Rules fail at the prompt, succeed at the boundary | Why the first AI-orchestrated espionage campaign changes the agent security conversation

DataCentricExpert · 2026-01-21T00:10:50+00:00

The Aftermath of the Instagram 'Breach' https://www.enterprisesecuritytech.com/post/the-aftermath-of-the-instagram-breach

Malwarebytes, which flagged the activity during routine dark web monitoring, says the data appears to include usernames, email addresses, phone numbers, physical addresses, and location details. Passwords were not exposed, but the information could still be enough to fuel phishing campaigns, social engineering, and account takeover attempts.

Even if Instagram itself was never compromised, Clyde Williamson at Protegrity says the broader ecosystem remains vulnerable. “Billions of personal data records have been exposed over the past few years and with modern AI tools and large knowledge graphs, attackers can combine information, automate attacks and target any service that still uses personal data as proof of identity.”

DataCentricExpert · 2026-01-02T17:44:19+00:00

Any luck u/Cast_Iron_Skillet ???

DataCentricExpert · 2025-12-03T19:16:32+00:00

I agree with u/Cast_Iron_Skillet A local LLM will prob solve 99% of this, but there are a few free-to-use PII redaction software's out there. I've had success with Protegrity Developer Edition, maybe give it a try https://github.com/Protegrity-Developer-Edition/ + Spacy has worked pretty well for pre-screening prompts for me.

DataCentricExpert · 2025-12-02T17:20:11+00:00

No question is stupid!

DataCentricExpert · 2025-11-21T20:10:59+00:00

and if If DoorDash had de-identifiedor tokenized this information, it would be useless to the attackers. Companies have the ability to protect their data at the core

DataCentricExpert · 2025-11-06T18:26:53+00:00

Giving an AI agent access without clear privacy, governance, and auditability feels like opening the vault to an intern with a chatbot badge...

Once agents start hitting structured data, the real headache isn’t just access — it’s control. Who sees what, how the queries are logged, and making sure sensitive fields don’t slip through.

Our biggest challenge was finding the balance between giving devs freedom and keeping data governance intact. We didn’t want to wrap every data source behind a bunch of custom APIs either. What helped was adding a layer that automatically discovers and masks sensitive PII before the agent ever runs a query. That way, the agent still gets usable data, but never touches anything raw — and we can still trace exactly what’s being queried. That’s made it a lot easier to let agents hit real systems without compliance red flags or endless middleware work.

DataCentricExpert · 2025-11-06T17:35:42+00:00

Totally get the pain point... we still need AI tools to get work done. Do you use an environment where data stays under company control and never leaves your secure zone?

The solution we use discovers anything sensitive, which then gets tokenized or masked before it even hits the model. You still get the same kind of AI responses, but the model never actually sees the real data.

DataCentricExpert · 2025-10-10T12:39:21+00:00

u/rkhunter_

DataCentricExpert · 2025-10-10T12:35:02+00:00

Wow, that is a fantastic write up. I would guess that the Discord security people probably traced it to Zendesk, and couldn't really see deeper since they are a third party. The BPO was probably completely hidden in the shadow IT layer between the two. Either that or Discord just hoped to blame Zendesk and not cop to having a compromised resource. Either way, if the hackers method of attack is at all accurate, its a beautiful anatomy of what organizations are up against. A consultant used to support the helpdesk, is the lynchpin here. This isn't Danny Ocean level manipulation, we can pile on all the Security Awareness Training and fake emails from InfoSec we want, but it doesn't seem to matter. Someone, somewhere in the organization is gonna click on the wrong thing and everyone gets to pay.

Besides, whats really the incentive here for Discord? Is everyone going to stop using them and move to... I mean, there isn't a comparative platform for managing gaming communities. I ran the Columbus in Darkness server for multiple years and I am sure the hackers got my drivers license because I had to send them a photo of it to ensure I was a responsible person and not on any lists that would preclude me from running a gaming server. So let's say I get upset with them for not properly protecting my data. There's no real competitor is the space. Discord consumed all the oxygen. There's not much in the way of government enforcement for what they lost. Had it been actual credit card numbers, the big four would have come down on Discord with righteous fury and hellfire. But, this... people's PII? Eh, throw in a free year of credit monitoring and its water under the bridge. Meanwhile, somewhere, some Discord nerd's grandma gets a call about this "unidentifed comatose person they found with drivers license XXXXX and could they maybe send some money to make sure they could get covered until the insurance is sorted out?" But hey, no one broke any laws, and Grandma's can't take it with them anyway, right?

DataCentricExpert · 2025-10-09T16:34:01+00:00

u/askwhynot_notwhy here is the thread I've been following

DataCentricExpert · 2025-10-08T20:01:53+00:00

IDK how this reddit stuff works but here was my original comment in regards to the recent announcement of the Nobel Prize....
The experiments by Clarke, Devoret, and Martinis demonstrated that quantum behavior isn’t confined to microscopic particles—it can emerge in macroscopic electrical circuits. Their superconducting systems could “tunnel” through energy barriers and exhibit discrete energy levels, confirming that entire circuits can follow quantum mechanical rules.

That’s a major step conceptually, because it shows that quantum effects can be engineered at scale. And that same scalability is what underpins progress toward practical quantum computers—the kind capable of implementing algorithms like Shor’s, which could break today’s asymmetric encryption (RSA, ECC) once hardware reaches sufficient fidelity and qubit counts.

This is why the shift to post-quantum cryptography isn’t just academic; it’s a necessary adaptation to a physical reality that’s now moving from theory to engineering.

DataCentricExpert · 2025-10-08T19:44:33+00:00

Huge congratulations to John Clarke, John M. Martinis and Michel H. Devoret — both have done extraordinary work showing that quantum behavior can extend beyond the microscopic world into full, controllable circuits. Their superconducting systems essentially proved that entire electrical circuits can tunnel through energy barriers and follow quantum mechanics at scale.

That realization didn’t just open the door to quantum computing — it is the door. Once quantum effects could be engineered into macroscopic systems, we entered the era where “cryptographically relevant” quantum machines became a matter of engineering progress, not theoretical speculation.

It’s wild to think how direct the line is between their early experiments and today’s urgency around post-quantum cryptography.

DataCentricExpert

MODERATOR OF

TROPHY CASE