{"version":"1.0","type":"rich","provider_name":"Acast","provider_url":"https://acast.com","height":250,"width":700,"html":"<iframe src=\"https://embed.acast.com/$/64ac54ede55ebb0011cb41b1/67e709e85fb59eadfc021c43?\" frameBorder=\"0\" width=\"700\" height=\"250\"></iframe>","title":"AI & the Hunt for Hidden Vulnerabilities with Tobias Diehl","description":"<p>In this episode of The BlueHat Podcast, host <a href=\"https://www.linkedin.com/in/nicfill/\" rel=\"noopener noreferrer\" target=\"_blank\">Nic Fillingham</a> and <a href=\"https://www.linkedin.com/in/wendyzenone/\" rel=\"noopener noreferrer\" target=\"_blank\">Wendy Zenone</a> are joined by security researcher <a href=\"https://www.linkedin.com/in/tobias-diehl-19ba901b5/\" rel=\"noopener noreferrer\" target=\"_blank\">Tobias Diehl</a>, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research.&nbsp;</p><p><br></p><p><br></p><p><strong>In This Episode You Will Learn</strong>:&nbsp;</p><p><br></p><ul><li>Researching vulnerabilities in Power Automate, Power Automate Desktop, and Azure</li><li>The importance of user prompts to prevent unintended application behavior</li><li>Key vulnerabilities Tobias looks for when researching Microsoft products</li></ul><p><br></p><p><strong>Some Questions We Ask:</strong></p><p><br></p><ul><li>Have you submitted any AI-related findings to Microsoft or other bug bounty programs?</li><li>How does the lack of visibility into AI models impact the research process?</li><li>Has your approach to security research changed when working with AI versus traditional systems?</li></ul><p>&nbsp;&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><p><a href=\"https://www.linkedin.com/in/tobias-diehl-19ba901b5/\" rel=\"noopener noreferrer\" target=\"_blank\">View Tobias Diehl on LinkedIn</a>&nbsp;&nbsp; </p><p><a href=\"https://www.linkedin.com/in/wendyzenone/\" rel=\"noopener noreferrer\" target=\"_blank\">View Wendy Zenone on LinkedIn</a>&nbsp;&nbsp;</p><p><a href=\"https://www.linkedin.com/in/nicfill/\" rel=\"noopener noreferrer\" target=\"_blank\">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p><br></p><p><br></p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href=\"https://msthreatintelpodcast.com/\" rel=\"noopener noreferrer\" target=\"_blank\">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href=\"https://afternooncybertea.com/\" rel=\"noopener noreferrer\" target=\"_blank\">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href=\"https://uncoveringhiddenrisks.com/\" rel=\"noopener noreferrer\" target=\"_blank\">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p><br></p><p><br></p><p>Discover and follow other Microsoft podcasts at<a href=\"https://news.microsoft.com/podcasts/\" rel=\"noopener noreferrer\" target=\"_blank\"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p>","author_name":"Microsoft"}