Conference website: https://bsidesrdu.org/
This workshop is designed to provide cybersecurity professionals, developers, and IT leaders with a practical, hands-on understanding of the most critical security risks facing AI systems today. The session is structured into three modules. Featuring live demos and interactive exercises, this workshop will equip attendees with actionable knowledge grounded in leading industry research from the Cloud Security Alliance (CSA), COSAI and OWASP.Module 1: Understanding the Landscape: Top AI Security Threats (55 Minutes)1. Top Threats and AI Landscape: CSA Top Threats to AI Systems, OWASP Top 10 for LLMs, OWASP Top 10 for Agentic AI. Demonstrating a "Direct Prompt Injection" Attack:2. Live Demo showing how an attacker can manipulate an LLM to bypass its safety instructions and reveal sensitive information.3. identify Potential Threats: Attendees will be given a sample AI application to identify threatsModule 2: Analyzing AI Threats, Vulnerabilities & Risk Mitigations (55 Minutes)1. Attacks: Understanding Data Poisoning and Model Skewing vulnerabilities. Model Theft and Inversion attacks work. Adversarial attacks2. Practical Defense Strategies: Discussing input sanitization, output encoding, model hardening, and implementing robust access controls for AI systems.3. Input Sanitization in Action: A demonstration of a simple API gateway or filter that successfully detects and blocks a malicious payload to exploit a vulnerable LLM.4. Crafting a Basic Defense: Attendees will be guided to write function to sanitize user input against a basic form of indirect prompt injection.Module 3: Leveraging AI for Incident Response (55 Minutes)1. Accelerating Triage: Using AI/ML to analyze and prioritize thousands of security alerts in a SOC2. Intelligent Threat Hunting: How LLMs can be used as natural language interfaces to query vast security data lakes3. Automated Remediation: The future of AI in generating automated response actions, from drafting incident reports to creating firewall rules.4. Live Demo: AI-Powered Log Analysis: The demo will show the AI identifying the attack timeline and key indicators of compromise.Attendees are encouraged to bring their laptops to participate in hands-on exercises. On completion attendees will be able to apply core security principles to the unique challenges of AI and agentic systems. Understand the attack vectors behind recent, real-world AI security incidents through structured case studies. Leverage AI-native tools to enhance incident response.
Speakers: