OWASP Netherlands Chapter

Location: Beyond Republica campus, Amsterdam (https://maps.app.goo.gl/hJLCKeqVEMaEoLV16)
Address: Papaverhof 59, 1032 LX Amsterdam

For parking: there are the following spots:
- along the Papaverweg which are at 1.72 euros per hour, at NDSM: https://www.amsterdam.nl/parkeren/parkeertarieven/
- 3 mins walk: in front of Karwei, GAMMA, JYSK (free but space is limited)
- also there are plenty of Parkbee locations nearby within 5 mins walking radius.
- Or near Mosveld Shopping Mall (15 mins walk)

Mosveld Shopping Mall
Free for the first 90 minutes
€0.50 per 30 min; max €10/day

See https://owasp.org/www-chapter-netherlands/upcomingevents for more information about the OWASP Netherlands chapter.

18:00 - 18:15 - Reception of attendees
18:15 - 19:00 - Simple meal
19:00 - 19:15 - Welcome and OWASP updates
19:15 - 20:00 - False Clear Ahead - When Agents Derail Your Defenses by Rens van Dongen
20:00 - 20:15 - Break
20:15 - 21:00 - Bot vs. Bash: How Modern Threat Actors are Actually Using AI by Daniel Kapellmann Zafra

False Clear Ahead - When Agents Derail Your Defenses
Abstract:
AI agents that pass an initial security review can still derail through prompt injection, tool poisoning, or destructive overalignment — the “false clear.” Drawing on recent research, real-world incidents, and AI governance at Dutch Railways, this talk explores how agentic AI reshapes the enterprise attack surface and what defense-in-depth strategies help you govern agents without blocking innovation.
Bio:
AI Governance and Cybersecurity strategist, specializing in responsible AI and secure software policy for the Dutch Railways. Experienced CISO in Retail Banking, Media Broadcasting and Enterprise Software industries. Balancing engineering background with a pragmatic, people-centric approach. Credentials include AIGP, CISSP, CISM, CCSP, CIPP/e, and Lead Implementer ISO/IEC 42001:2023 (AIMS).

Bot vs. Bash: How Modern Threat Actors are Actually Using AI
Abstract:
Generative AI has rapidly shifted to become a defining element of the modern threat landscape. This has resulted in great interest from a cybersecurity perspective and numerous discussions about its potential impacts. However, moving beyond speculation, this session presents real-world observations from the front lines of threat intelligence to demonstrate exactly how adversaries are utilizing these tools today.

We will explore how state-sponsored APTs and financially motivated actors integrate Large Language Models (LLMs) to sharpen the quality of social engineering, reconnaissance, and code generation. Rather than focusing on “super-malware” theories, we dive into specific “in the wild” use cases to provide defenders with the practical context needed to identify and counter AI-augmented threats within their own environments.
Bio:
Daniel Kapellmann Zafra is Technology Strategy Lead in Google Threat Intelligence, where he designs the future of large-scale investigative frameworks. With a specialized background in Information Operations (IO) and Cyber-Physical threats, Daniel has spent his career working with different threat intelligence teams to scale the breadth and depth of intelligence investigations. He currently spearheads initiatives at the intersection of AI and threat intelligence, focusing on how emerging AI ecosystems redefine both the threat landscape and the efficiency of modern cybersecurity. A former Fulbright Scholar and University of Washington Informatics alumnus, Daniel was previously recognized by the Kaspersky Academy Talent Lab for innovation in security architecture.