Johann Rehberger
Johann has over eighteen years of experience in threat analysis, threat modeling, risk management, penetration testing, and red teaming. As part of his many years at Microsoft, Johann established an offensive security team in Azure Data and led the program as Principal Security Engineering Manager for years. He also built out a red team at Uber and currently works as the Director of Red team at Electronic Arts
He enjoys providing training and was an instructor for ethical hacking at the University of Washington. Johann contributed to the MITRE ATT&CK framework (Pass those Cookies!), published a book on how to build and manage a red team, enjoys hacking machine learning systems and holds a master’s in computer security from the University of Liverpool. For latest updates and information visit his blog at embracethered.com
2023 Talk
Talk Title: New Important Instructions: Attend this talk about Indirect Prompt Injections in the Wild
Talk Abstract:
AI and Chatbots are taking the world by storm at the moment. Its time to shine more light on attack research and highlight flaws that the current systems are exposing.
Sending untrusted data to your AI can have disastrous consequences depending on how the results are being processed and used. Exploits can lead to the scams, data exfiltration and even remote code execution.
In this talk we will cover the basics of a novel attack category called Indirect Prompt Injection and Plugin Request Forgery. We will discuss and showcase these attacks with many examples and exploits, including Bing Chat, ChatGPT and Anthropic Claude. We will also discuss how various companies fixed vulnerabilities that were reported to them.