Ravi Sastry Kadali
Engineering Leader | Go Ecosystem Contributor | Security Tooling Author
Mountain View, California, United States
Actions
Ravi Sastry Kadali is an Engineering Leader with more than two decades of progressive engineering leadership spanning defense, enterprise, and hyperscale systems. He built platform integrity systems at Meta protecting 3B+ users, engineered Windows platform releases at Microsoft, designed intrusion detection systems at India's Defence Research and Development Organisation (DRDO), hardened API security infrastructure at Neustar Security Services, and delivered edge-security and networking solutions at Volterra (acquired by F5) and X Corp.
An active open-source contributor to Kubernetes, etcd, gosec, and gqlgen, Ravi Sastry authored the go-safeinput and cryptoguard-go security libraries for the Go ecosystem. He is a co-editor of security engineering technical papers and a recurring invited panelist at cybersecurity. Ravi Sastry holds awards for Outstanding Achievement in Cybersecurity and brings both research depth and practitioner credibility to every stage he takes.
Area of Expertise
Topics
SecurePrompt: Building a Pre-Flight Security Layer for Agentic AI
As enterprises race to deploy agentic AI, everyone's building capabilities—but who's building the guardrails? When an autonomous agent generates a prompt containing your AWS credentials, or a compromised data source injects malicious instructions, what stops that payload from reaching the LLM?
This session reveals how I built SecurePrompt, a pre-flight security scanner that intercepts prompts before they're sent to any AI model. Born from a simple realization—that the agentic AI ecosystem has a critical blind spot at the boundary - SecurePrompt now provides the missing security infrastructure for autonomous AI systems.
What you'll learn:
1. The Hidden Risk: Real-world scenarios where credentials leak, prompt injections propagate, and PII compliance fails—all in a single API call
2. Architecture Decisions: Why I chose Go, rules-based detection for v1, and how to achieve sub-10ms latency without sacrificing coverage
3. Detection Engine Deep Dive: Parallel scanning for secrets, prompt injection, PII, risky operations, and data exfiltration attempts
4. Policy-as-Code: Implementing strict, moderate, and permissive profiles for different enterprise risk tolerances
5. Audit by Default: HMAC-signed decision logs with causal traceability for compliance teams
6. Evolution Path: How to layer LLM-powered semantic analysis on top of deterministic rules for catching sophisticated attacks
Whether you're building AI agents, deploying enterprise copilots, or architecting AI platforms, you'll leave with practical patterns for implementing security at the prompt boundary - the layer nobody else is building.
Unified Defense Against Injection Vulnerabilities
Injection attacks dominate the MITRE 2025 CWE Top 25—with XSS ranked #1, SQL injection #2, and OS command injection holding the highest count of CISA Known Exploited Vulnerabilities. Yet developers still juggle fragmented tools: one library for HTML sanitization, another for SQL, manual validation for paths and shell arguments. This context fragmentation creates gaps attackers exploit.
This session introduces go-safeinput, an open-source Go library providing unified, context-aware sanitization across all major injection categories through a single API. You will learn:
1. Why existing solutions fall short: Context fragmentation, lack of defense-in-depth, and supply-chain risks from excessive dependencies
2. The unified approach: One API that automatically applies the right sanitization for HTML, SQL identifiers, file paths, URL components, shell arguments, and deserialization
3. Real-world implementation: Live demonstration securing a vulnerable application against XSS, SQL injection, path traversal, command injection, and unsafe deserialization
4. Compliance alignment: How unified input validation supports NIST SP 800-53, CMMC, and federal security requirements
Whether you're building enterprise applications, federal systems, or open-source projects, you'll leave with practical techniques to reduce your injection vulnerability surface using defense-in-depth strategies that don't sacrifice developer productivity.
SecurePrompt: Building a Pre-Flight Security Layer for Agentic AI
As enterprises deploy agentic AI, everyone's building capabilities—but who's building the guardrails? When an autonomous agent generates a prompt containing AWS credentials, or a compromised data source injects malicious instructions, what stops that payload from reaching the LLM?
This session reveals how I built SecurePrompt, a pre-flight security scanner that intercepts prompts before they're sent to any AI model—addressing the critical blind spot at the boundary of autonomous AI systems.
You'll learn:
1. Real-world scenarios where credentials leak, prompt injections propagate, and PII compliance fails
2. Why I chose Go and rules-based detection for sub-10ms latency
3. Parallel scanning architecture for secrets, injection attacks, PII, and data exfiltration
4. Policy-as-code profiles for enterprise risk tolerances
5. HMAC-signed audit logs with causal traceability
6. Evolving from deterministic rules to LLM-powered semantic analysis
Leave with practical patterns for implementing security at the prompt boundary—the layer nobody else is building.
GraphQLShield: CWE-Aware Defense in Depth for GraphQL APIs in Go
GraphQL APIs face a unique threat landscape: deeply nested queries cause resource exhaustion, introspection exposes entire schemas, and mutation variables carry injection payloads past traditional WAFs. Yet most Go-based GraphQL servers ship with zero security middleware between HTTP and resolver execution.
I introduce GraphQLShield, an open-source Go middleware bringing defense-in-depth to GraphQL APIs through three layers: (1) Static schema analysis detecting cyclic types, missing depth limits, and sensitive field exposure before deployment; (2) Runtime CWE-aware input sanitization catching SQL injection, XSS, command injection, path traversal, and NoSQL injection in GraphQL variables — bridging go-safeinput's MITRE CWE Top 25 coverage to GraphQL; and (3) Resolver code auditing inspired by gosec and cryptoguard-go flagging insecure crypto, hardcoded secrets, and missing auth checks.
A quick demo shows GraphQLShield intercepting 7 attack vectors against a gqlgen API , from SQL injection in mutation variables to depth-based DoS, while legitimate requests pass cleanly. Attendees leave with a zero-dependency Go library covering 14 CWE vulnerability classes across static and runtime analysis.
Detect, Trace, Fix: Bringing AI-Powered Taint Analysis to gosec
Go's tooling ecosystem is evolving beyond simply finding problems to automatically fixing them, but security analysis has lagged behind. In this session, we'll explore a new AI-ready taint analysis engine for gosec that traces untrusted data across an entire Go application, accurately detecting vulnerabilities such as SQL injection, command injection, path traversal, SSRF, XSS, and more.
Attendees will learn how SSA- and call graph-based analysis makes data flow tracking practical in Go, how these techniques dramatically reduce false positives, and how the same architecture can power automated and AI-assisted remediation. See where Go security tooling is headed: from detecting vulnerabilities to tracing, understanding, and fixing them before they reach production.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top