2025-10-04 –, ENG 103
We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we'll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk.
The goal of this session is to make sure people are aware of the most common security vulnerabilities when building AI agents. The reason why we were able to hack so many AI agents within a short amount of time is because we see the three common issues repeating themselves:
1. Incorrect enforcement of authorization rules (leading to IDOR attacks)
2. Bad code sandboxes (leading to infrastructure takeovers)
3. Malformed tool calling logic (leading to SSRF)
This talk tells the story of our Y Combinator journey and how we helped our batch mates secure their AI agents to close deals with billion-dollar companies. It goes through live demos of these vulnerabilities, why they're often overlooked, and what's the necessary "mindset shift" that developers need to take in the world of AI engineering.
Rene Brandel is the Cofounder & CEO of Casco. Before Casco, he was the Head of Product at AWS and inventor of "Kiro" - AWS' agentic IDE. He has a long-standing passion for AI, cloud, and developer tools. In fact, he won Europe's largest hackathon in 2016 with a voice-to-code agent before generative AI became a common-place technology.