BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Open Source Security Foundation - ECPv6.15.20//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-ORIGINAL-URL:https://openssf.org
X-WR-CALDESC:Events for Open Source Security Foundation
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-Robots-Tag:noindex
X-PUBLISHED-TTL:PT1H
BEGIN:VTIMEZONE
TZID:Asia/Kolkata
BEGIN:STANDARD
TZOFFSETFROM:+0530
TZOFFSETTO:+0530
TZNAME:IST
DTSTART:20250101T000000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=Asia/Kolkata:20260409T180000
DTEND;TZID=Asia/Kolkata:20260409T190000
DTSTAMP:20260426T143911
CREATED:20260403T151238Z
LAST-MODIFIED:20260408T065506Z
UID:10000107-1775757600-1775761200@openssf.org
SUMMARY:Handing Over The Keys to Your Kingdom: AI-Driven Security Woes
DESCRIPTION:The current security landscape reveals a dangerous paradox: the very tools we trust to secure our code—AI agents and DevSecOps utilities—possess the broadest permissions but the weakest oversight. We are currently witnessing a “credential-drift” crisis where automated tools are becoming the primary vectors for supply chain contagion. \nTo prevent the next cascade\, we must move away from reactive patching and toward a Closed-Loop Integrity System. \nThe last 14 days have highlighted a systemic failure in how we manage “privileged automation.” Trivy\, Axios\, LiteLLM\, OpenAI Codex\, and Claude Code have all fallen prey to various supply chain attacks. \nWe are handing the “keys to the kingdom” to AI agents and automated scanners that are\, by nature\, high-value targets. If you aren’t monitoring your security tools with the same intensity you use for your production databases\, you aren’t running a secure shop—you’re just waiting for the next cascade. \nJoin this talk to learn more about how you can prevent supply chain security failures in your AI world. \n  \n \nGuest: Himanshu Sangshetti \nDate: Thursday\, 9th April 2025 \nTime: 6 PM IST
URL:https://openssf.org/event/handing-over-the-keys-to-your-kingdom/
CATEGORIES:India Initiative
END:VEVENT
END:VCALENDAR