Foojay Podcast #99: Testing the Untestable: LLM Security for Java Developers with Tiberius
- June 22, 2026
- < 1 min read
Your AI-powered Java application is live in production. But have you actually tested whether it can be jailbroken or manipulated into leaking data it should never reveal? In this episode, Iryna Dohndorf walks us through Tiberius, an open-source security testing library for LLM applications in Java, and explains why everything you know about unit testing needs a rethink when non-determinism is part of the design.
YouTube
Podcast Apps
You can listen and subscribe to the Foojay Podcast on:
- Spotify
- Apple Podcasts
- And most others...
Guests
- Iryna Dohndorf - Software Engineer at Karakun Group, active member of the Basel One and Devoxx UK program committees, and creator of Tiberius
Links
- Tiberius article on Foojay
- Tiberius on GitHub
- Maven Central: io.github.tiberius-security:tiberius:1.0.0
- Security Testing Guide
Content
- 00:00 Introduction of topic and guest
- 01:05 The problem Tiberius wants to solve
- 06:39 How "traditional" unit tests don't work for LLM integrations
- 10:23 Scan-Fixture-Validate principle and sharing artifacts
- 15:15 Using different skills, for example, the grandmother skill
- 17:33 Testing for required versus forbidden bias
- 19:35 The probes across nine attack categories used by Tiberius
- 20:44 Buff mutation testing
- 26:55 Using Tiberius in your pipelines and when to fail
- 29:35 Using multi-trial scans
- 31:14 Fingerprinting: which model you use, should not be detectable
- 32:55 Combining multiple models, model as a judge
- 34:41 Sharing JSON models to improve tests
- 36:05 How to get started with Tiberius in Spring and with LangChain4j
- 36:41 Quarkus not supported yet, plans for the future
- 39:07 Conclusions and a call out to everyone to become a Foojay author
- June 22, 2026
- < 1 min read
Frank Delporte is a Java Champion, Java Developer, Senior Technical Writer at Azul, Blogger, Author of "Java Programming for Raspberry Pi - A Hands-On Guide to Electronics and IoT Projects", and Open-Source Contributor for Pi4j, Lottie4j, MelodyMatrix,... Frank writes and talks about Java in business production environments, but also in places people don’t always expect it, on the Raspberry Pi, driving GPIO pins, rendering JavaFX UIs, and running on RISC-V single-board computers.
Iryna Dohndorf is a software engineer at Karakun Group, where she works on customer projects using the Java technology stack. With strong technical expertise, genuine curiosity, and a deep passion for computer science, she develops technologies that tackle the challenges of modern companies and today’s society. As an active member of the BaselOne Program Committee, the Devoxx UK Program Committee, and a frequent international speaker, she is dedicated to inspiring developers and supporting the growth of the global Java community. An enthusiastic interdisciplinary researcher and developer, Iryna has conducted research in modeling and optimization at TU Dortmund and has worked on software for autonomous driving, government agencies, and EU projects supporting the advancement of organic farming. Outside of work, she enjoys spending time with family and friends, and is passionate about swimming, skiing, and — most recently — cycling.
Comments (0)
No comments yet. Be the first.