Extracting the Ghost in the Machine
Guilherme Santos
ShmooCon XX (Final) · Day 2 · Belay It
Guilherme Santos, known as Sky, delivered an insightful talk at ShmooCon, delving into the often-overlooked vulnerabilities and exploitation techniques within Artificial Intelligence (AI) and Large Language Models (LLMs). Titled "Extracting the Ghost in the Machine," the presentation moved beyond the commonly discussed prompt injection attacks to explore more sophisticated methods of compromising AI systems. Santos's core motivation stems from a fundamental question: as AI rapidly integrates into nearly every industry, how can cybersecurity principles be applied to hack and exploit these powerful machines?
AI review
This session provided a concise, no-nonsense overview of key AI exploitation techniques: prompt injection, data poisoning, and model inversion/adversarial attacks. While the underlying concepts are not new, the speaker grounded them in compelling, real-world examples drawn from their own assessments, demonstrating the severe practical impact these vulnerabilities can have, from data exfiltration to complete bypass of security systems. The "company went under" anecdote alone makes this a valuable contribution, showcasing that AI security isn't just academic fluff.