SecAppDev 2026 lecture details

AI Memory, Mapped

AI memory is not just another RAG plugin; it is a stateful, persistent attack surface. Securing it requires new threat models, new detection primitives, and architectural decisions made well before deployment.

Download handouts
Monday June 1st, 16:00 - 17:30
Room West Wing
Recording session on Tuesday June 2nd, 11:00 - 12:30
Room Heilige-Geesttafel
AI / ML security
Secure Coding
Abstract

Persistent memory transforms AI systems from stateless tools into context-aware systems, but it also introduces a class of risks. We will cover key risks including continuous exfiltration via prompt injection, delayed tool invocation, and negative psychosocial impacts. The second half focuses on building memory-safe systems by design: threat modeling memory, observability strategies, and runtime safety monitoring at scale (including BinaryShield, a novel privacy-preserving method for sharing textual customer content to detect coordinated spray attacks).

Key takeaway

Treat AI memory as an attack surface; design for safety and observability from day one.

Content level

Deep-dive

Target audience

Developers, architects, researchers

Prerequisites

None

Join us for SecAppDev. You will not regret it!

Natalie Isak
Natalie Isak

ML Engineer, Microsoft

Expertise: AI Safety

More details

Join us for SecAppDev. You will not regret it!

Related lectures

Building secure applications in the age of AI agents

Introductory lecture by Pieter Philippaerts in room Lemaire

Tuesday June 2nd, 09:00 - 10:30

This session explores real-world security risks in AI-assisted coding and presents best practices to mitigate them and securely integrate AI into the development lifecycle.

Key takeaway: AI is a powerful force multiplier, but only when paired with strong security practices, verification, and human oversight.

Secure Coding
AI / ML security

Slides available for download

How to (still) trick AI: Adversarial ML for Today

Introductory lecture by Katharine Jarmul in room Lemaire

Wednesday June 3rd, 11:00 - 12:30

There's many known (and still being discovered) attack vectors against deep learning models. In this session, we'll walk through some of the history of adversarial ML and deep learning and find what's changed and what's stayed the same.

Key takeaway: AI/DL models are inherently nondeterministic and have other properties that allow for old, new and interesting attacks.

AI / ML security
Offensive security

Slides available for download

Secure by Design — Ideas and Techniques

Introductory lecture by Dan Bergh Johnsson and Daniel Deogun in room West Wing

Monday June 1st, 11:00 - 12:30
Also available as a recorded session on Tuesday June 2nd, 14:00 - 15:30

Security is a design concern, not just an implementation concern. This session shows how domain modelling, type design, and boundary thinking can structurally eliminate entire classes of vulnerability - before attackers ever get a chance.

Key takeaway: Security is a quality aspect of software - like maintainability or correctness. Teams that design for quality get security as an emergent benefit

Application Security
Architecture
Secure Coding

Slides available for download

all workshops all lectures

SecAppDev offers the most in-depth content you will find in a conference setting