Tokenless

Supply chain security

Cloud, Containers & Security • Adrian Mouat, Kief Morris & Sam Newman • GOTO 2025

Cloud, Containers & Security • Adrian Mouat, Kief Morris & Sam Newman • GOTO 2025

In this panel discussion, experts Adrian Mouat, Kief Morris, and Sam Newman delve into the current landscape of cloud technology, container security, and infrastructure automation. They cover key topics such as supply chain security with Sigstore and SBOMs, the practical impact of AI on deterministic systems, the ongoing debate about cloud repatriation, and advanced Infrastructure as Code practices like TDD and managing configuration drift.

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

A detailed breakdown of the updated OWASP Top 10 vulnerabilities for Large Language Models (LLMs), explaining threats like prompt injection, data poisoning, and supply chain risks, along with practical defense strategies.

State of the Art of Container Security • Adrian Mouat & Charles Humble • GOTO 2026

State of the Art of Container Security • Adrian Mouat & Charles Humble • GOTO 2026

Adrian Mouat from Chainguard discusses the evolution of container security, highlighting the flaws of traditional Linux distributions for modern container workflows. He explains how Chainguard's approach of building minimal, 'distroless' images from source using Wolfi addresses the noise from vulnerability scanners, and delves into the importance of SBOMs, attestations, and a 'defense in depth' strategy, contextualized by recent major security incidents like the XZ Utils backdoor and Shai-hulud attacks.

Security & DevEx: Can We Have Both? • Abby Bangser, Adrian Mouat & Holly Cummins • GOTO 2025

Security & DevEx: Can We Have Both? • Abby Bangser, Adrian Mouat & Holly Cummins • GOTO 2025

In this panel discussion, Holly Cummins, Abby Bangser, and Adrian Mouat explore the inherent conflict between security and developer experience. They argue that traditional security, often driven by fear and restrictive policies, can lead to 'Shadow IT' and greater insecurity. The solution proposed is a platform engineering approach, which centralizes security expertise to provide secure defaults, infrastructure guardrails, and a clear shared responsibility model, thus enabling development teams to deliver value quickly and safely without needing to become security experts themselves.

AI slop in cybersecurity, OT security fails and lessons from the Louvre heist

AI slop in cybersecurity, OT security fails and lessons from the Louvre heist

Experts discuss the significant gap in patching rates between IT and OT systems, the rise of cyberattacks with physical consequences like cargo theft, the novel threat of time-delayed logic bombs, the sensationalism surrounding AI-powered malware, and the critical need for fundamental cybersecurity hygiene.

Ex-DeepMind: How To Actually Protect Your Data From AI

Ex-DeepMind: How To Actually Protect Your Data From AI

Dr. Ilia Shumailov, former DeepMind AI Security Researcher, explains why traditional security fails for AI agents. He details the unique threat model of agents, the dangers of supply chain attacks and architectural backdoors, and proposes a system-level solution called CAML to enforce security policies by design, separating model reasoning from data execution.

Next →