AI Attack Vectors in Laravel Agents
Join us for the next PHP Talks Lagos meetup, where we're walking through the attack vectors that show up in agentic systems built with Laravel.
Laravel agents built with the Laravel AI SDK can send emails, query databases, trigger workflows, and call external services. That tool access creates an attack surface most teams haven't accounted for. This session covers what that looks like and what closes each vector.
We'll walk through the four main attack vectors with real Laravel AI SDK code, showing what the exploit looks like and the patterns that fix it.
What we'll cover
How the attack surface shifts when a Laravel app has an agent with tool access
Prompt injection through user input reaches LLM prompts directly
Indirect prompt injection through poisoned documents and RAG-retrieved content
Tool access exploitation when agents have email, database, and workflow access
Output trust failures when raw LLM responses drive application logic
Mitigation patterns applicable to any agentic system, not just Laravel
What to expect
A walkthrough session with vulnerable Laravel AI SDK code on screen and the fixes alongside it. Every attack vector comes with a real example and a concrete mitigation.
Who should attend
Laravel developers building agents with the Laravel AI SDK
Backend engineers giving agents access to tools and external services
PHP developers who want to understand what securing an agentic system looks like in practice
Anyone who has shipped a Laravel AI feature and hasn't considered the security implications
About PHP Talks Lagos
PHP Talks Lagos is a developer community focused on practical knowledge sharing around PHP, Laravel, and modern backend development. We host regular meetups where engineers learn, build, and share what they've seen work.