August Meetup

We’re excited to announce that our August OWASP Meetup will be Sponsored by Miggo Security
Join us for an evening of great conversations, community networking, and insightful security discussions — all in an awesome venue provided by Miggo Security. And yes, there will be delicious food and drinks generously provided by our sponsors!

5:00 PM : Doors open, Networking, food and drinks
5.30PM :- Chapter introductions
5.45-6.15 PM :- Defending AI-Native Applications: A Strategic Framework for Systems That Think
6.15-7.00 PM :- Talk: Red-Teaming Agentic Workflows: Runtime Security for the Age of Autonomous AI
7.0-7.45 PM :- RBAC Atlas: Mapping Real-World Kubernetes Permissions and Exposing Risky Projects

Talk# 1 Defending AI-Native Applications: A Strategic Framework for Systems That Think
The rapid adoption of AI-native applications, powered by agents, assistants, and embedded LLMs, has transformed modern application behavior. These systems make decisions at runtime, invoke tools, and handle sensitive data in ways that are unpredictable and constantly evolving. For security teams, this marks a fundamental shift in accountability: defending logic that didn’t exist at deployment and changes continuously in production.
In this talk, co-delivered by Daniel Shechter, CEO and Co-Founder of Miggo Security, and Pritam Mungse, Director of Product Security at SoFi, will explore the emerging security challenges posed by AI-native applications and introduce a new model: Execution-Aware Defense. They’ll walk through how this approach reframes traditional code,and edge defenses to provide real-time visibility, prioritization, and enforcement against dynamic, AI-driven threats.
Drawing conversations with 40+ security leaders over the past few months, the session will cover:
The unique risks AI introduces to application behavior and attack surface
How to apply a layered defense strategy to adapt at runtime
Practical steps for operationalizing AI native defense in production environment
Attendees will leave with a clear blueprint for evolving their security stack to meet the demands of software that thinks for itself, without slowing down innovation.

Talk#2 Talk: Red-Teaming Agentic Workflows: Runtime Security for the Age of Autonomous AI
*Description:* As organizations increasingly deploy autonomous AI agents and agentic workflows, traditional security approaches are failing to address the unique attack surface these systems create. Unlike static AI models, agentic workflows dynamically interact with external systems, make autonomous decisions, and adapt their behavior in real-time - creating unprecedented security challenges that require a new approach.
We'll explore the emerging threat landscape of agentic AI systems and demonstrate how red-teaming techniques specifically designed for autonomous workflows can identify vulnerabilities before they're exploited in production. You'll learn:
• How agentic workflows create new attack vectors beyond traditional prompt injection and jailbreaking
• Real-world attack scenarios including agent hijacking, tool manipulation, and autonomous privilege escalation
• Runtime security strategies that evolve with your AI agents' behavior
• Practical red-teaming methodologies for testing multi-agent systems and workflow orchestration
• Building continuous security monitoring for autonomous AI deployments
Traditional pentesting falls short when AI agents can rewrite their own objectives and interact with your infrastructure autonomously. Join us to discover how to secure the next generation of AI systems before adversaries do.

Speaker: Aryaman is the Co-Founder and CEO of Repello AI - a leader in AI Runtime Security and AI red teaming products. Previously, he was the captain of top Indian CTF team InfoSecIITR, and undergrad from IIT Roorkee. Repello AI helps Fortune 500 companies and AI unicorns secure their GenAI applications through continuous red-teaming and adaptive security guardrails.

Talk #3: RBAC Atlas: Mapping Real-World Kubernetes Permissions and Exposing Risky Projects
Role-Based Access Control (RBAC) is the final layer of defense between a compromised Kubernetes workload and a full-scale cluster breach. Yet real-world RBAC configurations, especially those shipped by popular open-source operators and Helm charts, are rarely reviewed with an adversarial mindset.
In this talk I introduce RBAC ATLAS, a curated index of identities and RBAC policies found in popular Kubernetes projects. We will discuss key findings, calling out the riskiest projects I analyzed, the permission patterns distilled from analyzing over 100 policy objects, and concrete ways attackers and defenders can feed these insights into their daily security operations.
Speaker: Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.