OWASP Netherlands

Main    Supporters    Upcoming Events    Past Events    Resources

April 16 2026

Location: Beyond Republica campus
Address: Papaverhof 59, 1032 LX Amsterdam
Link: https://maps.app.goo.gl/hJLCKeqVEMaEoLV16
For parking: there are the following spots:
- along the Papaverweg which are at 1.72 euros per hour, at NDSM: https://www.amsterdam.nl/parkeren/parkeertarieven/
- 3 mins walk: in front of Karwei, GAMMA, JYSK (free but space is limited)
- also there are plenty of Parkbee locations nearby within 5 mins walking radius.
- Or near Mosveld Shopping Mall (15 mins walk)

Mosveld Shopping Mall
Free for the first 90 minutes
€0.50 per 30 min; max €10/day

Please register via: https://www.meetup.com/owasp-chapter-netherlands-meetup/events/313433530/

18:00 - 18:15 - Reception of attendees

18:15 - 19:00 - Simple meal

19:00 - 19:15 - Welcome and OWASP updates

19:15 - 20:00 - False Clear Ahead - When Agents Derail Your Defenses by Rens van Dongen

20.00 - 20:15 - Break with drinks

20:15 - 21:00 - Bot vs. Bash: How Modern Threat Actors are Actually Using AI by Daniel Kapellmann Zafra

False Clear Ahead - When Agents Derail Your Defenses

Abstract:

AI agents that pass an initial security review can still derail through prompt injection, tool poisoning, or destructive overalignment — the “false clear.” Drawing on recent research, real-world incidents, and AI governance at Dutch Railways, this talk explores how agentic AI reshapes the enterprise attack surface and what defense-in-depth strategies help you govern agents without blocking innovation.

Bio:

Rens van Dongen:

AI Governance and Cybersecurity strategist, specializing in responsible AI and secure software policy for the Dutch Railways. Experienced CISO in Retail Banking, Media Broadcasting and Enterprise Software industries. Balancing engineering background with a pragmatic, people-centric approach. Credentials include AIGP, CISSP, CISM, CCSP, CIPP/e, and Lead Implementer ISO/IEC 42001:2023 (AIMS).

Bot vs. Bash: How Modern Threat Actors are Actually Using AI

Abstract:

Generative AI has rapidly shifted to become a defining element of the modern threat landscape. This has resulted in great interest from a cybersecurity perspective and numerous discussions about its potential impacts. However, moving beyond speculation, this session presents real-world observations from the front lines of threat intelligence to demonstrate exactly how adversaries are utilizing these tools today.

We will explore how state-sponsored APTs and financially motivated actors integrate Large Language Models (LLMs) to sharpen the quality of social engineering, reconnaissance, and code generation. Rather than focusing on “super-malware” theories, we dive into specific “in the wild” use cases to provide defenders with the practical context needed to identify and counter AI-augmented threats within their own environments.

Bio:

Daniel Kapellmann Zafra:

Daniel Kapellmann Zafra is Technology Strategy Lead in Google Threat Intelligence, where he designs the future of large-scale investigative frameworks. With a specialized background in Information Operations (IO) and Cyber-Physical threats, Daniel has spent his career working with different threat intelligence teams to scale the breadth and depth of intelligence investigations. He currently spearheads initiatives at the intersection of AI and threat intelligence, focusing on how emerging AI ecosystems redefine both the threat landscape and the efficiency of modern cybersecurity. A former Fulbright Scholar and University of Washington Informatics alumnus, Daniel was previously recognized by the Kaspersky Academy Talent Lab for innovation in security architecture.

May 21 2026

This is an online meeting and will be streamed on YouTube. The meeting will start at 19:00.

19:00 - 19:10 - Welcome and OWASP updates

19:10 - 19:55 - TBD

19:55 - 20:05 - Questions and Break

20:05 - 20:50 - TBD