← All articles

Exploiting and Securing AI at Elbsides Hamburg

Robert von Massow Anne Stein
Robert von Massow, Anne Stein
·CommunityAI & ML · 3 min read

Elbsides is one of those conferences where you actually talk to people. It’s not huge, and that’s the point — the crowd is mostly practitioners who are genuinely into what they do. We were there this year with our AI security workshop, which ran the day before the main conference, and spent the rest of the time attending talks and catching up with people from the security scene in Hamburg.

The Workshop

The full name is Exploiting and Securing AI Applications on AWS, which gives you a pretty good idea of what’s going on. We built a deliberately vulnerable AI shopping assistant. It is built with the Strands SDK and powered by Amazon Bedrock under the hood. The shopping assistant looks like a normal helpful application but it’s full of holes. Prompt injection, overly permissive IAM, insecure integrations. The kind of stuff that ends up in real production systems because the focus was on making the feature work, not on thinking about what could go wrong.

Participants get access to this broken thing and their job is to break it further. Then, once they’ve found the vulnerabilities, we flip it around and look at how to fix them.

One thing we deliberately built into the format was having people work in teams. Participants who didn’t know each other beforehand ended up collaborating closely, sharing findings and helping each other get unstuck. It turned out to be a good call — it made the session more dynamic and gave people a chance to actually get to know each other, not just sit next to each other. Some of the best conversations came out of those moments, not just about the specific challenges but about how people are thinking about AI security in their own work.

The discussion about what “secure AI” even means is still pretty open. That came through clearly in Hamburg. People are building things with LLMs right now, in production, and a lot of them are figuring out the security side as they go. There’s real appetite for something practical and hands-on rather than another talk with an attack taxonomy.

We got great feedback and left with a bunch of notes for the next iteration.

Anne facilitating the workshop Robert facilitating the workshop

Want to Run It With Your Team?

If your team is building AI applications on AWS and wants to get a hands-on understanding of how they can be attacked and how to build them more securely this workshop might be a good fit. We can run it as a standalone session and adapt the scope depending on what’s most relevant for your context.

Drop us a message and we’ll go from there.

About the authors

Robert von Massow
Robert von Massow

With over a decade of hands-on AWS experience and certifications spanning Developer to Security Specialty, Robert works as a Cloud Consultant at superluminar. Here he shares stories and insights from his work — from serious AWS challenges to playful experiments and everything in between.

Anne Stein
Anne Stein

Anne is an AWS Community Builder and Cloud Consultant at superluminar. With her passion for software development and everything cloud, she is always striving to expand her skills and learn about the latest technologies. In this blog, she shares her insights and knowledge on AWS-specific topics.