OWASP Global AppSec EU 2026 Vienna

LLMs are no longer standalone chatbots—they're increasingly embedded directly into application logic, with access to databases, APIs, file systems, and internal services. This architectural shift means the most dangerous LLM exploits don't just manipulate the model; they use the model as an attack vector to reach traditional AppSec targets. Prompt injection becomes a path to SQL injection. Conversational manipulation enables SSRF. The AI agent becomes an unwitting insider threat.

In this hands-on POD, participants will experience this convergence firsthand through a purpose-built vulnerable web application with an integrated AI agent. Through independent challenges, attendees will discover how attackers chain LLM manipulation with classic web exploitation—and why securing AI-integrated applications requires understanding both domains.

Challenges are designed for drop-in participation and cover multiple difficulty levels:
- Beginner-friendly: Basic prompt manipulation and information disclosure
- Intermediate: Chaining AI misuse with traditional web exploitation
- Advanced: Multi-stage attacks combining indirect prompt injection with server-side vulnerabilities

Each challenge is self-contained (under 15 minutes) with clear objectives, hints available on request, and facilitators ready to guide participants. Whether you're new to AI security or a seasoned pentester curious about LLM attack vectors, you'll walk away with practical techniques applicable to real-world assessments.

Challenges are mapped to multiple OWASP frameworks: the OWASP Top 10 for LLM Applications (covering risks like LLM01: Prompt Injection, LLM07: Insecure Plugin Design), the OWASP API Security Top 10, and the classic OWASP Web Application Top 10, helping participants connect new AI risks to established security knowledge.

No prior AI/ML experience required. Just curiosity and a laptop with a modern browser. All challenges run in-browser against our cloud-hosted lab environment.