San Antonio OWASP Chapter

Applied AI Use Cases for AppSec Presentation Session: 11am-3:00pm
Happy Hour: 3:00pm-4:30pm

Join us for a hands-on exploration of practical AI use cases in Application Security — where the rubber truly meets the road. This session will focus on how security teams are applying AI today across the SDLC, from secure design and code review to testing, detection, and response. We’ll discuss real-world best practices, emerging tools, and how attackers are leveraging AI to create new and evolving threats, along with what defenders can do to stay ahead. Whether you’re experimenting with AI in your AppSec program or looking to separate real value from hype, this talk will deliver actionable insights and strategies you can apply immediately.

Featured Presentations

Building Insecure and Secure by Design: An AI-Assisted Journey Through Web Application Security - Michael Biocchi - Snyk

This talk explores the dual nature of AI-assisted development through a practical case
study: building two versions of the same chat application; one intentionally
vulnerable, and one hardened against attack.
Using AI tooling throughout the development process, I constructed both an insecure
chat application and its secure counterpart. This session will walk through the
complete journey: how AI accelerated development, the specific vulnerabilities
introduced (and why they emerged), the attack vectors that exploit them,

Attendees will gain insights into:

• Leveraging AI effectively for rapid application development
• Common security pitfalls in AI-generated code
• Practical demonstrations of vulnerabilities in the insecure version
• Remediation strategies applied in the secure version
• Best practices for prompting AI tools to generate security-conscious code

Whose Intent Is It Anyway? The Intent Triangle in AI Application Security - Elad Schulman - Lasso

Traditional application security assumes deterministic behavior,
structured inputs, and finite action spaces. AI breaks all three.
This talk introduces the framework for securing AI agents
through the alignment of three intents: the user's, the
developer's, and the agent's. Attacks exploit their misalignment,
as LLMs are built to follow instructions, and that compliance is
both the feature and the attack surface.
Join Lasso for a practical, real-world discussion on where AI
security truly meets the road.

What you’ll learn:

• Why traditional AppSec assumptions fail in AI-driven systems
• Practical controls for securing AI in production
• What secure-by-design means for modern AI applications

Presentation #3 - Sohini Mukherjee - Sweet Security
(Presentation details coming soon...)

Security Panel Discussion: AI Governance: Use Cases and Challenges
Panel participants will discuss the real-world challenges and benefits of implementing an AI Governance framework.

Facilitator: Joseph Gregorio, President OWASP San Antonio, VP Application Security Frost Bank

Additional Meeting Details

• Lunch ($20 paid in person or via our Square account.
• Square payment link:
  https://square.link/u/kiJwhMJj
• Location: Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257
• HAPPY HOUR & DEMO LAB networking after session!!!

Happy Hour - Sponsors

• Snyk
• Sweet Security
• Harness
• Lasso