Breaching LLM Powered Applications + Lessons from the Oregon Trail

Hope you all had a great summer so far, so let's end it with another event! This time we're heading to Cegeka, in Hasselt. Thanks for hosting us!

This time we have Kadi McKean and Brian Vermeer joining us to talk about LLM and Supply Chain security!

Schedule

• 18:00: Doors open + Food and Drinks
• 18:45: Intro and BeJUG updates
• 18:50: Talk 1
• 19:35: Little break
• 19:45: Talk 2
• 20:30: Mingling + Drinks

Topics

Breaching LLM Powered Applications
LLMs accessing the database and intelligent agents that perform online purchases? The possibilities for AI in applications seem endless but so are their security and data privacy risks.

In this session, we’ll address common issues such as prompt injection, key leakage, abuse of private customer data for model training, legal restrictions, and more. In addition, we will show that general security issues in your systems can also influence the behavior and outcome of LLMs.

During this session, you’ll get a solid overview of the vulnerabilities to avoid, strategies to ensure data privacy compliance and best practices for building secure LLM-powered applications.

About Brian
Staff Developer Advocate for Snyk, Java Champion, Oracle Ace Pro, and Software Engineer with over a decade of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity.

Brian is a JUG leader for the Virtual JUG and the NLJUG. He also co-leads the DevSecCon community and is a community manager for Foojay. He is a regular international speaker on mostly Java-related conferences like JavaOne, Devnexus, Devoxx, Jfokus, JavaZone and many more.

Besides all that, Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.

Lessons from the Oregon Trail for the Secure Software Supply Chain
Dysentery, snake bites, and drowning—classic ways to die in Oregon Trail. But how do you “die” in application development? Simple: a day-zero breach or cyberattack. Just one successful breach can land your organization on the front page of the news.

The question is: can you prevent it?
Yes.

Today, open source components make up 90% of modern application dependencies. With the software industry’s reliance on open source, it’s critical to choose well-maintained, community-driven projects to withstand disasters like Log4j.

In this session, learn how attackers embed malicious code that evades sandbox detection or masquerades as legitimate vendor software. We'll explore real-world examples, from Log4j vulnerabilities to state-sponsored malware in macOS Flutter apps, dissecting what went wrong.

Discover emerging technologies that assess software risks without relying on source code, like automated static binary analysis and black-box testing. Gain actionable insights and best practices to uncover hidden threats in your software supply chain.

About Kadi
Kadi is a Community Manager whose passion for this dynamic field ignited during her early experiences with COBOL development and Mainframe solutions.

Currently thriving at ReversingLabs, Kadi works as collaborator alongside developers and security researchers, helping others to prioritize OSS risk and safeguard applications from potential threats.

Additional notes:

• This meetup includes food. Please keep your RSVP status up to date so we do not waste any of our food.
• Some pictures might be made. If you feel uncomfortable about this, please mention this to the organizers (or anyone with a camera).