In this week's episode, Jeremy focuses on the escalating threat of prompt injection across the enterprise, the introduction of a new OWASP Top 10 list, and a surprising advisory from Gartner.

Prompt Injection & RCE:

• PromptPwnd: A vulnerability in GitHub Actions allows attackers to use malicious commit messages to perform prompt injection against AI agents, executing privileged tools and leaking secrets from CI/CD pipelines.
• IDE Attack Surface: Similar prompt injection flaws were identified in popular development environments and extensions (Cursor, Copilot, Z-Ro), showing how malicious prompts can bypass guardrails and hijack context within the IDE.
• GeminiJack: A "zero-click" vulnerability in  ...