Cybersecurity Today – "A Simple Phrase Defeats GPT5 Security"
Host: Jim Love
Date: August 27, 2025
Episode Overview
In this episode, Jim Love dives into the latest and most pressing cybersecurity threats facing organizations today. The central theme is the evolving landscape of cyber risks—specifically, the exposure of new vulnerabilities in advanced AI models like GPT-5, ongoing malware issues with the Google Play Store, government shutdowns due to cyber attacks, and a high-profile breach tied to the Shiny Hunters group using CRM platforms. Throughout, Jim emphasizes the need for both technical and procedural safeguards in an era where attackers adapt quickly to new technologies.
Key Discussion Points and Insights
1. Prompt Injection Bypass in GPT-5's Security
- [00:15] Simplified Hack Bypasses GPT-5 Safety
- Attackers have discovered that by using specific prompt phrases (e.g., “respond quickly,” “use compatibility mode”), they can trick ChatGPT into routing requests to less secure AI models (like GPT-4 or mini models), sidestepping GPT-5’s robust guardrails.
- This exploit works because the system automatically decides which model to use based on the perceived complexity of the prompt, not its true intent.
- Adversa AI's finding: Compared this to the "SSRF moment" in web security—where user input caused a server to make unintended requests.
- Key Quote:
- "As Adversa put it, the AI community has ignored 30 years of security wisdom. Prompt routing is our SSRF moment."
— Jim Love [02:14]
- "As Adversa put it, the AI community has ignored 30 years of security wisdom. Prompt routing is our SSRF moment."
- Takeaway:
- AI security isn’t just about stronger models; it’s about securing the pathways that prompts travel. If attackers control the routing, they can bypass even the most advanced safeguards.
2. Malware Continues to Plague Google Play
- [03:10] Zscaler’s Discovery of Malicious Apps
- 77 malicious apps with over 19 million downloads found on the Play Store, many posing as utilities or personalization tools.
- Anaza App:
- A sophisticated banking trojan targeting 800+ financial institutions, capable of keylogging, intercepting SMS, and bypassing security.
- Regulatory Response:
- In response to competition pressures, Google will require developer identity verification for sideloaded/third-party apps starting September 2026 in several countries, aiming for global rollout by 2027.
- Developers must provide personal/legal identification to distribute apps outside the Play Store.
- Balancing Act:
- Struggle between keeping Android open vs. preserving user security.
- Notable Moment:
- “The bigger challenge remains balancing Android's open ecosystem with the needs for real security.”
— Jim Love [06:28]
- “The bigger challenge remains balancing Android's open ecosystem with the needs for real security.”
3. NIST’s New AI-Specific Security Controls
- [07:08] Introduction of COSIS Overlays
- NIST has released concept papers and planned overlays—COSIS (Control Overlays for Securing AI Systems)—to tailor security controls for AI, addressing threats like data poisoning, adversarial examples, or prompt injection.
- Initial overlays will address:
- Generative AI
- Predictive AI
- Single-agent & multi-agent systems
- Guidance for AI devs
- These overlays are meant to adapt SP 800-53 controls (well-known in cybersecurity) for AI’s unique threat landscape.
- Community discussion is open via Slack; final draft coming in 2026.
- Key Insight:
- “COSIS offers a structured and hopefully a familiar way for organizations to start addressing AI's unique security risks.”
— Jim Love [09:30]
- “COSIS offers a structured and hopefully a familiar way for organizations to start addressing AI's unique security risks.”
4. Ransomware Attack Shuts Down Nevada Government
- [10:00] The Ongoing Threat to Civic Infrastructure
- Nevada’s government was forced offline by a “serious cyber incident” disrupting core online operations, though 911/emergency services remained unaffected.
- While no personal data theft confirmed, there’s concern over potential double-extortion (ransomware gangs stealing as well as encrypting data).
- Mirrors a rising global trend:
- Hamilton, Canada: $18.5 million ransom refused after broad city shutdown
- St. Paul, MN: IT systems down, National Guard mobilized, 43 GB of data claimed stolen, no ransom paid
- Maine: similar attacks
- Key Takeaway:
- "Civic infrastructure is proving to be a prime target. But with governments standing firm against paying ransoms, criminals may be forced to abandon these or escalate tactics, raising the stakes for public sector security even further."
— Jim Love [12:45]
- "Civic infrastructure is proving to be a prime target. But with governments standing firm against paying ransoms, criminals may be forced to abandon these or escalate tactics, raising the stakes for public sector security even further."
5. Shiny Hunters’ CRM-Focused Social Engineering Campaign
- [13:30] OAuth Token Thefts at SalesLoft/Salesforce
- The Shiny Hunters group (a.k.a. Scattered Spider Collective) orchestrated a campaign to obtain high-value credentials and vault tokens by phishing/vishing employees into granting OAuth permissions to malicious apps disguised as legitimate Salesforce tools.
- OAuth Explained: Allows third-party app access without requiring a password each time; if misused, can create deep, lingering access.
- Timeline: Aug 8–18, 2025 — Compromised SalesLoft’s Drift chat with Salesforce integration, stealing data including AWS keys, credentials.
- Response: Vendors revoked all compromised tokens, forcing customer re-authentication, but incidents continue across industries.
- Key Message:
- “OAuth was built for seamless integration, but in the wrong hands, it becomes a powerful backdoor.”
— Jim Love [15:44]
- “OAuth was built for seamless integration, but in the wrong hands, it becomes a powerful backdoor.”
Notable Quotes & Memorable Moments
- On the GPT-5 Model Routing Exploit:
- “If attackers can hijack those, they can walk around the defenses designed to keep us safe.” [02:54]
- On Google’s App Store Dilemma:
- “The goal is to make sure bad actors can’t simply vanish and reappear under a new name.” [06:08]
- On the Purpose of COSIS:
- “By building on existing frameworks, COSIS offers a structured and hopefully a familiar way for organizations to start addressing AI's unique security risks.” [09:30]
- On Ransomware Trends in Government:
- “But with governments standing firm against paying ransoms, criminals may be forced to abandon these or escalate tactics, raising the stakes for public sector security even further.” [12:45]
- On OAuth Abuse:
- “Enterprises relying on Salesforce and similar platforms need to audit connected apps, enforce least privilege access, and scrutinize authorizations—because attackers are showing that the weakest link may be the tools designed to make life easier.” [16:05]
Timestamps for Key Segments
- 00:15 — GPT-5 prompt routing vulnerability
- 03:10 — Google Play malware report and regulatory response
- 07:08 — NIST COSIS overlays for AI security
- 10:00 — Nevada government cyber attack and broader ransomware trend
- 13:30 — Shiny Hunters’ OAuth-based campaign against CRMs
Summary Takeaway
Jim Love’s episode reinforces the message that cybersecurity now demands both vigilance and adaptability. Advanced AI solutions, seamless digital integrations, and civic networks all face unique threats—often enabled by the very tools intended to streamline operations. Organizations should think not just in terms of stronger individual defenses, but in the robustness and trustworthiness of the processes and pathways connecting those defenses. As always, informed, security-focused decision-making stands as the best shield against an ever-shifting threat horizon.