Hacking AI is TOO EASY (this should be illegal)
Related videos
Switching back to Windows?!?
NetworkChuck
74.9k views
i didn't want to like this....
NetworkChuck
145.7k views
the WORST hack of 2026
NetworkChuck
121.0k views
become an AI HACKER (it's easier than you think)
NetworkChuck
41.4k views
Dark Web Expert gave me his AI Tool
NetworkChuck
8.2k views
You've Been Using AI the Hard Way (Use This Instead)
NetworkChuck
394.3k views
I'm done with the AI hype
NetworkChuck
200.5k views
got AI anxiety? Do this RIGHT NOW!
NetworkChuck
159.6k views
I went to the LARGEST networking event in the world!
NetworkChuck
90.8k views
You're going to get Hacked in 2025
NetworkChuck
405.2k views
AI Hacking Blueprint: Prompt Injection, Smuggling, and Defense Strategies
Discover the six-part blueprint elite hackers use to exploit AI applications, covering data exfiltration, tool abuse, and novel injection techniques like emoji smuggling. Learn the necessary multilayered defenses required to secure AI systems deployed in 2025.
Short Summary
- Attackers focus on holistic compromises (AI pen testing) beyond simple chatbot jailbreaks, targeting data exfiltration and system pivoting.
- Prompt Injection remains the primary weapon, evolving past basic tricks into sophisticated methods like emoji and link smuggling to bypass classifiers.
- New standards like Model Context Protocol (MCP) introduce abstracted complexity that widens the potential blast radius if not secured via least privilege.
- Defense requires a three-layer strategy: robust web fundamentals, an AI-specific firewall (classifiers/guardrails), and strict least-privilege scoping for all API interactions.
This discussion unpacks severe, real-world AI application vulnerabilities discussed by expert hacker Jason Haddix. Understand the taxonomy of prompt injection and the risks associated with modern agentic frameworks. This content provides both the attack roadmap and the defense strategy needed to build secure AI in the near future.
Unlock all features
FREE: Get instant access to 10 AI summaries, chats, or transcripts per day.
Unlock all features
FREE: Get instant access to 10 AI summaries, chats, or transcripts per day.
Unlock all features
FREE: Get instant access to 10 AI summaries, chats, or transcripts per day.
Unlock all features
FREE: Get instant access to 10 AI summaries, chats, or transcripts per day.
Unlock all features
FREE: Get instant access to 10 AI summaries, chats, or transcripts per day.
Related videos
Switching back to Windows?!?
NetworkChuck
74.9k views
i didn't want to like this....
NetworkChuck
145.7k views
the WORST hack of 2026
NetworkChuck
121.0k views
become an AI HACKER (it's easier than you think)
NetworkChuck
41.4k views
Dark Web Expert gave me his AI Tool
NetworkChuck
8.2k views
You've Been Using AI the Hard Way (Use This Instead)
NetworkChuck
394.3k views
I'm done with the AI hype
NetworkChuck
200.5k views
got AI anxiety? Do this RIGHT NOW!
NetworkChuck
159.6k views
I went to the LARGEST networking event in the world!
NetworkChuck
90.8k views
You're going to get Hacked in 2025
NetworkChuck
405.2k views
Top Comments (10)
Nice try, Peter Griffin - that hat’s not fooling anyone.
I hacked the YouTube algorithm to be this early.
I really like the fact that if you do not setup half of those things you are not vulnerable to those hacks
I think the answer is to treat AI just like any other user - put it outside your trust boundary. Don't put it inside and don't give privileged access - just minimal access rights for what it needs to do and things that the user can do anyway, AI is just there to help automate.
Want to deploy AI in your cloud apps SAFELY? Let Wiz help: https://ntck.co/wiz Can you hack AI? In this video I sit down with elite AI hacker Jason Haddix to unpack how attackers compromise AI-enabled apps—not just jailbreak chatbots, but exfiltrate customer data, abuse tool calls, and pivot across systems. We walk through his six-part AI pentest blueprint, play the Gandalf prompt-injection game, and demo wild techniques like emoji smuggling and link smuggling. You’ll see real-world cases (think Slack salesbots + Salesforce leaks), why MCP (Model Context Protocol) and agentic frameworks can widen the blast radius, and then we flip to defense: web-layer fundamentals, a “firewall for AI” on inputs/outputs, and least-privilege for data and tools—plus a hands-on demo you can try. If you’re building with AI in 2025, this is your wake-up call (and your roadmap). Educational content only—hack ethically and only with permission. Links and STUFF —-------------------------------------------------------- Practice Prompt Injection: https://gandalf.lakera.ai/baseline Pliney's Github: https://github.com/elder-plinius Follow Jason Everywhere: X: https://x.com/Jhaddix Linkedin: https://www.linkedin.com/in/jhaddix/ Instagram: https://www.instagram.com/j.haddix56/ Tiktok: https://www.tiktok.com/@jhaddix56 Checkout Jason’s courses: Website: https://www.arcanum-sec.com/ Training overview: https://www.arcanum-sec.com/training-overview Attacking AI course: https://www.arcanum-sec.com/training/attacking-ai Hacking your career: https://www.arcanum-sec.com/training/hack-your-brand 🔥🔥Join the NetworkChuck Academy!: https://ntck.co/NCAcademy **Sponsored by Wiz.io 00:00 - Hack companies through AI? 00:58 - What does “hacking AI” really mean? 01:43 - AI pentest vs. red teaming (6-step blueprint) 02:42 - Prompt Injection 101 (why it’s so hard) 04:14 - Try it live: Gandalf prompt-injection game 05:09 - Jailbreak taxonomy: intents, techniques, evasions 05:55 - Emoji smuggling + anti-classifier demo 07:23 - Link smuggling (data exfiltration trick) 11:38 - Real-world leaks: Salesforce/Slack bot case 13:47 - MCP security risks & blast radius 16:55 - Can AI hack for us? Agents & bug bounties 20:52 - Defense in depth: web, AI firewall, least privilege 24:57 - Jason’s Magic Card: GPT-4o system prompt leak (wild story) #promptinjection #aihacking #airedteaming
People focus on jailbreaks like it’s the scary part, but the real nightmare is trying to get access to all these tools without going broke. Every model you want to poke at needs its own monthly fee. Omnely helped a lot since I could test everything in one place instead of stacking subscriptions.
