Brian Vermeer

Most developers install skills without reading what's inside them. But that's exactly what attackers are counting on. @sjmaple sits down with Brian Vermeer (@BrianVerm) from Snyk (@snyksec) at DevNexus to get into the security risk hiding inside the skills and MCPs running on your local machine. They scanned over 4,000 skills and found that 1 in 7 had at least one critical security vulnerability. Here’s what you need to know: • Why prompting your agent to write secure code doesn't make it secure • How a trusted skill can update silently and start offloading your credentials • What prompt injection actually looks like inside a skill file • Why vibe coding makes the attack surface bigger, not smaller • How the Snyk agent scan catches what you'd never spot manually Every skill on the Tessl registry now has a Snyk security scan attached. Check before you install. (0:00) Trailer (1:17) AI DevCon (2:11) Introduction (3:32) Snyk's evolution from SCA to AI security (5:06) Can agents generate secure code? (6:01) Skills and secure coding guidance (7:24) Snyk agent scan and Tessl integration (7:56) MCP as the next supply chain problem (9:04) ToxicSkills threat taxonomy (10:27) How malicious skills exploit privileges (12:39) MCP server attack surface (13:51) The speed of AI adoption vs security (15:51) Scan results and critical vulnerabilities (17:06) False positives in natural language (18:26) How attackers create malicious skills (20:41) Trust and open source skill risks (21:29) Using Snyk agent scan directly (24:58) Snyk scans in the Tessl registry (26:41) Advice for skill creators (28:16) Protecting yourself as a skill user (29:44) Snyk Evo Agent Guard for Cursor (33:21) Runtime guardrails and policies (34:10) Wrap-up and where to learn more

Stop calling functions with a return type of "any" and hoping for the best 🚫 The solve: structured outputs. Enforce schemas at the token selection level, not after generation. Read the full deep dive here: snyk.io/articles/build…

Heading to Atlanta for @devnexus 2026! I’ll be presenting "The Hidden Security Hazards in Your Java Stack." We're uncovering the vulnerabilities that standard tools often overlook. devnexus.org/speakers/brian… #Devnexus #Java #AppSec @snyksec

@snyksec Check out the Snyk MCP cheat sheet for easy tips and tricks. snyk.io/articles/snyk-…

Check it out! Snyk Studio MCP server is now available in Glama. 🔗 👉 @snyk/snyk-studio-mcp" target="_blank" rel="nofollow noopener">glama.ai/mcp/servers/@s…

@snyksec Check out the Snyk MCP cheat sheet for easy tips and tricks. snyk.io/articles/snyk-…

Not everything needs to be a chatbot. Parsing free-form LLM output after the fact is building on quicksand. Use REAL structured output. Schema-enforced generation. No “please respond in JSON” hacks. Check your framework outputs! snyk.io/articles/build…

@nulfacedesigner The captains of all Java abstract classes, aka @BrianVerm, has a deep dive video on prompt injection from Devoxx 👇 youtube.com/watch?v=72e_0W…

@saltnburnem Links are great, Chris. However, I see many submissions without any reference to a video whatsoever; it's crazy. With hundreds of submissions to review, I am not very motivated to search for videos from a speaker to see if their delivery might be okay.

@BrianVerm I usually send links to previous talks so they can see me. Maybe that’s why i haven’t been invited to speak in Amsterdam yet lol.

Pro tip for everyone submitting to tech conferences. Include a video of a previous talk or create one. Delivery is just as important as the topic. Don't assume the program committee is familiar with you. You need to convince the PC that your submission is good enough

Enjoying a great evening with splendid talks by @BrianVerm, @bjschrijver delicious food, and amazing company. Thank you @jetbrains for the giveaways. Big thanks to Axxes IT Consultancy Netherlands for hosting us. Till the next one! #utrecht #jug #java #community

@Jfokus Hi 👋 this is deep dive, not a HOL. Minor difference but still.

🛡️ Hands-on Lab: Understanding Prompt Injection with @BrianVerm (Snyk). Learn how attackers twist AI input - and how to outsmart the tricksters to keep your LLMs under control ⚔️ 👉 jfokus.se #Jfokus #DeveloperConference #AI #Security #PromptInjection #LLM #CyberSecurity #Java

@liran_tal And I thought ADE stood for Amsterdam Dance Event. Silly me :)

Cursor 2.0 leaves behind the classical IDE and takes a step into the future of ADE: Agentic Development Environment Both types of applications for software engineering will be applicable but an ADE is a futuristic eye opener into autonomous software self-development

🛡️ Understanding Prompt Injection with @BrianVerm Learn how attackers manipulate LLMs - and how to guard your AI from the tricksters of prompt injection ⚔️ 👉 jfokus.se #Jfokus #DeveloperConference #AI #Security #PromptInjection #LLM #CyberSecurity #Java

If you are seeking an exceptional Product Manager in tech, this is your opportunity. Estelle effectively bridges product vision and engineering, making her a valuable asset to any product team.

@Stephan007 Out of curiosity, what is the formula for the combined score? Thanks.

I couldn’t resist, I turned the top-rated #Devoxx Belgium talks into an interactive WordPress page 😎 👉 devoxx.be/top-talks-devo…

My latest talk at @Devoxx , Understanding Prompt Injection: Techniques, Challenges, and Advanced Escalation, explores how attackers use natural language to outsmart both humans and machines. youtu.be/72e_0WxaQl0

Back from @Devoxx. My talk “Understanding Prompt Injection” briefly had the top spot at, very briefly. Nevertheless very happy with turnout in the room and the final score. If you joined, thank you so much.

#VerboseMode at #Dev2Next 2025 with Brian Vermeer on securing your existing and legacy applications x.com/i/broadcasts/1…

@saltnburnem Sure!

@BrianVerm Want to be on the TuxCare stream?

Thank you to the @BeJUG for having @BrianVerm and I as speakers tonight!