Скачать или смотреть #OOTB2025BKK

This talk will demonstrate real-world prompt injection attacks that compromise agentic systems. Specifically, exploits will target computer-use and coding agents, such as OpenAl's Operator, Google Jules, Gemini CLI, Anthropic's Claude Code, Devin from Cognition and others. Yes, I spent $500 USD to hijack and exploit Devin, so that you don't have to.

The talk will show disastrous consequences of having agents autonomously operate. The talk will expose critical vulnerabilities that threaten confidentiality, system integrity, and the future of Al-driven automation, including RCE, exfiltration of sensitive information such as access tokens, and even joining Agents to traditional command and control infrastructure, known as "ZombAls", a term first coined by the presenter as well as long-term prompt injection persistence with Al agents.

Additionally, the talk explores how nation state TTPs such as ClickFix apply to Computer-Use systems and how they can trick AI systems and lead to full system compromise (AI ClickFix). Finally, we will cover current mitigation strategies and forward-looking recommendations and strategic thoughts.

Key Takeaways

Exploitation vectors in Al coding agents
Complex attack chains that combine multiple novel techniques
Overview of various coding agents and their security posture
ClickFix TTP currently used by nation state actors and that AI systems are similarly vulnerable

===

Johann Rehberger has over twenty years of experience in threat modeling, risk management, penetration testing, and red teaming. During his tenure at Microsoft, Johann established a Red Team within Azure Data and led the program as Principal Security Engineering Manager. He went on to build a Red Team at Uber, and currently serves as Red Team Director at Electronic Arts.

In addition to his industry roles, Johann is an active security researcher and a former instructor in ethical hacking at the University of Washington. Johann contributed to the MITRE ATT&CK and ATLAS frameworks and is the author of "Cybersecurity Attacks - Red Team Strategies". He holds a master's degree in computer security from the University of Liverpool. You can find his latest research at embracethered.com.