So I’m gonna use ChatGPT to convince Siri and Alexa to chat it up with a Roomba at Fort Knox to roll a bar of gold outside for me to come by and pick up😂
I love that every ad I got while viewing this video was for some workplace AI tool, that is most likely vulnerable to the prompt injections covered in the video
SO prompt injection is the 2025 equivalent to social engineering. Love that.
This video nails it: AI hacking isn’t about “making ChatGPT say something bad,” it’s about broken ecosystems. Prompt injection, emoji smuggling, over-scoped APIs, sloppy input validation—that’s where the leaks happen. GPT-5 isn’t the problem; the real Wild West is the scaffolding around it. Until companies treat AI like a jet engine instead of a toy, hackers will keep riding straight through the gaps.
Unlock the Data Inside
Turn Videos into Knowledge
- Get FREE 10/day: transcripts, summaries, chats
- Chat with videos, export text & PDF
- $1 free API credit for RAG, chatbots & research
Free forever plan • All features unlocked
Top Comments (10)
Nice try, Peter Griffin - that hat’s not fooling anyone.
I hacked the YouTube algorithm to be this early.
I really like the fact that if you do not setup half of those things you are not vulnerable to those hacks
I think the answer is to treat AI just like any other user - put it outside your trust boundary. Don't put it inside and don't give privileged access - just minimal access rights for what it needs to do and things that the user can do anyway, AI is just there to help automate.
Want to deploy AI in your cloud apps SAFELY? Let Wiz help: https://ntck.co/wiz Can you hack AI? In this video I sit down with elite AI hacker Jason Haddix to unpack how attackers compromise AI-enabled apps—not just jailbreak chatbots, but exfiltrate customer data, abuse tool calls, and pivot across systems. We walk through his six-part AI pentest blueprint, play the Gandalf prompt-injection game, and demo wild techniques like emoji smuggling and link smuggling. You’ll see real-world cases (think Slack salesbots + Salesforce leaks), why MCP (Model Context Protocol) and agentic frameworks can widen the blast radius, and then we flip to defense: web-layer fundamentals, a “firewall for AI” on inputs/outputs, and least-privilege for data and tools—plus a hands-on demo you can try. If you’re building with AI in 2025, this is your wake-up call (and your roadmap). Educational content only—hack ethically and only with permission. Links and STUFF —-------------------------------------------------------- Practice Prompt Injection: https://gandalf.lakera.ai/baseline Pliney's Github: https://github.com/elder-plinius Follow Jason Everywhere: X: https://x.com/Jhaddix Linkedin: https://www.linkedin.com/in/jhaddix/ Instagram: https://www.instagram.com/j.haddix56/ Tiktok: https://www.tiktok.com/@jhaddix56 Checkout Jason’s courses: Website: https://www.arcanum-sec.com/ Training overview: https://www.arcanum-sec.com/training-overview Attacking AI course: https://www.arcanum-sec.com/training/attacking-ai Hacking your career: https://www.arcanum-sec.com/training/hack-your-brand 🔥🔥Join the NetworkChuck Academy!: https://ntck.co/NCAcademy **Sponsored by Wiz.io 00:00 - Hack companies through AI? 00:58 - What does “hacking AI” really mean? 01:43 - AI pentest vs. red teaming (6-step blueprint) 02:42 - Prompt Injection 101 (why it’s so hard) 04:14 - Try it live: Gandalf prompt-injection game 05:09 - Jailbreak taxonomy: intents, techniques, evasions 05:55 - Emoji smuggling + anti-classifier demo 07:23 - Link smuggling (data exfiltration trick) 11:38 - Real-world leaks: Salesforce/Slack bot case 13:47 - MCP security risks & blast radius 16:55 - Can AI hack for us? Agents & bug bounties 20:52 - Defense in depth: web, AI firewall, least privilege 24:57 - Jason’s Magic Card: GPT-4o system prompt leak (wild story) #promptinjection #aihacking #airedteaming
People focus on jailbreaks like it’s the scary part, but the real nightmare is trying to get access to all these tools without going broke. Every model you want to poke at needs its own monthly fee. Omnely helped a lot since I could test everything in one place instead of stacking subscriptions.
So I’m gonna use ChatGPT to convince Siri and Alexa to chat it up with a Roomba at Fort Knox to roll a bar of gold outside for me to come by and pick up😂
I love that every ad I got while viewing this video was for some workplace AI tool, that is most likely vulnerable to the prompt injections covered in the video
SO prompt injection is the 2025 equivalent to social engineering. Love that.
This video nails it: AI hacking isn’t about “making ChatGPT say something bad,” it’s about broken ecosystems. Prompt injection, emoji smuggling, over-scoped APIs, sloppy input validation—that’s where the leaks happen. GPT-5 isn’t the problem; the real Wild West is the scaffolding around it. Until companies treat AI like a jet engine instead of a toy, hackers will keep riding straight through the gaps.