Alon Friedman
Alon Friedman is a Principal Security Architect at Microsoft and independent researcher specializing in application security standards and threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension. He is a frequent speaker at international conferences, including Ekoparty, DeepSec, and BSides.
Session
As enterprises integrate "Agentic AI" into their infrastructure, they are inadvertently exposing critical business logic to stochastic actors. This talk explores the Execution Layer of autonomous agents, revealing how LLMs can be weaponized to act as proxies for traditional web attacks.
We will introduce "Agentic Mass Assignment," a technique where attackers coerce agents to hallucinate undocumented parameters (like status: APPROVED or is_admin) to exploit backend ORM vulnerabilities. Additionally, we will demonstrate "Cognitive Denial of Service," using semantic paradoxes to trap agents in infinite reasoning loops that result in "Denial of Wallet."
Attendees will see live exploitation of these logic flaws and receive Agent-Fuzz, an open-source tool for auditing agentic middleware.