- Cyber Safety
- Posts
- Leaks by Design: Jailbroken AI, Prompt Logs & Shared Calendars
Leaks by Design: Jailbroken AI, Prompt Logs & Shared Calendars
In partnership with
From Italy to a Nasdaq Reservation
How do you follow record-setting success? Get stronger. Take Pacaso. Their real estate co-ownership tech set records in Paris and London in 2024. No surprise. Coldwell Banker says 40% of wealthy Americans plan to buy abroad within a year. So adding 10+ new international destinations, including three in Italy, is big. They even reserved the Nasdaq ticker PCSO.
Paid advertisement for Pacaso’s Regulation A offering. Read the offering circular at invest.pacaso.com. Reserving a ticker symbol is not a guarantee that the company will go public. Listing on the NASDAQ is subject to approvals.
Employees Are Jailbreaking Their AI Tools
Internal AI copilots and assistants are being jailbroken by well-meaning employees—trying to bypass safety filters to complete “blocked” tasks like scraping emails or rewriting policies.
Limit model permissions by role, monitor prompt logs, and add internal AI usage policies to your security awareness training.
Credential Reuse Is Still Your Biggest Hidden Risk
Even with SSO and password managers, reused credentials across personal and business accounts continue to appear in breach data dumps. Many attackers exploit this before you ever see an alert.
Integrate breach monitoring into IAM systems, enforce password hygiene policies, and auto-expire access to low-priority apps after inactivity.
AI voice dictation that's actually intelligent
Typeless turns your raw, unfiltered voice into beautifully polished writing - in real time.
It works like magic, feels like cheating, and allows your thoughts to flow more freely than ever before.
Your voice is your strength. Typeless turns it into a superpower.
LLM Prompt Logs May Violate Privacy Law
Some AI platforms log every prompt—including sensitive information like health data, financial statements, and internal chat snippets. These logs may violate GDPR, HIPAA, and company privacy policies.
Configure retention policies for prompts, avoid logging content from regulated departments, and treat LLM logs as you would audit trails.
Ghost Infrastructure in Cloud Environments
Cloud environments often host leftover test instances, orphaned storage, and forgotten containers. These assets may still hold data—or worse, active credentials.
Use cloud asset discovery tools to detect abandoned resources. Rotate secrets, and schedule cleanups tied to each sprint or project closeout.
GenAI Code Suggestions Still Miss Security Basics
While AI can write functional code quickly, developers report that it often skips security best practices like input validation, encryption, or proper error handling.
Mandate security review for all AI-generated code. Integrate static analysis tools and pair coding AI with secure coding guidelines inside IDEs.
Executives’ calendars—especially when publicly shareable—are being scraped for investor calls, travel schedules, and partnership meetings, which attackers then use in social engineering campaigns.
Switch calendars to “free/busy” mode, restrict access by role, and monitor for social media posts that echo sensitive internal activity.
Start learning AI in 2025
Keeping up with AI is hard – we get it!
That’s why over 1M professionals read Superhuman AI to stay ahead.
Get daily AI news, tools, and tutorials
Learn new AI skills you can use at work in 3 mins a day
Become 10X more productive