

About us
Welcome to AI Sec Eng Madrid, Spain!
We are a chapter of the global AI Security Engineers Community, bringing together developers, security practitioners, and AI builders who care about creating secure, trustworthy AI-powered applications.
Join us for in-person meetups in Madrid, live streams, and an active community chat, where we share practical insights, real-world experiences, and hands-on knowledge on securing AI systems—from development to production.
Whether you’re just getting started or already building AI at scale, this is the place to learn, connect, and build more secure AI together.
Upcoming events
2

Beyond Prompt Injection: Breaking AI Agents via Low-Level Host Injections
·OnlineOnline# 🚀 AiSec Eng Spain x Madrid DevOps x HackerDreams x Valkyrias
📅 30/07/2026
🕖 18:00h (CEST) (Comenzaremos Puntal)
📍 Lugar: Online
Idioma de la charla : Inglés## 🧠Beyond Prompt Injection: Breaking AI Agents via Low-Level Host Injections (CVE-2026-48710)
THE TALK WILL BE IN ENGLISH
LA CHARLA SERÁ EN INGLÉS### 👨💻 Speaker
Kfir Gisman
### 🧾 Bio
Kfir Gisman’s work bridges the gap between deep security research and robust backend engineering. His career is defined by two core pillars: first, his background in security research, having worked as a Cloud Security Researcher at Spectral (a DevSecOps startup acquired by Check Point) where he focused on threat detection and supply chain risks; and second, his hands-on software engineering experience, currently developing secure Python backend architectures for national and EU-funded cybersecurity projects (EU Horizon and INCIBE) at Treelogic. Outside of his day job, Kfir actively contributes to the FastAPI community, hosts the "Code with Mate" software engineering podcast, and writes weekly technical deep-dives on his personal website, kfir-g.dev
### 📚 Description
## While the industry is obsessed with jailbreaks and prompt injections, we are ignoring a massive blind spot: AI agents still run on classic web infrastructure.
In this practical 30-minute session, Kfir Gisman will break down CVE-2026-48710 - a critical vulnerability in Starlette (the backbone of FastAPI and the Python LLM ecosystem) that recently put millions of AI agents at risk.
We will explore the concept of State Divergence and demonstrate live how a single character (?) in the Host header can completely blindfold global middlewares, letting an attacker bypass authentication and hijack privileged endpoints- without writing a single line of prompt.
What you’ll take away:
* Why blindly upgrading dependencies won't fix broken architectural patterns.
* How to shift from mutable wrappers (request.url) to raw ASGI state (request.scope).
* How to implement structural defenses at the API Gateway level to shield your AI infrastructure.
(*) No Python expertise required- this is a universal lesson in application security architecture.🌐 Comunidad
👉 Únete a Discord:
https://devseccon.io/discordcommunity
📢 Telegram:
https://t.me/hackerdreamsdcomm
https://t.me/hackbcn
https://t.me/+EQXjdGyWYPAotmLG
https://t.me/xopsnoticias
https://t.me/xopshispano
🐦 X (Twitter):
@JR_kneda
@hunters_flag
@hackerdreamsorg
@hackbcn
@xopsconference## 🤝 Colaboración y patrocinio
Si tu empresa quiere colaborar o patrocinar futuros eventos:
📩 Email: info@hackerdreams.org
📝 Formulario: https://forms.gle/JbBwUGY26fAeLqJ78
💸 Donaciones:
https://www.paypal.com/donate/?hosted_button_id=8UHV5UN47J3DY
https://bmc.link/hackerdreams24 attendees
Past events
38
Group links
Organizers
AI Security Engineers C. is a Super Organizer



