Unmasking Trust Attacks with Max Heinemeyer

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/5e/b4/21/5eb421cd-39ae-4cf5-7307-dc51db253668/mza_17906098394500704381.jpg/600x600bb.jpg

Cyber Voices

Australian Information Security Association (AISA)

59 episodes

2 weeks ago

Welcome to CYBER VOICES, where we highlight and celebrate the diverse voices of the Australian cyber community. From top-ranking CISOs and government officials to threat hunters and vulnerability analysts, if there’s a voice to be heard, you’ll hear it on CYBER VOICES. Join us as we delve into the stories, insights, and expertise that shape the world of cybersecurity in Australia.

Technology

RSS

All content for Cyber Voices is the property of Australian Information Security Association (AISA) and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3wo5wojvuv7l.cloudfront.net/t_rss_itunes_square_1400/images.spreaker.com/original/59a9826ea1a1700bd7899aa9dbbb785b.jpg

Unmasking Trust Attacks with Max Heinemeyer

Cyber Voices

29 minutes

1 month ago

Unmasking Trust Attacks with Max Heinemeyer

In this insightful episode of Cyber Voices, David Willett dives into the complexities of trust attacks with Max Heinemeyer at CyberCon 2025. Max brings an innovative perspective by simulating a politically motivated cyberattack on Australian infrastructure. He emphasises the growing concern over trust attacks, differentiating them from traditional cyber threats that focus on confidentiality and availability. Trust attacks, involving the manipulation of critical data, pose a severe risk to national stability. Through this discussion, the episode highlights the pressing need for improved cybersecurity frameworks to address the evolving threat landscape driven by hyper automation and modern AI technologies.

Further reading provided by Max:

On the Feasibility of Using LLMs to Autonomously Execute Multi-host Network Attacks
https://arxiv.org/abs/2501.16466v3

Teams of LLM Agents can Exploit Zero-Day Vulnerabilities
https://arxiv.org/abs/2406.01637

Hexstrike AI Open Source Offensive Security AI Orchestrator - https://www.hexstrike.com/

AI Agent XBOW making number one on Hackerone leaderboard - https://xbow.com/blog/top-1-how-xbow-did-it

AI-enabled prototype ransomware PromptLocker - https://www.eset.com/us/about/newsroom/research/eset-discovers-promptlock-the-first-ai-powered-ransomware/?srsltid=AfmBOop67a943J8-_KuK_8dNC497RoWo1YCELz4eR8wSFUV6NqJy6R1R

And then this happened since we recorded our podcast, but is highly relevant - https://www.anthropic.com/news/disrupting-AI-espionage