BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidescharm2026//speaker//ET7X9E
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidescharm2026-Z3KK7R@pretalx.com
DTSTART;TZID=EST:20260426T123000
DTEND;TZID=EST:20260426T125000
DESCRIPTION:Prompt injection remains the elephant in the AI Security room
 —there's no deterministic defense\, yet the urgency driving AI adoption 
 means many teams feel forced to either accept the risk or hobble their age
 nts with overly restrictive policies. But there's a third path: containmen
 t. In this talk\, I'll walk through the architectural guardrails Stripe ad
 opted to protect our agent platform\, showing how you can give agents powe
 rful tools while ensuring minimal damage if prompt injection occurs. I'll 
 cover strategies for preventing data exfiltration through controlled egres
 s\, share UI patterns for human confirmation flows to balance oversight wi
 th usability\, and demonstrate how to enforce these guardrails at CI-time 
 using tool annotations.
DTSTAMP:20260417T061310Z
LOCATION:Track 1
SUMMARY:Breaking the Lethal Trifecta: Architectural Prompt Injection Defens
 es - Andrew Bullen
URL:https://pretalx.com/bsidescharm2026/talk/Z3KK7R/
END:VEVENT
END:VCALENDAR