Beyond Prompt Injection: AI’s Real Security Gaps

The MLSecOps Podcast | Season 3, Episode 15 With: Gavin Klondike Hosted by: Dan McInerney & Marcello Salvati Full transcript with links to resources: https://mlsecops.com/podcast/beyond-prompt-injection-ais-real-security-gaps In Part 1 of this two-part MLSecOps Podcast, Principal Security Consultant Gavin Klondike joins Dan and Marcello to break down the real threats facing AI systems today. From prompt injection misconceptions to indirect exfiltration via markdown and the failures of ML Ops security practices, Gavin unpacks what the industry gets wrong—and how to fix it. ⏱️ Timestamps 00:29 – Gavin’s background 01:58 – Behind the OWASP Top 10 for LLMs 04:13 – The "8-year-old guarding a bank vault" analogy 14:52 – Real-world indirect prompt injection 18:07 – Why AI devs repeat old AppSec mistakes—and the role of threat modeling 22:43 – Defending against AI-specific attacks