mileva.com.au2025-03-2329 minThe AI Security PodcastEpisode 24: examples of AI security incidents, from our Manchester airbnb (but sadly not the hot tub)We're in Manchester but we can't talk about it much.. so instead we reflect on some of the latest digest incidents (and how we wish the hot tub in our airbnb had water in it).Sign up to the digest here: http://eepurl.com/i7RgRM2025-03-1635 minThe AI Security PodcastEpisode 23: the AI lifecycle and what it means for securityIn this episode we discuss the AI lifecycle.. we talk through important machine learning stages (training, inference etc), how they apply at the systems levels (agentic systems, APIs etc) and and example in context (facial recognition at airports but please forgive us we are not airport experts).We refer to useful content from MITRE's resources: https://atlas.mitre.org/resources/ai-security-101Feel free to compliment us at contact@mileva.com.au.2025-03-1040 minThe AI Security PodcastEpisode 22: security careers and content creation with Cyber Expanse host James WebbIn this episode I interview James Webb, host of the Cyber Expanse. We discuss careers at the intersection of AI and cyber security, how to get into the security workforce, and what it's like being 'influencers' (content creators) in the security space.This episode also has a video equivalent at Harriet Hacks on YouTube, and will have a companion episode on James' YouTube channel as well.2025-02-2626 minThe AI Security PodcastEpisode 21: is AI an optional risk? lessons in risk analysis from a road trip to the Society of Risk Analysis conferenceTania and I went to Melbourne to attend the Society of Risk Analysis Annual General Meeting. What a great group of people.. we learnt so much about risk analysis from these awesome people. We all came from totally different disciplines - climate, biosecurity, technology - but everyone working in risk has the same challenges!They were also a great group of people to go out for cocktails with (we had a few).contact@mileva.com.au2025-02-2331 minThe AI Security PodcastEpisode 20: threat intelligence vs vulnerability research in AIToday I'm joined by Miranda, our threat intel lead at Mileva, to discuss how threat intel and vulnerability research works in the world of AI security. We also recently released a threat digest, sign up here to understand what AI security incidents and research are happening in the wild: http://eepurl.com/i7RgRMcontact@mileva.com.au2025-02-1628 minThe AI Security PodcastEpisode 19: the TikTok ban (also relevant to DeepSeek?!) part 2This is part 2 of our discussion on the TikTok ban and its AI security implications. We have not yet recorded a podcast about DeepSeek (look, we're very busy) but you'll find that a lot of the discussion about Chinese national security laws is relevant and echoes those same conversations.Links discussed:The Infographic: https://newsroom.tiktok.com/en-au/comparative-study-of-social-media-data-collection-practices-au?utm_source=chatgpt.comBing vs Google: https://searchengineland.com/google-bing-is-cheating-copying-our-search-results-62914Reach out at contact@mileva.com.au.2025-02-0924 minThe AI Security PodcastEpisode 18: what is going on with this TikTok ban? Part 1.We chat about the TikTok ban and its AI security implications. We got so into this topic we had to split it in two parts!The AI security creative comms comp: https://milev.ai/reports/ai-security-communication-competition-2000-in-prizes/Sign up to our new threat digest: http://eepurl.com/i7RgRM Get in touch with us at contact@mileva.com.au.2025-02-0326 minThe AI Security PodcastEpisode 17: 30 lessons at 30 (AI security edition)Harriet turned 30 recently and decided to try this trend - but AI security edition! We talk through 30 lessons - AI, security and life.Contact us at contact@mileva.com.au2025-01-2342 minThe AI Security PodcastEpisode 16: our top 3 AI security trends to start off 2025Welcome to the AI security podcast! We decided to rebrand and claim this space since no-one else has taken it! We're looking forward to being your go-to podcast for AI security news, research and casual yaps.In this episode Tania and I each discuss our top three trends in AI security and AI for security as we enter 2025.Links discussed:Cyber risk management podcast: https://open.spotify.com/show/43k7780x6wSvKCq75StIsMAbout the number 