OWASP Boston Chapter Meeting - June 2026

OWASP Boston Chapter Meetups aim to connect app sec enthusiasts and talk on any topic in application security. Doors open at 6:30pm and the presentation starts at 7pm. Pizza and soda will be provided. This will be an in person meetup only.

ONLY HUMANS ALLOWED! PLEASE BRING AN ID AS THIS IS REQUIRED BY OUR HOSTS. YOUR NAME IN THE REGISTRATION FORM SHOULD MATCH THE ONE ON YOUR ID

Talk Title - Retrieval as Execution: The New AppSec Crisis

Talk Description - While most AppSec teams are focused on sanitizing user prompts, a more dangerous threat is taking root: Persistent Memory Poisoning. In 2026, as we shift from chatbots to autonomous agents, the Retrieval-Augmented Generation (RAG) pipeline has become a new "untrusted input" vector.

This session introduces the concept of "Retrieval as Execution." We will explore how attackers use MemoryGrafting to implant malicious "experiences" into an agent’s long-term memory. Unlike transient prompt injections, these "sleeper agents" bypass traditional WAFs and static analysis, waiting weeks to trigger logic-based exploits—from data exfiltration to unauthorized API orchestration.

About the speaker - Fnu Tarana works at the intersection of application security, engineering, and evolving technologies—helping organizations move from reactive security to secure-by-design development. With a Master’s degree in Information Technology and Management (Cybersecurity specialization) and extensive IT experience in, her focus is on making application security practical, scalable, and aligned with how modern software is actually built.