Episode Details

Send us Fan Mail

In Q1 2026 the agentic AI conversation moved from theory to forensics. A crafted PDF triggered physical pump activation through a Claude MCP integration at an industrial facility, after an engineer used the same agent for routine document summarisation and SCADA writes. The hidden instructions used white-on-white text and base64 encoding, the agent treated the document content as instructions, and the legitimate credentials carried the action straight through to operational technology. The damage was physical.

This episode walks through the Q1 2026 forensic record and asks the question the embedded community has been avoiding: what happens when an agent that rewrites its own action plan at runtime is wired to an actuator that does not have an undo button.

Support the show

If you are interested in learning more then please subscribe to the podcast or head over to https://medium.com/@reefwing, where there is lots more content on AI, IoT, robotics, drones, and development. To support us in bringing you this material, you can buy me a coffee or just provide feedback. We love feedback!