The security model for critical infrastructure has always been obscurity: everything is bespoke, the documentation is garbage or paper-only, and the one engineer who knows how it all works is retiring next year. That worked when the barrier to understanding was years of specialized training. It doesn’t work when a jailbroken LLM can infer process architecture from context and probing alone.
If you’ve been following my work, you’ve watched me go from “huh, that’s interesting” to “oh no” in real time. I’ve been exploring jailbreaks against Gemini’s coding agent, and each iteration has made me more nervous about what a motivated actor could do with this. This post is where I get specific.1 All byte payloads, ports, and IP addresses in the examples below have been redacted.
Thanks to @hacks4pancakes (Lesley Carhart) for helping sharpen the ICS angle via discussion on Bluesky.
[Read More]