2026-03-13 –, Main Stage
After being presented at DEFCON 33 in the Bug Bounty Village and at leHack in Paris, this talk is now coming to the Belgian community. Pedro will be exposing a design flaw he discovered that impacts Retrieval-Augmented Generation (RAG) systems and AI-powered applications.
Retrieval-Augmented Generation (RAG) systems have revolutionized how LLMs (Large Language Models) access "additional" knowledge, powering everything from enterprise chatbots to cutting-edge research tools. However, their architecture, designed to integrate text chunks to give additional context to prompts, also opens the door to innovative data exfiltration techniques.
In this talk, titled "Up and Down Technique: Exposing Hidden Data from RAG Systems", Pedro presents a technique he discovered that enables adversaries to systematically extract sensitive information from RAG applications via prompt injection.
During this talk, we’ll deep dive into the internals of RAG systems by analyzing their architecture, embeddings, vector databases, and prompt anatomy. Pedro will demonstrate, using real-world examples, how attackers can exfiltrate data from documents via carefully crafted prompt injections. More importantly, the presentation will provide a set of comprehensive mitigation strategies.
Designed for red teamers, bug bounty hunters, developers, CISOs, and cybersecurity enthusiasts, this talk bridges the gap between theoretical vulnerabilities and practical, actionable defense strategies, equipping security professionals with the knowledge they need to protect modern, AI-powered applications against emerging threats.
Pedro, also known as "drop," is an Offensive Security Manager at PwC, specializing in Application Penetration Testing and a security researcher. Before transitioning into cybersecurity, he had a background in Data Analytics and Data Science.
As a security researcher, he has over 10 CVEs to his name and has identified more than 150 vulnerabilities through various bug bounty programs. He holds multiple offensive security certifications, including CBBH, eJPTv2, PJMT, and BSCP.
In 2024, he ranked among the top 3 at Belgium’s Hack the Government Live Hacking Event. He is an active voice in the bug bounty community and a HackerOne brand ambassador for Belgium.