AI Security Village
Provide hands-on experience in exploiting and securing intentionally vulnerable AI applications with repeated key content to accommodate rotating groups.

Provide hands-on experience in exploiting and securing intentionally vulnerable AI applications with repeated key content to accommodate rotating groups.
A brief introduction to key security threats in AI applications, including:
Learn how to exploit prompt injection in an intentionally vulnerable chatbot application.
Hands-on: Identifying and mitigating injection vulnerabilities.
An overview of common web vulnerabilities affecting AI applications, such as:
Exploiting Cross-Site Scripting in an AI-driven web interface.
Hands-on: Fixing output encoding issues.
Understand how malicious data can corrupt AI model training.
Poison a training dataset to manipulate model behavior.
Hands-on: Securing the training pipeline.
An overview of model theft and unauthorized access risks.
Learn to exploit model extraction through excessive API responses.
Hands-on: Implementing rate-limiting and secure API practices.
Risks of unvalidated outputs in AI applications.
Discover sensitive information disclosure via insecure output.
Hands-on: Applying secure output validation techniques.
An overview of sandbox vulnerabilities and RCE risks.
Exploit sandbox bypass in a vulnerable AI application.
Hands-on: Hardening sandbox configurations.
How can we enable pentesters to automate vulnerability scanning in Java code at a high level.
What went behind building the tool – choosing a problem statement, sourcing datasets, preprocessing them, and identifying the right pre-trained model.
Building a tool to identify major vulnerabilities in Java code, in crucial domains such as Path Traversal, Input Validation, Resource Management, SQL Injection, Command Injection, and Logic Issues.
Demo, conclusion, and future developments for the current project.
Focus: Introduction to AI/ML security concepts and common attack techniques.
Focus: Advanced attack techniques and comprehensive security strategies.
Founder CRAC LEARNING
Founder of CRAC LEARNING. I am a cybersecurity enthusiast exploring multiple domains in security, learning and keeping myself updated with latest trends and techniques. Worked with great teams at Amazon, AWS, Microsoft. Also an active volunteer to help budding talent and initiatives in cybersecurity research and awareness.
Senior Security testing Engineer - EPAM Systems India Pvt Ltd
Sastry is an accomplished professional with over 6 years of Infosec experience in Vulnerability assessment &Penetration Testing on Web ,Network and mobile applications and known for good leadership, and management within the Information Security domain.He has good understanding of Security guidelines like OWASP Top 10, SANS Top 25 and Mobile Top10. He has good Expertise in red team assessments especially on AD security .A strong emphasis on having good expertise in Secure code review on Java based applications.Currently he is working on implementing security in AI based applications.
Curious Learner | Tech Enthusiast | Student of Artificial Intelligence
I am a curious learner, highly interested in artificial intelligence and economics. I run a blog named sapiencespace, in which my primary objective is to deliver simplified content in the field of programming, data science, write about personal development and provide byte sized book summaries.
Principal Security Engineer - Microsoft
I am an accomplished Information Security professional with over 15 years of extensive experience in various domains of security. As an Offensive Security Certified Professional (OSCP) and Certified Ethical Hacker (CEH), I bring deep technical expertise and a proactive approach to safeguarding information assets. I have a rich background in integrating security practices seamlessly into the Software Development Life Cycle (SDLC), ensuring robust protection from the ground up.Throughout my career, I have honed my skills in threat modeling, secure code review, penetration testing, security architecture review, application security, mobile security, cloud security, and vulnerability management. My commitment to continuous learning and staying abreast of the latest security trends ensures that I am always prepared to tackle new challenges and protect valuable information assets effectively and fostering a culture of continuous security enhancement. Currently, I serve as a Principal Security Engineer at Microsoft, where I lead initiatives to fortify our security posture and drive innovation in our security solutions. My passion lies in not only identifying and mitigating security threats but also in educating and empowering teams to embrace security best practices, ultimately creating a safer digital environment for all.