Angus Chen
AI Security, Detection, Quishing, QR code phishing.
Actions
Angus Chen is a globally recognized AI–cybersecurity leader, international keynote speaker, and trusted community builder with 20+ years advancing deep-tech and AI/ML solutions across the public, private, nonprofit, and startup sectors. His experience spans the Federal Reserve Board under the Chairmanships of Greenspan and Bernanke, FINRA under Shapero, MITRE during the administrations of Obama and Trump, and Binary Defense. As the founder of Qerberos, he drives innovation at the intersection of AI and cybersecurity to detect malicious payloads and prevent cyberattacks. His QR code phishing-detection platform idea, QR-Trust, originated at a Sundai hackathon and matured into a product in collaboration with Sundai members. A DEF CON Goon and board chairperson, Angus champions community engagement and broad-based diversity while fostering a culture of trust; his thought leadership has been featured at RSA Conference, ISC² Security Congress, and InfoSec Taiwan. He has contributed to the OWASP Multi-Agentic System Threat Modeling Guide v1.0 and the OWASP AI Vulnerability Scoring System (AIVSS). Angus holds a Global Executive MBA from IESE Business School (North America Alumni Board member) and an M.S. in Applied & Computational Mathematics from Johns Hopkins University (Inter-Asian Alumni Alliance board), serves as class president in NYU Stern’s C-Suite Pathway executive program, and maintains CISSP, CCSP, and PMP certifications. Beyond work, he’s an avid rock climber and trail runner.
Model Context Protocol (MCP) and the Unseen Security Risks
The Model Context Protocol (MCP) is transforming how AI systems interact with data and services. By making APIs accessible to large language models, MCP offers a simple and powerful way to connect applications with AI agents. With growing adoption by major AI companies and widespread deployment of MCP servers, this protocol is rapidly becoming the de facto bridge between systems and intelligent agents.
But with great power comes great risk.
MCP allows remote AI agents to perform any action a user could take—often without traditional safeguards. Imagine an AI accessing your GitHub account and issuing commands on your behalf. MCP makes this possible. The problem? Most APIs were designed with cautious, technically savvy developers in mind—not ordinary users experimenting with LLM prompts and untrusted MCP servers found online.
In this talk, we’ll unpack the security implications of MCP, walk through real-world attack vectors, and provide concrete strategies for mitigation. The session is led by Angus Chen, a cybersecurity expert, and Aleks Jakulin, an AI researcher and contributor to open web standards. Both are members of Sundai, a leading hacker collective affiliated with Harvard and MIT.
Multi-Agentic System Threat Modeling
Applying the OWASP Agentic AI – Threats and Mitigations taxonomy to real-world multi-agent systems (MAS). These systems, characterized by multiple autonomous agents coordinating to achieve shared or distributed goals, introduce additional complexity and new attack surfaces.
To Scan or Not to Scan? That Just Might Be Quishing
From 2021 to 2025, dynamic QR codes generated by users accumulated a total of 7,181,345 QR code global scans, a 433% increase since 2021. QR code is rapidly being adopted since COVID from information retrival to a payment method . Human eyes can’t see the URL or action encoded in the QR code. Threat actors can easily replace legitimate QR codes with malicious ones that lure users into credential theft, financial fraud, and malware downloads.
phishing via QR codes aka Qishing is rapidly becoming a high-risk threat vector, especially in regulated industries where user trust, secure access, and data protection are paramount. The problem? Human eyes can’t inspect QR codes, and most compliance controls can’t intercept them.
In this session, we will
- Discuss QR code use in critical sectors (financial services, health, transit, government and military).
- Walk through the actual case study of parking scam to simulate a phishing flow.
- Share actionable mitigation strategies
Security AI
Welcome to Security AI! The goal of this course is to inform on how artificial intelligence is becoming one of the major tools in our security arsenal. The problem is that, unless mom you have a specific type of degree, you are at the mercy of product vendors,collaborators, ChatGPT, or search engines to understand these concepts. This course demystifies artificial intelligence and its relationships.
This is an interactive course, with the goal of teaching security professionals how to implement AI in order to obtain valuable insights. This course will encompass various topics including: machine learning (ML), and large-language models (LLMs). The combination of AI and security allows the security community to move our assumptions, opinions and beliefs into knowledge.
No previous experience is necessary. Background understanding programming is very helpful, specifically Python.
Module Title
00 Introduction to SecurityAI
01 History of AI
02 Introduction to AI
03 Difficulties of SecurityAI
04The Data Science Process
05 Introduction to Machine Learning
Unsupervised Learning - event log analysis for persistence
Case Study: Phishing Detection
GenerativeAI
Large Language Models
llama - synthetic event log generation
Case Study: Phishing Detection with GenerativeAI
Get your tickets: https://www.eventbrite.com/e/bsidesnova-2024-8-bit-games-sept-6-7-arlington-va-tickets-971314707437
AI-Driven Security
The goal of this course is to inform on how Artificial Intelligence is becoming one of the major tools in our security arsenal. The problem is that, unless you have a specific type of degree, you are at the mercy of product vendors, collaborators, ChatGPT, or search engines to understand these concepts. This course demystifies Artificial Intelligence and its relationships.
This interactive course will teach security professionals how to conduct data science techniques to manipulate and analyze security data to uncover valuable insights. The course will cover a few topics from data preparation, feature engineering and selection, exploratory data analysis, data visualization, machine learning, model evaluation and optimization and finally, implementing at scale.
No previous experience is necessary. Background understanding Python programming is helpful.
Course outline:
• Introduction to AI
• Applied AI to Cybersecurity
• Difficulties of AI-Driven Security
• Introduction to Machine Learning & Data Science
• A case study coding
• Walking through the case study coding exercise with a real-world data set
A Data Scientist and a Threat Hunter Walk into a Bar
In this talk, we'll explore the dynamic partnership between a data scientist and a threat hunter as they join forces to elevate their company's machine learning (ML) powered detection and response capabilities. By blending threat intelligence with advanced ML techniques, they were able to create capabilities to uncover unknown threats across various data sources. Attendees will gain an understanding on how to bring ML into their detection strategy, practical applications of machine learning for threat detection, and understanding how to layer it with attacker operations and threat intelligence to enhance detection strategies, and see real-world examples of these concepts in action.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top