Loading…
← Back to schedule
Can LLMs Really Find IDORs? Limits of AI Security Reasoning
Monday June 1, 2026 4:30pm - 5:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
Can AI actually find IDORs in real code? We tested top coding agents against real-world apps—and the results were mixed. The models discovered genuine vulnerabilities, but also generated large numbers of false positives and inconsistent findings. By dissecting results across multiple authorization complexity levels, we show where LLMs shine, where they fail, and why IDORs remain a uniquely hard class of bugs for AI to reason about. Expect real examples, surprising failure modes, and practical lessons for anyone considering AI as a security testing assistant.
Speakers
avatar for Vasilii Ermilov

Vasilii Ermilov

Senior Security Researcher, Semgrep
Vasilii Ermilov (@ermil0v) is a Senior Security Researcher at Semgrep, a startup working on open source static analysis tools that fit the modern developer workflow. Having more than a decade of experience in web application development for enterprises, governments and startups he... Read More →
Monday June 1, 2026 4:30pm - 5:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk
Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Meeting Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link