This session presents a live, end-to-end exploitation of AI systems, aligned with the emerging OWASP Top 10 for LLM Applications.
The attack chain will demonstrate:
- Prompt Injection (LLM01): Manipulating model behaviour through crafted inputs.
- Sensitive Information Disclosure (LLM02): Extracting confidential backend data.
- Improper Output Handling (LLM06): Launching secondary web application attacks via unsanitized LLM outputs.
- System Prompt Leakage (LLM05): Revealing hidden operational instructions embedded within the system.

The session will culminate in a full system compromise simulation, chaining these vulnerabilities into a complete AI application breach.
Each exploitation phase will be accompanied by specific, actionable defence strategies based on industry best practices.
Attendees will gain a detailed understanding of offensive methodologies against LLM-integrated systems, as well as practical techniques for securing AI-driven applications against modern threats.

This session is intended for security engineers, penetration testers, AI application developers, and architects responsible for defending AI deployments.