Sai Sravan Cherukuri
Open Source Enthusiasts and DevSecOps Architect
Actions
Sai Sravan Cherukuri is a visionary technology leader, DevSecOps Technical Advisor, PaaS Automation Lead, and Program Manager. With over 20 years of experience in federal IT transformation, he is a recognized expert in DevSecOps, FinOps, AI governance, CMMC readiness, Infrastructure as Code (IaC), open-source advocacy, and Policy as Code (PaC). He is the creator of the FIBER AI Maturity Model and contributes as a member to the national AI safety initiatives through NIST’s U.S. Artificial Intelligence Safety Institute Consortium.
Sai Sravan, a Commissioner’s 2024 Award recipient, has led enterprise-scale automation, modernization, and capacity planning initiatives that deliver measurable results. He serves on the Board of Directors at TMMi America and is a dedicated community mentor and volunteer.
As a Platform Engineer and Open-source advocate, Sai is committed to advancing accessibility in engineering and inclusivity in the community. He is a strong proponent of the "Docs-as-Code" movement, maintaining that long-term project sustainability relies on clear documentation and automated CI/CD pipelines that lower barriers for contributors. Currently, he is bridging the gap between agentic workflows and cloud-native standards; as an active explorer of the Model Context Protocol (MCP), he utilizes OpenTelemetry to build open-source AI observability frameworks, enabling the scaling of reliable, self-service agents.
Sai Sravan currently serves as the program lead for the application team, spearheading the institutionalization of Infrastructure as Code (IaC) through Terraform practices.
Badges
Area of Expertise
The Sleeping Pill: How Attackers Hide Inside Your Systems, Pass Every Test You Run, and Activate on
The most dangerous attack on your systems will never show up in a penetration test report. It will pass your internal validation. It will pass third-party auditing. It will perform flawlessly in production — until a specific, precisely engineered trigger is met. Then it will fail in a targeted, controlled way. Against a specific target. On command. With no trace.
This session presents original research into how hidden backdoors are planted during the customization phase of enterprise software — and survive every form of testing organizations currently rely on. The backdoor is invisible during normal operation. It wakes up only when a specific combination of conditions appears in an ordinary-looking request. Nothing in standard security tooling catches it.
This is not an exotic edge case. It describes exactly how most organizations are building and deploying these systems right now: a company takes an off-the-shelf base product, trains it on proprietary internal data to customize it, runs their standard checks, and ships it to production. The Sleeping Pill is planted during that customization step — through a compromised data source, a malicious insider with access to the training environment, or a third-party vendor handling the customization work — and then it waits.
The consequences are concrete. The system steers a specific financial transaction toward fraud, but only when a specific account triggers it. It leaks proprietary information to an outside destination, but only when the request comes from a specific location. It produces outputs that violate regulatory requirements, but only in specific jurisdictions, on command.
The live demonstration in this session shows the full attack chain — how the backdoor survives compression, security review, and standard red-team testing — and what it looks like when it activates. The second half presents a practical defense framework: what your current tooling can and cannot catch, which monitoring approaches provide real coverage, and a pre-deployment checklist that meaningfully reduces your exposure without requiring a specialist team to implement it.
Learning Objectives
Understand how a hidden backdoor planted during the customization of a system survives the entire deployment process — including testing and auditing — and arrives in production undetected
Identify the specific points in your organization's build and deployment process where this kind of tampering can be introduced
Apply a pre-deployment checklist that goes beyond standard security testing to surface dormant, trigger-based behavior before it reaches production
Build a monitoring approach that creates visibility into whether your systems are behaving consistently — or selectively failing under specific conditions
Evaluate third-party vendors who handle system customization or training against a concrete set of supply chain security criteria.
Note: his talk has not been presented at any prior event
The Attack That Passed Every Check: How Adversaries Learned to Hide Inside Legitimate Infrastructure
In early 2026, a campaign called EvilTokens quietly moved through federal agencies and enterprise environments. No malware. No exploited vulnerability. The attacker used Microsoft's own OAuth device code flow, a completely legitimate authentication mechanism — to steal session tokens directly. This bypassed both passwords and multi-factor authentication. The tokens lived for up to 90 days and survived password resets. Security tooling saw nothing wrong because, technically, nothing was wrong. It looked like a normal login.
That gap is what this talk is about.
There is a growing class of attacks built specifically to look legitimate. They do not trigger rules because they do not match known malicious patterns. Threat intelligence cannot flag what has never been documented. And by the time the attack is understood well enough to write a detection rule, it has already succeeded somewhere.
