Pentesting AI-Integrated Systems
Speaker: Rex
Everyone is rushing to bolt AI onto their apps. Almost nobody is testing them properly.
This talk walks through two real-world pentests of AI-integrated systems: an internal enterprise AI application and Microsoft 365 Copilot. No hype, no magic — just methodology, hands-on testing, and the weird failure modes that appear when large language models meet traditional web infrastructure.
We’ll break down how classic pentest techniques still apply, where they fall short, and how AI expands the attack surface in unexpected ways. Expect practical examples of vulnerabilities uncovered during testing, including XSS, data exposure, and boundary failures between model behavior and application logic.
If you’re a beginner curious about AI security or a tester trying to adapt your workflow to AI-driven apps, this session is a field guide from real engagements — not a research paper, not a sales pitch.