CypherCon 2025
| CARVIEW |
Select Language
HTTP/2 200
server: nginx
date: Fri, 10 Oct 2025 04:17:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-cache-enabled: True
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
link: ; rel=shortlink
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-proxy-cache: HIT
content-encoding: gzip
SafeGen: Accelerating Secure Generative AI Implementation – CypherCon Skip to main content 
SafeGen: Accelerating Secure Generative AI Implementation
Vineeth Sai Narajala
Abstract:
The rapid adoption of Generative AI (GenAI) presents unique security challenges that organizations must address while maintaining development velocity. This presentation provides practical strategies for building secure GenAI applications, with a focus on AWS services like Bedrock and Amazon Q. We introduce a comprehensive security framework that addresses three critical areas: threat modeling for GenAI systems, secure integration patterns, and robust output validation mechanisms. Through real-world case studies, we’ll demonstrate how to identify and mitigate GenAI-specific vulnerabilities, including prompt injection attacks and data leakage risks. Attendees will learn concrete techniques for securing their entire GenAI pipeline, from input validation to output verification, with an emphasis on protecting sensitive information and preventing model hallucinations with an emphasis on speed and efficiency of the SDLC. The presentation includes hands-on examples of implementing security controls in GenAI applications, featuring code samples and architecture patterns that can be immediately applied. Security professionals and developers will gain practical knowledge about automated security testing for GenAI systems, session isolation techniques, and effective output validation strategies. By the end of this session, attendees will have actionable insights for accelerating their GenAI initiatives while maintaining enterprise-grade security standards.
Presentation Importance: There is a top down push for organizations to implement GenAI and quickly. As organizations rush to adopt GenAI technologies, they face unique security challenges that traditional cybersecurity approaches may not adequately address. This presentation offers critical, actionable insights for implementing robust security measures in GenAI systems, with a specific focus on AWS services like Bedrock and Amazon Q. By providing practical strategies, real-world case studies, and hands-on examples, this presentation equips security peeps and developers with the knowledge needed to balance innovation with security and quick deployments.
Importance: This talk outlines the theory of password cracking which has been lost over the ages, for years these techniques were considered standard, however writeups on them have been lost and videos of the techniques shared with the public would do well to bring these techniques to the forefront. In particular the takeout / cutb attack is only available on internet archive which is a shame as its highly effective.
Vineeth Sai Narajala
Security Engineer at Amazon Web Services (AWS)
Vineeth is an GenAIApplication Security Engineer at Amazon Web Services (AWS), specializing in core Data Analytics services such as EMR, Athena, and LakeFormation. He has been also instrumental in developing GenAI Security guidelines for service-to-service integration and development within AWS. Prior to his current role, he held positions as a penetration tester and in threat intelligence. Additionally, he gained valuable experience in Business Recovery and Disaster Recovery, particularly in mitigating ransomware attacks during his tenure at Nordstrom. Beyond his professional roles, Vineeth actively participates in the bug bounty scene and is passionate about contributing to the community. He has shared his expertise as an Adjunct Instructor at the University of Nevada, Las Vegas, and has delivered guest lectures at his alma mater, the University of Washington, Seattle. Outside of work, he enjoys skiing and has recently started learning to surf. Vineeth also has a keen interest in classic rock and EDM music.
Close Menu
- Register
- Topics
- AerospaceCypherCon’s Aerospace Hacking community consists of hackers, cybersecurity professionals, aviation engineers, and pilots coming from local public and private sectors. We believe in protecting human life by ensuring the skies are safe, reliable, and trustworthy which is dependent on secure aviation and space operations. Aerospace hackers & Cybersecurity researchers have been testing and securing the skies & space. At the CypherCon the Aerospace community speaks on what it takes to secure aviation, aerospace, defense, transportation and manufacturing industries. In addition, we have a close relationship with Oshkosh’s EAA, the experimental aircraft associates and annual air show and gathering of aviation enthusiasts held each summer at Wittman Regional Airport and adjacent Pioneer Airport in Oshkosh, Wisconsin, United States.
- Application Security (AppSec)CypherCon’s Application Security (AppSec) community consists of hackers from the red team (attackers – works to break into systems), the blue team (defenders – works to keep the systems safe) and the purple team (Mix of both red teams and blue teams working to improve collaboration) Application Security (AppSec) members come together to learn how to exploit software vulnerabilities and other weaknesses in software. Software is everywhere and in everything. The software attack surface continues to grow and is attractive for abuse.
- Artificial Intelligence (AI)Artificial Intelligence (AI) hacking is a growing communnity here at CypherCon. AI and machine learning is vulnerable to cyber attacks with it’s core of modern AI—are rife with vulnerabilities. Attack code to exploit these vulnerabilities has already proliferated across the community while defensive techniques are young, limited, and struggling to keep up. Machine learning vulnerabilities permit hackers and attackers to manipulate the machine learning systems’ integrity (causing them to make mistakes), confidentiality (causing them to leak information), and availability (causing them to cease functioning). Where can hackers come into play to protect AI systems?
