Principal Security Architect at Microsoft
1
Talks Delivered
1
Events Spoken At
0
Countries Visited
1
Years Speaking
1
Total Talks Given
Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension
This session moves beyond prompt injection into the Execution Layer of modern AI agents. We show how frameworks like LangChain and AutoGPT can be exploited by manipulating Chain-of-Thought to create “Ghost Parameters” in API calls, enabling privilege escalation via Mass Assignment. We also demonstrate a Cognitive DoS by poisoning RAG context to trap agents in reasoning loops. Finally, we introduce Agent-Fuzz, an open-source tool to discover these vulnerabilities before production.