#12 Horoscope Kaleidoscope
Date:
Mar 12th, 2026
Videos:
Publication pending.
Location:
Devoteam | Cyber Trust - Lisboa
This meetup was sponsored by Devoteam | Cyber Trust and AP2SI.
Agenda:
- 18:25: Quick intro by the OWASP Lisboa chapter leadership team
- 18:35: Hacking the Portuguese government for fun and no profit by Mário Lima
- 19:25: Hack Your Agents Before They Hack You: Automated Prompt Injection to Find AI Weaknesses by Rafael Bosse Brinhosa
- 20:00: Drinks & Dinner by Devoteam Cyber Trust
Hacking the Portuguese government for fun and no profit
Responsible disclosure is now more important than ever. In this presentation, I’ll take you on a five-year journey through my experiences with responsible disclosure in Portugal’s public sector. I’ll share how I gained access to sensitive government portals like portugal.gov.pt, uncovered massive credential leaks, and successfully navigated the process of responsibly disclosing these vulnerabilities.
I’ll also guide you on the tricky path of coordinated responsible disclosure in an attempt to demystify the process!
Mário Lima
I’m a Red Team engineer at Five9 with eight years of offensive security experience. While my primary focus is infrastructure hacking and occasional malware development, I also enjoy conducting security research and responsibly disclosing unusual findings - particularly those affecting government entities.
Hack Your Agents Before They Hack You: Automated Prompt Injection to Find AI Weaknesses
Modern AI agents are powerful—but also dangerously opaque. In this talk, I show how I systematically pentested multiple agent architectures and built an automated pipeline to uncover real-world security weaknesses before attackers do.
Using a curated and evolving list of offensive prompt payloads, I demonstrate techniques for triggering prompt leaking, MCP tool leaking, user data leaking, and other cross-agent weaknesses that appear when models interact with memory, tools, and external APIs.
I also present payloads designed to test whether AI agents could be coerced into SSRF-like behaviors through web search or “fetch web” capabilities—focusing on detection and prevention.
By the end, you’ll see how automated prompt injection can be used as a responsible and repeatable methodology to pentest AI agents—and why every organization needs to test their own agents before someone else does.
Rafael Bosse Brinhosa
Rafael Brinhosa is a seasoned Information Security Architect with over 20 years of experience in security architecture, application security, and pentesting. He specializes in designing bespoke security programs, assessments, and frameworks aligned with risk management and governance practices, aiming to strengthen organizational resilience. His expertise includes both manual and automated security testing, pentesting, DevSecOps, SCA, SAST, and DAST.
Over his career, Rafael has collaborated with leading organizations across sectors: Dell (technology), US Bank (financial services), EDS/HP (IT), Avaya (telecom), and Volkswagen Digital Solutions. He currently serves as Principal Security Architect at Reltio in Lisbon, where he applies his deep technical knowledge to fortify cybersecurity in the data management industry.
Rafael has delivered talks and workshops at leading international and national events.
On GitHub, Rafael leads several open-source projects like Awesome AI Security, APIDetector, a Nuclei templates library, and a curated pentesting toolset for Google Colab. In his spare time, he’s also a bug bounty hunter, having responsibly disclosed multiple vulnerabilities.
Pictures from the meetup
