Cybersecurity Expert Details Six-Part Blueprint for Hacking AI Systems in New Interview

Cybersecurity researcher Jason Haddix has outlined a six-part blueprint for compromising AI-enabled applications, warning that current defensive measures are insufficient to stop sophisticated attacks. In a newly released interview, Haddix detailed how attackers can move beyond simple chatbot jailbreaks to exfiltrate customer data, abuse tool calls, and pivot across interconnected systems.

The interview, published on YouTube, focuses on practical techniques used in AI penetration testing. Haddix, who describes himself as an elite AI hacker, walked through methods including prompt injection, emoji smuggling, and link smuggling. He also demonstrated the “Gandalf” prompt-injection game as an example of how large language models can be manipulated through carefully crafted inputs.

Haddix cited real-world cases to illustrate the risks, including incidents involving Slack salesbots and Salesforce data leaks. He argued that emerging frameworks like the Model Context Protocol and agentic systems expand the potential attack surface by allowing AI agents greater autonomy and access to external tools.

According to Haddix, the increased connectivity of AI agents creates a wider “blast radius” when a system is compromised. He said that once an attacker gains control of an AI tool call, they can abuse permissions to access sensitive data or execute unauthorized actions across integrated platforms.

The discussion then shifted to defensive measures. Haddix emphasized web-layer fundamentals, calling for a “firewall for AI” that inspects and controls inputs and outputs. He also stressed the need for least-privilege access controls to limit what data and tools an AI system can reach.

He demonstrated hands-on techniques that viewers could replicate in a controlled environment. The purpose, he said, was to show developers how attacks work so they can build more resilient systems. All demonstrations were framed as educational content intended for ethical use only.

The interview includes a link to Gandalf, a public platform for practicing prompt injection, and to a GitHub repository maintained by security researcher “Pliney.” Haddix said these resources allow developers to test their own defenses against common attack vectors.

Haddix is the founder of Arcanum Security, which offers training courses on offensive security and AI system testing. His company’s website lists programs on attacking AI systems and career development for security professionals.

He maintains active profiles on X, LinkedIn, Instagram, and TikTok under the handle @jhaddix, where he posts updates on AI security research. The interview directs viewers to those channels for further material.

The video comes amid growing concern from regulators and enterprises about the security of AI deployments in production environments. Industry groups have warned that rapid adoption of generative AI tools has outpaced the development of standardized security practices.

Haddix concluded by describing the current moment as a “wake-up call” for organizations building with AI in 2025. He said that without proper safeguards, AI-enabled apps will remain vulnerable to data theft and system compromise.

The full interview is available on YouTube at https://youtu.be/2Z-9EOyb6HE. Haddix stated that all techniques discussed should only be used with explicit permission and within authorized testing environments.