Cover Image for OWASP Top 10 for LLMs: The Practitioner Cut
Cover Image for OWASP Top 10 for LLMs: The Practitioner Cut
Hosted By
Rahul Nair
3 Going

OWASP Top 10 for LLMs: The Practitioner Cut

Hosted by Rahul Nair
Virtual
Registration
Tickets
1
You will be asked to verify token ownership with your wallet.
About Event

A practitioner-led session for security and engineering leaders who need a defensible framework, not another checklist.

The approval is on your desk. The pressure is real.

Your organization is moving an LLM-powered application toward production. The business is ready to ship. Engineering says it's ready to ship. And now the question lands on you: is it actually secure?

This isn't a theoretical scenario. It's happening in security and engineering teams everywhere and the people who approve deployments with gaps they didn't catch are the ones who own the incident publicly. The breach. The data exposure. The regulatory inquiry. The post-mortem where someone asks: what did you check before you signed off?

The OWASP Top 10 for LLM Applications gives you the vocabulary. This session gives you the decision framework.

If I approve this LLM system for production and critical security controls are missing, I will be personally accountable for the resulting breach, exposure, or incident.

That is the risk this session is designed to close.

Why This Session Matters Right Now

GenAI adoption has outpaced security review cycles. Most organizations now have LLM-powered features in production or under pressure to ship them within weeks. The window between experimentation and production is collapsing, and security teams are being asked to approve systems they don't yet have a structured way to evaluate.

LLM applications fail differently from traditional software. Prompt injection doesn’t behave like SQL injection. A badly scoped context window can expose sensitive data with no attacker involved. Guardrails that pass testing break under realistic usage. Standard AppSec controls weren’t designed to catch these failure modes and many security leaders are approving deployments without a framework to surface them.

The OWASP Top 10 for LLM Applications exists to address this. But knowing the category names is not the same as knowing how to apply them to a production decision. This session closes that gap with a practitioner who has done this work inside real organizations, under real pressure.

Why Learn from Vandana Verma

Vandana Verma doesn’t teach AI security from a distance. She works directly with engineering and security teams navigating production deployment decisions helping them understand what failure looks like before it happens, and what controls are non-negotiable before they can responsibly ship.

As a Security Advocate at Snyk, an active leader within the OWASP Foundation, and President of InfosecGirls, Vandana brings a perspective that is rare: she understands AI security risk from the inside out, and she knows what it costs to get a production approval wrong.

She brings practitioner experience, not slides full of frameworks. The insights in this session are earned, not assembled.

What You’ll Walk Away With

This session is built around decisions, not topics. You won’t leave with a list of things to read. You’ll leave ready to act.

  • Identify which OWASP Top 10 LLM risks are material to your production context and which require mandatory controls before any deployment is approved

  • Assess whether guardrails and controls are actually sufficient, including where they appear solid but fail under realistic usage patterns

  • Challenge engineering and product teams with the right questions before a deployment decision reaches your desk

  • Define what “safe enough” means for your specific context with criteria you can apply consistently and explain to stakeholders

  • Make a production approval or rejection decision with confidence and document it in a way that holds up if something later goes wrong

  • Reduce your personal and organizational exposure by understanding the failure modes most likely to cause incidents in LLM-powered systems

Who Should Attend

This session is designed for the people who carry the approval decision not the people who build toward it.

Primary audience:

  • CISOs and security leaders responsible for AI risk posture

  • Application security leaders evaluating or gatekeeping LLM deployments

  • Security architects defining controls for AI-powered systems

  • Engineering leaders who own the production deployment decision

  • AI security leads and security decision makers

Also relevant for:

  • Security and AppSec engineers who want to understand the approval criteria their work will need to meet

  • Developers building AI applications who want to understand the security bar before it becomes a blocker

If your name is on the approval decision or it will be, this session is for you.

Don’t Approve Blind

Every week, LLM-powered applications move into production with security gaps that nobody caught not because the teams were careless, but because they didn’t have a structured way to evaluate what they were approving. When something goes wrong, the accountability question is simple: who signed off?

This session gives you what you need to answer that question confidently before the incident, not after. One hour with a practitioner who has navigated these decisions in real organizations, using a framework built for exactly this pressure.

You already know LLMs carry risk. Come learn how to evaluate it, challenge it, and approve or reject it with something you can stand behind.

Free. Live. Register now.

Hosted By
Rahul Nair
3 Going