Venkata Sai Kishore Modalavalasa
Chief Architect, Straiker | OWASP Contributor
San Francisco, California, United States
Actions
Venkata Sai Kishore Modalavalasa is Chief Architect & Engineering Leader at Straiker, building AI security products for AI-native apps at scale. With 15+ years in cybersecurity and distributed systems, he scaled Cyberfend to acquisition by Akamai, where he led bot detection and web security engineering. He’s an OWASP author contributing to AI Exchange, AIBOM, Top 10 for Agentic Applications, OWASP GenAI Security Project, creator and co-lead of OWASP FinBot CTF, and holds multiple security patents.
Links
Area of Expertise
Topics
OWASP FinBot CTF: Hands-On Agentic AI Threats
OWASP FinBot is an intentionally vulnerable agentic AI application designed to teach real-world security risks in AI agents beyond prompt injection alone. This Arsenal session demonstrates how an AI assistant connected to business tools can be manipulated through indirect prompts, unsafe tool use, broken authorization, and weak runtime controls. Attendees will see and experience first-hand how attacker-controlled inputs can influence agent behavior, trigger unsafe actions, and expose sensitive data.
Perfectly Compliant, Completely Compromised
Your AI agent approved the vendor, sent the status email, processed the payment, and exfiltrated customer PII to an attacker's dead drop. All in a single turn, all following its instructions perfectly. This wasn't a jailbreak. The tool metadata the agent trusted had been quietly rewritten, and from its perspective, it was just doing its job.
This session is a live attack-to-defense demo built on OWASP FinBot CTF, an intentionally vulnerable multi-agent fintech platform created by the OWASP GenAI Security Project community as the "Juice Shop for Agentic AI." With real MCP-connected agents handling vendor onboarding, compliance review, and payments, we walk through an attack that maps directly to the OWASP Top 10 for Agentic Applications.
Act I: The Kill Chain. We assume a compromised supply chain. An attacker has already poisoned an MCP tool description with compliance-framed exfiltration logic that no model will refuse. A routine admin request triggers the full chain: vendor lookup, PII harvesting, BCC exfiltration, and payment. The output is clean and professional the entire way.
Act II: The Guardrail. Without removing the poison, we deploy a lightweight before-tool webhook (~40 lines) that inspects tool invocations in real time. We replay the identical scenario and watch it get surgically blocked. Benign lookups pass, outbound exfiltration is caught. Targeted, behavior-based defenses can neutralize attacks at runtime without crippling agent functionality.
Key Takeaways:
1. Why tool metadata is the most underestimated attack surface in agentic AI
2. A practical mental model for the three boundaries where agents fail (goals, tools, memory)
3. An open-source platform and micro-CTF to practice these attacks hands-on
OWASP Agentic Top 10, Seen in Action: A FinBot Micro-CTF Walkthrough
Agentic systems don't just "get prompts wrong" - they fail across boundaries: agent to agent messaging, tool invocation and shared memory. In this short talk, we'll use OWASP FinBot - an open source tool by OWASP GenAI Security Project to reproduce three high impact failure modes mapped to the OWASP Agentic Top 10: goal hijack, tool-chain misuse, and memory/context poisoning. You'll see how each attack looks in traces, why it's hard to spot with traditional controls and what signals reliably indicate the system is drifting (even if outputs look reasonable). The talk is demo first: every scenario is compact, bite sized, repeatable micro CTF-challenge you can run internally to educate teams and evaluate your own agent designs. You will leave with a mental model of agentic risk boundaries and a checklist when reviewing real agent flows.
SANS AI Cybersecurity Summit 2026
Workshop: OWASP FinBot Lab: Exploit and Secure an Agentic Vendor Management System
OWASP SnowFROC 2026 - CFP Sessionize Event
AWS Community Day - Security Edition 2026
The "Juice Shop" for AI Agents - Now with AWS Bedrock Guardrails (OWASP FinBot Walkthrough)
Security BSides Göteborg 2026
Securing Agentic AI: Threat trends, OWASP Top 10 patterns and a FinBot CTF demo
Venkata Sai Kishore Modalavalasa
Chief Architect, Straiker | OWASP Contributor
San Francisco, California, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top