Shadow AI isn't a policy problem, it's a trust problem — and banning it makes it worse

​

76% of organizations now consider shadow AI a definite or probable challenge, up from 61% in 2025 — and research shows nearly half of employees keep using their own AI accounts even after a ban. So the traditional security playbook (ban it, enforce it) literally doesn't work here. The only thing that changes behavior is giving people approved tools that actually meet their needs. That's not a security solution, that's a product management problem inside a security context. Curious if anyone here sees this framed that way in their org or if it's still being handled as a pure policy/compliance issue.

reddit.com
u/Xorphian — 5 days ago

FIFA World Cup fraud infrastructure was built months before the tournament started — this is what proactive threat intel actually looks like

Check Point dropped a report showing fraud infrastructure targeting the World Cup was already built, staged, and partially deployed before the opening match — across three sectors and at least ten languages. Most security teams are reactive by design. This is a case study in what threat intelligence actually looks like when it's done ahead of the incident. For anyone trying to get into threat intel as a career path — this is the kind of work worth studying. Not just IOCs but adversarial planning cycles, pre-positioning, and multi-sector campaign mapping.

reddit.com
u/Xorphian — 5 days ago
▲ 3 r/LLM+1 crossposts

Memory poisoning means an agent's mistakes don't end when the session does

​

Normal prompt injection dies when you close the chat. Memory poisoning persists — an attacker plants a false instruction once, the agent stores it long-term, and recalls it weeks later without anyone re-injecting anything. That's a fundamentally different threat model than what most "LLM security" research even targets. Feels like the field optimized for single-turn jailbreak benchmarks while production systems quietly moved to a much scarier persistent-state problem. Is anyone actually benchmarking memory poisoning resistance or is this still a blind spot in research?

reddit.com
u/Xorphian — 6 days ago

We went from "AI says something embarrassing" to "$25M deepfake fraud" in about two years

​

The Arup case wasn't a hack in the traditional sense — it was a deepfake convincing someone to authorize a transfer. No exploit code, no malware, just sufficiently good synthetic media plus normal human trust. Feels like the conversation around AI risk is still stuck on hallucinations and bias while the actual money being lost is going through social engineering supercharged by generation quality. Are we just behind on naming the real threat model here?

reddit.com
u/Xorphian — 6 days ago

Cryptographic identity for AI agents is a security fix wearing an ethics costume

​

The Department of War's April 2026 guidance pushes short-lived credentials and cryptographic signing for every agent action. That's good security. But it's also quietly an ethics framework — it forces accountability ("which agent, which action, which authorization") into systems that were otherwise black boxes acting autonomously. Curious if people here see identity/auth infrastructure as adjacent to AI ethics or if that's a stretch and I'm just security-brained.

reddit.com
u/Xorphian — 6 days ago

Prompt injection vs SQLi: same root cause, worse outlook

​

SQLi got fixed because we could cleanly separate code from data — parameterized queries, done.

Prompt injection can't get that fix because the model has no structural way to tell "system instruction" apart from "untrusted content I just retrieved."

OWASP's 2026 data shows it now maps to six of their ten agentic risk categories. We're treating it like a patchable bug when it's actually a permanent design limitation of the architecture. Anyone seen a real proposal that isn't just "add more filtering layers"?

reddit.com
u/Xorphian — 7 days ago
▲ 13 r/AIsafety+2 crossposts

Security and ethics in AI are basically the same conversation now

​

Started out thinking these were separate fields — one technical, one philosophical. The more I dig in the more they overlap, a poorly secured model is also an unethical deployment risk. Anyone else see it this way or am I oversimplifying?

reddit.com
u/Xorphian — 10 days ago

Does ML background help or hurt when applying for security roles [D]

Worried recruiters see "ML/AI engineer" on a resume and assume zero security depth, even with real hands on work in the space. Anyone hired into security from a non-traditional background like this — how'd you frame it?

reddit.com
u/Xorphian — 11 days ago

Best resources for learning AI/LLM security from a security (not ML) background?

​

Mostly netsec background, trying to get up to speed on AI security specifically. Most content online is either too academic or too shallow. What actually helped you understand this space properly?

reddit.com
u/Xorphian — 12 days ago
▲ 36 r/RedSec+1 crossposts

Red teaming an LLM feels nothing like red teaming a network

Network pentest you know what you're attacking. With an LLM half the job is just figuring out what "broken" even looks like since the model can be jailbroken in a hundred different phrasings. Anyone here actually built a repeatable methodology for this or is everyone just winging it case by case?

reddit.com
u/Xorphian — 11 days ago

Are model security risks (extraction, poisoning) actually being tested in production? [R]

Talk to a lot of ML teams who ship models but skip any adversarial testing before deployment. Feels like security review for models is way behind where it is for regular software. Anyone here actually doing this at their job?

reddit.com
u/Xorphian — 13 days ago

AI engineer trying to pivot toward security — worth it or oversaturated?

Background is ML & deep learningPython, thinking about specializing in AI security since it's the overlap nobody's filled yet. Is this actually a viable niche right now or am I overestimating the demand?

reddit.com
u/Xorphian — 13 days ago

Coming from AI/ML, security feels like a different language at first

Few months into learning security seriously after years in ML/data eng. The mindset shift is real — in ML you optimize for accuracy, in security you assume everything's hostile by default. Anyone else cross over from a dev/ML background? What clicked for you early on?

reddit.com
u/Xorphian — 14 days ago
▲ 11 r/AIMLDiscussion+2 crossposts

How are you all testing LLM apps for prompt injection?

Building stuff with LLMs and trying to figure out a real testing process before shipping. Most guides online are surface level. Anyone actually doing red-team style testing on their own LLM integrations? What's your workflow look like

reddit.com
u/Xorphian — 14 days ago
▲ 1 r/Cybersecurity101+1 crossposts

AI engineers are the new attack surface and nobody's talking about it

Spent the last year building ML pipelines and realized most teams secure the infra but completely ignore the model itself. Prompt injection, data poisoning, model extraction , barely anyone on the eng side thinks about this. Curious if any security folks here are actually testing AI systems or if it's still mostly theoretical in most orgs.

reddit.com
u/Xorphian — 14 days ago
▲ 2 r/linkedinautomation+1 crossposts

Urgent suggestions needed!!!

Hey Folks!

Hope you doin gd.

I want to increase followers (top priority) and engagement on this company Linked page and

I really want you guyz to hit me with some mature corporate content suggestions and strategies to give a boost on increasing followers

Feel free to dm me if you need more details

u/Xorphian — 1 month ago

Looking for MSPs from North America!

Hey everyone

I want to connect with MSPs from North America or GCC to partner with them, if anyone is interested let's connect and have a discussions for details!

reddit.com
u/Xorphian — 1 month ago

How can I connect with MSPs here from North America?

Hey Everyone

I'm looking for MSPs from North America for partnership

If there's any MSP, let's connect and have a discussion.

reddit.com
u/Xorphian — 1 month ago