About Donations Volunteering About PyCon Africa 2025 Code of Conduct Privacy Policy Opportunity Grants (CLOSED) Contact Us Events 8 Oct: Beginners Day (FREE) 9-10 Oct: In Person Conference 9-10 Oct: Online Conference 9 Oct: Dinner for Speakers, Organisers & Sponsors 11-12 Oct: Sprints 30 Aug: Friends of PyCon Africa (FREE) Tickets Buy Tickets Ticket Types Venue Online Venue Accommodation Remote and in person In person venue - Johannesburg Health and Safety Guidelines Talks Schedule Accepted Talks Speakers Recording Release Guidelines and advice How to submit a talk or workshop Past Events South Africa Applying for a Visa Get a Visa Letter Arriving by bus to JHB Park Station Flying to South Africa Travel Guide Sponsors » Valkey » Thinkst Canary » Amazon Web Services (AWS) » Apify » Canonical » NICIS » Google » Cyber Mint » Caktus Group » Prelude.Tech » Afrolabs » CoderLevelUp » Lincoln Loop » Django Software Foundation » DEFNA » Black Python Devs » Naughty Bean Coffee » Zyelabs » Asuer » Wrend Holdings Our sponsors Sponsorship packages

Ethically Hacking LLMs, AI agents - what threat actors can do to your training data that powers your agents to execute code remotely.

Speaker Thembaletu Mbangcolo
Track Web development
Type Short Talk (25 minutes)

Abstract

My talk will attempt to spell out what Machine Learning LLMs are, AI agents - what lies at the nucleus of these first. I will then show how they work, what threat actors can do to exploit them and cause data integrity issues, even compromise them away from what they were meant to achieve.


I will demonstrate through code, using Python - its library Pickle and a select method, how threat actors can abuse serialization and deserialization to do harm. How it is possible to conduct SQLi within the RAG eco-system by malicious actors.


If time permit, a brief look at Model Context Protocol and possible abuse of this.


A few pointers on mitigation will also be shared with the audience.