BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//talk//8ACVB3 BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-bsidesluxembourg-2026-8ACVB3@pretalx.com DTSTART;TZID=CET:20260508T133000 DTEND;TZID=CET:20260508T173000 DESCRIPTION:Event Strategy & Structure\n\nCore Mission: A 2-day\, open-floo r "village" dedicated to exploring real-world security risks in Agentic AI \, Model Context Protocol (MCP) architectures\, and LLM workflows.\n\nAlig nment: All content and threat models are strictly aligned with OWASP guida nce (LLM Top 10 & AI Security Exchange).\n\nDynamic Flow: Unlike tradition al linear training\, this is an exploratory space. The schedule is fluid\; organizers will pivot topics\, attack scenarios\, and deep dives in real- time based on what attendees find most interesting.\n\nVillage Logistics\n \nOpen Access: The village runs continuously for two days with no fixed st art/stop times.\nDrop-in Format: Attendees are free to enter\, observe\, l eave\, and return at will. This supports the casual\, "hallway con" cultur e of BSides events.\nParallel Tracks: Multiple activities (demos\, labs\, discussions) happen simultaneously\, allowing for natural scaling of depth from beginner to advanced levels.\n\nOrganizer Responsibilities (The Blue Team/Red Team)\n\nLive Operations: Organizers act as facilitators\, maint aining intentionally vulnerable infrastructure (LLMs\, RAG pipelines\, Aut onomous Agents\, MCP Servers).\n\nInteractive Walkthroughs: Instead of for mal talks\, organizers provide short\, continuous breakdowns of attacks\, explaining why a specific trust boundary failed or how a design choice cre ated a vulnerability.\n\nAdaptive Defense: Based on audience feedback\, or ganizers will live-patch systems or remove mitigations to demonstrate how security controls impact attack feasibility.\n\nAttendee Experience (The R ed Team)\nHands-on Exploitation: Attendees can directly interact with depl oyed systems to attempt prompt injection\, logic-based attacks\, and tool abuse.\nFeedback Loop: Attendees actively shape the curriculum by voting o n which systems to attack next or requesting deeper focus on specific fail ure modes.\nCollaborative Defense: A key component is discussing defenses\ ; attendees can propose architecture changes or guardrails\, which organiz ers can discuss or implement live.\n\nHands-on Labs & Infrastructure\nSelf -Paced Playgrounds: Dedicated stations will run continuously for independe nt learning.\nDreadnode Crucible: Focuses on practical exploitation of LLM s and agents.\nLakera Gandalf / Agent Breaker: Gamified challenges coverin g prompt injection\, goal hijacking\, and instruction drift.\nPurpose: The se labs ensure that even if the live demo is advanced\, beginners have a p lace to start learning fundamentals.\n\nAgenda: \n\nBreaking LLM Systems\n Theme: Fundamentals of LLM vulnerabilities and the OWASP LLM Top 10.\nLive Targets: Minimalist LLM deployments and chat interfaces.\nDeep Dives:\nGu ardrails: Examining internal mechanics and demonstrating how to bypass pra ctical limitations.\nRAG Security: attacking Vector Databases and poisonin g retrieval contexts (RAG-specific threats).\n\nAgenda: Agentic AI & MCP S ecurity\nTheme: The core focus of the village—Autonomous Agents and the Model Context Protocol (MCP).\nComplex Workflows: Demos will feature multi -step agents that can plan\, execute\, and interact with external tools.\n Key Attack Vectors:\nInstruction Hijacking: Forcing an agent to deviate fr om its original goal.\nTool Abuse: Exploiting over-privileged MCP capabili ties (e.g.\, an agent with unrestricted file access).\nTrust Boundaries: A nalyzing failures in the handshake between Agents and MCP servers. DTSTAMP:20260412T024640Z LOCATION:IFEN room 2\, Workshops and AI Security Village (Building D) SUMMARY:AI Security Village - Parth Shukla\, Nagarjun Rallapalli URL:https://pretalx.com/bsidesluxembourg-2026/talk/8ACVB3/ END:VEVENT END:VCALENDAR