I've returned from the Adobe ColdFusion Summit in Las Vegas, where I gave a talk titled AI Security for ColdFusion Developers. You can download the slides here.
My company Foundeo Inc. was also a sponsor of the event. Thanks to everyone who stopped by to chat.
As ColdFusion developers begin wiring LLMs into their applications - whether through the Adobe ColdFusion AI features, direct API calls to OpenAI or Anthropic, or something in between - a new class of security concerns comes along for the ride. This talk walked through the vulnerabilities that show up when your application starts trusting a language model with parts of a request or response.
Topics Covered
- Prompt Injection - what it is, why it is hard to fully prevent, and how to reduce the blast radius when it happens.
- Real World Examples - several examples of real world attacks, and mishaps.
- Excessive Agency - the risks of giving an LLM tools that can send email, run queries, or take action without a human in the loop.
- ColdFusion 2025 Guardrails - example of creating guardrails with ColdFusion 2025's new functionality.
-
Defensive Approaches
- Deterministic Defense Approaches: Validating inputs against a finite set of acceptable values as a highly confident defense mechanism
- The Lethal Trifecta / Pick Two: Untrusted inputs, sensitive data, external actions - you should only combine at most two at once.
- Non Deterministic Defense Approaches: Using Guardrail models, and understanding their limitations as a defense mechanism.
Links and Sources
Here are some of the notable sources referenced in the presentation:
- Code Examples Used
- Arcanum Prompt Injection Taxonomy
- EchoLeak zero-click prompt injection post
- Google Threat Intelligence on AI Threats in the Wild
- Simon Willison on The Lethal Trifecta
- Adobe ColdFusion AI Guide on Guardrails
- Apiiro blog on vulnerabilities from AI coding assistants
- Fixinator Agent Skill
- Example of AI agent deleting a production database
- Summer Yue's post on an AI agent deleting an inbox
- Chipotlai Max unbounded consumption post
- Claude Code Permissions Overview
- OWASP Prompt Injection Prevention Cheat Sheet
- OWASP LLM Top 10
- CIS white paper on Generative AI prompt injection threats
- Meta AI blog on practical AI agent security
If you missed the talk or want to go deeper on any of these topics, I cover AI related vulnerabilities as part of my online ColdFusion developer security training class.
Thanks again to Adobe for putting on another great Summit, and to everyone who came up to say hello. Looking forward to next year!