Author, Creator & Presenter: Srajan Gupta, Senior Security Engineer At Dave
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Injecting Security Context During Vibe Coding appeared first on Security Boulevard.
Author, Creator & Presenter: Nicolas Lidzborski, Principal Engineer At Google Workspace Security
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Securing Workspace GenAl At Google Speed appeared first on Security Boulevard.
Author, Creator & Presenter: Mudita Khurana, Staff Security Engineer At Airbnb
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Rethinking How We Evaluate Security Agents For Real-World Use appeared first on Security Boulevard.
Author, Creator & Presenter: Rob T. Lee, Glenn Thorpe, Dan Hubbard & Sergej Epp
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Rob T. Lee, Glenn Thorpe, Dan Hubbard & Sergej Epp – Vibe Coded (Micro-Talks) appeared first on Security Boulevard.
Author, Creator & Presenter: Aaron Brown, Agentic AI Builder, AWS
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Trajectory-Aware Post-Training Security Agents appeared first on Security Boulevard.
Author, Creator & Presenter: Padma Apparao, Architecting Al Solutions, Govt Agencies
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Kinetic Risk: Securing And Governing Physical Al In The Wild appeared first on Security Boulevard.
Author, Creator & Presenter: Piotr Ryciak, Al Red Teamer At Mindgard
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Vibe Check: Security Failures In Al-Assisted IDEs appeared first on Security Boulevard.
Author, Creator & Presenter: Shruti Datta Gupta, Product Security Engineer, Adobe & Chandrani Mukherjee, Product Security Engineer, Adobe
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations') YouTube Channel.
The post [un]prompted 2026 – Security Guidance as a Service appeared first on Security Boulevard.
Author, Creator & Presenter: Joshua Saxe, Al Security Technical Lead, Meta
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations') YouTube Channel.
The post [un]prompted 2026 – The Hard Part Isn’t Building The Agent: Measuring Effectiveness appeared first on Security Boulevard.
Author, Creator & Presenter: Shruti Datta Gupta, Product Security Engineer, Adobe & Chandrani Mukherjee, Product Security Engineer, Adobe
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations') YouTube Channel.
The post [un]prompted 2026 – The Hard Part Isn’t Building the Agent: Measuring Effectiveness appeared first on Security Boulevard.
Author, Creator & Presenter: Maria Khodak, GWAPT
Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.
The post BSidesSLC 2025 – Good Models Gone Bad – Visualizing Data Poisoning With Gephi appeared first on Security Boulevard.
Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.
The post BSidesSLC 2025 – Good Models Gone Bad – Visualizing Data Poisoning With Gephi appeared first on Security Boulevard.
Author, Creator & Presenter: Bryson Loughmiller - Principal Platform Security Architect At Entrata
Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.
The post BSidesSLC 2025 – • Al Red Teaming For Artificial Dummies appeared first on Security Boulevard.
Presenter: Stacey Higginbotham, Consumer Reports
Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security '25 (Enigma Track) (USENIX '25 content on the Organizations' YouTube Channel.
The post USENIX Security ’25 (Enigma Track) – Zombie Devices Are Running Amuck! appeared first on Security Boulevard.
Presenter: Zach Steindler, GitHub
Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security '25 (Enigma Track) (USENIX '25 content on the Organizations' YouTube Channel.
The post USENIX Security ’25 (Enigma Track) – Securing Packages In npm, Homebrew, PyPI, Maven Central, And RubyGems appeared first on Security Boulevard.
Author, Creator & Presenter: Bolor-Erdene Jagdagdorj, Microsoft AI Red Team, Auto-Dubbed For Some Languages Was Automagically Generated
Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security '25 (Enigma Track) content on the Organizations' YouTube Channel.
The post USENIX Security ’25 (Enigma Track) – AI Red Teaming And Automation: Exploring Societal Risks In GenAI appeared first on Security Boulevard.
