Pulse 15: Your AI Has a Trust Model. You Didn't Write It.
Failed to add items
Add to basket failed.
Add to wishlist failed.
Remove from wishlist failed.
Adding to library failed
Follow podcast failed
Unfollow podcast failed
Pulse 15: Your AI Has a Trust Model. You Didn't Write It.
-
Narrated by:
-
By:
Your AI has a trust model. You didn't write it.
Episode 15 is the audio cut of Pulse #15. Pillar Security disclosed a CVSS 10 in Google's Gemini CLI last month, an exploit chain that started with one public GitHub issue and ended with arbitrary code on the main branch of a Google repo. The same pattern showed up in eight other Google-maintained repos. Host Jane walks through why this isn't a coding flaw, why prompt injection understates what happened, and the question every security review of an AI tool should be asking but isn't: what is this agent authorized to trust, and did anyone define that before we deployed it?
Featuring Bruce Schneier on trust as a design decision, and why the patch closed the vulnerability but not the governance gap.
→ Signal Score: echocyber.io/assessment
→ Newsletter: signal.echocyber.io
Editorial: Mike Faas, fractional CTO/CISO at Echo Cyber. Voice by ElevenLabs.