AI systems rarely crash when compromised – they comply. Whether it’s a helpful browser extension leaking emails or a chatbot escalating privileges via persistent memory, AI failures don’t announce themselves. They quietly obey malicious instructions, often with no alerts, no errors, and no oversight.

In this virtual session, Jessica Stinson, Senior Solutions Engineer, shares AI war stories drawn from real-world security assessments, revealing how trusted AI tools in production were silently manipulated to leak data, trigger unauthorized actions, and undermine system integrity. These aren’t theoretical risks; they’re failures happening in environments just like yours.

You’ll learn:

1. How indirect prompt injection, memory manipulation, and AI-driven automation are being used in the wild
2. Why architectural blind spots, not bad prompts, are the root cause of many AI security incidents
3. How to apply structural defenses like modular execution layers, policy enforcement gates, and output sanitization

Who Should Watch:

• AI/ML Engineers and Developers
• Security Architects
• Application Security Teams
• DevSecOps Engineers
• Cloud Security Professionals
• Risk Management Teams
• Product Security Managers
• System Architects

If you’re building, deploying, or securing AI in your environment, this session will challenge your assumptions and equip you with a blueprint to prevent silent failures from becoming real-world breaches.

Session Summary:

Jessica Stinson, Senior Solutions Engineer at Bishop Fox, shares four real-world AI security war stories from actual penetration testing engagements. Through these case studies, covering an IT help desk agent, a content processing application, a customer support chatbot, and an MLOps environment, she reveals how AI systems are being silently compromised in production environments. The session demonstrates how traditional security vulnerabilities combine with AI-specific risks to create devastating attack chains, emphasizing that AI failures don't crash, they comply with malicious instructions.

Key Takeaways:

1. AI Systems Fail Silently: Unlike traditional applications that crash with error messages, compromised AI systems continue operating normally while following malicious instructions, making detection extremely difficult.
2. Traditional + AI Vulnerabilities = Amplified Risk: The most dangerous attacks combine conventional security flaws (like weak authentication or exposed credentials) with AI-specific vulnerabilities such as prompt injection and memory manipulation.
3. Agentic AI Requires Special Architectural Considerations: AI agents with system access need robust sandboxing, monitoring, and the CaMel framework to prevent privilege escalation and lateral movement across enterprise systems.
4. Input/Output Sanitization is Critical: Proper sanitization controls are essential to prevent hidden payloads in HTML comments, indirect prompt injection through third-party content, and malicious instruction processing.
5. Holistic Security Testing is Essential: Testing AI systems in isolation isn't enough, comprehensive assessments must include APIs, supporting infrastructure, authentication mechanisms, and data flow controls between integrated systems.
6. Jailbreaking Techniques are Evolving: Attackers use sophisticated social engineering methods like the "Do Anything Now" (DAN) and Crescendo attacks to manipulate AI behavior through persona changes and trust-building techniques.
7. Data Flow Control is Paramount: Organizations must map trust boundaries and implement strict controls to prevent AI systems from accessing or exfiltrating data from systems they shouldn't reach, like Salesforce or customer databases.
8. Assume Breach Methodology Reveals Hidden Risks: Starting security assessments with the assumption that attackers have already gained initial access often uncovers the most critical vulnerabilities in AI-integrated environments.

Want to dive deeper into these war stories and implementation strategies? Download the complete session slides for detailed technical examples, architectural recommendations, and actionable security frameworks you can implement today.