Wednesday
Room 2
15:00 - 16:00
(UTC+02)
Talk (60 min)
Dangerous Reactivity: Why AI Output Is the New XSS
Vue developers know one golden rule: never use v-html on user input.This or something similar is well-known in other frameworks, too. Yet, as we're integrating Large Language Models (LLMs) into our applications, we often make a fatal mistake. We're treating AI output as a trusted source. This is fine, right? Well, not automatically....
Let’s look at OWASP LLM05 and how "Improper Output Handling" impacts the security of Vue components. Therfore, let's discuss examples where safe inputs can trick models, causing vulnerabilities like XSS and injection attacks. By the end, you’ll learn how to be "professionally pessimistic" for AI. You’ll learn how to sanitize LLM data, safely render Markdown, and manage AI-generated content. Join my session to approach technology with caution, I look forward to exploring this with you!
Ramona Schwering
Ramona is a developer advocate and software engineer with roots in quality assurance. She owns both views of the product - that of a tester and a developer. Ramona primarily uses this to strengthen trust in test automation and support the testers and developers alike, becoming a Google Developer Expert in Web Technologies, Women Techmaker Ambassador, and Cypress ambassador.