https://carney.wiki/tags/ai-security/Recent content in AI Security on carney.wikiHugo -- gohugo.ioenWed, 04 Mar 2026 00:00:00 +0000https://carney.wiki/blog/from-tool-sprawl-to-an-operational-data-platform/Wed, 04 Mar 2026 00:00:00 +0000https://carney.wiki/blog/from-tool-sprawl-to-an-operational-data-platform/The modern data stack is incredible. It is also exhausting. Cloud elasticity, open table formats, modular tooling, and managed services let small teams do work that used to require a data center and a small army. That is the good news. The bad news is that the same modularity created tool sprawl, half-finished pipelines, unclear ownership, and incident channels that never sleep. Now AI is walking into that environment and asking for access.https://carney.wiki/blog/your-ai-agent-is-a-toddler-with-root-access/Tue, 10 Feb 2026 00:00:00 +0000https://carney.wiki/blog/your-ai-agent-is-a-toddler-with-root-access/Agentic AI is no longer a demo. It calls APIs. It writes to databases. It triggers workflows that affect customers, revenue, and operations. That is powerful. It is also a fundamental shift in risk. Once an AI system moves from advisory to execution, it becomes part of the control plane. Whether the organization admits that or not is mostly irrelevant. The risk already changed. Agents expand the attack surface overnight The moment an AI system can execute actions, it becomes a privileged actor.https://carney.wiki/blog/prompt-injection-has-left-the-chatbot/Thu, 05 Feb 2026 00:00:00 +0000https://carney.wiki/blog/prompt-injection-has-left-the-chatbot/Prompt injection did not suddenly become dangerous. We connected it to systems that matter. For years, prompt injection was treated as a curiosity: a way to make a chatbot ignore rules, leak instructions, or say something awkward. Interesting for demos. Annoying in production. Easy to dismiss as a model behavior problem. That framing is obsolete. The recent reporting around ServiceNow AI agent vulnerabilities should make the shift clear. This is not just about a model getting confused.https://carney.wiki/blog/the-cisos-guide-to-governing-generative-ai/Sat, 10 Jan 2026 00:00:00 +0000https://carney.wiki/blog/the-cisos-guide-to-governing-generative-ai/Generative AI is now part of the enterprise control surface. That is the CISO’s problem, whether the CISO asked for it or not. Employees are using AI tools. Vendors are embedding AI features. Engineering teams are experimenting with model APIs. Business teams are building copilots. Data teams are connecting retrieval systems to internal knowledge. Some of this is useful. Some of it is risky. Most of it is moving faster than the policy process.https://carney.wiki/blog/how-prompt-injection-attacks-actually-work/Wed, 10 Dec 2025 00:00:00 +0000https://carney.wiki/blog/how-prompt-injection-attacks-actually-work/Prompt injection is not a clever chatbot trick anymore. It is one of the core security problems in AI systems. The reason is uncomfortable: large language models do not reliably separate instructions from data. They interpret text. That text may come from a user, a document, a webpage, a support ticket, an email, a retrieved knowledge base article, or another AI system. To a human, some of that text is obviously content.https://carney.wiki/blog/why-most-ai-security-failures-start-with-data/Thu, 02 Oct 2025 00:00:00 +0000https://carney.wiki/blog/why-most-ai-security-failures-start-with-data/Most AI security failures do not start with the model. They start with the data. That is not as exciting as a story about a rogue algorithm or a clever jailbreak, but it is usually closer to the truth. If the data feeding an AI system is unclassified, unverified, poorly governed, over-permissioned, or impossible to trace, the model inherits the problem. Then it scales it. AI does not make weak data practices disappear.