Thursday, March 19, 2026

Promptware Kill Chain

Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat.  Yet discussions around these attacks and their potential defenses are dangerously myopic.  The dominant narrative focuses on "prompt injection," a set of techniques to embed instructions into inputs to LLM intended to perform malicious activity.  This term suggests a simple, singular vulnerability.  This framing obscures a more complex and dangerous reality.  Attacks on LLM-based systems have evolved into a distinct class of malware execution mechanisms, which we term "promptware."  In a new paper, we, the authors, propose a structured seven-step "promptware kill chain" to provide policymakers and security practitioners with the necessary vocabulary and framework to address the escalating AI threat landscape.

The promptware kill chain: initial access, privilege escalation, reconnaissance, persistence, command & control, lateral movement, action on objective

The kill chain was already demonstrated.  For example, in the research "Invitation Is All You Need," attackers achieved initial access by embedding a malicious prompt in the title of a Google Calendar invitation.  The prompt then leveraged an advanced technique known as delayed tool invocation to coerce the LLM into executing the injected instructions.  Because the prompt was embedded in a Google Calendar artifact, it persisted in the long-term memory of the user's workspace.  Lateral movement occurred when the prompt instructed the Google Assistant to launch the Zoom application, and the final objective involved covertly livestreaming video of the unsuspecting user who had merely asked about their upcoming meetings.  C2 and reconnaissance weren't demonstrated in this attack.

-- Oleg Brodt, Elad Feldman, Bruce Schneier, Ben Nassi, "The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multistep Malware Delivery Mechanism" (14 January 2026)

Posted by at No comments:
Labels: , , , , , , , ,

Wednesday, March 18, 2026

Eccentric Enough

People who are eccentric enough to be quite seriously virtuous understand each other everywhere, discover each other easily, and form a silent opposition to the ruling immorality that happens to pass for morality.

-- Friedrich Schlegel (1772 - 1829), German poet, critic, and scholar, The Athenaeum Fragments (1798 - 1800) or Aphorisms from the Athenaeum (German Athenäums-fragmente), collection of aphorisms published by Schlegel, #414

Posted by at No comments:
Labels: , , , , , , , ,

Tuesday, March 17, 2026

NovaNET Gathering

This Sunday I had the pleasure of meeting up with many members of the old NovaNET gang.  I'll drop a few names to spark your memories, as Kevin Maxson was in town with his family, and a group gathered at Papa Del's for a couple of hours over lunch.  I joined Kevin & family along with Carl Evans, James Quisenberry & family, Phil Parker, Ray Thomsen, Steve Peltz, Eric Bina, and Peter Enstrom.  Many more names were dropped in conversation, and 25-year-old memories were the talk of the moment.

As Kevin said, "Nothing compares to working with our team on real meaningful and effective CBE stuff.  I loved it."  Me, too.

Posted by at No comments:
Labels: , , , , , , , , , , , , ,

Monday, March 16, 2026

Scion FR-S 10 Year Anniversary

10 years ago today (16 March 2016) I bought a new, 2015 Scion FR-S from the dealership in Urbana.  Today that car has 249,320 miles on it.  It continues to serve me well as a daily driver.

Early on I used it for autocross and commuting to work at the University of Illinois.  Commuting put 30,000 miles a year on it up until the pandemic.  Annual mileage is around half that now.

In all that time it's been pretty well behaved, needing only regular maintenance plus a new clutch at around 180,000 miles.

My previous car, a 1998 Saturn SC2, made it to 421,000 miles before giving up the ghost.  I don't expect to get that far in the Scion, but here's hoping.

Posted by at No comments:
Labels: , , , , , , , ,

Friday, March 13, 2026

In Conflict

The doctrine that the world is made up of objects whose existence is independent of human consciousness turns out to be in conflict with quantum mechanics and with facts established by experiment.

-- Bernard d'Espagnat (1921 - 2015), French theoretical physicist, philosopher of science, and author, best known for his work on the nature of reality, The Quantum Theory and Reality (November 1979) Scientific American p. 158

Posted by at No comments:
Labels: , , , , , ,

Thursday, March 12, 2026

Question Asking

In the development of intelligence nothing can be more "basic" than learning how to ask productive questions.  All our knowledge results from questions, which is another way of saying that question-asking is our most important intellectual tool.

-- Neil Postman (1931 - 2003), American author, educator, media theorist, and cultural critic, Language Education in a Knowledge Context (1980) published in ETC Vol. 37 (1980)

Posted by at No comments:
Labels: , , , , , , , ,

Wednesday, March 11, 2026

Inexhaustible Source

A mind which has once imbibed a taste for scientific inquiry, and has learnt the habit of applying its principles readily to the cases which occur, has within itself an inexhaustible source of pure and exciting contemplations.

-- Sir John Frederick William Herschel, 1st Baronet (1792 - 1871), English polymath active as a mathematician, astronomer, chemist, inventor, and experimental photographer, A Preliminary Discourse on the Study of Natural Philosophy (1831)

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Comments (Atom)