Breaking the Bot: GenAI Web App Attack Surface & Exploitation
CVE/FIRST VulnCon 2025 · Main Stage
In this insightful talk from VulnCon, Ken Smith, Director of Learning and Development at Praetorian, delves into the burgeoning attack surface presented by Generative AI (GenAI) and Large Language Model (LLM) web applications. Smith, drawing from his extensive background in offensive security, red teaming, and signals intelligence, provides a comprehensive framework for understanding, identifying, and mitigating the unique security challenges inherent in these rapidly evolving technologies. The presentation meticulously breaks down the threat landscape, emphasizing that while LLMs introduce novel vulnerabilities, many traditional web application security principles remain critically relevant.
AI review
Smith delivers a competent, well-structured survey of the LLM application attack surface that will genuinely help practitioners who haven't yet had a reason to dig into this space. The OWASP LLM Top 10 walkthrough is organized, the Ptos demos are concrete and multi-step, and the prompt/jailbreak distinction is a point worth making clearly. But the content is fundamentally a synthesized overview of publicly available frameworks and techniques rather than original research—you'll find every vulnerability class here on OWASP, Simon Willison's blog, or any number of prior conference talks. For…