Author, Creator & Presenter: Srajan Gupta, Senior Security Engineer At Dave
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Injecting Security Context During Vibe Coding appeared first on Security Boulevard.
Author, Creator & Presenter: Nicolas Lidzborski, Principal Engineer At Google Workspace Security
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Securing Workspace GenAl At Google Speed appeared first on Security Boulevard.
Author, Creator & Presenter: Mudita Khurana, Staff Security Engineer At Airbnb
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Rethinking How We Evaluate Security Agents For Real-World Use appeared first on Security Boulevard.
Author, Creator & Presenter: Rob T. Lee, Glenn Thorpe, Dan Hubbard & Sergej Epp
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Rob T. Lee, Glenn Thorpe, Dan Hubbard & Sergej Epp – Vibe Coded (Micro-Talks) appeared first on Security Boulevard.
Author, Creator & Presenter: Aaron Brown, Agentic AI Builder, AWS
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Trajectory-Aware Post-Training Security Agents appeared first on Security Boulevard.
Author, Creator & Presenter: Padma Apparao, Architecting Al Solutions, Govt Agencies
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Kinetic Risk: Securing And Governing Physical Al In The Wild appeared first on Security Boulevard.
Author, Creator & Presenter: Piotr Ryciak, Al Red Teamer At Mindgard
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Vibe Check: Security Failures In Al-Assisted IDEs appeared first on Security Boulevard.
Author, Creator & Presenter: Shruti Datta Gupta, Product Security Engineer, Adobe & Chandrani Mukherjee, Product Security Engineer, Adobe
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations') YouTube Channel.
The post [un]prompted 2026 – Security Guidance as a Service appeared first on Security Boulevard.
Author, Creator & Presenter: Joshua Saxe, Al Security Technical Lead, Meta
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations') YouTube Channel.
The post [un]prompted 2026 – The Hard Part Isn’t Building The Agent: Measuring Effectiveness appeared first on Security Boulevard.
Author, Creator & Presenter: Shruti Datta Gupta, Product Security Engineer, Adobe & Chandrani Mukherjee, Product Security Engineer, Adobe
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations') YouTube Channel.
The post [un]prompted 2026 – The Hard Part Isn’t Building the Agent: Measuring Effectiveness appeared first on Security Boulevard.
Author, Creator & Presenter: Maria Khodak, GWAPT
Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.
The post BSidesSLC 2025 – Good Models Gone Bad – Visualizing Data Poisoning With Gephi appeared first on Security Boulevard.
Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.
The post BSidesSLC 2025 – Good Models Gone Bad – Visualizing Data Poisoning With Gephi appeared first on Security Boulevard.
Author, Creator & Presenter: Bryson Loughmiller - Principal Platform Security Architect At Entrata
Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.
The post BSidesSLC 2025 – • Al Red Teaming For Artificial Dummies appeared first on Security Boulevard.
Presenter: Stacey Higginbotham, Consumer Reports
Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security '25 (Enigma Track) (USENIX '25 content on the Organizations' YouTube Channel.
The post USENIX Security ’25 (Enigma Track) – Zombie Devices Are Running Amuck! appeared first on Security Boulevard.
Presenter: Zach Steindler, GitHub
Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security '25 (Enigma Track) (USENIX '25 content on the Organizations' YouTube Channel.
The post USENIX Security ’25 (Enigma Track) – Securing Packages In npm, Homebrew, PyPI, Maven Central, And RubyGems appeared first on Security Boulevard.
Author, Creator & Presenter: Bolor-Erdene Jagdagdorj, Microsoft AI Red Team, Auto-Dubbed For Some Languages Was Automagically Generated
Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security '25 (Enigma Track) content on the Organizations' YouTube Channel.
The post USENIX Security ’25 (Enigma Track) – AI Red Teaming And Automation: Exploring Societal Risks In GenAI appeared first on Security Boulevard.
Author, Creator & Presenter: Jannis Kirschner, Niantic Inc.
Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security '25 (Enigma Track) content on the Organizations' YouTube Channel.
