This interactive session transforms AI security education into an engaging courtroom-style debate. We'll present five critical vulnerabilities affecting modern AI development tools, and after each case study, the audience becomes the jury—voting on who's responsible: the careless user, the negligent developer, or the inadequate service provider.
We'll dissect real CVEs including GitHub Copilot's wormable RCE (CVE-2025-53773), MCP server command injections (CVE-2025-53107, CVE-2025-5277), GitHub's private repository leak via prompt injection, and Microsoft Copilot's zero-click data exfiltration (CVE-2025-32711). Each case reveals technical root causes through collaborative analysis.
The conclusion challenges the "blame game" itself: these vulnerabilities expose fundamental architectural weaknesses in agentic AI systems where traditional security models fail. We'll establish that securing AI tools demands a shared responsibility framework—developers must code defensively, providers must architect securely, and users must understand AI-specific risks. The session culminates with actionable best practices for each stakeholder.

Devoxx

A conference talk structured as a mock trial examining who bears responsibility when AI coding tools are exploited. Three real CVEs are analyzed: a GitHub Copilot prompt injection via Camo image proxy (CVSS 9.6), an Ollama remote code execution via unauthenticated Docker APIs (CVSS 9.4), and an AWS MCP server shell injection. Each case involves audience voting on whether the AI developer, tool developer, or end user is at fault. The talk concludes with the concept of the 'mental model gap' — the disconnect between how developers perceive AI tools as safe productivity boosters versus how attackers see them as autonomous agents with broad access and weak trust boundaries. Key takeaways: prompt injection is a fundamental LLM vulnerability, tool providers often underestimate deployment misuse, and shared responsibility across the ecosystem is essential.

Who to blame? The AI, The Programmer, or The Prompt? by Makan Sepehrifar