The TAICO team is proud to announce our next meetup on Wednesday, January 29th at the Adaptavist office in Toronto. Much thanks to Adaptavist for hosting!
Registration and Event Details
Please note that we are using Meetup.com for event registration and you must register through that link to attend. Seating is limited so please register early. Thank you and see you there!
Event registration link - meetup.com
Our goal is to bring artificial intelligence and cybersecurity together. To do that, we need to explore what’s happening in AI and what’s happening in cybersecurity, and where the two intersect and collide. We’re also working to understand how we solve problems in these areas, what that looks like, and how Canada can and will participate.
With that in mind, we’re pleased to announce our speaker and the agenda for our next meeting!
Agenda
- 👋 Welcome and introductions
- 🚀 Demo of GenAI and security in action
- 🎙️ Speakers
🎤 Speaker #1: Piyush Bhor
Talk Title: Exploiting ML libraries for Fun and Profit
Abstract:
In this talk, I will discuss zero-day deserialization vulnerabilities found by other researchers and me in Hugging Face Transformers, Diffusers, PyTorch and Mlflow, which are still unpatched and allow arbitrary code execution.
I will also show you how to craft malicious .pkl and yaml files to exploit these vulnerabilities and get a reverse shell on your target.
Lastly, I will offer advice on how to protect yourself against these attacks.
About Piyush:
I am a security researcher/bug bounty hunter specializing in source code reviews of AI/ML libraries. So far, I have discovered five high-severity vulnerabilities in Hugging Face Transformers, out of which three have been assigned CVEs - CVE-2024-11392, CVE-2024-11393, and CVE-2024-11394 and two are in the process. I have also found vulnerabilities in Pytorch, CatBoost, Behave and Mlflow.
🎤 Speaker #2: Lee Rosen
Talk Title: StorybookLM - https://storybooklm.pro
Abstract:
StorybookLM leverages LLMs and fine-tuned image models to help parents and teachers create beautiful, personalized storybooks in minutes. Just start with a sentence, and the platform crafts a fully illustrated, engaging story in styles like watercolor and more. These books are designed to inspire creativity, spark learning, and make education fun and meaningful. Homeschooling parents can create stories with their kids as the heroes, exploring topics of the day together. Teachers can quickly whip up a custom story to match a lesson or theme. StorybookLM is about making storytelling easy, creative, and a tool for learning and connection.
In this talk we will cover technical details of implementing a serverless AI product in 2025, all kinds of distributed gotchas, and security/privacy implications.
- ⚡ Lightning Talks and Demos
Lightning Talks - 5 to 10 minutes long
- Anouar Mansour - Simplifying penetration testing intake and scope validation
- Curtis Collicutt - Baish project update - installation and new Cohere support
- You? - Please reach out if you’d like to do a lightning talk or demo
Please reach out to us if you’d like to present at the meetup. We are looking for people to talk about what they are working on, what they are building and learning, and are open to any level of experience and technical depth. Whether you are a beginner or an expert, we want to hear from you! We’re all just out here building and learning.
- 👋 See You There!
Thanks, and we look forward to seeing you at the meetup!
