In this week's episode, Jeremy covers two major and critical developments that underscore the need to harden the foundational components of AI systems and recognize the reality of AI-orchestrated attacks.

First, we analyze Shadow MQ, a vulnerability discovered by Oligo that affects multiple popular AI tools, including those from Nvidia and Meta Llama. The flaw stems from the mass reuse of core, insecure components—specifically, an unsafe Python pickle deserialization technique—in the underlying plumbing of various LLMs. This vulnerability allows attackers to inject malicious commands, potentially leading to Remote Code Execution (RCE) and Privilege Escalation at the API layer.

Second, we dive deep into the first publi ...