BSides Vancouver 2026

Rapid AI adoption is creating a new class of data exposure: sensitive information leaving an organization through prompts and tool outputs to external LLM providers. Even scarier are the uprising of middle-ware AI companies, which lack proper data security, retention and security. A reality is that AI is used by most developers

Teams spend years building DLP, insider-threat programs, and phishing campaigns, then paste stack traces, API keys, customer data, and internal context into AI tools because it’s fast. In the age of AI the boundary of trust has shifted: the prompt is now an egress channel, and reality (what data actually left your environment) becomes hard to audit.

In this hands on workshop, attendees will build a practical “AI egress proxy” that sits between users/tools and an LLM endpoint. We’ll intercept requests, detect sensitive content (PII, credentials, tokens, secrets), apply policy (block vs. redact), and produce audit logs you can use for investigations and risk reporting. We’ll cover why pure regex fails, how to add lightweight heuristics and optional model-assisted classification safely, and how to handle common bypass patterns like encoding, fragmentation, and “helpful” copy/paste.

Attendees will leave with a working reference implementation, a set of detection patterns, a basic risk scoring approach, and a clear roadmap for deploying this pattern in real environments.