Prompt Injection to RCE: When AI Gets Compromised | The AppSec Insiders Ep.16

The AppSec Insiders
25/07/2025 18 min
Prompt Injection to RCE: When AI Gets Compromised | The AppSec Insiders Ep.16

Listen "Prompt Injection to RCE: When AI Gets Compromised | The AppSec Insiders Ep.16"

Descargar episodio

Episode Synopsis

In this episode, we unpack CVE-2025-49596, where prompt injection, CSRF, and localhost access were chained to achieve RCE in the MCP Inspector AI tool. Learn how the exploit worked, what it reveals about LLM security risks, and how to defend against similar threats with sandboxing, access controls, and DevSecOps monitoring.  

More episodes of the podcast The AppSec Insiders

LLM Vulnerabilities and Prompt Injection: AppSec News Deep Dive | The AppSec Insiders Podcast Ep.19 28/10/2025
Fake Extensions to AI Bug Hunters: AppSec News Deep Dive | The AppSec Insiders Podcast Ep.18 26/09/2025
SQL Injection to RCE: Fortinet's Critical Vulnerability Exposed | The AppSec Insiders Podcast Ep. 17 27/08/2025
What Existing AWS Services are Important to AppSec? (Part 2 of 2) | The AppSec Insiders Ep.15 29/10/2024
What Existing AWS Services are Important to AppSec? (Part 1 of 2) | The AppSec Insiders Ep.14 29/10/2024
2023 Year-End Review 20/12/2023
The AppSec Insiders Ep. 11 - Flipper Zero and IoT Security 15/11/2023
Exploring the Challenges of Testing Against the ASVS Standard - Part 4 27/10/2023
Exploring the Challenges of Testing Against the ASVS Standard - Part 3 27/09/2023
Exploring the Challenges of Testing Against the ASVS Standard - Part 2 08/09/2023
© 2003-2026 ZARZA | AHEAD OF OUR TIME
privacy policy
In God we trust In God we trust
PreSales Questions? Click Here
or call our toll-free line at +1-888-5002068 Miami, Florida, USA