Your AI assistant is helpful… until it isn’t. In this episode, Frank and Dustin break down the zero-touch exploits (EchoLeak & ShadowLeak) that can hijack AI integrations like email and office suites, quietly exfiltrate your prompts and IP, and even leak them to attacker infrastructure—no clicks required. We also talk about why your chats aren’t protected by legal privilege, how AI activity factored into the California wildfire arsonist story, and what actually works: DLP, model governance, and when you should go local with LLMs.
We keep it real (and a little nihilistic) while giving CISOs, IT leaders, and curious humans the playbook to reduce risk without killing innovation.
👉 Media & interview requests: admin@legitimatecybersecurity.com
🎧 Audio listeners: subscribe on any platform via https://legitimatecybersecurity.podbean.com/
💬 Drop your idea for our new sign-off catchphrase in the comments!
Chapters:
0:00 Cold Open — “What if your AI is spying on you?”
0:30 Welcome & Today’s Agenda (EchoLeak, ShadowLeak, legal privilege, arsonist story)
1:55 Zero-Touch Exploits Explained (no clicks, still owned)
3:11 How It Works via Email & Integrations (silent prompt injection → exfil)
4:48 Old Tradecraft, New Target (drive-by vibes, LLMs in the loop)
7:55 “Plain-Language Hacking” (Gandalf game, prompt judo)
10:27 Why This Still Counts as a Hack (intent, abuse of designed behavior)
12:52 Why SOCs Might Miss It (looks like normal AI traffic)
14:24 DLP, Asset Mgmt, and the “Hated but Needed” Controls
16:44 Should You Run Local LLMs? (pros, cons, update churn)
20:30 Liability & Definitions — Is This Really a Hack? (yes, and why)
22:25 AI Has No Feelings… But It Leaks Yours (reflection, social engineering)
23:16 “No Legal Privilege” Bombshell & The Arsonist Example
26:36 Privacy Culture Shift (profiling even when you opt-out)
29:45 Cat-and-Mouse Prompts (policy workarounds, “encrypt my answer” tricks)
31:19 Don’t Panic, Do Fundamentals — Then Regulate
32:36 What Good Regulation Looks Like (and where it fails)
35:40 Penalties with Teeth (or companies just budget the fines)
38:26 Next Week Tease: DOGE whistleblowers & data handling
39:01 Help Us Pick a Catchphrase (Outro & CTAs)
#cybersecurity #ai #dataprivacy #pentesting #ZeroTouch #llm #copilot #chatgpt #dlp #infosec #datalossprevention
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.