Speaker Topics - No Fluff Just Stuff
NFJS2026

Building Secure AI Agents: Defense-First Development - Half-day workshop

AI agents are the fastest-growing attack surface in enterprise software. CVE-2026-25592 and CVE-2026-26030 turned Microsoft Semantic Kernel prompt injection into full host RCE. CVE-2026-44338 gave PraisonAI attackers remote code execution, probed within 3h44m of disclosure. The Mercor/LiteLLM supply-chain breach exposed API keys across thousands of deployments. Meanwhile, researchers demonstrated that 1% poisoned vectors can contaminate 99.85% of RAG query results, and the Involuntary In-Context Learning (IICL) bypass achieves a 60% success rate against safety guardrails. This half-day workshop teaches developers to build agents that are secure by design. Unlike the AI Red Team Challenge (attack-focused) or the 2-day Enterprise AI Security course (comprehensive security program), this workshop is specifically for agent builders who need practical, code-level defensive patterns they can apply immediately to their agent development workflow.

Prerequisite: Experience building AI agents (via the AI Accelerator, agents workshop, or equivalent). Comfort with Python and basic understanding of agent architectures (ReAct, tool calling, MCP).
Covers: input validation and sanitization for LLM-powered systems, prompt injection defense patterns (system prompt hardening, output filtering, canary tokens), secure tool calling (JWT auth, per-tool scopes, least-privilege sandboxing), MCP server security (authentication, authorization, rate limiting, transport security), RAG pipeline hardening (source allowlists, embedding integrity checks, retrieval-result validation), agent output guardrails (PII detection, content filtering, response boundaries), secure memory and context management, and dependency/supply-chain security for agent frameworks. Labs use a deliberately vulnerable agent that participants progressively harden.


Brent Laster

About Brent Laster

Hi, I'm Brent Laster - a global trainer and book author, experienced corporate technology developer and leader, and founder and president of Tech Skills Transformations LLC. I've been working with and presenting at NFJS events for many years now and it is always exciting and interesting.

Through my decades in programming and management,I've always tried to make time to learn and develop both technical and leadership skills and share them with others Regardless of the topic or technology, my belief is that there is no substitute for the excitement and sense of potential that come from providing others with the knowledge they need to help them accomplish their goals.

In my spare time, I hang out with my wife Anne-Marie, 4 children and 2 small dogs in Cary, North Carolina where I design and conduct trainings and write books. You can find me on LinkedIn (linkedin.com/in/brentlaster), Twitter (@brentclaster) or through my company's website at www.getskillsnow.com.

More About Brent »