AI didn't just speed up reconnaissance. It connected dots that were never supposed to connect and most blue teams haven't caught up yet.
This talk walks through a single, end-to-end exposure chain so defenders can finally see what they're up against, and know exactly where to break it.
It starts with people. AI-powered OSINT pipelines aggregate and correlate employee data across LinkedIn, GitHub, forums, and breach databases in minutes, building behavioral profiles precise enough to generate hyper-targeted phishing lures at scale. But the exposure doesn't stop at individuals. The same reconnaissance that maps employees also maps the company: infrastructure, misconfigured services, and increasingly API endpoints leaked during LLM deployments. Production AI tools calling internal services, chatbots inadvertently surfacing internal documentation, LLM APIs left exposed during staging, these aren't edge cases, they're patterns blue teams are consistently missing.
From there, the path in is shorter than most teams think. Either a well-profiled employee gets phished into opening the door, or an exposed AI-connected service was never meant to be public in the first place. And once an attacker reaches an internal LLM: a security chatbot, an AI-assisted SIEM, an LLM-integrated IR tool, prompt injection becomes the final piece. Your AI doesn't know the difference between a legitimate query and a crafted instruction. Your analyst might not either.
We'll demonstrate each stage, then flip the lens entirely covering how defenders can map their AI exposure, harden LLM-integrated tooling, and break the chain before it completes.
Attendees will leave with:- Visibility into how AI-powered recon pivots from employees to exposed infrastructure
- Awareness of LLM deployment patterns that unintentionally surface internal services
- A framework for identifying prompt injection risks in security tooling
- Actionable steps to audit and defend their AI attack surface
