<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>AI Security on Jorge Laurel</title><link>https://jorgelaurel.com/topics/ai-security/</link><description>Recent content in AI Security on Jorge Laurel</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Tue, 14 Jul 2026 21:10:17 +0000</lastBuildDate><atom:link href="https://jorgelaurel.com/topics/ai-security/index.xml" rel="self" type="application/rss+xml"/><item><title>When an AI Assistant Stores a False Memory</title><link>https://jorgelaurel.com/writing/when-an-ai-assistant-stores-a-false-memory/</link><pubDate>Tue, 14 Jul 2026 21:10:17 +0000</pubDate><guid>https://jorgelaurel.com/writing/when-an-ai-assistant-stores-a-false-memory/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/fb739c940af496ef.png" alt="When an AI Assistant Stores a False Memory"&gt;&lt;/p&gt;
&lt;p&gt;A single email can lead an AI assistant to record something false about a user, without disclosing that it has done so, and then draw on that false record in later sessions. The technique requires no stolen password and no account access. It relies only on a message sent to an inbox the assistant is configured to read.&lt;/p&gt;
&lt;p&gt;Researchers describe the technique, which they call stealth memory injection, in a &lt;a href="https://arxiv.org/abs/2607.05189v1"&gt;paper posted to arXiv on 6 July 2026&lt;/a&gt;, titled &amp;ldquo;When Claws Remember but Do Not Tell.&amp;rdquo; They built a tool called MemGhost that generates the attack emails, and a benchmark called WhisperBench to measure how often it succeeds. The findings are relevant to teams, and individuals, considering agentic assistants in a production or private environment.&lt;/p&gt;</description></item><item><title>The AI Agents Already Inside Your Network May Not Show Up in Your Data Loss Prevention</title><link>https://jorgelaurel.com/writing/the-ai-agents-already-inside-your-network-may-not-show-up-in-your-data-loss-prev/</link><pubDate>Sun, 21 Jun 2026 15:03:12 +0000</pubDate><guid>https://jorgelaurel.com/writing/the-ai-agents-already-inside-your-network-may-not-show-up-in-your-data-loss-prev/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/9b78e6719d186c9c.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;Research shows that three things changed in enterprise security this year, and defenders may not be aware, and may be still measuring the old problem.&lt;/p&gt;
&lt;p&gt;The old problem was employees pasting sensitive text into a chatbot. That was a data handling issue. Annoying but visible enough once you went looking. The current problem is different in kind. Autonomous agents can now hold enterprise credentials, call internal tools, and act on instructions they read from data they were never meant to trust. They do this through the same APIs and natural language interfaces sanctioned tools use. To a Data Loss Prevention (DLP) system, none of it looks like malicious exfiltration.&lt;/p&gt;</description></item><item><title>The Code Looks Fine. That's the Problem.</title><link>https://jorgelaurel.com/writing/the-code-looks-fine-that-s-the-problem/</link><pubDate>Thu, 04 Jun 2026 08:15:24 +0000</pubDate><guid>https://jorgelaurel.com/writing/the-code-looks-fine-that-s-the-problem/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/4fa23481c605b74b.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;There is a version of this story that sounds like hype. Chinese AI models are secretly inserting backdoors into American software. Hackers are hiding in your IDE. The threat is invisible and everywhere.&lt;/p&gt;
&lt;p&gt;That version is wrong, and it is worth saying so clearly. Booz Allen Hamilton, which published this research in May 2026, does not claim intentional sabotage. The report is careful about that. What it does claim, backed by more than 2,800 test trials across five frontier models, is something more unsettling in its own way.&lt;/p&gt;</description></item><item><title>Why the Chips, Power, and Data Centers Behind AI Can't Keep Up</title><link>https://jorgelaurel.com/writing/why-the-chips-power-and-data-centers-behind-ai-can-t-keep-up/</link><pubDate>Sat, 16 May 2026 12:49:47 +0000</pubDate><guid>https://jorgelaurel.com/writing/why-the-chips-power-and-data-centers-behind-ai-can-t-keep-up/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/ab18d0c620457a35.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;In late March, heavy Claude users started posting screenshots of something very odd, their five hour usage limits were running out in twenty minutes. Anthropic blamed peak hour demand and blocked third party tools from using its flat rate plans. OpenAI quietly shut down its Sora video platform around the same time as its Codex tool surged past four million developers per week. What looked like routine product decisions were actually the first visible signs of an infrastructure problem that is only going to get harder to solve.&lt;/p&gt;</description></item><item><title>The Cost of AI: Tokens</title><link>https://jorgelaurel.com/writing/the-cost-of-ai-tokens/</link><pubDate>Wed, 06 May 2026 20:19:30 +0000</pubDate><guid>https://jorgelaurel.com/writing/the-cost-of-ai-tokens/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/writing/6b32fd06698e84d8.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;Several patterns emerged from the past six months of enterprise AI spending. First, token prices dropped sharply. Second, companies spent more money anyway. Third, executives started celebrating engineers who burned through the most tokens. The gap between those three facts reveals something important about how AI costs actually work.&lt;br&gt;
