Agentic ProbLLMs - Exploiting AI Computer-Use and Coding Agents with Johann Rehberger

What happens when autonomous AI agents start clicking links, running code, and “helpfully” exfiltrating your secrets for an attacker? In this talk, offensive security researcher Johann Rehberger walks through real‑world exploits against agentic systems such as computer‑use agents, coding copilots, and local development assistants, showing how prompt injection, invisible instructions, and tool automation can turn AI helpers into fully compromised “zombie” endpoints. This session is ideal for blue and purple teamers, red teamers, AppSec engineers, security architects, and anyone experimenting with AI agents in their SOC, SDLC, or internal tools. You’ll see how attackers chain prompt injection with automatic tool invocation, how agents can be abused to steal API keys and sensitive data, and why treating agents like potentially malicious insiders is becoming a practical security baseline. Organizer note: This session was recorded live at BSides Vancouver Island 2025 at the Victoria Con