Session 14A: Software Security: Applications & Policies
Authors, Creators & Presenters: Yue Xiao (IBM Research), Dhilung Kirat (IBM Research), Douglas Lee Schales (IBM Research), Jiyong Jang (IBM Research), Luyi Xing (Indiana University Bloomington), Xiaojing Liao (Indiana University)
PAPER
JBomAudit: Assessing the Landscape, Compliance, and Security Implications of Java SBOMs
A Software Bill of Materials (SBOM) is a detailed inventory that lists the dependencies that make up a software product. Accurate, complete, and up-to-date SBOMs are essential for vulnerability management, reducing license compliance risks, and maintaining high software integrity. The US National Institute of Standards and Technology (NTIA) has established minimum requirements for SBOMs to comply with, especially the correctness and completeness of listed dependencies in SBOMs. However, these requirements remain unexamined in practice. This paper presents the first systematic study on the landscape of SBOMs, including their prevalence, release trends, and characteristics in the Java ecosystem. We developed an end-to-end tool to evaluate the completeness and accuracy of dependencies in SBOMs. Our tool analyzed 25,882 SBOMs and associated JAR files, identifying that 7,907 SBOMs failed to disclose direct dependencies, highlighting the prevalence and severity of SBOM noncompliance issues. Furthermore, 4.97% of these omitted dependencies were vulnerable, leaving software susceptible to potential exploits. Through detailed measurement studies and analysis of root causes, this research uncovers significant security implications of non-compliant SBOMs, especially concerning vulnerability management. These findings, crucial for enhancing SBOM compliance assurance, are being responsibly reported to relevant stakeholders.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – JBomAudit: Assessing The Landscape, Compliance, And Security Implications Of Java SBOMS appeared first on Security Boulevard.
Session 13A: JavaScript Security
Authors, Creators & Presenters: Liam Wachter (EPFL), Julian Gremminger (EPFL), Christian Wressnegger (Karlsruhe Institute of Technology (KIT)), Mathias Payer (EPFL), Flavio Toffalini (EPFL)
PAPER
DUMPLING: Fine-Grained Differential JavaScript Engine Fuzzing
Web browsers are ubiquitous and execute untrusted JavaScript (JS) code. JS engines optimize frequently executed code through just-in-time (JIT) compilation. Subtly conflicting assumptions between optimizations frequently result in JS engine vulnerabilities. Attackers can take advantage of such diverging assumptions and use the flexibility of JS to craft exploits that produce a miscalculation, remove bounds checks in JIT compiled code, and ultimately gain arbitrary code execution. Classical fuzzing approaches for JS engines only detect bugs if the engine crashes or a runtime assertion fails. Differential fuzzing can compare interpreted code against optimized JIT compiled code to detect differences in execution. Recent approaches probe the execution states of JS programs through ad-hoc JS functions that read the value of variables at runtime. However, these approaches have limited capabilities to detect diverging executions and inhibit optimizations during JIT compilation, thus leaving JS engines under-tested. We propose DUMPLING, a differential fuzzer that compares the full state of optimized and unoptimized execution for arbitrary JS programs. Instead of instrumenting the JS input, DUMPLING instruments the JS engine itself, enabling deep and precise introspection. These extracted fine-grained execution states, coined as (frame) dumps, are extracted at a high frequency even in the middle of JIT compiled functions. DUMPLING finds eight new bugs in the thoroughly tested V8 engine, where previous differential fuzzing approaches struggled to discover new bugs. We receive $11,000 from Google's Vulnerability Rewards Program for reporting the vulnerabilities found by DUMPLING.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 -DUMPLING: Fine-Grained Differential JavaScript Engine Fuzzing appeared first on Security Boulevard.
Session 13A: JavaScript Security
Authors, Creators & Presenters: Darion Cassel (Carnegie Mellon University), Nuno Sabino (IST & CMU), Min-Chien Hsu (Carnegie Mellon University), Ruben Martins (Carnegie Mellon University), Limin Jia (Carnegie Mellon University)
PAPER
NodeMedic-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities
The Node.js ecosystem comprises millions of packages written in JavaScript. Many packages suffer from vulnerabilities such as arbitrary code execution (ACE) and arbitrary command injection (ACI). Prior work has developed automated tools based on dynamic taint tracking to detect potential vulnerabilities, and to synthesize proof-of-concept exploits that confirm them, with limited success. One challenge these tools face is that expected inputs to package APIs often have varied types and object structure. Failure to call these APIs with inputs of the correct type and with specific fields leads to unsuccessful exploit generation and missed vulnerabilities. Generating inputs that can successfully deliver the desired exploit payload despite manipulation performed by the package is also difficult. To address these challenges, we use a type and object-structure aware fuzzer to generate inputs to explore more execution paths during dynamic taint analysis. We leverage information generated by the taint analysis to infer the types and structure of the inputs, which are then used by the exploit synthesis engine to guide exploit generation. We implement NodeMedic-FINE and evaluate it on 33,011 npm packages that contain calls to ACE and ACI sinks. Our tool finds 2257 potential flows and automatically synthesizes working exploits in 766 packages.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – NodeMedic-FINE: Automatic Detection And Exploit Synthesis For Node.js Vulnerabilities appeared first on Security Boulevard.
Entrar