Speaking

The Model Context Protocol has become the de facto standard for connecting AI agents to tools and data. It has also become the fastest-growing attack surface in enterprise AI deployments. This talk walks through three real attack patterns — tool poisoning, meta-context injection, and cross-server hijacking — with live code demonstrations and direct mappings to documented breaches from 2025–2026. Attendees leave with a concrete threat model and a prioritised list of controls they can implement before their next sprint ends.

The OWASP Agentic Top 10 exists. Most teams have read the summary. Almost none have mapped it to their actual systems. This talk takes each of the ten risk categories from abstract definition to concrete attack chain — using real incidents, reproducible lab scenarios, and the specific architectural decisions that made each one possible. It closes with a defensive framework grounded in least agency, strong observability, and human-in-the-loop design. Practical, evidence-based, no vendor agenda.

Traditional red teaming methodologies break against agentic AI systems. The attack surface is non-deterministic, execution paths are emergent, and blast radius crosses tool boundaries, memory stores, and inter-agent communication channels simultaneously. This talk presents a structured red teaming methodology for agentic AI — covering goal hijacking, tool chain weaponization, identity spoofing, memory poisoning, and cascading failure induction — built from direct adversarial testing with PyRIT, Promptfoo, and Garak against locally deployed agent architectures.

A complete 7-phase methodology for AI threat modeling in production, synthesizing MAESTRO, Microsoft's red team practice, and OWASP frameworks. This talk walks through a real-world threat register example, shows what deliverables look like at the end of a threat modeling exercise, and provides a pre-production checklist mapped to OWASP LLM Top 10 and Agentic Top 10. Practical, evidence-based, no vendor agenda.