Workshop · participant feedback

Breaking AI: Prompt Injection, Data Exfiltration & Practical Defenses

Outcomes combined across every delivery of this offering.

~250 attendees across 5 deliveries

2
Deliveries with feedback
17
Responses
9.3/10
Avg. overall
100%
Would recommend
Each card is one participant's anonymous exit-survey response. How to read the numbers:
  • Overall — their rating of the session on a 1–10 scale.
  • Familiarity before — how familiar they were with LLM security / prompt injection before the workshop, on a 1–5 scale (1 = Not familiar → 5 = Expert).
  • Confidence after — how confident they felt identifying prompt-injection risks and mitigations after the workshop, on a 1–5 scale (1 = Not confident → 5 = Very confident).
10/10overallBSides Tampa
I flew from Brazil to attend BSides and was not disappointed — thanks so much! Shout out from BR.
Key takeaway

Will use Promptfoo and Garak in my next pentests, plus a much better understanding of AI data exfiltration.

Undergraduate Student
Independent
Plans toApply what they learned at work
Self-rating (1–5)Familiarity before: 3/5Confidence after: 5/5
10/10overallBSides Tampa
I found this training extremely excellent. Excellent presentation — I'd love a follow-up that goes deeper into agentic AI models.
Key takeaway

New ways to apply fundamental security practices to AI: watermarking, confidence scores for model theft, and prompt-injection best practices.

Industry Professional
Capital One
Plans toApply what they learned at work
Self-rating (1–5)Familiarity before: 3/5Confidence after: 5/5
10/10overallBSides Tampa
I really enjoyed this and appreciated the quick break to stretch my legs. You did an excellent job!
Key takeaway

Using watermarks to protect content from AI scanning.

Undergraduate Student
Withlacoochee Technical College
Plans toApply what they learned at work
Self-rating (1–5)Familiarity before: 2/5Confidence after: 4/5
8/10overallBSides Tampa
He was clear and encouraged discussion. When people got stuck on the technical setup at the start, he was very helpful and patient in getting everyone going so we could all take part in the lab.
Key takeaway

Using additional models to help identify and prevent prompt injection.

Industry Professional
Software / IT / Systems
Self-rating (1–5)Familiarity before: 2/5Confidence after: 3/5
10/10overallBSides Tampa
He was great!
Key takeaway

Classification models being used to filter prompts before they reach the LLM.

Industry Professional
TRU Simulation
Plans toApply what they learned at work
Self-rating (1–5)Familiarity before: 4/5Confidence after: 4/5
9/10overallBSides Tampa
Very good at presenting the material.
Key takeaway

Practical areas of defense for LLM systems.

Industry Professional
ZT
Plans toApply what they learned in their research
Self-rating (1–5)Familiarity before: 3/5Confidence after: 3/5
10/10overallBSides Tampa
Thank you for doing this.
Key takeaway

Digital watermarking techniques.

Industry Professional
Independent
Plans toRethink how they build & evaluate LLM systems
Self-rating (1–5)Familiarity before: 4/5Confidence after: 4/5
10/10overallBSides Tampa
Key takeaway

Model theft and other practical attack techniques against deployed models.

Industry Professional
Lufsec
Plans toRethink how they build & evaluate LLM systems
Self-rating (1–5)Familiarity before: 4/5Confidence after: 5/5
10/10overallBSides Tampa
Key takeaway

Prompt-injection classifiers as a filtering layer.

Industry Professional
DOI
Plans toApply what they learned at work
Self-rating (1–5)Familiarity before: 3/5Confidence after: 5/5
10/10overallBSides Tampa
Key takeaway

A security-sense approach to threat modeling for AI systems.

Industry Professional
Apple Bank
Self-rating (1–5)Familiarity before: 2/5Confidence after: 4/5
7/10overallBSides Tampa
Thank you!
Key takeaway

Ensuring permissions for the LLM are appropriately defined.

Academia / Professor
University of Wisconsin–Madison
Plans toApply what they learned at work
Self-rating (1–5)Familiarity before: 2/5Confidence after: 4/5
8/10overallBSides Tampa
Great job — thank you!
Key takeaway

Plans to apply the full range of attack and defense techniques covered.

Industry Professional
Noble Technologies
Plans toApply what they learned at work
Self-rating (1–5)Familiarity before: 4/5Confidence after: 4/5
10/10overallBSides Charlotte
Fantastic talk, broken down in a way that was extremely digestible. As someone already familiar with the basics, this was unbelievably enlightening. Thank you so much!
Key takeaway

Implementing stricter AI guidelines and invisible watermarks across my organization.

Industry Professional
Diesel Laptops
Plans toApply what they learned at work
Self-rating (1–5)Familiarity before: 3/5Confidence after: 5/5
10/10overallBSides Charlotte
His personable, easy way of speaking was excellent!
Key takeaway

White-space attacks against LLM input handling.

Industry Professional
Bank of America
Plans toApply what they learned at work
Self-rating (1–5)Familiarity before: 2/5Confidence after: 5/5
8/10overallBSides Charlotte
Friendly! Thank you for the workshop!
Key takeaway

Using classifiers to defend LLM systems.

Undergraduate Student
Central Piedmont CC
Plans toRethink how they build & evaluate LLM systems
Self-rating (1–5)Familiarity before: 2/5Confidence after: 3/5
9/10overallBSides Charlotte
Key takeaway

Tightening CSP settings to allow or deny content sources.

Industry Professional
Credit Karma
Self-rating (1–5)Familiarity before: 3/5Confidence after: 4/5
10/10overallBSides Charlotte
Key takeaway

LLM watermarking for content protection and provenance.

Industry Professional
Cybersecurity
Self-rating (1–5)Familiarity before: 4/5Confidence after: 3/5