Autonomous agents are moving from experiment to infrastructure. They're sharing tools, communicating with each other, and increasingly operating with real money. But the security conversation hasn't caught up. What happens when an agent gets compromised through shared tooling? How do you lock down something designed to act independently? And when agents need wallets to function, what does crypto security teach us about protecting them?

I am not a vuln researcher and that's kind of the point, LLMs have come a long way in the cyberz. I tried to find a real RCE with Codex, I failed so badly that I accidentally learned how to find bugs in common projects with LLMs. This talk is about using AI to turn bad vibes into real bugs. Drawing on multiple CVEs across React, Node, Ollama, Wordpress, etc and other projects, I'll show how anyone with a little debugging and security knowledge can go from vibes to vulnerabilities

As Web3 moves from niche experiments to institutional-grade infrastructure, our security models are hitting a tipping point. This panel explores how the industry is maturing to meet the demands of mainstream adoption without abandoning decentralization. We’ll look at what’s fundamentally shifting—from the evolution of smart contract security and wallets to the critical rise of operational security (OpSec)—and what remains immutable.