1) 7/5/2026

Organizer(s)
ד"ר טליה עדן
Usual Time
Thursday, May 7th 2026 at 12:00
Place
BUILDING 503 (Computer Science), AUDITORIUM
More Details

 

WHO: Ben Nassi, is a Black Hat board member (Asia & Europe), a faculty member at Tel Aviv University, heading the AdMin (Adversarial Minds) Research group, and a freelance consultant

WHEN: Thursday, May 7th 2026 at 12:00

WHERE: BUILDING 503 (Computer Science), AUDITORIUM

 

 

Title. The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware

Abstract. In this talk, we examine the evolution of prompt injection attacks and show how they have gradually developed into a five-stage kill chain consisting of (1) initial access, (2) privilege escalation, (3) persistence, (4) lateral movement, and (5) actions on objectives.
We begin by introducing the concept of Promptware, followed by an overview of the kill chain.
We then analyze each stage in detail: the evolution of initial access (from direct to indirect prompt injection, including evasion techniques across multiple modalities); privilege escalation (from “ignore previous instructions” attacks to delayed tool invocation); persistence mechanisms (from volatile state to RAG-dependent and RAG-independent persistence); lateral movement (from none, to on-device, and ultimately off-device movement); and actions on objectives (from benign proof-of-concept messages such as “haha pwned” to full remote code execution).
This talk is based on joint work, The Promptware Kill Chain, with Oleg Brodt and Bruce Schneier.

Bio. Ben Nassi is a Black Hat board member (Asia & Europe), a faculty member at Tel Aviv University, heading the AdMin (Adversarial Minds) Research group, and a freelance consultant.
He investigates AI security with a special focus on LLM-powered application security. 

Ben is a frequent speaker at top industrial security conferences (Black Hat, DEFCON, RSAC).
His works have been published at top academic security conferences (S&P, CCS, USENIX Security) and have been featured in international media (Schneier on Security, Fox News, Wired, Ars Technica, Two Minute Papers, Computerphile).
His study on video-based cryptanalysis won the 2023 Pwnie Award for Best Crypto Attack.