Makan Sepehrifar is a software architect with over 20 years of experience across multiple domains, whose fascination with organizational behavior and cognitive psychology has led him to redefine how technology interfaces with human understanding. Through his public speaking on developer experience and the role of generative AI in shaping its future, he advocates for a fundamental truth: every major technological shift demands an equally major shift in mindset. His work explores how social and technical transformations happen together, believing that this replication of human mindset, organizational, and technological change is the true meaning of agile.
This interactive session transforms AI security education into an engaging courtroom-style debate. We'll present five critical vulnerabilities affecting modern AI development tools, and after each case study, the audience becomes the jury—voting on who's responsible: the careless user, the negligent developer, or the inadequate service provider.
We'll dissect real CVEs including GitHub Copilot's wormable RCE (CVE-2025-53773), MCP server command injections (CVE-2025-53107, CVE-2025-5277), GitHub's private repository leak via prompt injection, and Microsoft Copilot's zero-click data exfiltration (CVE-2025-32711). Each case reveals technical root causes through collaborative analysis.
The conclusion challenges the "blame game" itself: these vulnerabilities expose fundamental architectural weaknesses in agentic AI systems where traditional security models fail. We'll establish that securing AI tools demands a shared responsibility framework—developers must code defensively, providers must architect securely, and users must understand AI-specific risks. The session culminates with actionable best practices for each stakeholder.
Searching for speaker images...