2026-03-23 –, TALKS
This talk is a follow-up to our September research on denial-of-service and permission escape in Claude Code. We now examine how LLM-powered coding agents can be weaponized end-to-end, including paths to remote code execution. Using Claude Code as a primary case study, and extending to VS Code extension exploits and recent Cursor incidents, we show how agent autonomy, extension APIs, and execution boundaries collapse into a practical RCE surface.
Mahesh Babu is a former VP of Information Security turned company builder and now leads growth at Kodem, venture‑backed application security startup. At HSBC he built and scaled global application security and identity & access management platforms that safeguard billions of transactions. His career began at Purdue University’s Information Assurance & Security Research Center, where he researched secure software engineering and biometrics. Mahesh blends academic rigor with enterprise and startup execution to help organizations stay ahead of modern threats.