Topic

When Agents Execute: RCE Paths in LLM-Powered Coding Tools

Join us for great networking, dinner and drinks, and see a presentation by Mahesh Babu, is a former VP of Information Security turned company builder who now leads growth at Kodem Security.

Abstract

This talk is a follow-on to our September 2025 research on denial-of-service and permission escape in Claude Code. We now examine how LLM-powered coding agents can be weaponized end-to-end, including paths to remote code execution. Using Claude Code as a primary case study, and extending to VS Code extension exploits and recent Cursor incidents, we show how agent autonomy, extension APIs, and execution boundaries collapse into a practical RCE surface.‍

Thanks to our SPONSOR: Kodem Security‍
‍The AppSec chase is over.‍ Swap endless alerts with focused action. Simplify the remediation of your most exploitable issues through runtime security.‍

‍Thanks to our HOST: Verizon Innovation Lab - Los Angeles
‍Building tomorrow’s technology today.‍

‍SPONSORSHIP Opportunities Available
‍Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org‍

‍CODE OF CONDUCT‍

We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy

Speaker

Mahesh Babu

Mahesh Babu is a former VP of Information Security turned company builder and now leads growth at Kodem, venture‑backed application security startup. At HSBC he built and scaled global application‑security and identity‑access‑management platforms that safeguard billions of transactions. His career began at Purdue University’s Information Assurance & Security Research Center, where he researched secure software engineering. Mahesh blends academic rigor with enterprise and startup execution to help organizations stay ahead of modern threats.