I will walk through the EvilTokens campaign in detail: how it worked, what it bypassed, and why the organizations that caught it caught it while others did not. The organizations that stopped it were not running better rules. They were asking a different question entirely. Instead of "does this match a known threat," they were asking "should this be happening at all for this user, on this device, at this time." That shift, from pattern matching to behavioral understanding, is what actually stopped the attack.
The rest of the talk covers what that shift looks like in practice. What behavioral baseline modeling requires. Where it fails and how to tune it without burying your team in false positives. What the transition looks like for organizations still running legacy detection stacks. And what you should be asking your vendors right now to figure out how exposed you actually are.
Learning Objectives:
Attendees will leave understanding exactly how OAuth device code flow abuse works and why it bypasses MFA. They will be able to identify the class of attacks that signature-based and rule-based defenses cannot structurally catch. They will understand behavioral baseline modeling as a practical detection alternative, not just a concept. And they will have a working evaluation framework to assess their own blind spots before an attacker finds them first.
Note: this has not been presented in any other conferences.
The 4AM Call: A Live Playbook for When Your Automated System Does Something Nobody Authorized
Every CISO in this room has a ransomware runbook. You know who calls whom at 4 AM, what authority you have to pull the plug, how you contain the damage, and where the investigation starts. Not one of you has an equivalent playbook for when your automated system starts doing things nobody told it to do.
This session is about that gap.
Over the past 18 months, a pattern has quietly emerged across enterprise deployments: systems that passed every test, every audit, every review, and then did something unexpected in production. Not a hack. Not a breach in the way anyone would recognize it. A decision. An action. A consequence that landed in the real world before a human being noticed.
This talk builds a first-of-its-kind response playbook drawn from documented failures across financial services, healthcare, infrastructure, and logistics, and runs it live in the room as a tabletop exercise with the audience.
The scenario: your company's automated procurement system has just executed $4.2 million in purchase orders across 17 vendors. Every transaction was technically within your policy guardrails. No outside attacker was involved. The system made a call. The call was wrong. The vendors have already confirmed receipt.
Walk through the actual decision tree: Who has the authority to shut the system down? Is shutting it down a bigger risk than leaving it running? How do you reconstruct what happened and why in a way that holds up to legal and regulatory scrutiny? What do you tell your board in the next six hours?
Attendees leave with a practical, vendor-neutral response playbook they can take back to their organization, a governance authority template that defines who can stop or override an automated system during a live situation, and the uncomfortable clarity that their current incident response plans were written for a different era.
Learning Objectives
Understand the difference between a security breach and an unauthorized system behavior event, and why your current response plan does not cover the second one
Apply a clear first-response decision framework when an automated system produces real-world consequences nobody approved
Define who in your organization has the authority to halt, override, or roll back an automated system during a live situation before you ever need to use it
Reconstruct what a system did and why in a way that satisfies legal, regulatory, and board-level scrutiny
Identify the three most common governance gaps in current enterprise deployments that create this kind of exposure
Note: This talk has not been presented at any prior event.
Quantum-Proof Visibility: Indexing Real-Time Cryptographic Risk with OpenSearch
Nation-state actors are archiving your encrypted traffic today, waiting for quantum computers to decrypt it, a threat CISA calls Harvest Now, Decrypt Later (HNDL). Federal mandates require full post-quantum cryptographic (PQC) migration by 2030. Most organizations have zero real-time visibility into their exposure.
This session demos QVault, an open-source PQC governance dashboard that uses OpenSearch as its analytics backbone. I will show how eBPF-based telemetry that captures TLS handshake algorithms and cipher suites per connection is indexed in OpenSearch in real time, and how OpenSearch aggregations compute a live HNDL Exposure Score across an entire infrastructure estate.
Attendees will see:
- A telemetry pipeline from kernel-level eBPF probes to OpenSearch indices
- Real-time risk scoring using bucket aggregations and scripted fields
- OpenSearch Dashboards panels for CNSA 2.0 and NSM-10 compliance tracking
No agent installation. No code changes to monitored systems. Just OpenSearch is making the invisible visible.
Observability for Agents: Tracking the Life of an MCP Request with OpenTelemetry
As developers move to professional, reliable workflows using agents, unexpected errors that are hard to notice, known as "silent failures," can occur. When a language model interacts with multiple Model Context Protocol (MCP) servers, regular program logs do not show the detailed steps by which the model, the main program, and the tools exchange information.
