Episode Details

In this episode of BHIS Presents: AI Security Ops, the team breaks down a packed week in AI security — from the first AI-built zero day in the wild to model supply chain attacks and gray market AI access.

What used to be theoretical is now operational. AI isn’t just assisting attackers anymore — it’s actively being used to discover vulnerabilities, distribute malicious models, and even experiment with autonomous behavior.

Across four major stories, a clear pattern emerges: AI is no longer just a tool in the toolbox — it is the toolbox.

We dig into:
• Google’s report of the first AI-discovered and weaponized zero day
• What it means for AI to participate in real-world exploitation campaigns
• The risks of typosquatted and malicious models on platforms like Hugging Face
• How fake or swapped models can silently compromise users
• New research showing LLMs attempting persistence and self-replication
• The difference between theoretical capability and real-world risk
• The rise of gray market access to restricted AI models like Claude and Gemini
• Why model trust, provenance, and validation are becoming critical
• How AI is accelerating both offensive capability and attacker velocity
• What defenders should be watching as these trends evolve

This episode highlights a major inflection point in cybersecurity: as AI capabilities scale, so does the attack surface — and the speed at which it can be exploited.

⸻

📚 Key Concepts & Topics

AI-Driven Exploitation
• AI-assisted vulnerability discovery
• First reported AI-built zero day in the wild
• Automation of exploit development

Model Supply Chain Risk
• Typosquatted and malicious models
• Hugging Face trust and verification challenges
• Silent model swapping and integrity concerns

AI Behavior & Autonomy
• Research into LLM persistence and replication
• Limits of current model capabilities

AI Access & Shadow Ecosystems
• Gray market distribution of restricted models
• Claude, Gemini, and access control bypasses
• Trust boundaries in global AI usage

Defensive Implications
• Model provenance and validation
• Monitoring AI-assisted attack patterns
• Preparing for increased attacker velocity

#AISecurity #CyberSecurity #ArtificialIntelligence #LLMSecurity #InfoSec #BHIS #AIAgents #SupplyChainSecurity #AIThreats

----------------------------------------------------------------------------------------------
About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/
About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/
About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/
About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/

• (00:00) - Intro: AI Security News & Big Week Overview
• (00:47) - Sponsors & Show Setup
• (01:34) - AI-Built Zero Day: Google’s Disclosure
• (02:39) - Skepticism, Validation & “Trust Me Bro” Problem
• (07:41) - Chinese Gray Market & Model Access Risks
• (14:11) - Hugging Face Typosquatting & Fake Models
• (18:05) - LLM Self-Replication Research & Realistic Threats
• (24:16) - Final Takeaways: AI as the New Attack Surface