- Executive Offense
- Posts
- 🔴 Executive Offense - Post Hacker Summer Camp Issue Pt 1
🔴 Executive Offense - Post Hacker Summer Camp Issue Pt 1
Jason Haddix
August 22, 2025
Hey all!
Hope you've all recovered from what was arguably the craziest Hacker Summer Camp in recent memory. The energy, the people, the non-stop learning… it was a blast, but also a big challenge!
Now that the dust has settled, it's time for the first Executive Offense post-HSC.
Hacking AI is TOO EASY (this should be illegal) Collab with Network Chuck
Right before HSC, I had the chance to sit down with Network Chuck to talk about the AI hacking landscape. In the video, we break down some of the most common ways to hack AI, with a focus on prompt injection and my own taxonomy of techniques. We even discuss how hackers can hide their attacks using methods like emoji and link smuggling [05:58].
For the defenders out there, we also cover a three-layered approach to AI security, focusing on the web, the AI model itself, and the data and tools it uses [20:52]. It's a must-watch if you want to understand how to both attack and defend AI systems.
Keynote at the Bug Bounty Village
It was an honor to give our "Attacking AI" keynote at the Bug Bounty Village. The talk was all about the same techniques in the Chuck video but a little more in-depth!
We covered a ton, from how to find inputs [04:24] to attacking the entire stack, not just the model [05:34]. I walked through several real-world case studies, including how I used prompt injection to gain access to internal systems at a healthcare company [08:44] and how I leaked API keys and accessed Jira and Salesforce [15:12] at another. We also dug into advanced evasion techniques like link smuggling [42:50] and a new approach I'm using called "bring your own encoding" [44:56].
(Sponsor)
See What Really Matters: AI Agents Triage Vulnerabilities for You
Security teams waste hours chasing vulnerabilities that will never be exploited. In a recent case study on CVE-2025-27363, Maze’s AI Agents investigated like an expert human would - confirming if the issue was exploitable in your environment. If irrelevant, it stays low priority. If actionable, it gets flagged fast. The result? Fewer false positives, faster remediation, and a stronger security posture - without the guesswork. Explore the case study.
Prompt Injection 101 at Noob Village
For all the new blood out there, one of the most exciting parts of Hacker Summer Camp was the Noob Village. This year, I had the opportunity to present on Prompt Injection 101 to a packed room. You can check out the full presentation here:
/ Outro Thoughts
This concludes the first post-HSC issue of Executive Offense!
While we were lucky enough to capture some of our presentations for you, the rest of the DEF CON and Black Hat videos are going to be dropping in the next few weeks and months. You can bet your butt we'll be breaking down the most important research from those talks in future issues.
Be sure to subscribe for more in the future!