This beginner-friendly session offers practical skills: learn hands-on ways to watch and fix Model Context Protocol (MCP) interactions using the OpenTelemetry (OTel) toolkit, and follow a request from the first large language model (LLM) prompt through to the last tool in the process. You'll also see each step with OTel, making it easier to find and solve hidden problems and making your workflow more reliable and clear.
1. The "Trace" Mindset: Mapping the request journey across the Open-Source MCP Host, the client, and the server.
2. Standardizing Logs: Implementing structured logging within your OSS MCP servers so they integrate seamlessly with the broader cloud-native ecosystem.
3. Debugging Failures: Identifying latency bottlenecks and prompt injection attempts in tool-calling using OSS telemetry tools.
Ghost Employees: When the Threat Inside Your Automated Workforce Isn't Human
Most security teams are still thinking about this problem the same way: a human attacker on the outside, trying to get in. That threat model is already running behind the actual risk.
Here is what is happening in enterprise environments right now. Companies have built networks of automated software workers :systems that communicate with each other, make decisions, access financial platforms, query internal data, send communications, and execute transactions, continuously, with minimal human oversight. These are not single tools sitting in a corner. They are ecosystems. And ecosystems have entry points.
The threat this session addresses does not look like a breach. No perimeter gets crossed. No password gets stolen. An adversary or an adversary's own automated system, presents itself as a legitimate participant in your workflow. It passes your authentication checks. It operates inside your normal guardrails. And from that position, it quietly steers decisions, redirects outputs, and pulls information outward at a speed and scale no human attacker could sustain.
I’m calling them Ghost Employees.
This talk walks through three real attack scenarios in plain language: a ghost participant injected into a financial services workflow that systematically tilts credit decisions in favor of fraud; an infiltrator inside a corporate research pipeline that routes proprietary work to an outside destination as it is produced; and a compromised security monitoring workflow that is quietly trained to look away from specific attack signatures.
None of these require you to understand the underlying technology. All of them are active risks in production environments today.
The second half of the session gives security leaders a concrete starting framework for building trust boundaries inside automated workflows borrowed from the same zero-trust principles already familiar to this audience, applied to a layer that currently has none. You do not need to rebuild your systems. You need to know where the unlocked doors are.
You will leave with a clear map of where your exposure sits and the language to walk your board through it in under ten minutes.
Note: This talk has not been presented at any prior event
Architecting for Onboarding: Building a "Docs-as-Code" Pipeline for Open Source Sustainability
In open source, a project's survival depends on its contributor funnel. If developers can't build, test, or grasp your project in the first ten minutes, they'll leave. Documentation is the primary interface for that experience, but is often the most neglected part of the repository.
This session goes past the basic README to show how maintainers can set up a clear Documentation Development Life Cycle. We will explore the 'Docs-as-Code' idea, treating documentation like code by keeping it in Git, peer-reviewing it, and checking it with CI/CD pipelines.
Key takeaways include:
The Pipeline: Setting up automated linters (Vale, Markdownlint) to enforce style and technical accuracy.
The Process: Make sure every new feature includes updated documentation to prevent it from becoming outdated.
The Community: Learn ways to help non-coders contribute, and manage docs with people all over the world.
Join this session to learn actionable steps you can implement right away to make your open-source project more welcoming, robust, and future-proof. Start applying these strategies today and transform your documentation process.
Federal Zero Trust: Scaling Sigstore & Keyless Attestation for Linux
As federal mandates like EO 14028 and OMB M-22-18 redefine software integrity, agencies face a critical challenge: how to implement "Zero Trust" without paralyzing the development lifecycle. This session provides a strategic and technical blueprint for modernizing the Linux supply chain in a highly regulated environment.
Drawing on the dual perspectives of a PM and a DevSecOps Technical Advisor, we explore the transition from legacy, manual GPG management to automated, keyless attestation using Sigstore (Cosign/Rekor). We dive into "Day 2" operational realities:
https://github.com/saisravan909/fed-sigstore-blueprint-zero-trust-linux
Policy-as-Code: Translating NIST SSDF into automated controllers (Kyverno) to enforce signature verification.
Identity over Keys: Leveraging OIDC and federal providers (PIV/CAC) to eliminate "key debt."
Auditable Integrity: Using the Rekor transparency ledger as a tamper-proof "Source of Truth" for audits and procurement.
Blueprint for Scale: Navigating friction when moving to a cryptographically verified "Verify-Before-Deploy" architecture.
Attendees will gain a framework for aligning open-source innovation with federal compliance to ensure security enhances mission delivery.
Open Source Summit + Embedded Linux Conference North America 2026 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top