Tue, May 26 · 6:00 PM PDT
Details
***
Snyk: Company Introduction Bradley Soon (Snyk) opens the evening with a brief introduction to Snyk and the work the company is doing on AI security tooling for development teams. Bradley sets the context for what's changing in how organizations protect their code, their dependencies, and now their AI systems.
***
Keeping Your Agents on a Leash: Agentic Guardrails, MCP Security, AI BOMs and Chatbot Red-Teaming Javier Garza (Snyk) runs a hands-on presentation on securing the AI development workflow. You'll learn how to do secure vibe coding with AI agentic coding tools like Cursor, Claude, and Copilot, how to detect tool poisoning, prompt injection risks, and toxic flow vulnerabilities in MCP servers using CLI tools, and how to run AI-focused red teaming against AI systems, LLM endpoints, and AI-powered APIs to uncover risks like jailbreaks, prompt injections, data leakage, and unsafe behaviors. Bring your laptop if you want to follow along.
***
Runtime Governance for AI Agents: Why System Prompts Aren't Enough Bhuvan Shah , Product Manager at Microsoft and co-founder of Verdict (an independent project, not affiliated with Microsoft), closes the evening with a talk and live demo. System prompts feel like enough until your agent ships to production. Then prompt injection rewrites your guardrails. A model update changes behavior you depended on. Compliance asks for an audit trail you don't have. Bhuvan walks through why policy-as-prompt isn't a compliance posture, and what a runtime governance layer looks like when agents take real actions in your systems. Expect a clear look at the failure modes teams hit once they move past demos, the design principles for governance built to survive real workloads, and practical patterns being used in production today: policy bundles, PII interception at the wire, scope limiting for tools and APIs, and per-tenant audit isolation. If you're deploying agents and need enforcement you'd trust in an audit, bring your hardest deployment questions.
***
Do not miss this opportunity to connect with practitioners working on the front lines of AI security and governance.Logistics
Time: 6 to 8 p.m. / Registration and networking start at 5:15 p.m.
UBC Robson Square, C680 HSBC Hall . Google Maps
Seats are limited for this event, so do not miss out! Kindly RSVP only if you plan to attend in person. And please remember to cancel your reservation if your plans change.
Speaker Bios: Brad Soon is an Enterprise Account Director at Snyk, where he partners with leading organizations across Western Canada to align their enterprise security strategies with modern software development. With a deep understanding of the DevSecOps ecosystem, Brad helps business and technical leaders champion developer-first security programs that integrate seamlessly into their existing CI/CD pipelines. Rather than just focusing on tooling, Brad specializes in the human and operational side of security, helping companies break down traditional silos between development, operations, and security teams. He is passionate about reducing developer friction, optimizing deployment workflows, and enabling enterprises to build fast while staying secure.
Javier Garza is a Technology evangelist that has written many articles on HTTP/2, security and web performance, and is the co-author of the O’Reilly Book “Learning HTTP/2” (https://amzn.to/2TJbpUU). Javier has spoken at more than 30 events around the world, including well-known conferences like Velocity, AWS Re:Invent, and PerfMatters and is the host of the "AI Security Engineers San Francisco Bay Area Chapter" (https://snyk.io/community/). His life’s motto is: share what you learn, and learn what you don’t. In his free time he enjoys challenging workouts and volunteering with different non-profits.
Bhuvan Shah is currently a Product Manager at Microsoft. Separately from his day job, he works on runtime governance for AI agents—policy and enforcement at the tool boundary, with audit evidence teams can defend in production. He is co-founder of Verdict (independent project; not affiliated with Microsoft). At Vancouver DevOps he’ll cover what the industry is shipping today, what’s still missing when agents execute actions, and a short live demo of patterns he’s been exploring on his own time.
