Tokenless

Privilege escalation

AI Privilege Escalation: Agentic Identity & Prompt Injection Risks

AI Privilege Escalation: Agentic Identity & Prompt Injection Risks

Grant Miller explains how malicious actors exploit AI systems through privilege escalation, using techniques like prompt injection to compromise over-permissioned AI agents. The summary covers key mitigation strategies, including the principle of least privilege, robust access governance, dynamic context-based access, and continuous monitoring to secure agentic systems.

Ethical Hacking War Stories: Zero Trust, IAM & Advanced C2 Tactics

Ethical Hacking War Stories: Zero Trust, IAM & Advanced C2 Tactics

Jeff Crume and Patrick Fussell from IBM's X-Force team share a real-world ethical hacking war story, demonstrating an attack from an 'assume breach' perspective. They break down how vulnerabilities in Identity and Access Management (IAM) and legacy systems can lead to a full compromise, starting from an insider threat and escalating to domain administrator privileges through advanced C2 attacks and lateral movement.