AI & the Hunt for Hidden Vulnerabilities with Tobias Diehl

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research. In This Episode You Will Learn: Researching vulnerabilities in Power Automate, Power Automate Desktop, and AzureThe importance of user prompts to prevent unintended application behaviorKey vulnerabilities Tobias looks for when researching Microsoft productsSome Questions We Ask:Have you submitted any AI-related findings to Microsoft or other bug bounty programs?How does the lack of visibility into AI models impact the research process?Has your approach to security research changed when working with AI versus traditional systems?  Resources:     View Tobias Diehl on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks  Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information.