VulnCon 2026 Workshop

The Machine Learns to Lie: AI Prompt Injection Forensics

Participants in this CyBe Global Labs session will transition from traditional security mentalities to high-resolution, forensic-level defense.

As AI-powered attacks become increasingly sophisticated, defenders must move beyond signature-based detection and content analysis toward infrastructure-centric investigations that reveal how attacks actually unfold.

Through case studies, technical labs, forensic exercises, and practical defensive strategies, attendees will learn how to investigate prompt injections, identify AI-generated phishing campaigns, detect deepfake impersonation attempts, and build resilient controls that disrupt modern AI attack chains.

At a Glance: The CyBe Global Labs Experience

Optimize SOC Performance: Shift from reactive alert-handling to proactive semantic monitoring.
Synergize Process & Tech: Implement out-of-band verification techniques to defeat highly convincing deepfake-enabled attacks.
Execute with Precision: Master the "Thinking Transparency" mindset required to identify and investigate novel AI-specific threats.

What Participants Will Learn

AI Attack Taxonomy

Distinguish between direct and indirect prompt injection, deepfakes, and AI-personalized phishing attacks.

Forensic Investigation

Master the technical steps required to attribute attacks, decode exfiltrated payloads, and measure breach impact using token analysis.

Infrastructure Indicators

Understand why signals such as DMARC alignment, STIR/SHAKEN attestation, and SMTP log anomalies are often more reliable than content analysis when investigating AI-enabled attacks.

Who Should Attend

Security Analysts

SOC Professionals

Incident Responders

IT Managers

Risk Officers

Threat Hunters

AI Governance Teams

Learning Objectives

Analyze SMTP Logs

Analyze LLM Audit Logs

Track the Phishing Funnel

Attribute Prompt Injections

Identify Compromised Sessions

Evaluate Telephony Metadata

Detect Deepfake Impersonation

Implement DMARC Controls

Design Dual Authorization Controls

Workshop Outline

01

Session 1: Cybersecurity Foundations – The AI Reality Check (45m)

Focus: M6 Foundation Check: AI Security

Deep Dive: Understanding LLMs as predictive token engines and how this facilitates machine-scale deception.

Case Study: The Arup Engineering breach — analyzing why human training failed against a $25M deepfake video call.

02

Session 2: The AI Era – Detecting Personalized Lures (50m)

Focus: Detecting AI-Generated Phishing at Scale.

Technical Lab: Tracking RESULT:DELIVERED versus CREDENTIAL_SUBMIT events in SMTP logs.

Key Indicator: Why lookalike domains such as n0vapay-hr.com remain among the most durable indicators of compromise.

03

Break & Networking (15m)

Dedicated networking session for participants to discuss AI-driven threats, investigative methodologies, and operational challenges.

04

Session 3: Micro-Project – Forensic Investigation: Prompt Injection (30m)

Project: Prompt Injection in Enterprise AI Tools.

Hands-On Forensics:

Attribution: Isolate injection_succeeded events to identify the compromised account.
Impact: Sum token counts across successful events to scope the scale of data exfiltration.
Payload Recovery: Use base64 -d to decode intercepted payloads and reveal leaked API keys.

05

Wrap-Up & Discussion (10m)

Strategy: Moving from Content Defense to Infrastructure & Process Defense.

Implementation: Establishing out-of-band callback protocols for high-value transactions and critical decision workflows.

About CyBe Global Labs

CyBe Global offers a suite of high-resolution, forensic-level training modules designed to prepare security professionals for the AI-driven threat landscape.

These courses emphasize Thinking Transparency — the ability to reconstruct attack chains and justify technical trade-offs during an investigation.

Adversarial ML: Deep dives into the OWASP LLM Top 10.
SOC in the AI Era: Detecting AI-personalized lures via infrastructure signals.
Behavioral Anomaly Detection: Identifying attackers who condition baselines to evade alerts.

Workshop Speakers

Experts & Mentors

Satyavathi Divadari

Cybersecurity Leader & Strategic Mentor

Satyavathi Divadari is the Founder and CEO of CyBe Global and Chairperson of CSA Bangalore, leveraging 28 years of leadership at organizations including Wells Fargo and IBM to build the next generation of cyber defenders.

She is globally recognized for bridging executive strategy and technical execution, specializing in defense frameworks for complex enterprise environments and modern AI-driven threat landscapes.

Through CyBe Global, she is on a mission to train one million cyber defenders through practical, forensic-focused, practitioner-led learning experiences.