Speaking

Talks, workshops, and live demos.

I speak about attacks on AI agents and developer tools: how we found them, how the exploit works, and what defenders can do about it. The best version usually includes a live demo.

Themes

What I speak about

Agent security

How agents turn untrusted instructions into actions, access, and compromise.

From prompts to payloads

Following an attack from the prompt to code execution and infrastructure.

Software supply chains

Plugins, developer tooling, and trust decisions that quietly expand an attack surface.

Hands-on security

Labs and CTFs where participants trace the exploit instead of only hearing about it.

Selected appearances

Talks and hands-on work

  1. Hands-on lab

    From Prompts to Payloads: AtlasOps Hands-on AI/AppSec CTF

    OWASP Global AppSec EU · Vienna, Austria

  2. Talk

    When Regulation Backfires: How a Vulnerable Plugin Led to an XSS Pandemic

    OWASP Global AppSec EU · Barcelona, Spain

    Archive
  3. Talk

    When Regulation Backfires: How a Vulnerable Plugin Led to an XSS Pandemic

    RSAC Conference · San Francisco, United States

    Archive