May Meetup
Details
Join us for the May Bay Area OWASP meetup, proudly sponsored by Doppel.
Expect an evening filled with insightful security talks, engaging conversations, and great community networking — all complemented by delicious food and drinks, generously provided by Doppel. Thank you very much Postmark Inc for providing us the space.
5:00 PM : Doors open, Networking, food and drinks
5.30 PM :- Chapter introductions
5.45-6.30 PM :- Deepfake Detection
6.30-7.15 PM :- More Packages, More Problems: AI, npm, and the New Economics of Supply Chain Attacks
7.15-8.00 PM :- TBD
Talk#1 Deepfack Detection
TBD
Talk#2 More Packages, More Problems: AI, npm, and the New Economics of Supply Chain Attacks
Description:
Malicious npm package activity surged over the past year, and AI is changing the economics behind it. Attackers are using large language models to generate convincing packages, craft realistic documentation, and scale typo squatting campaigns faster than manual review can keep up. Meanwhile, traditional supply chain compromises targeting developer endpoints, credentials, and cryptocurrency wallets are growing more sophisticated on their own.
The session closes with a practical defender's playbook covering development environment hardening, package vetting workflows, and building organizational muscle around supply chain hygiene. Whether you work in application security, platform engineering, or security operations, you will walk away with a realistic picture of the threat and concrete steps to act on it.
Author Bio:
Mohit Bansal is a Senior Manager of Security Operations Engineering at Webflow with over 12 years of experience in cybersecurity. His work spans software supply chain security, cloud infrastructure security, AI agent security, and building developer security programs at scale. Previously, he spent nearly six years at Okta, a major identity platform leading Application Security and Vulnerability Management. Mohit has led incident response efforts against real-world npm supply chain compromises and brings firsthand forensic experience to the threat patterns covered in this talk. He is an active researcher and speaker on the intersection of AI, attacker economics, and developer workflow risks.