Applied AI Use Cases for AppSec - Where the Rubber Meets the Road!
Details
Applied AI Use Cases for AppSec Presentation Session: 11am-3:00pm
Happy Hour: 3:00pm-4:30pm
Join us for a hands-on exploration of practical AI use cases in Application Security — where the rubber truly meets the road. This session will focus on how security teams are applying AI today across the SDLC, from secure design and code review to testing, detection, and response. We’ll discuss real-world best practices, emerging tools, and how attackers are leveraging AI to create new and evolving threats, along with what defenders can do to stay ahead. Whether you’re experimenting with AI in your AppSec program or looking to separate real value from hype, this talk will deliver actionable insights and strategies you can apply immediately.
Featured Presentations
Building Insecure and Secure by Design: An AI-Assisted Journey Through Web Application Security - Michael Biocchi - Snyk
This talk explores the dual nature of AI-assisted development through a practical case
study: building two versions of the same chat application; one intentionally
vulnerable, and one hardened against attack.
Using AI tooling throughout the development process, I constructed both an insecure
chat application and its secure counterpart. This session will walk through the
complete journey: how AI accelerated development, the specific vulnerabilities
introduced (and why they emerged), the attack vectors that exploit them,
Attendees will gain insights into:
- Leveraging AI effectively for rapid application development
- Common security pitfalls in AI-generated code
- Practical demonstrations of vulnerabilities in the insecure version
- Remediation strategies applied in the secure version
- Best practices for prompting AI tools to generate security-conscious code
Whose Intent Is It Anyway? The Intent Triangle in AI Application Security - Elad Schulman - Lasso
Traditional application security assumes deterministic behavior,
structured inputs, and finite action spaces. AI breaks all three.
This talk introduces the framework for securing AI agents
through the alignment of three intents: the user's, the
developer's, and the agent's. Attacks exploit their misalignment,
as LLMs are built to follow instructions, and that compliance is
both the feature and the attack surface.
Join Lasso for a practical, real-world discussion on where AI
security truly meets the road.
What you’ll learn:
- Why traditional AppSec assumptions fail in AI-driven systems
- Practical controls for securing AI in production
- What secure-by-design means for modern AI applications
Presentation #3 - TBD - Sweet Security
(Presentation details coming soon...)
Presentation #4 - TBD - ByteWhisper
(Presentation details coming soon...)
Security Panel Discussion: AI Governance: Benefits and Challenges
Panel participants will discuss the real-world challenges and benefits of implementing an AI Governance framework.
Facilitator: Joseph Gregorio, President OWASP San Antonio, VP Application Security Frost Bank
Additional Meeting Details
- Lunch ($20 paid in person or via our Square account.
- Square payment link:
https://square.link/u/kiJwhMJj - Location: Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257
- HAPPY HOUR & DEMO LAB networking after session!!!
Happy Hour - Sponsors
- Snyk
- Sweet Security
- Harness
- Lasso
- ByteWhisper
Join Zoom Meeting
https://us06web.zoom.us/j/88075094983?pwd=HgD51ImqU3vbgKfJVpUhAc5mvqL5Ow.1
Meeting ID: 880 7509 4983
Passcode: 840262
We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, as you take advantage of this excellent networking opportunity!
Please feel free to pass this information on to your peers and team members. 😊
Future Presentation Topics To Vote On
- Post-Quantum Computing
- ASPM
- Pentest
- Ransomware
- DevSecOps - Security as Code
- Security Controls for AI