The post USENIX Security ’25 (Enigma Track) – Please (Don’t) Stop The Music: Adversarial Red-Teaming Of AI Music Generation Models appeared first on Security Boulevard.
Session 14A: Software Security: Applications & Policies
Authors, Creators & Presenters: Yue Xiao (IBM Research), Dhilung Kirat (IBM Research), Douglas Lee Schales (IBM Research), Jiyong Jang (IBM Research), Luyi Xing (Indiana University Bloomington), Xiaojing Liao (Indiana University)
PAPER
JBomAudit: Assessing the Landscape, Compliance, and Security Implications of Java SBOMs
A Software Bill of Materials (SBOM) is a detailed inventory that lists the dependencies that make up a software product. Accurate, complete, and up-to-date SBOMs are essential for vulnerability management, reducing license compliance risks, and maintaining high software integrity. The US National Institute of Standards and Technology (NTIA) has established minimum requirements for SBOMs to comply with, especially the correctness and completeness of listed dependencies in SBOMs. However, these requirements remain unexamined in practice. This paper presents the first systematic study on the landscape of SBOMs, including their prevalence, release trends, and characteristics in the Java ecosystem. We developed an end-to-end tool to evaluate the completeness and accuracy of dependencies in SBOMs. Our tool analyzed 25,882 SBOMs and associated JAR files, identifying that 7,907 SBOMs failed to disclose direct dependencies, highlighting the prevalence and severity of SBOM noncompliance issues. Furthermore, 4.97% of these omitted dependencies were vulnerable, leaving software susceptible to potential exploits. Through detailed measurement studies and analysis of root causes, this research uncovers significant security implications of non-compliant SBOMs, especially concerning vulnerability management. These findings, crucial for enhancing SBOM compliance assurance, are being responsibly reported to relevant stakeholders.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – JBomAudit: Assessing The Landscape, Compliance, And Security Implications Of Java SBOMS appeared first on Security Boulevard.
Today’s CISO is a strategic leader responsible for risk communication, security culture, education, and executive alignment. Technical expertise remains essential, but influence, clarity, and leadership now define success.
The post How the CISO’s Role is Evolving From Technologist to Chief Educator appeared first on Security Boulevard.
Session 13A: JavaScript Security
Authors, Creators & Presenters: Liam Wachter (EPFL), Julian Gremminger (EPFL), Christian Wressnegger (Karlsruhe Institute of Technology (KIT)), Mathias Payer (EPFL), Flavio Toffalini (EPFL)
PAPER
DUMPLING: Fine-Grained Differential JavaScript Engine Fuzzing
Web browsers are ubiquitous and execute untrusted JavaScript (JS) code. JS engines optimize frequently executed code through just-in-time (JIT) compilation. Subtly conflicting assumptions between optimizations frequently result in JS engine vulnerabilities. Attackers can take advantage of such diverging assumptions and use the flexibility of JS to craft exploits that produce a miscalculation, remove bounds checks in JIT compiled code, and ultimately gain arbitrary code execution. Classical fuzzing approaches for JS engines only detect bugs if the engine crashes or a runtime assertion fails. Differential fuzzing can compare interpreted code against optimized JIT compiled code to detect differences in execution. Recent approaches probe the execution states of JS programs through ad-hoc JS functions that read the value of variables at runtime. However, these approaches have limited capabilities to detect diverging executions and inhibit optimizations during JIT compilation, thus leaving JS engines under-tested. We propose DUMPLING, a differential fuzzer that compares the full state of optimized and unoptimized execution for arbitrary JS programs. Instead of instrumenting the JS input, DUMPLING instruments the JS engine itself, enabling deep and precise introspection. These extracted fine-grained execution states, coined as (frame) dumps, are extracted at a high frequency even in the middle of JIT compiled functions. DUMPLING finds eight new bugs in the thoroughly tested V8 engine, where previous differential fuzzing approaches struggled to discover new bugs. We receive $11,000 from Google's Vulnerability Rewards Program for reporting the vulnerabilities found by DUMPLING.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 -DUMPLING: Fine-Grained Differential JavaScript Engine Fuzzing appeared first on Security Boulevard.
Entrar