As Large Language Models (LLMs) like GPT, Claude, and Gemini become embedded in everything from customer support agents to autonomous cybersecurity tools, they bring with them a radically new attack surface—one shaped not by traditional code execution, but by language, intent, and contextual manipulation. This talk is for the red teamers, hackers, and curious minds who want to pull back the curtain and see how these so-called “intelligent” systems can be broken, hijacked, and subverted.

In this session, we’ll begin by demystifying LLMs—how they work, what they actually do under the hood, and why they behave more like improv actors than deterministic programs. From there, we’ll dive into the meat of the talk: practical, offensive security techniques that exploit the quirks, limitations, and architectural oversights of LLM-powered systems.

You’ll learn how prompt injection works—and why it’s way more than just asking the AI to “ignore previous instructions.” We’ll show real-world examples of jailbreaks that bypass filters, inject unintended commands, and even exfiltrate private data across session contexts. We'll cover improper output handling that turns trusted AI responses into cross-system attack vectors, and explore the fragile security assumptions in API-integrated LLMs that allow privilege escalation, function abuse, or total system compromise.

But we’re not stopping at prompts. We’ll go deeper into the AI development lifecycle—unpacking supply chain attacks on model fine-tuning, vulnerabilities in prompt engineering frameworks, and the risks of deploying autonomous LLM agents with too much agency and not enough oversight. If you've ever wondered whether a chatbot could trigger an internal API call that deletes your database, you're in the right place.

This talk doesn’t require a PhD in machine learning—just a hacker mindset and a willingness to explore the limits of emerging tech. Attendees will walk away with a red team–ready methodology for testing LLM systems, a mental map of their weak points, and a toolkit of real tactics that go beyond theoretical risks into practical exploitation.