- AutomotiveAutomotive or Car Hacking has become critically important. We all drive and ride in vehicles with an incredible number of computers and connectivity. Today all new cars are connected through V2X technologies. Manufacturers are coming out with new technologies for Vehicle industries and business tracking like Fleet management systems, diagnosis toolset, etc. These systems belong to third-party vendors full of vulnerabilities. To better tackle these flaws, a particular set of skills for the automotive and car hacking professionals is required.
- BiohackingBiohacking can be described as hacker citizens or do-it-yourself biology. For many “biohackers,” this consists of making small-medium or incremental changes to one’s lifestyle to make small improvements in your health and well-being. However there are many categories of biohacking: • Biotechnology • BioArt • DNA • Bioinformatics • CRISPR • Human Sexuality • Grinders • Citizen-Scientists & DIY Research • Culture • 3D Printing • Biomedical • Engineering • Implants • Coatings • Magnets • Robotics • Augmentation • Neurotech • InfoSec • BioTech • BioSecurity • BioTerrorism • iGEM • Public Health • Health Hacking • Bio Law • Bioethics • Design • BioBricks • Synthetics • Healthcare • Food & Diet & Nutrition Hacks • Mind Hacks • Tissue Engineering (medical & non-medical) • Biochemical Synthesis • Biohacking 101 • Biosafety • Neuro-Informatics • Nootropics • Aging and Life Extension • Transhumanism • Epigenetics • Archeology • Biophilic Architecture
- Blue TeamNot everything is offensive, many hackers work on the defensive side. Blue Team is a community built for and by defenders. It’s a place to gather, talk, share, and learn from other blue team hackers about the latest tools, technologies, and tactics that our community can use to detect attackers and prevent them from achieving their goals. Many times, our defenders are providing our organizations from nation states!
- CareersWe all have skills sought after in the market place. Do you want a meaningful career with great benefits and security? CypherCon blends a career “fair” and mentorship/coaching from a hackers perspective. CypherCon’s hacker career village brings together students, professionals, and employers for networking, recruiting and career conversations. Find your future direction.
- CloudCloud hacking is the act of checking for security vulnerabilities and weaknesses in an organization’s cloud infrastructure. CypherCon’s Cloud Hacking village offers an open space to meet Wisconsin hackers interested in offensive and defensive aspects of cloud security. Cloud Hacking Topics include offensive techniques, tools, threat and vulnerability sharing, and general knowledge related to cloud security. Defensive knowledge is also welcome at cloud hacking village! At the end of the day the primary goal is to make clouds safer, and both red teamers and blue teamers are welcome to submit content. Get involved!
- Cold WarInformation has always been a key commodity. The cold war hacking or espionage village blends the historical Cold War espionage that was focused on gaining an advantage in information about the enemies’ capabilities, especially related to atomic weaponry. Has that ever really changed as we entered into cyberwar? Learn from our history to guide you into the future at the cold war hacking village.
- CryptocurrencyMaking sense of bitcoin, cryptocurrency and blockchain can be challenging. CypherCon Hackers will help answer your questions. What is it? How does it work? How it can be used? What cryptography is used in the underlying technology? How will blockchain evolve technology? Learn more from our hackers at the cryptocurrency and blockchain village.
- DatabasesEver wonder what database hacking methods exist? How do you know if the database is vulnerable? The best way to make sure your database is secure from bad actors is to think like a hacker. Database hacking at CypherCon dives into the numerous types of databases and many different ways to compromise them. Can you crack the database root password or run a known database exploit?
- Encryption & CyphersThe bread and butter of CypherCon! Cyphers or more commonly, Ciphers, also called encryption algorithms, are systems for encrypting and decrypting data. A cipher converts the original message, called plaintext, into ciphertext using a key to determine how it is done. We are actually a Cryptography conference disguised as a hacker conference, we strive for 20% of our talks to be related to Cryptography.
- Executive
- Forensics
- Game Hacking
- Hacker Culture & Music
- Hacking 101
- Hardware & Soldering
- Healthcare
- ICSIndustrial control system (ICS) is a collective term used to describe different types of control systems and associated instrumentation, which include the devices, systems, networks, and controls used to operate and/or automate industrial processes.
- Incident Response
- Internet of Things (IoT)
- Keynote
- Locks & Safes
- Malware
- Mobile
- Open Source
- Password Cracking
- Privacy
- Red Team
- Risk
- Social Engineering
- Threat Intelligence
- Vintage Hacking
- Wireless
- News
- Party
- Run.exe
- Travel
- FAQ
- Participate
- About Us
- Contact