Smashing Security podcast #470: This AI security flaw might be impossible to fix

AndyC 8 June 2026

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t.

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t. And when a journalist tried to warn the company, it was lawyers who responded.

Meanwhile, a paper from Cornell suggests that prompt injection – the technique malicious actors use to trick AI agents into doing things they really shouldn’t – may be fundamentally unsolvable. Which is err… awkward, because everyone is rushing to plug AI agents into their email, files, and corporate networks.

Plus don’t miss our featured interview with Andrea Sivieri of CoreView, who tells us how hackers can lock your entire organisation out of its Microsoft 365 environment… without having to trick you into running a single piece of malicious code or handing over a password.

All this and more in episode 470 of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Tanya Janca.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , ,

What do you feel about this?

More Stories

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 100

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 100

AndyC 8 June 2026
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

AndyC 8 June 2026
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

AndyC 8 June 2026
Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

AndyC 8 June 2026
Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.

Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.

AndyC 8 June 2026
The Mythos Race: Trump’s New EO and Glasswing’s Expansion

The Mythos Race: Trump’s New EO and Glasswing’s Expansion

AndyC 8 June 2026

You may have missed

Lessons for life: Why children’s data is a long-term identity risk

Lessons for life: Why children’s data is a long-term identity risk

AndyC 8 June 2026
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 100

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 100

AndyC 8 June 2026
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

AndyC 8 June 2026
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

AndyC 8 June 2026
Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

AndyC 8 June 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.