Training

Offensive Agentic Android Security: Autonomous Exploit Generation and Variant Analysis in the AI Era

trainer trainer

Anirudh Anand & Abhishek JM

CRED


Abstract

In February 2026, security researchers uncovered Android malware that screenshots the infected device, feeds the image to Google's Gemini, and uses the AI's interpretation to simulate precise UI interactions — allowing it to persist without user awareness. This isn't a research prototype. It's commodity malware, in the wild, using AI as a core operational component.

The adversaries have moved. The question is whether you have too.

For most mobile security professionals, the daily reality hasn't changed much in years: manually reversing APKs, staring at decompiled Java and stripped native code for hours, writing and rewriting Frida scripts through tedious deploy-test-fail cycles, context-switching across a sprawl of disconnected tools, and hand-crafting proof-of-concept apps just to confirm whether a finding is actually exploitable. It works — slowly, painfully, and at a scale of one.

Meanwhile, Android's attack surface keeps expanding. Google publishes monthly security bulletins patching dozens of vulnerabilities. Third-party SDKs ship opaque code into millions of apps. System-level components carry privileges that a single logic bug can unlock. The volume of work that matters has outpaced what manual effort can reach.

This course exists to close that gap — not by adding AI as a novelty, but by rebuilding the offensive workflow around it from the ground up.

Topic Tags

Android security, Agentic AI, Offensive Security

Difficulty Level

Expert level

Trainer Info

trainer

Anirudh Anand has been finding and exploiting vulnerabilities across web and mobile platforms for over 12 years, and now he's building AI systems that do it autonomously, at a scale no manual workflow can match. Currently serving as Head of Product Security and Offensive AI Security Research, his experience spans the full spectrum of application security, from vulnerability discovery and exploit development to building the security architecture that defends against them.

His current research focus is on agentic security: designing autonomous AI systems that perform offensive security tasks end-to-end. This includes building LLM-driven workflows for autonomous exploit generation across Android and web platforms, developing multi-agentic architectures for vulnerability discovery and variant analysis, and researching the attack surface of AI systems themselves, including prompt injection, tool-use exploitation, and the security boundaries of agentic frameworks. His work bridges the gap between AI research and practical offensive tradecraft, grounding advanced techniques in real-world exploitation rather than theoretical demonstration.

Anirudh has been a consistent contributor to the security community through bug bounties, open-source tooling, and CTF competition. His vulnerability disclosures span GitLab, Adobe, Google, Microsoft, LinkedIn, and Zendesk. He competes with Team bi0s, India's top-ranked security team on CTFtime, and has contributed to security tools used by the wider research community.

He is a seasoned trainer with over seven years of experience delivering hands-on security training at premier global conferences, including DEF CON Las Vegas 2025, Black Hat US, CodeBlue Tokyo 2025, OWASP Global AppSec (San Francisco, Washington DC, Singapore), Nullcon Berlin, Troopers Germany, and HackFest Canada. His training style is rooted in building. Students leave with working systems, not slide-deck knowledge. His courses have consistently evolved alongside the threat landscape, progressing from web and mobile security fundamentals to the autonomous AI-driven offensive pipelines he teaches today.

trainer

Abhishek JM is the head of mobile security engineering and a pioneering offensive security researcher specializing in the intersection of artificial intelligence and mobile application security. With over eight years of hands-on experience in product security, his current work focuses on architecting advanced AI agentic workflows for security

Throughout his career, Abhishek has been a dedicated contributor to the open-source security community. He is the creator of Adhrit that was featured by PortSwigger’s The Daily Swig, as well as EVABS (intentionally vulnerable Android Application for security education).

Abhishek frequently shares his cutting-edge research and delivers highly specialized technical training at elite industry conferences worldwide. His track record includes presentations at multiple Black Hat briefings (US, Europe, and Asia) and hands-on training sessions at premier global forums such as CodeBlue Japan, Nullcon, OWASP AppSec (New Zealand), and 44Con.

Organizer

Organizer Logo

Partner Company

Partner Company Logo

Sponsors

POC Conference is made possible thanks to the support of our sponsors. Their continued partnership has played a vital role in sustaining and growing POC over the years. We sincerely thank them for their contribution.


TBA

Sponsorship Kit is not ready yet. Please check back later.

card-img

Become a Sponsor

Join leading offensive security companies from around the world in supporting POC Conference. Connect with a highly engaged technical audience and shape the future of security research. We’re excited to learn more about you and would be happy to share our sponsorship kit. Contact us to explore sponsorship opportunities.

Supporting Friends

  • 0x41con
  • codeblue
  • kunlun
  • dailysecu
  • ekoparty
  • h2hc
  • hardweario
  • hexacon
  • hitcon
  • nopcon
  • nullcon
  • offensivecon
  • phdays
  • sincon
  • theori
  • xcon
  • zeronights