Inside Offensive AI: From MCP Servers To Real Security Risks

Security Unfiltered

Content provided by Joe South. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Joe South or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

28d ago 1:06:01

MP3•Episode home

Send us a text

Security gets sharper when we stop treating AI like magic and start treating it like an untrusted user. We sit down with Eric Galinkin to unpack the real-world ways red teams and defenders are using language models today, where they fall apart, and how to build guardrails that hold up under pressure. From MCP servers that look a lot like ordinary APIs to the messy truths of model hallucination, this conversation trades buzzwords for practical patterns you can apply right now.
Eric shares takeaways from Offensive AI Con: how models help triage code and surface likely bug classes, why decomposed workflows beat “find all vulns” prompts, and what happens when toy benchmarks meet stubborn, real binaries. We explore reinforcement learning environments as a scalable way to train security behaviors without leaking sensitive data, and we grapple with the uncomfortable reality that jailbreaks aren’t going away—so output validation, sandboxing, and principled boundaries must do the heavy lifting.
We also dig into Garak, the open-source system security scanner that targets LLM-integrated apps where it hurts: prompted cross-site scripting, template injection in Jinja, and OS command execution. By mapping findings to CWE, Garak turns vague model “misbehavior” into concrete fixes tied to known controls. Along the way, we compare GPT, Claude, and Grok, talk through verification habits to counter confident nonsense, and zoom out on careers: cultivate niche depth, stay broadly literate, and keep your skepticism calibrated. If you’ve ever wondered how to harness AI without handing it the keys to prod, this one’s for you.
Enjoyed the episode? Follow, share with a teammate, and leave a quick review so more builders and defenders can find the show.

Inspiring Tech Leaders - The Technology Podcast
Interviews with Tech Leaders and insights on the latest emerging technology trends.
Listen on: Apple Podcasts Spotify

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Affiliates
➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh
➡️ OffGrid Coupon Code: JOE
➡️ Unplugged Phone: https://unplugged.com/
Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout
*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Chapters

1. Inside Offensive AI: From MCP Servers To Real Security Risks (00:00:00)

2. Setting The Stage And Imposter Syndrome (00:01:46)

3. Why MCP Is Just Another API (00:03:47)

4. Offensive AI Con: Format And Vibe (00:04:13)

5. What Offense With AI Actually Looks Like (00:05:26)

6. Skills Transfer From Classic Sec To AI Sec (00:06:39)

7. LLMs For Code Audits And Bug Hunting (00:08:21)

8. RL Environments As Scalable Security Data (00:10:26)

9. Model Choice, Agents, And Task Design (00:13:11)

10. [Ad] Inspiring Tech Leaders - The Technology Podcast (00:16:55)

11. (Cont.) Model Choice, Agents, And Task Design (00:17:30)

12. Grok, Claude, GPT: Comparative Notes (00:17:59)

13. When LLMs Help And When They Fail (00:20:52)

14. Verifying Claims And The Web Search Gap (00:24:41)

15. The Moving Target Problem In Security (00:27:30)

16. Garak: From “LLM Vulns” To System Weaknesses (00:28:33)

17. Prompted XSS And Template Injection Risks (00:32:33)

18. Probes, CWE Mapping, And Real Controls (00:35:51)

19. Jailbreaking Limits And Why It Matters (00:39:34)

20. Zero Trust For Model Outputs (00:43:37)

21. Jobs, Hype, And Real Productivity (00:48:06)

22. Career Moats, Niche Depth, And Resilience (00:51:59)

23. Where To Find Eric And Garak (00:57:14)

261 episodes

#Tech #Joe South #Cyber Security #Cloud Security #Career Development #Mental Health #Technology #Careers #Business #News #InfoSec #Hackers