Another talk announcement for BSides Luxembourg! π§ π» π§πππ π§π’ π π¦ππππ: ππ«π£ππ’ππ§ππ‘π ππ ππππ‘π§π¦ ππ‘ π₯πππ π§
agents
| Source: Mastodon | Original article
A new session has been added to the BSides Luxembourg agenda: **βTalk to a Shell β Exploiting AI Agents in RealβTime,β** presented by security researcher Parth Shukla. The talk will dive into how modern AI agentsβfar beyond static chatbotsβcan run commands, read and write files, and interact directly with operating systems. Shukla will demonstrate how an attacker could hijack these capabilities simply by issuing spoken or textual prompts, turning a helpful assistant into a remote weapon.
The announcement matters because AIβdriven agents are rapidly moving from experimental labs into production tools such as GitHub Copilot, Microsoft Copilot, and a growing ecosystem of βagenticβ assistants that automate DevOps, IT operations, and even customerβservice workflows. Their ability to act autonomously on live systems creates a fresh attack surface that traditional security controls often overlook. Recent findings, such as the OpenClaw vulnerability that exposed how AIβenhanced code generation can leak secrets, already hint at the risks of unchecked agent behavior. Shuklaβs session promises concrete proofβofβconcepts that illustrate how malicious prompts can trigger privilege escalation, data exfiltration, or ransomware deployment without ever touching a keyboard.
Attendees and the broader security community should watch for three immediate developments. First, the detailed techniques Shukla will reveal are likely to be incorporated into threatβintel feeds and redβteam playbooks within weeks. Second, vendors of AIβagent platforms may accelerate the rollout of sandboxing, promptβfiltering, and provenance tracking to mitigate misuse. Third, regulators in the EU are expected to tighten guidance on AI safety, and the talk could become a reference point in upcoming policy drafts.
BSides Luxembourg runs from 22β24β―April, and Shuklaβs presentation is slated for the second day. The session will be streamed live, and a recording will be posted on the conferenceβs YouTube channel, offering a timely look at the security challenges that will shape AI deployment in the months ahead.
Sources
Back to AIPULSEN