Stop discovering CVEs at review time, in the pipelines or, even worse, in production! In this lightning talk, you'll see a free, developer-first tool that surfaces vulnerable dependencies as you code-and auto-fixes them right inside your IDE. We'll cover one-click scans on existing projects, inline remediation, and how the embedded Model Context Protocol (MCP) server lets Gemini or Claude explain CVEs, propose safe upgrades, and even draft fix PRs without leaving your editor. Expect a snappy demo, copy-paste setup, and practical tips to roll it out team-wide the same day.

You build applications using Generative AI and LLM frameworks for your JavaScript apps. Hurray! I sure hope you didn’t forget this tiny little thing called application security :-)​Join me in this session, where we uncover imminent security vulnerabilities from basics to hands-on live hacking and demonstrate real-world insecure JavaScript code mistakes as we hack in the IDE and unleash exploit payloads that compromise AI-generated code. You’ll learn and experience prompt injection, LLM agents with excessive access, code vulnerabilities introduced via IDE auto-suggest tools, and how LLM sources turn into an imminent security risk.

From the sinister injection flaws reminiscent of "Alien" to the terrifying specter of broken authentication akin to what "The Invisible Man" is capable of, we'll explore the most common security vulnerabilities in web development. But don't worry—we'll also shed light on solutions. If you dare, join us and learn how to conquer the darkness invited by your web applications.