Agenda
Application Security in the AI Era: From Vibe Coding to DevSecOps and AI-Native Applications
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
As AI transforms how we build and secure software, security leaders face new challenges and opportunities. In this opening keynote, Sunil Agrawal (CISO, Glean) and Chaitanya Bhatt (Head of Product Security, Credit Karma) join Harness SVP and GM, Rahul Sood, to unpack how their organizations are approaching both the challenges of securing AI-assisted coding and AI-native applications, as well as the potential of AI to simplify and accelerate DevSecOps.
The New AppSec Playbook: Securing AI-Native Applications
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
AI-native applications - those built around LLMs and AI agents - are changing how organizations architect enterprise applications. They're also creating attack surfaces that traditional AppSec tools were not designed to protect. This panel brings together security leaders who are navigating evolving threats like prompt injection, sensitive information disclosure, and shadow AI. You'll learn practical approaches to securing your new AI attack surface, implementing guardrails for rolling out AI functionality without slowing down development.
From Roadblocks to Results: Rethinking the Security–Engineering Relationship
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Security and engineering don’t have to be at odds. In this candid panel, Mark-David McLaughlin (Intersystems) and Rahul Bondalapati (Citizens Bank) share how they’ve turned friction into collaboration—balancing speed, safety, and shared accountability. Hear real stories about permission battles, policy overload, and what it takes to build trust between teams that often clash. Learn how involving security early reduces rework, why clear and actionable policies improve adoption, and how to move from conflict to partnership—so security becomes a catalyst for delivery, not a constraint.
Check Your AI Blind Spot: How Attackers Target AI-Native Applications
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
With large language models (LLMs), MCP servers, autonomous agents, and more, AI applications are fundamentally different from traditional applications. Attackers are taking advantages of the differences in the new AI attack surface - and security teams' unfamiliarity with it - to find new ways to bypass existing security controls and exploit application vulnerabilities. Join Ayan Halder (Harness), Roshan Piyush (ASPEN Labs), and Steve Stone (SentinelOne) as they share real-world examples of new threats they're seeing targeting AI-native applications today.
Code, Commit, Secure: Harnessing AI to Build Better Software
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Vibe coding is changing how we design, code, and secure software — but we must use it thoughtfully. Join Tanya Janca (author of Alice and Bob Learn Secure Coding) and Adam Arellano of Harness Security for a lively fireside chat on bringing AI into your development workflow safely and effectively.
We’ll discuss how to:
- Use AI tools to accelerate coding, testing, and deployment — without accelerating the introduction of new vulnerabilities
- Integrate security guardrails into AI-assisted development workflows
- Empower developers to become better, not just faster, by pairing human guidance and skill with machine intelligence
Whether you’re a developer, security professional, or DevOps leader, you’ll leave with practical insights for using AI to build the right things, build them well, and build them securely.
Securing AI Across the Entire Software Development Lifecycle: A Harness + Wiz Perspective
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
AI security isn't just a development problem or a cloud problem - it's a lifecycle problem. Most organizations secure AI applications in silos: developers focus on code, while security teams worry about runtime threats and data exposure. This session brings together experts from Harness and Wiz to demonstrate how AI security must span from pipeline to production. You'll walk away with a practical framework for securing AI applications end-to-end—ensuring your security controls evolve as fast as your AI capabilities.