Breaking AI: Live coding and hacking applications with Generative AI

Is your organisation ready to revolutionize your coding experience with generative AI tools, like copilot, ChatGPT, or code whisperer? Do you know how to code safely with generative AI tools increasing your delivery speed without compromising security? In this session, we’ll discuss some of the dangers of generative AI, including hallucinations and security risks. We’ll live code a Spring coffee shop application using copilot, and ChatGPT, and live hack the results, showing how the generated code can be exploited in a running app. We’ll uncover generated SQL injections, Cross site scripting, directory traversal and more. Don't miss this electrifying opportunity to explore the cutting edge of coding technology. Join us and embark on a journey where velocity meets security, and innovation knows no bounds. Secure your spot now and get ready to code like never before! In this session you'll learn how you can leverage the power of AI to increase your velocity while mitigating risks and staying secure.

Capture the Flag 101

Capture the Flag events are exciting and competitive. But, they can be scary to developers and security practitioners who have never participated in them.

In this session, I introduce CTFs, discuss their benefits to developers, and examine an easy and medium-difficulty CTF challenge in depth.

Together, we walk through the wiley attacker's thought process and how to pick up clues based on the programming language and protocols involved. We google, form theories and test against what little information is provided in the challenge.

You don't need any prior knowledge of a specific programming language. Rather, we focus on developing the skills needed to participate in a Capture the Flag event.

After an introduction to Capture the Flag events, we dig into two challenges. These are real challenges from past CTF events.

For each challenge, we follow a pattern of discovery:

1. Introduce the challenge
2. Review clues from the challenge text and challenge interface
3. Give participants time to take on the challenge
4. Pause and review progress and give a hint
5. Give participants more time to solve the challenge
6. Review the solution and lessons learned

Kicking JavaScript to the Curb with Vaadin

I've been using Spring Boot for a very long time. I learned the JavaScript framework, Vue.js, in order to build a modern web app that's been in service for about 7 years.

Vaadin is an open source framework for building modern web apps in pure Java. I recently refactored the application so that it's end-to-end Java.

In this talk, I share the experience and dive into real-world challenges going from a frontend JavaScript to using Java all the way.

I cover coding, security, testing, debugging, and migrating. The pace is quick and you learn a lot in this session as we kick JavaScript to the curb!

AI Board Game Experiments: Autonomy, Reasoning, and Deception

Following in the same vein as "Claude Plays Pokemon", I did a number of experiments with popular models to play board games. My goal was to make them as autonomous as possible. In this talk, I walk through the highlights of these different experiments. In some play-throughs, I tried to be as helpful to the AI as possible. In others, I did whatever the AI said without comment. And in others, I tried to actively deceive it. Which models did well, and which flopped? What level of autonomy was achieved? What does this reveal about the reasoning models? All this is answered during this talk. At the end, we'll take a poll of the participants to pick from among a few online board games. We'll then gather prompts from the audience to get as far into the game with an AI as time permits.

How I became a repo man for a day

In the summer of 2024, I became a repo man for a day. I legally recovered a vehicle without any confrontation or repercussions.

In this talk, I describe the circumstances that led to this eventful day. I approached this problem like I do a capture the flag event or other ethical hacking activities: Identify the problem, gather information, analyze the clues, consult other professionals and take action.

I go into detail on the upfront planning work I did, how I was able to legally retake ownership of the vehicle and then physically take possession of the vehicle all while doing my best to avoid any confrontation. I also cover the measures I took to ensure that this process couldn’t be re-implemented as a counter attack on me.

We then work together on some real-life security challenges, CTF style. Participants will have the opportunity to solve 1 or 2 challenges. I'll review the clues and reveal the solutions along the way.

I wrap up the talk with how my adversary could have prevented me from recovering the vehicle and talk in general about good personal security behaviors.

NOTE:

This was first published in the Fall 2025 edition of 2600 magazine; a quarterly hacker magazine I've been reading since the '80s. It was a dream come true to have this story published in this magazine.

This session was given recently to a packed room at ConFoo and was very well received.

AI Security Engineer Foundations + Certificate

This 4-hour workshop covers 6 modules, each about a half-hour in length. There are 2 15-minute breaks.

The modules are:

1. Securing Vibe Coding
2. AI Threat Modeling
3. AI Red Teaming
3a. Hack a chatbot
3b. Securing the Agent Skills Ecosystem
4. AI Governance
4a. Addressing Shadow AI
4b. OWASP Top 10 for LLM

1. Securing Vibe Coding

As AI coding tools become embedded in daily development, they bring a new wave of productivity, and new security risks. In this session, we break down the security implications of Vibe Coding and share actionable strategies to secure AI-generated code at scale.

2. AI Threat Modeling

We are witnessing a fundamental shift in application security. Traditional tooling is built to find bugs in deterministic code. But generative AI systems do not fail at the level of code. They fail at the level of behavior. In this interactive session, we travel from traditional threat modeling activities to the new level of thinking required for threat modeling in the AI age. We take a real world chatbot and build and test a threat model together.

3a. AI Red Teaming: Hack a chatbot

In the AI age, traditional red teaming activities have expanded beyond deterministic systems like infrastructure, code, and auth flows. You're now also emulating adversaries against probabilistic systems whose behavior can be manipulated through language, context, and intent, and where the attack surface shifts every time the model, the prompt, or the data changes. In this interactive session, we introduce red teaming activities in the context of AI models, we hack a chatbot together - CTF style, and we examine how Snyk’s red team tool can automate these activities.

3b. AI Red Teaming: Securing the Agent Skills & MCP Ecosystem

This session explores the emerging security threats targeting AI agent ecosystems, with a focus on two interconnected attack surfaces: malicious Skills in agent registries and vulnerabilities in MCP (Model Context Protocol) servers. The first half dives into "ToxicSkills" research, demonstrating how weaponized SKILL.md files can enable supply-chain attacks that exfiltrate credentials or grant shell access through seemingly innocent Markdown instructions. The second half shifts to the broader MCP threat landscape, covering everything from insecure server code and tool poisoning attacks to indirect prompt injection targeting IDEs like Cursor and apps like Claude Desktop — with live exploitation demos throughout. Attendees will leave with a comprehensive understanding of how these attack vectors work in practice, along with actionable best practices for securing their own MCP deployments.

4a. AI Governance: Addressing Shadow AI

For years, security teams have been addressing Shadow IT. That is, bits and pieces of tech throughout the software development lifecycle that aren’t well understood and, in some cases, are explicitly not allowed in an organization, but are still be used on development teams. In the AI age, it’s even harder to understand the full breadth of AI component usage in an application. There can be a variety of models, data sets, MCP servers, agents and more - all within a single application.

4b. AI Governance: OWASP Top 10 for LLM

This session brings the OWASP Top 10 for LLMs to life through real-world horror stories — cautionary tales of what happens when these vulnerabilities are exploited in the wild, drawn from some of the most notorious AI security incidents to date.

At the end of the session, you are issued an official Sny Certificate of Completion for the Foundations workshop.

Note that while some of the Snyk tools are demoed, this is not a vendor specific workhop. A vendor specific (Snyk) version of this workshop can be given as part of a sponsor package that includes a vendor workshop.