Donato Capitella
Donato Capitella is a Software Engineer and Principal Security Consultant at Reversec, with over 15 years of experience in offensive security and software engineering. Donato spent the past 3 years conducting research and assessments on Generative AI applications, covering topics such as multi-chain prompt injection, securing ReAct agents, and testing LLM guardrails. He is the lead developer of spikee (https://spikee.ai) an open-source tool for practical testing of LLM applications. He shares his work through a technical YouTube channel (https://www.youtube.com/@donatocapitella) and publishes research articles on the Reversec Labs blog (https://labs.reversec.com/authors/donato-capitella).
Session
GenAI applications have moved from being single prompt wrappers to long chains of LLM calls, tools, and agentic workflows. In these systems, guardrails cannot live on a single isolated prompt. They need to be designed based on how data flows through the application, how permissions are enforced, and which risks are relevant for the use case.
This talk shares practical experience from helping teams design and test guardrails for LLM applications. Prompt-based guardrails tend to fail under determined attackers, so they must be combined with application-level controls and feedback mechanisms that allow the system to detect and respond to prompt attacks.
Rather than evaluating models in isolation, the focus is on testing the application itself. This includes testing how inputs and outputs propagate through LLM chains, how intermediate results are reused, and how guardrails interact across different stages of a workflow. The talk shows how this can be tested in practice using spikee (https://spikee.ai), an open source tool built to test LLM applications for prompt-based attacks.