This week on Absolute AppSec’s 323rd episode, Seth Law (@sethlaw) and Ken Johnson (@cktricky) talk upcoming BlackHat/DEF CON plans, research on logging failures, and the evolving threat of prompt injection. Black Hat / DEF CON 34 is going to be one for the books with trainings that are offered in person at Vegas this year that include both AI-Enhanced Secure Code Review Training and our Agentic AppSec: Harnessing LLMs courses. To register or contact us with questions, you can find more information at training.absoluteappsec.com, or connect with us over Slack. 

The hosts start by talking about an old but frustrating problem: sensitive data leaking into production logs. Referencing work by security researcher Alan Reyes from Locomoco Tech, they point out that keeping secrets out of application telemetry isn’t just a simple configuration fix, but a genuine engineering challenge. In today’s world of cloud microservices, unexpected edge cases, stack traces, and unhandled errors cane easily mess up your logging behavior. Ken shares a great example from his time at GitHub: an automated library meant to pass a simple string accidentally triggered Ruby object interpolation. That tiny coding flaw dumped an entire user object into an internal log, immediately exposing hashed passwords, auth tokens, and environment variables.

When it comes to fixing this mess, the hosts offer a pretty harsh reality check regarding the tools currently available on the market. While platform scanners like Datadog's Sensitive Data Scanner are useful for basic oversight, the hosts argue that relying strictly on regular expressions and basic pattern matching is far too brittle to interpret complex variables or unstructured objects in the real world. Furthermore, they dismiss the idea of using modern AI agents to screen real-time system logs as a total financial non-starter. Running continuous language models over terabytes of active, streaming data would rack up astronomical computing costs that no enterprise operations budget could ever justify. Because new code deployments will always introduce unexpected data anomalies, the co-hosts advocate for a layered security framework instead of a single silver bullet. They strongly urge security teams to run proactive, simulated tabletop exercises specifically focused on log sanitization and incident response. At the end of the day, engineering teams need to stop treating log leakage as a hypothetical risk and accept it as an absolute matter of when, not if.

The conversation then shifts to the frontier of artificial intelligence security, specifically focusing on the persistent and elusive threat of prompt injection within Large Language Model applications. Pulling key insights from a comprehensive, 45-page academic research paper, Seth explains that prompt injection is an architectural certainty that simply cannot be patched or fixed at the core model level. LLMs process linguistic tokens entirely through mathematical weights and probability mapping, meaning they lack any physical, structural, or compiler-level separation between the developer's instructions and raw user data. Because the model processes system commands and malicious user inputs with the exact same priority, it remains inherently vulnerable to manipulation. The hosts explicitly compare prompt injection to automated social engineering, noting that an LLM’s natural design to obey text commands mirrors human susceptibility to clever phishing lures. Ultimately, developers cannot just pass the buck to frontier model providers like OpenAI or Anthropic and assume the platform is secure. To keep AI pipelines from derailing core business logic, engineering teams must build secure application-level wrappers, implement strict input-output sanitization, and rely on deterministic verification.

It’s World Cup season, so how about you rep your favorite podcast? Check out more jersey-inspired tees in our merch store. Tee-shirts are great gifts for yourself or your friends:

We do have a very open secret to share with you: there’s a place for you in our Slack, just send us a note to join the channel. Sit down, relax, and stay a while.

Stay Secure,

Seth & Ken

https://youtube.com/live/Br-B44xHSgA – Episode #263 - WebApp Fuzzing, Mobile Testing, Secrets Management - The final topic in this episode is around secrets management and use of the dotenv (.env) files for storing secrets. Bad practice, but also commonly seen and exploited more and more.

https://youtube.com/live/gqpdEpVm4oM – Episode #232 - Security Jobs, Surveillance, Prompt Injection - The first episode reference prompt injection specifically. Really, just a quick hit on prompt injection and how things are moving quickly in the AI/LLM space. A couple of years of AI at this point.

https://youtu.be/w8z987qtlpw – Episode #176 - Exposed Secrets, Semgrep Rules, IoT Security Failures - Research from an earlier episode on exposed secrets. Answering the question, “What are the secrets out there available if one scans the internet?” BAse on research from @RedHuntLabs on a large-scale study. Giving back by publishing relevant Semgrep Rules and a lack of access control in multiple IoT devices and services.

The AI Security Industry Has A Measurement Problem – From Ken’s own Dry Run Security: while AI excels at identifying vulnerabilities, the cybersecurity industry lacks effective methods to validate, measure, and trust these automated findings. Security teams are often trapped in a loop of managing a high volume of unverified data and generic alerts rather than building context-aware programs. The core challenge is shifting from simply generating findings to effectively measuring their actual security impact.

I Could’ve Rickrolled the Entire FIFA World Cup. All I needed Was My ID. – Ethical hacker "BobDaHacker" discovered a critical vulnerability on a FIFA platform that left the 2026 World Cup infrastructure exposed. By simply registering on FIFA's agent portal, an account was created within FIFA's internal Microsoft Entra tenant. Due to a lack of backend authorization checking, anyone could bypass client-side restrictions to gain write access to live match data and broadcast stream keys, potentially allowing them to take over global television streams.

Where in the world are Seth and Ken?

August 1-4, 2026 - AI-Enhanced Secure Code Review: Black Hat Edition - BlackHat USA, Las Vegas - Seth and Ken are bringing a four-day exclusive course to Black Hat. This is an update on the exclusive version of the course offered at Black Hat Europe. Early bird pricing is ongoing, so it’s a great opportunity to get a truly in-depth understanding of Secure-Code Review and how it can be empowered through LLM-tooling. Seth and Ken have innovated industry-leading trainings in both of these topics, so this four-day course promises to provide a lot of valuable insight.

August 10-11, 2026 - Agentic AppSec: Harnessing LLMs - DEF CON Training, Las Vegas - Comprehensive course designed for developers and cybersecurity professionals seeking to harness the power of Agentic AI and Large Language Models (LLMs) to enhance software security and development practices.