Black Hat USA 2025 | Hack to the Future: Owning AI-Powered Tools with Old School Vulns

Harder, Better, Faster, Stronger isn't just the title of a Daft Punk song; it's also what developers hope to get out of the current wave of generative AI. As developers work to shove AI into everything and optimize every aspect of their workflow, the hard-won security lessons of the past are discarded in favor of shiny new objects, with devastating consequences. AI-powered developer tools and agents are meant to add efficiency and speed, but can also add attack surface and amplify vulnerabilities, creating issues where there weren't any previously. These tools often erode security boundaries, contain excess functionality, or are deployed with elevated permissions, a seemingly happy trade for developers looking to optimize. However, this trade creates real-world consequences for organizations and development teams who may have no idea how vulnerable the tools they use are or how exposed they may be. In this presentation, we demonstrate the impact of the regression away from common security practices with vulnerabilities we identified in developer productivity tools used by millions of developers across the globe. We spotlight specific trends and themes from the current wave of generative AI-based development and cover these attack categories, allowing others to quickly focus on addressing what matters most. We also cover generative AI-based quirks in operations and architecture that will continue to lead to security issues in the future. If you missed what it was like to hack in the early days when everything was insecure, now's your chance to go back in time! By: Nathan Hamiel | Senior Director of Research, Kudelski Security Nils Amiet | Lead Prototyping Engineer, Kudelski Security Full Presentation Materials Available at: https://ift.tt/Hy4cTJA

source https://www.youtube.com/watch?v=oaU6a8nuyT8