The Dallas-Fort Worth Chapter of ISC2 is based in the DFW area and serves the counties of the Dallas-Fort Worth Metroplex and North Texas Region. Members include those with security certifications from ISC2 as well as other professionals practicing or interested in information, software, and communications security, and the PUBLIC. Our mission is to advance information security in the DFW area by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. Our chapter programs provide members a forum to facilitate the exchange of knowledge and ideas, the development of leadership and professional skills, and the advancement of information systems security. We also provide our members with access to a variety of industry resources and educational programs to keep them up to date with the latest advances in technology as well as information assurance.
March 28th, noon, meeting.
Mind Games – Exploiting and Defending GenAI Applications
David McDuffie – OSCP, GPEN, GCPN, PenTest+, Security+, AWS SAA
As organizations eagerly adopt generative AI capabilities into their applications, new attack surfaces and vulnerabilities are emerging that traditional app security approaches fail to address. In this presentation, we will examine the unique security challenges posed by Large Language Model (LLM) applications through the lens of the 2025 OWASP Top 10 for LLMs. We’ll explore critical vulnerabilities through live demonstrations and practical examples, including prompt injection, sensitive information disclosure, and system prompt leakage. Attendees will learn how attackers can manipulate LLMs to bypass security controls, access unauthorized information, and exploit excessive agency in GenAI applications. The session will also provide mitigation strategies for developers and security professionals working in this space. Whether you’re developing GenAI applications or securing them, this presentation offers essential insights into this rapidly expanding area of application security.
David is a Senior Security Engineer on the CorpSec Team at Praetorian. He is responsible for executing network penetration tests and assessing the security and safety of generative AI applicationsĀ on behalf of Praetorian’s clients. Prior to joining Praetorian, David worked in the federal government for NSWC Dahlgren Division first as an Information System Security Engineer for the Navy LCS fleet program and then as a Red Team Operator for the NAVSEA Red Team, an NSA certified, and U.S. Cyber Command accredited DoD red team.