Talk 1: Trusting AI with Code: How Secure is AI-written code? - Mackenzie Jackson
There is no doubt that AI is changing the way we build software. The AI revolution is happening around us with AI code assistants/generators, AI-assisted code reviews and even AI embedded directly into your IDE. Even if we wanted to prevent it, it seems impossible to stop developers from utilizing these exciting shiny new tools.

The benefit is clear, massive increases in productivity…. The cost is also just as clear, security.
So how (un)secure is AI-generated code? This presentation will utilize a combination of live demos and novel research to try and get down to the bottom of that very question.
First we explore AI-generated code and the many ways it can make us vulnerable, from static coding issues to hallucinated packages, and even hard-coded credentials. We will explore the different tools and share statistics on what AI dev tool produces the most secure code.
In the next part of the presentation, we will dive into research that shows an increase in the number of vulnerabilities we are seeing, per line of code, and if AI is responsible for this. We will also explore a change in the type of vulnerabilities seen over the past 5 years and how AI has altered this.
The last part of the presentation will explore how we can combat insecure AI-generated code and if AI can be effectively used to combat this.
If you want to know how we can reap the benefits of AI without sacrificing security then this talk is for you.

Talk 2: The dark art of OIDC abuse - A case study in Entra ID - Cody Burkard
Learn how an OIDC flaw in Azure DevOps could have allowed an attacker to take over all of your production cloud deployments.

In this talk, I will publicly disclose a now-patched vulnerability found in Azure Devops. I will walk the audience through the reverse engineering process, the exploitation of the finding and the reporting process with Microsoft.

Note to the committee: this talk could probably be stretched to an hour but I feel that there are a lot of oauth talks in the last years, so I am suggesting a lightning talk to get straight to the finding. I'm also open to a full talk if that is of interest.

Talk 3: Security Starts With Plain Language - Håvard Eide
Language is a fundamental part of how we communicate and interpret when we develop software: how does it shape intent, assumptions, risks and security implications?

A look at how we as developers should use plain language to communicate throughout the development cycle: from requirements to production, breaking changes and post mortem. How we use language can shape the consequences that happens when things go wrong.

Talk 4: Trust, Design, and the Reality of Security Engineering in an AI-Driven World - Patricia R
Solution designs are created in the world of possibility, built on high-level promises and assumptions about how components will behave. Security engineers work in reality, uncovering edge cases, handling failures, and raising tickets or feature requests when vendor systems don’t behave as expected. AI creates a snowball effect: Polished marketing material sounds even more convincing, gains stakeholder buy-in, and pushes unverified assumptions forward, widening the gap between ambitious designs and operational reality. The result is a subtle but real load, as engineers try to bridge that gap without burning out or being labelled blockers. This talk shares a bit of rant, real-world stories, and practical suggestions to help you stay sane.