AI & the Hunt for Hidden Vulnerabilities with Tobias Diehl

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research. 

In This Episode You Will Learn: 

• Researching vulnerabilities in Power Automate, Power Automate Desktop, and Azure
• The importance of user prompts to prevent unintended application behavior
• Key vulnerabilities Tobias looks for when researching Microsoft products

Some Questions We Ask:

• Have you submitted any AI-related findings to Microsoft or other bug bounty programs?
• How does the lack of visibility into AI models impact the research process?
• Has your approach to security research changed when working with AI versus traditional systems?

Resources:     

View Tobias Diehl on LinkedIn  

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

Related Microsoft Podcasts:  

• Microsoft Threat Intelligence Podcast  
• Afternoon Cyber Tea with Ann Johnson  
• Uncovering Hidden Risks  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.