This talk was recorded at NDC London in London, England. #ndclondon  #ndcconferences #developer #softwaredeveloper    

Attend the next NDC conference near you: 
https://ndcconferences.com
https://ndclondon.com/

Subscribe to our YouTube channel and learn every day:   
/        @NDC 

Follow our Social Media!

https://www.facebook.com/ndcconferences
https://twitter.com/NDC_Conferences
https://www.instagram.com/ndc_conferences/

#security #ai #llm 

LLMs power everything from chatbots to autonomous agents, but their non-deterministic nature exposes you to spoofing, privilege escalation, and compliance pitfalls.

In this session, we'll draw on the social engineering experiments I undertook while building conversational AI systems, and we'll see how attackers could bypass security guardrails. We'll explore:

* Real-world injection attacks and the vulnerabilities that make them possible
* Emerging identity patterns, from W3C Verifiable Credentials to on-chain verification
* Methods to protect against prompt manipulation and the often-overlooked elements in audit logs
* A roadmap to LLM-aware identity ecosystems, including policy-as-code enforcement and federated governance models

You'll discover practical approaches to securing LLM workflows today while preparing for tomorrow's decentralised identity architectures. Through demos and case studies, you'll leave with actionable patterns for building trust into AI systems, and insight into where the ecosystem is heading.

NDC Conferences

Large language models are vulnerable to social engineering and prompt injection attacks that can manipulate them into unauthorized actions. Traditional OAuth bearer tokens stored in LLM context windows can be exfiltrated and reused. Verifiable credentials offer a cryptographic solution by binding identity to the token holder through wallet-signed presentations, making stolen credentials unusable. The approach uses W3C-compliant standards with decentralized identifiers (DIDs) and creates narrowly-scoped, short-lived tokens that verify both the issuer and the wallet holder, preventing LLMs from being tricked into bypassing authorization controls.

Building Identity into LLM Workflows with Verifiable Credentials - Ben Dechrai