BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//speaker//R9J9FP
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-HY3QBJ-0@pretalx.com
DTSTART;TZID=CET:20260507T133000
DTEND;TZID=CET:20260507T180000
DESCRIPTION:The technical track of the AI security village
DTSTAMP:20260412T011426Z
LOCATION:IFEN room 3 Workshops and AI Security Village (Building D)
SUMMARY:AI Security village - technical training and implementation - Parth
  Shukla\, Nagarjun Rallapalli
URL:https://pretalx.com/bsidesluxembourg-2026/talk/HY3QBJ/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-HY3QBJ-1@pretalx.com
DTSTART;TZID=CET:20260508T090000
DTEND;TZID=CET:20260508T120000
DESCRIPTION:The technical track of the AI security village
DTSTAMP:20260412T011426Z
LOCATION:IFEN room 3 Workshops and AI Security Village (Building D)
SUMMARY:AI Security village - technical training and implementation - Parth
  Shukla\, Nagarjun Rallapalli
URL:https://pretalx.com/bsidesluxembourg-2026/talk/HY3QBJ/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-UGKRML@pretalx.com
DTSTART;TZID=CET:20260508T112000
DTEND;TZID=CET:20260508T120000
DESCRIPTION:AI agents are different from regular LLM apps — they plan ste
 ps\, call tools\, and chase goals across multiple interactions. This added
  complexity introduces new kinds of security risks that aren’t widely un
 derstood yet.\n\nIn this talk\, I’ll walk through demos of vulnerabiliti
 es from the OWASP Agentic AI Threats. These include goal hijacking\, align
 ment faking\, orchestration misuse\, and time-based attacks that exploit h
 ow agents behave over multiple steps or sessions. I’ll show how attacker
 s can trick agents into following the wrong goals\, leaking data\, or usin
 g tools in unsafe ways — all through practical examples.
DTSTAMP:20260412T011426Z
LOCATION:IFEN room 2\, Workshops and AI Security Village  (Building D)
SUMMARY:The Agent Had a Plan—So Did I: Top Attacks on OWASP Agentic AI Sy
 stems - Parth Shukla\, Nagarjun Rallapalli
URL:https://pretalx.com/bsidesluxembourg-2026/talk/UGKRML/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-8ACVB3@pretalx.com
DTSTART;TZID=CET:20260508T133000
DTEND;TZID=CET:20260508T173000
DESCRIPTION:Event Strategy & Structure\n\nCore Mission: A 2-day\, open-floo
 r "village" dedicated to exploring real-world security risks in Agentic AI
 \, Model Context Protocol (MCP) architectures\, and LLM workflows.\n\nAlig
 nment: All content and threat models are strictly aligned with OWASP guida
 nce (LLM Top 10 & AI Security Exchange).\n\nDynamic Flow: Unlike tradition
 al linear training\, this is an exploratory space. The schedule is fluid\;
  organizers will pivot topics\, attack scenarios\, and deep dives in real-
 time based on what attendees find most interesting.\n\nVillage Logistics\n
 \nOpen Access: The village runs continuously for two days with no fixed st
 art/stop times.\nDrop-in Format: Attendees are free to enter\, observe\, l
 eave\, and return at will. This supports the casual\, "hallway con" cultur
 e of BSides events.\nParallel Tracks: Multiple activities (demos\, labs\, 
 discussions) happen simultaneously\, allowing for natural scaling of depth
  from beginner to advanced levels.\n\nOrganizer Responsibilities (The Blue
  Team/Red Team)\n\nLive Operations: Organizers act as facilitators\, maint
 aining intentionally vulnerable infrastructure (LLMs\, RAG pipelines\, Aut
 onomous Agents\, MCP Servers).\n\nInteractive Walkthroughs: Instead of for
 mal talks\, organizers provide short\, continuous breakdowns of attacks\, 
 explaining why a specific trust boundary failed or how a design choice cre
 ated a vulnerability.\n\nAdaptive Defense: Based on audience feedback\, or
 ganizers will live-patch systems or remove mitigations to demonstrate how 
 security controls impact attack feasibility.\n\nAttendee Experience (The R
 ed Team)\nHands-on Exploitation: Attendees can directly interact with depl
 oyed systems to attempt prompt injection\, logic-based attacks\, and tool 
 abuse.\nFeedback Loop: Attendees actively shape the curriculum by voting o
 n which systems to attack next or requesting deeper focus on specific fail
 ure modes.\nCollaborative Defense: A key component is discussing defenses\
 ; attendees can propose architecture changes or guardrails\, which organiz
 ers can discuss or implement live.\n\nHands-on Labs & Infrastructure\nSelf
 -Paced Playgrounds: Dedicated stations will run continuously for independe
 nt learning.\nDreadnode Crucible: Focuses on practical exploitation of LLM
 s and agents.\nLakera Gandalf / Agent Breaker: Gamified challenges coverin
 g prompt injection\, goal hijacking\, and instruction drift.\nPurpose: The
 se labs ensure that even if the live demo is advanced\, beginners have a p
 lace to start learning fundamentals.\n\nAgenda: \n\nBreaking LLM Systems\n
 Theme: Fundamentals of LLM vulnerabilities and the OWASP LLM Top 10.\nLive
  Targets: Minimalist LLM deployments and chat interfaces.\nDeep Dives:\nGu
 ardrails: Examining internal mechanics and demonstrating how to bypass pra
 ctical limitations.\nRAG Security: attacking Vector Databases and poisonin
 g retrieval contexts (RAG-specific threats).\n\nAgenda: Agentic AI & MCP S
 ecurity\nTheme: The core focus of the village—Autonomous Agents and the 
 Model Context Protocol (MCP).\nComplex Workflows: Demos will feature multi
 -step agents that can plan\, execute\, and interact with external tools.\n
 Key Attack Vectors:\nInstruction Hijacking: Forcing an agent to deviate fr
 om its original goal.\nTool Abuse: Exploiting over-privileged MCP capabili
 ties (e.g.\, an agent with unrestricted file access).\nTrust Boundaries: A
 nalyzing failures in the handshake between Agents and MCP servers.
DTSTAMP:20260412T011426Z
LOCATION:IFEN room 2\, Workshops and AI Security Village  (Building D)
SUMMARY:AI Security Village - Parth Shukla\, Nagarjun Rallapalli
URL:https://pretalx.com/bsidesluxembourg-2026/talk/8ACVB3/
END:VEVENT
END:VCALENDAR