How to Tame Your Dragon: Productionizing Agentic AI Systems for Security
Thomas Vissers, Tim Van Hamme
BSidesSF 2025 — Here Be Dragons · Day 2 · Main
Post-doctoral security researchers Thomas Vissers and Tim Van Hamme from KU Leuven walked through four fundamental reasons LLMs are "powerful yet unreliable," demonstrated a live prompt injection attack against a real email assistant that exfiltrated funds via a forged email, and presented a behavioral profiling system — modeled on the "M from James Bond" concept — designed to supervise AI agents in production environments where standard guardrails consistently fail. ---
AI review
KU Leuven researchers who actually built and disclosed a real attack against a production AI email platform — not a toy sandbox, a real service. The four-root-cause framework for LLM unreliability is tight and technically defensible. The behavioral profiling proposal is still research-stage but the architectural reasoning behind it is sounder than anything the 'just add another LLM guardrail' crowd is selling.