DSOLG April Event - No AI Without APIs

## Details

Welcome to the DevSecOps London Gathering April Event on Wednesday 29 April! We bring you two speakers, as well as the usual conversations, pizza and beer!

📍 Hosted at Civo Tech Junction, 1st Floor, 32-37 Cowper Street, London, EC2A 4AW
📅 Wednesday, 29 April
🕕 6:00–8:00 PM

## Talk Abstracts:

Talk 1
APIs are the hidden infrastructure that connects everything, like the plumbing of the modern age – though much like plumbing, you don't realise you've got a problem until it’s too late…

This is doubly true for the AI era. It doesn't matter if you're orchestrating agents through OpenClaw, Warcraft 3 or MCP – APIs remain the way AI escapes the bounds of the chat box into the real world.

But this new modality of APIs unfortunately didn't ship with more security. We’ve spent years lumping APIs into “web security” and calling it a day. As AI adoption accelerates, API abuse is becoming the easiest way to escalate impact: broken object-level auth, excessive data exposure, workflow manipulation, and agent overreach. So what actually matters and how are attackers exploiting it?

Join Dr Katie Paxton-Fear as we explore API hacking as its own discipline, in the AI era. No generic web security theory. Instead, you’ll walk away understanding:

• What makes APIs uniquely vulnerable
• The bugs attackers actually look for
• How AI-driven workflows expand impact
• How to test your own APIs effectively

Katie's bio
Dr Katie Paxton-Fear is a hacker and security advocate at Semgrep – she used to make applications, and now she breaks them. A former developer, she sees security vulnerabilities as small mistakes by overstressed developers, and wants to find ways to make their life easier while making sure that we are all secure. She's found vulnerabilities in everything from the military to AI, in her own words 'without really knowing what I was doing'. She is passionate about giving back to the security community, delivering security training, writing and sharing her security research, and also through her YouTube channel – where she teaches almost 100,000 subscribers how to follow in her footsteps! She combines easy-to-understand explanations with key technical details, turning security into something everyone can understand and engage with. She's been featured as an expert in the Wall Street Journal, BBC News, ZDNet, The Daily Swig, Vodafone and more.

Talk 2
APIs are the hidden infrastructure powering modern cloud systems connecting services, platforms, and now increasingly, AI agents.
In the AI era, APIs are no longer just consumed by users, they're being called, chained, and orchestrated by autonomous systems at scale. Whether it's agent workflows, microservices, or cloud-native platforms, APIs are the bridge between intelligent systems and real-world actions.
However, while adoption has accelerated, security has not kept pace. Many organisations still treat API security as an extension of traditional web security, overlooking critical gaps introduced through architecture, identity design, and DevSecOps practices.
So where are things actually going wrong?
Join me to explore how modern cloud architectures unintentionally expose APIs from misconfigured gateways and over-permissioned identities to weak trust boundaries across services. The session will also examine how AI-driven workflows amplify these risks, turning small design flaws into large-scale vulnerabilities.
Sriram's Bio
Sriram Kumar is a Solution Designer with multiple years of experience in cloud and DevOps engineering, specialising in Microsoft Azure. He has a strong background in designing and securing cloud-native architectures, including API Management, identity-driven access, and enterprise-scale infrastructure.
Sriram has worked across multiple organisations delivering secure, scalable solutions, with hands-on experience in Cloud networking, CI/CD pipelines, and DevSecOps practices. His work often involves solving real-world challenges around API security, cloud governance, and system resilience in complex environments.
Beyond his professional work, Sriram actively contributes to the community through NGO initiatives and mentoring students, supporting them in building careers in cloud and technology.
With a practical, architecture-first approach, Sriram focuses on bridging the gap between development, operations, and security, helping teams build systems that are not only functional but secure by design.