Beneath the Prompt: The Hidden Risks Powering GenAI
About This Session
As LLMs power more applications across industries, firmware and hardware security is now mission-critical. The attack surface has shifted downward, making AI infrastructure itself the new battleground. Securing GenAI involves both:
- Traditional cybersecurity controls (monitoring, patching, access controls)
- AI-specific governance frameworks (model integrity, supply chain verification)
The message is clear: securing the model is not enough—you must secure the machine it runs on. This talk will highlight the vulnerabilities in the infrastructure powering large language models (LLMs) and generative AI systems. It will focus on the hardware, firmware, and cloud components that support AI, revealing how these foundational layers are increasingly targeted by sophisticated attacks.
- Traditional cybersecurity controls (monitoring, patching, access controls)
- AI-specific governance frameworks (model integrity, supply chain verification)
The message is clear: securing the model is not enough—you must secure the machine it runs on. This talk will highlight the vulnerabilities in the infrastructure powering large language models (LLMs) and generative AI systems. It will focus on the hardware, firmware, and cloud components that support AI, revealing how these foundational layers are increasingly targeted by sophisticated attacks.
Speaker
Alex Bazhaniuk
CTO - Eclypsium
Alex is the Chief Technology Officer and Co-Founder of Eclypsium and is recognized as an authority in the spheres of AI infrastructure and supply chain security. He has many years of experience in research and product development. Over the course of his 15-year career, he has been at the forefront of supply chain security innovation and research, leading teams at organizations such as Intel and McAfee.
His commitment to enhancing security knowledge in the community led to extensive speaking and training sessions at a myriad of international security conferences, such as Black Hat, DEF CON, CanSecWest, Recon, Troopers, and Toorcon. He also initiated the first DEF CON Group in Ukraine and co-founded the DCUA CTF team, fostering a collaborative platform for cybersecurity enthusiasts.
His commitment to enhancing security knowledge in the community led to extensive speaking and training sessions at a myriad of international security conferences, such as Black Hat, DEF CON, CanSecWest, Recon, Troopers, and Toorcon. He also initiated the first DEF CON Group in Ukraine and co-founded the DCUA CTF team, fostering a collaborative platform for cybersecurity enthusiasts.