Cover Image for DC604 Monthly Meetup - Vibe Check: Exploiting Trust
Cover Image for DC604 Monthly Meetup - Vibe Check: Exploiting Trust
Avatar for DC604 DEFCON Group Vancouver
Presented by
DC604 DEFCON Group Vancouver
Hosted By
Airman604
39 Going
AI

DC604 Monthly Meetup - Vibe Check: Exploiting Trust

DC604 DEFCON Group Vancouver
Register to See Address
Registration
Welcome! To join the event, please register below.
You will be asked to verify token ownership with your wallet.
About Event

Vibe Check: Exploiting Trust – from Developers to AI Agents with Michael Chan

Do you trust the authors of the files in this folder?” It is a prompt modern IDEs show developers every day, and most click past it by reflex.

Modern development environments have always relied on trust. Repositories, IDE settings, build scripts, hooks, and project configuration are not just passive files; many of them can change how tools behave or what gets executed. With AI-assisted development and vibe coding, that same trust model now extends into agent workflows, where files, logs, issues, documentation, web pages, and tool output can become context for systems that may also have access to a shell, filesystem, credentials, and developer tools.

We will look at how trust are abused in modern developer workflows, with a focus on IDE behaviour, repo-based execution surfaces, AI agent harnesses, and prompt injection through trusted-looking sources. We will also walk through recent case studies and critically re-examine where trust boundaries should sit inside the new development environments.

As coding agents move from suggestion engines to systems that can read, decide, and act, the security question becomes more practical: what are we actually trusting, and how do we monitor and control the trust?

Agenda

1. Trusted Tools 🛠️: how your favourite IDE may backstab you

2. Agent Harnesses: how agentic safeguards get bypassed

3. The Boundaries 🚫: how to reason about trust inside modern dev environments

About the speaker

Michael is a social scientist turned hacker. He started by studying human behaviour and trust at Oxford - now he brings that lens into offensive security, validating and breaking the assumptions built into applications, systems, and organizations. As a Senior Offensive Security Consultant at KPMG Canada, Michael works across application security, threat modelling, and adversary simulation. Outside of work, he spends most of his time learning, building, breaking fun new tech (yes AI included), and engaging with local cyber communities.

Avatar for DC604 DEFCON Group Vancouver
Presented by
DC604 DEFCON Group Vancouver
Hosted By
Airman604
39 Going
AI