Advanced Cyber Defense: AI Threats & Post-Quantum Security (2026)
Master the cutting-edge of digital defense. This deck covers the "OWASP Top 10 for LLMs," quantum-resistant algorithms, and defense strategies against AI-automated attacks. Ideal for CISSP, CCSP, and advanced security certification prep.
Cards in this deck
What is "Prompt Injection" (Direct)?
A vulnerability where an attacker "tricks" an AI by providing instructions that override its original system prompt (e.g., "Ignore all previous instructions").
Define "Indirect Prompt Injection".
When an AI processes external data (like a website or email) that contains hidden malicious instructions intended to hijack the AI's behavior.
What is "Adversarial Machine Learning"?
A technique where attackers attempt to fool a machine learning model by providing it with deceptive, subtly altered input data.
Define "Data Poisoning".
Corrupting the training data of an AI model during its development so that it learns incorrect patterns or contains a "backdoor."
What is "Post-Quantum Cryptography" (PQC)?
Cryptographic algorithms (usually based on lattice math) designed to be secure against an attack by a powerful quantum computer.
Explain "Harvest Now, Decrypt Later".
A strategy where attackers steal encrypted data today, waiting for future quantum computers to become powerful enough to break the encryption.
What is "Model Inversion"?
An attack where a hacker "queries" an AI model repeatedly to reconstruct the sensitive training data (like private medical records) used to build it.
Define "Prompt Leaking".
A specific type of injection where the goal is to force the AI to reveal its internal "System Instructions" or confidential business logic.
What is "Excessive Agency" in AI?
A risk where an AI agent is given too many permissions (like deleting files or making purchases) without sufficient human oversight.
Define "Shadow AI".
The use of AI tools within an organization without the knowledge or approval of the IT/Security department, creating "blind spots."
What is "Deepfake Voice Cloning" in Vishing?
Using AI to perfectly mimic an executive's voice over the phone to authorize fraudulent wire transfers or data access.
Explain "Lattice-Based Cryptography".
A promising type of PQC that relies on the hardness of finding the shortest vector in a high-dimensional grid of points (lattices).
What is "AI Hallucination Exploitation"?
Tricking an AI into "hallucinating" a non-existent software library, then creating a malicious version of that library for the AI to recommend to developers.
Define "Zero-Knowledge Proofs" (ZKP).
A method where one party can prove to another that a statement is true without revealing any information beyond the validity of the statement itself.
What is "Polymorphic Malware" (AI-Enhanced)?
Malware that uses AI to constantly rewrite its own code to bypass traditional signature-based antivirus detection.
Define "Hardware Security Module" (HSM).
A physical device that safeguards and manages digital keys for strong authentication and provides crypto-processing.
What is "Secure Enclave" (TEE)?
A secure area of a main processor that guarantees code and data loaded inside it to be protected with respect to confidentiality and integrity.
Explain "Red Teaming" for AI.
The practice of systematically testing an AI system for safety flaws, biases, and security vulnerabilities using adversarial techniques.
What is "Supply Chain Attack" (Software)?
Targeting a software vendor or its code repositories to inject malware into a legitimate product that is then sent to thousands of customers.
Define "Ephemeral Keys".
Cryptographic keys that are generated for each new execution of a key-establishment process (ensuring "Forward Secrecy").
What is "Homomorphic Encryption"?
A form of encryption that allows computations to be performed on encrypted data without first decrypting it.