“Once again Saltmarch has knocked it out of the park with interesting speakers, engaging content and challenging ideas. No jetlag fog at all, which counts for how interesting the whole thing was.”
Cybersecurity Lead, PwC
“Very much looking forward to next year. I will be keeping my eye out for the date so I can make sure I lock it in my calendar.”
Software Engineering Specialist, Intuit
“Best conference I have ever been to with lots of insights and information on next generation technologies and those that are the need of the hour.”
Software Architect, GroupOn
“Happy to meet everyone who came from near and far. Glad to know you've discovered some great lessons here, and glad you joined us for all the discoveries great and small.”
Web Architect & Principal Engineer, Scott Davis
“Wonderful set of conferences, well organized, fantastic speakers, and an amazingly interactive set of audience. Thanks for having me at the events!”
Founder of Agile Developer Inc., Dr. Venkat Subramaniam
“What a buzz! The events have been instrumental in bringing the whole software community together. There has been something for everyone from developers to architects to business to vendors. Thanks everyone!”
Voltaire Yap, Global Events Manager, Oracle Corp.
AI agents can build and ship containers in minutes, but the foundations they rely on often carry significant security risk. A typical Ollama container includes 123 packages, even though only a small subset is required for inference. The remaining packages expand the attack surface. This session examines real exploit scenarios, including CVE-2024-37032, which demonstrates a multi-step path from a simple HTTP request to container takeover, and how removing unnecessary components can break the chain. It also looks at supply chain attacks such as Shai-Hulud, where compromised packages can spread rapidly.
Through concrete examples, SBOM analysis, and exploit walkthroughs, the talk highlights why foundation-first security is critical when AI is generating build artifacts such as Dockerfiles. The focus is on understanding where risks originate and how to reduce exposure at the base layer.
What You Will Learn
How container attack surfaces expand through unnecessary dependencies and base image choices
How real exploit chains and supply chain attacks impact AI-generated build artifacts
Why foundation-first security and SBOM analysis are essential for securing AI-driven development
Who Should Attend
Security engineers and DevSecOps practitioners
Platform and infrastructure engineers
Software developers working with containers
SREs and cloud engineers
Teams using AI to generate build and deployment artifacts
