LLMs accessing the database and intelligent agents that perform online purchases? The possibilities for AI in applications seem endless but so are their security and data privacy risks. In this session, we’ll address common issues such as prompt injection, key leakage, abuse of private customer data for model training, legal restrictions, and more. In addition, we will show that general security issues in your systems can also influence the behavior and outcome of LLMs.

During this session, you’ll get a solid overview of the vulnerabilities to avoid, strategies to ensure data privacy compliance and best practices for building secure LLM-powered applications.

Devoxx

A conference talk demonstrating real security vulnerabilities in LLM-powered applications. Live demos show how path traversal and SQL injection can be used to poison RAG context and chat memory, enabling unauthorized actions like canceling bookings or dropping database tables. The talk covers prompt injection techniques including multi-stage attacks that bypass system message restrictions to extract PII. Mitigations discussed include input/output guardrails using LLM-as-a-judge, limiting LLM permissions and tool scope, enforcing structured output, human-in-the-loop confirmation for high-risk actions, and using local models for privacy-sensitive data. MCP server risks and denial-of-pocket attacks are also highlighted.

[VDBUH2026] Brian Vermeer - Breaching LLM-Powered Apps: Overcoming Security and Privacy Challenges