Pittsburgh ISSA April Meeting
Details
Join us on April 21st, 2026!
Featured Speaker: Devan Rajendran
Topic: Authorized but Misaligned: How Agents Manipulate Meaning in Commerce
AI shopping agents are moving into production as Visa, Mastercard, and Google build infrastructure for autonomous purchases projected to reach trillions by 2030. Protocols like AP2, MCP, A2A, and ACP ensure authentication and payment integrity, but correct authorization doesn’t guarantee correct decisions.
Research shows that indirect prompt injection—the top OWASP risk for LLMs and agents in 2025—can steer autonomous shopping agents into unintended purchases even when cryptographic mandates and constraints are fully enforced. Agents act incorrectly while believing they are compliant.
This session reviews the threat landscape, the protocols, residual risks under perfect enforcement, and experimental results from a sandbox isolating this failure mode. As organizations delegate purchasing to agents, the challenge shifts from verifying identity to trusting decision‑quality, with major implications for fraud, liability, consumer trust, and regulation.
About the Speaker: Devan Rajendran
Devan Rajendran is a graduate student at Carnegie Mellon University’s Heinz College, specializing in Information Security Policy and Management. His work focuses on cybersecurity, threat analysis, and security governance, with hands‑on experience in threat modeling, intelligence gathering, and application security testing. He is active in CMU’s AI Safety and graduate leadership committees and has academic grounding in network security, cyber intelligence, and software security. Devan also brings research experience, including a distinguished paper award for work in robotics and advanced manufacturing.
Date: Tuesday, April 21, 2026
Time: 5:30 PM – 7:00 PM (Presentation starts at 6:00 PM)
Location: Hackers Guild PGH - 2247 Babcock Blvd - Pittsburgh, PA 15237
Who Should Attend
Security engineers, vulnerability analysts, CISOs, SOC teams, researchers, and anyone responsible for assessing or prioritizing security risk will find this session especially valuable.