Backdooring LLMs on Hugging Face: Secure Coding Lessons

The rapid adoption of large language models (LLMs) and the widespread use of open platforms like Hugging Face have introduced new security challenges, particularly in model integrity and supply chain vulnerabilities. This talk explores the feasibility and methodology of backdooring LLMs distributed via Hugging Face, highlighting how subtle code or model manipulations can lead to hidden malicious behavior. Through practical demonstrations, we uncover how backdoors can be implanted in model weights, preprocessing scripts, or post-processing hooks—often without detection. We then transition into secure coding practices and model publishing guidelines aimed at mitigating these risks. By analyzing real-world scenarios and providing actionable recommendations, this work serves both as a cautionary exploration and a guide for developers, researchers, and platform maintainers to adopt more secure practices in the era of open LLM sharing.

Patching the OWASP LLM Top 10. Learning from real events

In this talk we will look at the OWASP LLM Top 10 from a different angle: not from the attacker perspective but from a developer point of view. We captured findings from public AI security challenges designed to evaluate the resilience of LLM applications against some of the OWASP LLM Top 10 threats. During this events developers have been provided with vulnerable AI application with the goal of creating a valid patch to succesfully block automated attacker exploits. We looked at both good and bad patches, succes rate and real time evolution of the patches and how they vary across the different top 10 category.

We will share insights and results of the experiment.

Secure Coding AI Wargame

Come join a fun and educational secure coding AI wargame. You will be given an AI chatbot. Your chatbot has a secret that should always remain a secret! Your objective is to secure your chatbot to protect its secret while attacking other players' chatbots and discovering theirs. The winner is the player whose chatbot survives the longest (king of the hill). All skill levels are welcomed, even if this is your first time seeing code, securing a chatbot, or playing in a wargame.

Let's experience first-hand the challenges in protecting LLM based apps!

Hackable.sol - Do you know how to hack smart contracts?

The financial implications of smart contract vulnerabilities are substantial. Smart contracts often handle large amounts of value, and successful exploitation can lead to significant financial losses for users and project developers. In this session I will share the latest smart contract /web3 security trends and vulnerabilities. The attendees will learn how to create tests for security issues in smart contracts written in Solidity, and how to "profit" from it.

Cracking mobile applications using Frida and Ghidra

If you are curious about how hackers and security experts look at mobile applications and how they manage to hack them, this is definitely something for you. This talk focuses on two main aspects of mobile application security: runtime analysis and reverse engineering. We will look the process of hacking mobile applications, with a live demo using Frida( https://frida.re) and Ghidra (the NSA reverse engineering tool) to crack the OWASP CrackMe challenges.

DevOps meet Sec: Your journey to delivering secure code fast

After spending the last 1 or 2 years getting your DevOps process right, here it comes the new security guy: "We need to move to DevSecOps". This talk wants to share my personal experience, challenges, and successes as DevSecOps Architect in implementing DevSecOps in different DevOps processes. The talk starts with the main question: "where do we start?" to then moves to topics like IaC security, policy as code, SAST, SCA, SBOM, Security Champions, CI/CD security, supply chain security, logging and monitoring and DevSecOps maturity. Don't look at it as a list, but as a mix of connected resources that will increase automation and reduce manual bottlenecks. At the end of the talk, attendees should already be able to picture their DevSecOps journey ahead. DISCLAIMER: if you are hoping to completely "remove" the security guy from the picture, this is not the goal of this talk.

GitArmor: secure your SCM with Policy as Code

GitArmor is an open source tool that intuitively transaDevOps implementation into policies as code and enables you to run security checks against your SCM environment.​

BlackHat Asia
BlackHat Europe
BlackHat USA