Back to Talks 2026
Talk

Total Recon: How We Discovered 1000s of open Agents in The Wild

Recon Village @ DEF CON 34August 7-9, 2026

5:30 PM – 6:00 PMSaturday, August 8DEF CON Creator Stage 3

Abstract

AI agents quietly created a new external attack surface: copilots, custom agents, AI cakends and various deployments that ship to the internet, often without anyone realizing they are reachable, enumerable, or over-permissive.

In this talk, we’ll show how attackers can already find your agents in the wild, shedding light on the technical details that enable this kind of malicious activity, including how we used these details to find 1000s of exposed agents of different kinds. We’ll follow up with explaining how to measure exposure, see the proof for obscurity failing, and understand how to detect threat-actor agent-focused recon before it turns into an impactful attack. Capping it all off by showcasing PowerPwn, a recon tool you can use to test your own exposure

Speakers

Avishai Efrat
Avishai Efrat

Senior Security Researcher at Zenity

Avishai Efrat is a senior security researcher at Zenity, specializing in securing AI agents and low-code/no-code platforms. His work focuses on uncovering vulnerabilities in enterprise AI deployments, from Copilot Studio to ChatGPT and beyond - and exploring how attackers discover and exploit these weaknesses. Passionate about all aspects of security, with experience spanning web security, anti-bot protection, OSINT, blockchain, and data engineering and aim on bridging the gap between cutting-edge research and practical defense strategies. Previously presented at BSidesTLV, Black Hat USA & Europe Arsenal and SecTor.

View full speaker profile →
Roey Ben Chaim
Roey Ben Chaim

Staff Engineer at Zenity

Roey Ben Chaim is an engineer focused on AI and agent security, with a particular interest in how agentic systems fail in practice. His work centers on stress-testing agents, building benchmarks for long-horizon behavior, and developing practical defenses against risks such as prompt injection, unsafe tool use, privacy leakage, and adversarial workflows. Prior to this, he spent a decade at Microsoft building large-scale security systems. He is a co-author of SkillsBench, a benchmark on agent skills efficacy over diverse tasks, and contributes to safety and privacy tooling, including Presidio. Roey is also a speaker on agentic systems and AI security, a co-organizer of AI Tinkerers Tel Aviv, and an active participant in hackathons and builder communities, where he explores emerging systems through hands-on experimentation.

View full speaker profile →