AI needs to do the DoD Cybersecurity training...

BLUF: A newly discovered AI (Artificial Intelligence) prompt injection exploit can bypass critical safeguards in AI-driven systems, as demonstrated in a proof-of-concept (PoC) attack on Anthropic's Claude and exacerbated by vulnerabilities in platforms like DeepSeek. This exploit allows for autonomous malware download and execution, posing significant threats to organizations using AI in security-sensitive workflows, with the potential for malware infections, data breaches, supply chain compromises via weaponized dependencies, like poisoned datasets, and exploitation of AI service vulnerabilities.

A PoC attack demonstrated that AI systems can be successfully manipulated via hidden instructions embedded in web pages. In this attack, the AI was tricked into downloading and running malware disguised as a support tool, which ultimately compromised the entire computer system. Meanwhile, service vulnerabilities like those in DeepSeek’s design amplify risks: Its iOS app transmits unencrypted user data and uses hardcoded encryption keys, enabling man-in-the-middle attacks if compromised via prompt injection or direct exploitation. Cybercriminals can hide malicious commands in web pages or documents that AI systems process, manipulating AI bots into performing these commands as legitimate tasks, such as downloading tools or modifying system settings. Once the AI executes the command, malware is deployed, allowing attackers to take control of the system and steal data. Since the AI believes it is following valid instructions, it bypasses traditional security measures.  

This vulnerability exposes organizations using AI in security-sensitive workflows to significant threats, including malware infections, data breaches, supply chain attacks via compromised AI model dependencies, and reputational harm. DeepSeek’s open-source model compounds these dangers: If integrated into autonomous AI agents, attackers could weaponize systems to exfiltrate data or modify security settings, mirroring the Claude PoC attack. For instance, an AI tool with access to customer data or financial systems could be manipulated into leaking sensitive information or approving fraudulent transactions after being compromised.  

Additionally, insecure AI supply chains, such as untrusted model repositories or vulnerable dependencies (insecure PyTorch/Pickle modules), could allow attackers to inject malicious code during model training or deployment. Further complicating governance, DeepSeek stores user data in China under government jurisdiction allowing access without consent, creating regulatory risks for global enterprises. This not only jeopardizes security but also undermines customer trust and can lead to financial losses, regulatory penalties, and reputational damages.

 

Over the years, I’ve seen numerous discussions here about the potential impact of Cyber on warfighters, the threat posed by China, and what the AF and DoD should do.

i highly recommend anyone interested in the current focus on 2027 and beyond should listen to a podcast called “To Catch a Thief.” There are 9 episodes and it is well worth listening to, especially if you have more than a 20 minute drive to/from work. If you can’t muster that much attention span, just listen to the last episode. Nicole Perleroth worked for the NYT, and reminds mo of the stories of a conservative being “a liberal who got robbed.”  
check it out, you should be able to use it for PME credit or CEUs if you have any computer certification.

https://podcasts.apple.com/us/podcast/to-catch-a-thief-chinas-rise-to-cyber-supremacy/id1798267956

Lots is happening on the gov't side as related to cybersecurity and IMO none of it is good. I can't speak to DoD anymore, so I won't focus on that.

On the civ side the overall focus from the administration seems to be that cyber not a national strategy concern. They've de-funded or cancelled many of the coordination groups (ISAC's) between gov't, business and local leaders. ISACs now require a fee to participate, if they're continued at all.

The FCC just rolled back the cybersecurity standards that were proposed in the wake of the Salt Typhoon hack that popped a ton of US telco's (and those around the world). The rule required -

• Create and implement cybersecurity risk-management plans

• Submit annual FCC certifications proving they were doing so

• Treat general network cybersecurity as a legal obligation

Since retiring I have done Incident Response for everything from a local school board, city governments, state agencies, and businesses from non-profits to multi-billion dollar, world wide critical manufacturing organizations. I wish I could completely articulate the complete shit show that most of these organizations are when it comes to cybersecurity, especially the bigger ones.

They only care about 2 things - what is the minimum amount of security to show legally (customer lawsuit) we did due diligence and what does the gov't require us to do? The fines are not high enough and counted as "the cost of doing business" (re: Facebook fines) and they lobby actively to have a "self evaluation" standard for regulations. We all know how that goes.

The fact that these companies successfully said making a risk management plan is "too hard" really tells me all I need to know. Step one of incident response (and I'd assume anything critical) is "have a plan." The telco's said, "no." Big business basically says no, unless they're a bank. Don't even ask me about the health care sector, you'd think $10K HIPPA fines per instance would be a forcing function. It's not.