2025: https://mindyourdecisions.com/blog/2025/01/02/5-fun-facts-about-2025-you-probably-didnt-know/Our AI security research: https://aisecurityfundamentals.com/Reach...2025-01-1937 minThe AI Security PodcastEpisode 15: you didn't get enough of GRC last time with Annie-Mei - Part 2We continue our discussion on key trends in GRC and its intersection with AI!Annie-Mei is also about to launch her own podcast and I highly recommend you check it out if you want more no-nonsense content and advice about the cyber space.2025-01-0530 minThe AI Security PodcastEpisode 14: the AI Security Likelihood Project - Interim report and dataset now out!This week we released the interim report and subset of the AI incident database for the AI Security Likelihood research Tania has been working on! We chat through the motivations for the project, our initial insights and takes, and where we hope to take it next. Now we want your input! Check it out at aisecurityfundamentals.com and let us know if you have insights on the risk modelling, AI incidents, or access to data/collaborations that could make this project even better.(If you don't want to hear us talk about our Christmas party skip to around 8...2024-12-1744 minThe AI Security PodcastEpisode 13: what on earth is GRC with Annie-Mei Forster Part 1Today we chat to my good friend Annie-Mei about GRC (governance, risk and compliance). She is a senior GRC consultant with a background in journalism! We discuss her career journey and an overview of what on earth GRC is.2024-12-1636 minThe AI Security PodcastEpisode 12: from data analytics to start-up founder with Howjer GuThis time we sit down with Howjer Gu, Founder of Planoverse, a start-up in our stream within the UNSW 10x accelerator! Fun fact - Howjer and I used to work together at Deloitte back in 2016 and couldn't believe it when we ran into each other during the application process. Howjer has a background in data analytics and recently founded Planoverse, which is like a digital twin for grocery stores. Learn about his start-up journey and the importance of data.Planoverse: https://www.planoverse.com.au/2024-12-0831 minThe AI Security PodcastEpisode 11: the Mileva backstory.. also Harriet is in VOGUE?!2024 has seen a lot of change for Mileva.. and we often get people asking about what we're doing and we got here, so this time Tania interviews Harriet about starting Mileva! We know lots of our audience are curious about starting a business and the different trade-offs that entails (quitting your full time job, looking for funding, services vs products, when is the right time) so we address some of these questions. We also talk about our experience in the UNSW 10x accelerator (hint: I'll be interviewing some of these founders in upcoming episodes!)Oh also Harriet somehow...2024-12-0527 min
Threat Vector by Palo Alto NetworksBridging AI and Cybersecurity Gaps with Mileva Security Labs’ Harriet FarlowJoin us in this episode of Threat Vector as guest host Michael Heller shares his conversation with Harriet Farlow, CEO of Mileva Security Labs and a pioneer in AI security research. With a background spanning AI and national cybersecurity, Harriet shares her journey into adversarial machine learning and the critical importance of addressing AI security vulnerabilities. They discuss how AI models are increasingly exposed to cyber-attacks and why organizations must adopt proactive security measures. Tune in to explore the technical and policy challenges of AI risk, key gaps in model security, and how Mileva Security Labs is working to...2024-11-2127 minThe AI Security PodcastEpisode 10: how to up-skill in AI securityIn this episode Tania and I chat through how we learnt about AI security and adversarial machine learning, and how you can too! Some resources we mention:- Crash Course AI https://thecrashcourse.com/topic/ai/- 3 Blue 1 Brown https://www.youtube.com/c/3blue1brown- Kaggle https://www.kaggle.com/learn/intro-to-machine-learning- Hands-on ML textbook (more for 'classic' machine learning - still really important to understand 'modern' models) https://www.booktopia.com.au/hands-on-machine-learning-with-scikit-learn-keras-and-tensorflow-3e-aurelien-geron/book/9781098125974.html?gad_source=1&gclid=CjwKCAiA9dGqBhAqEiwAmRpTC3W7SbJJOrI8fEi-19OxvyNLElA8Nk7iKH6nE4KDm1i...2024-10-3119 minThe AI Security PodcastEpisode 9: why