Sam Partee, CTO of Arcade, explains the critical gap between AI agents that gather context and those that take secure, real-world actions. He introduces Arcade as a middleware platform that solves complex challenges like user authorization, fine-grained permissions, and token management, enabling developers to build scalable, enterprise-ready agents.
This talk introduces an "abusability analysis framework" to evaluate technologies like passkeys under interpersonal threat models, such as intimate partner violence. An analysis of 19 services revealed critical implementation flaws, including irrevocable cloned passkeys and the failure of password resets to secure accounts, which can create persistent backdoors for abusers.
Stefan Saroiu from Microsoft Research details Project STEMA's six-year journey tackling the DRAM security flaw, Rowhammer. He discusses how academic research kept the industry honest about DDR4 vulnerabilities, the development of their in-DRAM defense, Panopticon, and its evolution into the industry standard PRAC for DDR5, while highlighting that significant challenges and research opportunities remain.
A deep dive into ReactJS security, this presentation reframes the discussion around leveraging AI for secure code generation. It argues that by creating detailed, specific security prompts, developers can train AI to be an expert security coder, transforming it from a flawed tool into a powerful ally for building robust and secure applications.
A technical deep dive into Apple's Private Cloud Compute (PCC), exploring its novel architecture for running sensitive AI workloads with cryptographic privacy guarantees. The talk covers the core requirements, key components like remote attestation and transparency logs, and how these concepts can be applied by developers today.
A security analysis of YC AI agents reveals that the most critical vulnerabilities are not in the LLM itself, but in the surrounding infrastructure. This breakdown of a red teaming exercise, where 7 out of 16 agents were compromised, highlights three common and severe security flaws: cross-user data access (IDOR), remote code execution via insecure sandboxes, and server-side request forgery (SSRF).