🤝Community
OWASP Top 10 for LLMs: The Practitioner Cut
Date & Time
Thursday, July 23, 2026
All day
Location
Calgary, AB
About This Event
A practitioner-led session for security and engineering leaders who need a defensible framework, not another checklist.The approval is on your desk. The pressure is real.Your organization is moving an LLM-powered application toward production. The business is ready to ship. Engineering says it's ready to ship. And now the question lands on you: is it actually secure?This isn't a theoretical scenario. It's happening in security and engineering teams everywhere and the people who approve deployments with gaps they didn't catch are the ones who own the incident publicly. The breach. The data exposure. The regulatory inquiry. The post-mortem where someone asks: what did you check before you signed off?The OWASP Top 10 for LLM Applications gives you the vocabulary. This session gives you the decision framework.If I approve this LLM system for production and critical security controls are missing, I will be personally accountable for the resulting breach, exposure, or incident.That is the risk this session is designed to close.Why This Session Matters Right NowGenAI adoption has outpaced security review cycles. Most organizations now have LLM-powered features in production or under pressure to ship them within weeks. The window between experimentation and production is collapsing, and security teams are being asked to approve systems they don't yet have a structured way to evaluate.LLM applications fail differently from traditional software. Prompt injection doesn’t behave like SQL injection. A badly scoped context window can expose sensitive data with no attacker involved. Guardrails that pass testing break under realistic usage. Standard AppSec controls weren’t designed to catch these failure modes and many security leaders are approving deployments without a framework to surface them.The OWASP Top 10 for LLM Applications exists to address this. But knowing the category names is not the same as knowing how to apply them to a production decision. This session closes that gap with a practitioner who has done this work inside real organizations, under real pressure.Why Learn from Vandana VermaVandana Verma doesn’t teach AI security from a distance. She works directly with engineering and security teams navigating production deployment decisions helping them understand what failure looks like before it happens, and what controls are non-negotiable before they can responsibly ship.As a Security Advocate at Snyk, an active leader within the OWASP Foundation, and President of InfosecGirls, Vandana brings a perspective that is rare: she understands AI security risk from the inside out, and she knows what it costs to get a production approval wrong.She brings practitioner experience, not slides full of frameworks. The insights in this session are earned, not assembled.What You’ll Walk Away WithThis session is built around decisions, not topics. You won’t leave with a list of things to read. You’ll leave ready to act.Identify which OWASP Top 10 LLM risks are material to your production context and which require mandatory controls before any deployment is approvedAssess whether guardrails and controls are actually sufficient, including where they appear solid but fail under realistic usage patternsChallenge engineering and product teams with the right questions before a deployment decision reaches your deskDefine what “safe enough” means for your specific context with criteria you can apply consistently and explain to stakeholdersMake a production approval or rejection decision with confidence and document it in a way that holds up if something later goes wrongReduce your personal and organizational exposure by understanding the failure modes most likely to cause incidents in LLM-powered systemsWho Should AttendThis session is designed for the people who carry the approval decision not the people who build toward it.Primary audience:CISOs and security leaders responsible for AI risk postureApplication security leaders evaluating or gatekeepi
