AI & the Hunt for Hidden Vulnerabilities with Tobias Diehl

Security Unlocked

Content provided by Bruce Bracken. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Bruce Bracken or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

26d ago 33:53

MP3•Episode home

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research.

In This Episode You Will Learn:

Researching vulnerabilities in Power Automate, Power Automate Desktop, and Azure
The importance of user prompts to prevent unintended application behavior
Key vulnerabilities Tobias looks for when researching Microsoft products

Some Questions We Ask:

Have you submitted any AI-related findings to Microsoft or other bug bounty programs?
How does the lack of visibility into AI models impact the research process?
Has your approach to security research changed when working with AI versus traditional systems?

Resources:

View Tobias Diehl on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

61 episodes