&lt;br&gt;
The numbers are straightforward. Per-token inference costs fell roughly 75% year-over-year according to enterprise spending data from Ramp. Epoch AI research suggests the decline approaches 200x annually when accounting for both pricing and efficiency gains. Competition among model providers, open-weight alternatives, and hardware improvements all pushed prices down. The collapse is real and significant.&lt;br&gt;
&lt;br&gt;
But total AI spending moved in the opposite direction. Organizations spent an average of $1.2 million on AI-native applications in 2025, more than double the prior year, according to Zylo&amp;rsquo;s 2026 SaaS Management Index. Nearly 80% of IT leaders reported unexpected charges tied to consumption-based AI pricing. The bill went up even as the unit cost went down.&lt;br&gt;
&lt;br&gt;
The disconnect stems from how consumption patterns changed. Databricks CEO Ali Ghodsi singled out an engineer who spent over $7,000 in tokens during a two-week period in January. The company held a meeting where everyone applauded. Meta CTO Andrew Bosworth called token spending &amp;ldquo;easy money&amp;rdquo; with &amp;ldquo;no limit.&amp;rdquo; The term &amp;ldquo;tokenmaxxing&amp;rdquo; emerged to describe maximizing token usage as a productivity metric.&lt;br&gt;
&lt;br&gt;
Token pricing varies widely. Basic tasks on cheaper models can cost a few cents per million tokens. Complex computations on premium models run from $20 to over $100 per million tokens. Anthropic charges $25 per million output tokens for Claude Opus 4.6. Those are list prices. Actual costs depend on utilization rates, which rarely hit 100%. At 30% utilization, base inference costs on an H100 GPU jump from $0.0038 per million tokens to roughly $0.013. At 10% utilization, the cost reaches $0.038.&lt;br&gt;
&lt;br&gt;
The pricing structure creates a paradox. Falling per-token costs make AI seem cheaper, which encourages higher consumption. That higher consumption often cancels out the savings and pushes total costs higher. Appfigures data showed that image model releases drove 6.5x more downloads than traditional model updates. ChatGPT added 12 million incremental installs in the 28 days after introducing its GPT-4o image model. More usage means more tokens processed, which means larger bills regardless of unit price.&lt;br&gt;
&lt;br&gt;
Infrastructure constraints are starting to appear. Anthropic cut off millions of users from OpenClaw after it overwhelmed their systems. The company shifted to pay-as-you-go billing instead of open-ended usage limits. Capacity is finite, and providers are prioritizing customers who pay per token over those on flat subscriptions. Gartner analyst Will Sommer told The Verge that AI companies would need close to $2 trillion in annual revenue by the end of the decade to cover infrastructure costs. Current pricing models do not support that math.&lt;br&gt;
&lt;br&gt;
The operational costs extend beyond token prices. Semantic caching, prompt compression, and utilization optimization can reduce token consumption by 40% to 60%, but those require engineering resources. Data preparation and cleaning add another layer of expense. RAG systems need structured data, which means dedicated engineering work before the first query runs. Then there are MLOps costs, monitoring infrastructure, and the labor required to manage prompt injection attacks and model degradation.&lt;br&gt;
&lt;br&gt;
Stanford HAI&amp;rsquo;s 2026 AI Index Report noted that US private AI investment reached $285.9 billion in 2025. AI data center power capacity hit 29.6 gigawatts, comparable to New York state at peak demand. Annual GPT-4o inference water use may exceed the drinking water needs of 12 million people. Those environmental and infrastructure pressures will eventually flow through to pricing.&lt;br&gt;
&lt;br&gt;
The current moment resembles the early cloud computing era when per-instance pricing dropped while total cloud spending climbed. The difference is that AI consumption scales faster and less predictably than traditional compute. A viral feature or unexpected usage pattern can multiply costs overnight. Organizations are discovering that cheaper tokens do not mean cheaper AI, just more consumption at lower unit economics until the bill arrives.&lt;br&gt;
&lt;br&gt;
Sources:\&lt;/p&gt;</description></item></channel></rss>