Bandana Kaur
Security Researcher
APIsec
Bandana Kaur (HackWitHer) is a 17-year-old offensive security researcher in GenAI API and LLM security. A UN IGF coalition board member and global speaker, she has reported government vulnerabilities, trained CISOs on OSINT, and hacks for good.
Speaker sessions
Hack One, Hack Them All? Weaponizing LLM Jailbreak Transferability
In cybersecurity, there is a familiar pattern: a zero-day in one product is quickly weaponized into exploit kits that spread across many others. Large Language Models (LLMs) are no longer niche tools, they are becoming the foundation of everything from productivity apps to healthcare triage tools. This rapid adoption creates a systemic risk: jailbreak prompts often transfer across models, vendors, and architectures with little to no modification. An attacker who breaks one model may break many, at scale.This talk investigates jailbreak transferability as a vulnerability class with ecosystem-wide implications. Drawing on curated jailbreak datasets and cross-model experiments with open-source LLMs, we reveal preliminary empirical evidence of cross-model effectiveness and explain why some jailbreaks evaporate after updates while others persist like wormable exploits. The session introduces an early Jailbreak Transferability Matrix; a structured way of classifying jailbreaks by persistence, generalisation, and resilience to safety interventions, and frames how adversaries could weaponise these transferable attacks to scale harmful content generation or bypass safety controls simultaneously across platforms. Through offensive scenarios, we show how transferable jailbreaks on LLMs are vectors for mass exploitation, automating harmful content generation or bypassing safety filters across multiple platforms simultaneously. On the defense side, we outline how researchers, vendors, and policymakers can quantify transferability risk, prioritize testing, and contain cascading jailbreak failures before they spread. By understanding and quantifying jailbreak transferability, attendees can move from reactive patching to proactive ecosystem-level defenses, safeguarding the next generation of AI systems before attacks scale.
- 15:00
- Tue
- 02 Dec
Stage:
Briefings 1
Sessions Type:
Presentation
The Last Human Hacker: What Comes After AI
As LLMs, autonomous agents, and synthetic identities join the red team, we’re entering the post-human phase of cybersecurity. This talk explores where human intuition still outsmarts AI, and how hacking itself is evolving from breaking systems to understanding intelligence, both human and artificial. As AI learns to exploit, patch, and predict, what will define the human hacker of tomorrow?
- 14:30
- Wed
- 03 Dec
Stage:
Black Hat Campus
Sessions Type:
Presentation
AI Gone Rogue: Deepfakes, GenAI Scams & Agentic Attacks
With deepfakes, GenAI-driven scams, and autonomous agentic attacks on the rise, AI is becoming one of the fastest-moving threat vectors. This session breaks down how these attacks work, why they’re so hard to detect, and what defenders can do to stay ahead of AI gone rogue.
- 17:20
- Thu
- 04 Dec
Stage:
Woman in Focus
Sessions Type:
Panel