Brainberg
Beyond Prompt Injection: Breaking AI Agents via Low-Level Host Injections
AI Integration & ApplicationMeetupFreeOnline

Beyond Prompt Injection: Breaking AI Agents via Low-Level Host Injections

Thu 30 Jul · 16:00
< 50 attendees

About this event

🚀 AiSec Eng Spain x Madrid DevOps x HackerDreams x Valkyrias

📅 30/07/2026
🕖 18:00h (CEST) (Comenzaremos Puntal)
📍 Lugar: Online
Idioma de la charla : Inglés

🧠Beyond Prompt Injection: Breaking AI Agents via Low-Level Host Injections (CVE-2026-48710)

THE TALK WILL BE IN ENGLISH
LA CHARLA SERÁ EN INGLÉS

👨‍💻 Speaker

Kfir Gisman

🧾 Bio

Kfir Gisman’s work bridges the gap between deep security research and robust backend engineering. His career is defined by two core pillars: first, his background in security research, having worked as a Cloud Security Researcher at Spectral (a DevSecOps startup acquired by Check Point) where he focused on threat detection and supply chain risks; and second, his hands-on software engineering experience, currently developing secure Python backend architectures for national and EU-funded cybersecurity projects (EU Horizon and INCIBE) at Treelogic. Outside of his day job, Kfir actively contributes to the FastAPI community, hosts the "Code with Mate" software engineering podcast, and writes weekly technical deep-dives on his personal website, kfir-g.dev

📚 Description

While the industry is obsessed with jailbreaks and prompt injections, we are ignoring a massive blind spot: AI agents still run on classic web infrastructure.

In this practical 30-minute session, Kfir Gisman will break down CVE-2026-48710 - a critical vulnerability in Starlette (the backbone of FastAPI and the Python LLM ecosystem) that recently put millions of AI agents at risk.
We will explore the concept of State Divergence and demonstrate live how a single character (?) in the Host header can completely blindfold global middlewares, letting an attacker bypass authentication and hijack privileged endpoints- without writing a single line of prompt.
What you’ll take away:
* Why blindly upgrading dependencies won't fix broken architectural patterns.
* How to shift from mutable wrappers (request.url) to raw ASGI state (request.scope).
* How to implement structural defenses at the API Gateway level to shield your AI infrastructure.
(*) No Python expertise required- this is a universal lesson in application security architecture.

🌐 Comunidad
👉 Únete a Discord:
https://devseccon.io/discordcommunity
📢 Telegram:
https://t.me/hackerdreamsdcomm
https://t.me/hackbcn
https://t.me/+EQXjdGyWYPAotmLG
https://t.me/xopsnoticias
https://t.me/xopshispano
🐦 X (Twitter):
@JR_kneda
@hunters_flag
@hackerdreamsorg
@hackbcn
@xopsconference

🤝 Colaboración y patrocinio

Si tu empresa quiere colaborar o patrocinar futuros eventos:
📩 Email: info@hackerdreams.org
📝 Formulario: https://forms.gle/JbBwUGY26fAeLqJ78
💸 Donaciones:
https://www.paypal.com/donate/?hosted_button_id=8UHV5UN47J3DY
https://bmc.link/hackerdreams

Source: meetup