Embedding AI, Without Inviting Risk: A DevSecOps Blueprint for Safer Applications

#1697522: Embedding AI, Without Inviting Risk: A DevSecOps Blueprint for Safer Applications - 08/13/2025

Description:	As AI features become embedded in modern apps, so do new attack surfaces. From unsecured model APIs and data exposure to vulnerabilities in CI/CD pipelines, developers face mounting risks when integrating AI. In this session, Nikhil Kassetty draws on his experience in fintech and cloud-native environments to deliver a practical DevSecOps blueprint for securing AI-powered applications. You’ll learn how to harden AI integration points, enforce safe data practices, and align security with speed , all while maintaining the flexibility developers need. Whether you're deploying LLMs or embedding predictive logic, this session equips you to build smarter software, without opening the door to smarter threats. ML-Driven Database Security: Adaptive Query Optimization Against Injection Attacks Database management systems face critical security challenges when traditional query optimization methods expose vulnerabilities to SQL injection and timing attacks. Current statistics-based optimization techniques create predictable query patterns that attackers exploit, leading to data breaches in up to 35% of enterprise databases. Our research presents a machine learning-based inferential statistics framework that enhances both query performance and security by introducing adaptive, unpredictable optimization patterns. By integrating Bayesian learning and reinforcement learning, our security-focused framework maintains optimal database performance while obscuring query execution patterns from potential attackers. The system improves cardinality estimation accuracy by 40-50% over traditional methods while introducing intelligent randomization that prevents timing-based attack vectors. Enterprise-scale testing demonstrates 85-95% reduction in statistics collection overhead and 25-30% query execution improvements, all while maintaining security hardening against common database attacks. The framework's adaptive response mechanisms detect and counter suspicious query patterns within 500 milliseconds, providing real-time protection against injection attempts and unauthorized data access. In databases ranging from 1TB to 5TB, our solution achieves 30-40% operational cost reductions while strengthening security posture through dynamic histogram redistribution and intelligent batch processing that masks database structure from attackers. Key security innovations include ML-driven query pattern obfuscation, adaptive statistical model updates that prevent reconnaissance attacks, and reinforcement learning algorithms that continuously evolve defensive strategies. These advances enable organizations to achieve superior database performance while maintaining robust security against evolving threats. This approach represents a critical advancement in secure database query optimization, providing scalable, self-adaptive protection for enterprise systems handling sensitive data and high-volume transactions. What to Tell Your Developers About NHI Security and Governance Non-Human Identities (NHIs) outnumbered humans 45 to 1 in 2022. Given that their access abuse is one of the most easily exploited attack paths, we really need to get a handle on NHI security right now. But how do we start? What do we even tell the developer? We can't tell them to just not keep building applications and secrets security alone has not addressed all the concerns NHI security requires.Once again, OWASP is here to shed some light on the situation right as this issue becomes a major, main steam concern. In January of 2025, they released the Top 10 Non-Human Identity Risks, which highlights exactly how NHIs keep getting exploited and gives us a guide to raising awareness and prioritizing and remediating the situation inside our organizations. But they are not the only ones who released a guide or even a top 10 list. This talk will guide us through the commonalities of all the published wisdom around NHI security, and we will end with a discussion that governance is a path forward but will need to go through IAM and, eventually, the whole organization.
More info:	https://codeseccon.com/en/#home-agenda

Description:

As AI features become embedded in modern apps, so do new attack surfaces. From unsecured model APIs and data exposure to vulnerabilities in CI/CD pipelines, developers face mounting risks when integrating AI. In this session, Nikhil Kassetty draws on his experience in fintech and cloud-native environments to deliver a practical DevSecOps blueprint for securing AI-powered applications. You’ll learn how to harden AI integration points, enforce safe data practices, and align security with speed , all while maintaining the flexibility developers need. Whether you're deploying LLMs or embedding predictive logic, this session equips you to build smarter software, without opening the door to smarter threats.

ML-Driven Database Security: Adaptive Query Optimization Against Injection Attacks
Database management systems face critical security challenges when traditional query optimization methods expose vulnerabilities to SQL injection and timing attacks. Current statistics-based optimization techniques create predictable query patterns that attackers exploit, leading to data breaches in up to 35% of enterprise databases. Our research presents a machine learning-based inferential statistics framework that enhances both query performance and security by introducing adaptive, unpredictable optimization patterns.

By integrating Bayesian learning and reinforcement learning, our security-focused framework maintains optimal database performance while obscuring query execution patterns from potential attackers. The system improves cardinality estimation accuracy by 40-50% over traditional methods while introducing intelligent randomization that prevents timing-based attack vectors. Enterprise-scale testing demonstrates 85-95% reduction in statistics collection overhead and 25-30% query execution improvements, all while maintaining security hardening against common database attacks.

The framework's adaptive response mechanisms detect and counter suspicious query patterns within 500 milliseconds, providing real-time protection against injection attempts and unauthorized data access. In databases ranging from 1TB to 5TB, our solution achieves 30-40% operational cost reductions while strengthening security posture through dynamic histogram redistribution and intelligent batch processing that masks database structure from attackers.

Key security innovations include ML-driven query pattern obfuscation, adaptive statistical model updates that prevent reconnaissance attacks, and reinforcement learning algorithms that continuously evolve defensive strategies. These advances enable organizations to achieve superior database performance while maintaining robust security against evolving threats. This approach represents a critical advancement in secure database query optimization, providing scalable, self-adaptive protection for enterprise systems handling sensitive data and high-volume transactions.

What to Tell Your Developers About NHI Security and Governance
Non-Human Identities (NHIs) outnumbered humans 45 to 1 in 2022. Given that their access abuse is one of the most easily exploited attack paths, we really need to get a handle on NHI security right now. But how do we start? What do we even tell the developer? We can't tell them to just not keep building applications and secrets security alone has not addressed all the concerns NHI security requires.Once again, OWASP is here to shed some light on the situation right as this issue becomes a major, main steam concern. In January of 2025, they released the Top 10 Non-Human Identity Risks, which highlights exactly how NHIs keep getting exploited and gives us a guide to raising awareness and prioritizing and remediating the situation inside our organizations.

But they are not the only ones who released a guide or even a top 10 list. This talk will guide us through the commonalities of all the published wisdom around NHI security, and we will end with a discussion that governance is a path forward but will need to go through IAM and, eventually, the whole organization.

More info:

https://codeseccon.com/en/#home-agenda

Date added	Aug. 12, 2025, 5:01 p.m.
Source	codeseccon
Subjects	AI/ML - Artificial Intelligence / Machine Learning / GenAI / Artificial General Intelligence - AGI - Various DevOps / DevSecOps Large Language Models (LLMs) PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. Security Management/Strategic Security/ROI/ROSI - CISO and Higher Level
Venue	Aug. 13, 2025, midnight - Aug. 13, 2025, midnight