2025-06-19 –, Secondary stage
The data behind AI copilots is not only their most critical asset but also a key strategic consideration for enterprises and SMBs alike. This talk examines the challenges of securing diverse architectures at scale, offering practical insights into safeguarding sensitive data while enabling innovation. Learn how to align your AI strategy with robust security practices to maximize value without compromising trust.
In this technical session, we delve into the unique security challenges faced by AI copilots/chatbots/agents—AI systems designed to assist with various tasks—focusing specifically on data as their most critical asset. The talk will cover AI-specific threats such as data poisoning, prompt injection attacks/hallucinations, and data extraction risks, exploring how these vulnerabilities differ from traditional security concerns. We will discuss various AI deployment architectures and their impact on data security. Practical strategies will be provided to secure AI data, including hands-on techniques like automating data cleaning pipelines and configuring secure inference pipelines. The session will also introduce AI-specific threat modelling and explore real-world examples, demonstrating how to integrate security measures into AI development workflows. By the end, attendees will be equipped with actionable insights and tools to align their AI strategy with robust security practices, ensuring the safe and effective deployment of AI chatbots.
Andra is a Principal Application Security Specialist at Sage, with over seven years of experience in the field of application security. She is responsible for implementing DevSecOps practices, conducting security assessments, and developing secure coding guidelines for software engineering and AI/ML teams. She has a strong background in software development and project management, as well as a master's degree in information and computer sciences. She has been co-leading the OWASP London Chapter since 2019, where she organises and delivers events and workshops on various security topics. She is passionate about educating and empowering developers and stakeholders to build and deliver secure software and best practices in a fast-paced, results-driven environment.