did California Governor Newsom veto the AI regulation bill and what other bills were passed?People kept asking us about the recent AI laws in California and why some were passed but one was vetoed, so we decided we'd finally better do a podcast episode on it! Disclaimers: we're not lawyers (this will be immediately obvious) but I hope this is enlightening to other AI/tech folk. We certainly loved researching this one, and we encourage everyone who's interested to join the discussion!In this episode we shout out Civ.ai, a non-profit we met at Berkeley when we were in the US. They create demos to show policymakers just how...2024-10-2835 minThe AI Security PodcastBONUS: how are threat actors using language models?In this bonus episode we're still with Miranda and we're talking about some of the trends we're seeing around LLMs (language models) being used by adversaries to augment attacks. This could be another episode, but we have a bite sized discussion for you here!2024-10-2410 minThe AI Security PodcastEpisode 7: Is AI Security a subset of Cyber Security with AI security researcher MirandaThis time we are joined by another vital member of the Mileva team, Miranda R! Unlike Tania and myself, who are data scientists who got into security, Miranda actually started as a cyber security analyst and made her way into AI. She chats about her career journey and insights on the cyber/AI intersection.2024-10-2231 minThe AI Security PodcastBONUS: we rode a Waymo and chat about the impact of automationWhen we were in the US we rode a Waymo.. and now we chat about it here! We definitely want to chat about job displacement in another episode, but for now - here is our excuse to tax deduct the Waymo ride!2024-10-0914 minThe AI Security PodcastEpisode 5: hacking the TikTok dance filter and facial recognition models at BSides Canberra and SingaporeWe're finally back after a bit of a break (travel is tiring). Over the last couple of weeks we attended and spoke at BSides Singapore and BSides Canberra! In this episode we cover the research discussed in our talks and the highlights of BSides in general (you know we're massive BSides fans). 2024-10-0228 minThe AI Security PodcastEpisode 4: reflections on hacker summer camp (BSides LV, DEF CON 32) and San FranciscoWe're exhausted but we're still here! And to our knowledge we have not been hacked... in this episode we reflect on our AI and cyber security conversations from BSides Las Vegas, the AI Security Forum, DEF CON 32 and our week in the Bay Area. We also want to shout out these organisations:Far Labs for hosting us: https://far.ai/labs/CivAI, this awesome new company we met who are creating AI demos: https://far.ai/labs/Dreadnode for their awesome LLM red teaming comp at the AI Village: https://www.dreadnode.io/R...2024-08-1726 minThe AI Security PodcastBONUS: get hyped for hacker summer camp 2024 - BSides Las Vegas, Black Hat and DEF CON!!Are you excited to attend hacker summer camp (BSides LV, Black Hat and/or DEF CON) in 2024? So are we!! Harriet shares some tips and tricks based on her experience last year. If you'll be in Vegas this year and see myself and Tania please say hi!Hackertracker: https://hackertracker.app/conferences/HSCPARTIES2024/schedule/2024-08-0118 minThe AI Security PodcastEpisode 2: how is AI security different to AI safety and cyber security?In this episode Tania is in New Zealand and I am in France, but that hasn't stopped us! We dive deeper into defining Artificial Intelligence Security, how it is different to AI safety and cyber security and our reflections on its past, present and future. Listen for a 0-50 on AI security.Mileva Security Labs: https://milevalabs.com/AI Safety Aus and NZ: https://www.facebook.com/groups/1099249420923957/Google Trends: https://trends.google.com/trends/Intriguing Properties of Neural Networks: https://arxiv.org/abs/1312.61992024-07-3130 minThe AI Security PodcastEpisode 1: what is AI security.. and who are we??Welcome to the first episode of the podcast. It's only up from here. Tania has been roped into presenting this with me so not only do you get to hear about us and why we care about AI security, but we also explain what it is and why YOU should care about AI security. Mileva Security Labs: https://milevalabs.com/Psyber: https://psyber.com.au/HarrietHacks: https://www.harriethacks.com/ 2024-07-2522 min