Whether you’re a CISO Excel jockey or a researcher sniffing for the scent of bits, we see you as part of our wider AI security practitioner community.
[un]prompted is an intimate, raw, and fun gathering for the professionals actually doing the work, from offense to threat hunting to program building to national policy. No fluff. No filler. Just sharp talks, real demos, and conversations that matter.
Let’s take AI back from the marketers.
What You Can Expect
[un]prompted was created by volunteers behind events such as Prompt||GTFO, fwd:cloudsec, ACoD, and ISOI.
We care about seeing what actually works for you in AI. As long as we keep the fluff out, talks can cover any topic from the deeply technical to national policy.
All sessions are 20 minutes long (+10 for questions), with an option to submit lightning talks at 10 minutes. Demos are encouraged, slides allowed but to be limited to the bare minimum.
Check the conference, our CFP, and review board on our site, here:https://unpromptedcon.org/
[un]prompted Call for Papers
Build. Break. Operate. Govern. Train.
October 27-29, 2026 • San Francisco
Organizations are deploying AI into production. Security teams are building agents into their workflows. Attackers are already exploiting AI systems in ways that didn’t exist a year ago.
A community of AI + security, [un]prompted is the conference for practitioners who do.
If you’ve shipped, attacked, defended, strategized, or trained your own, or spent months cleaning up after it - we want to hear your story.
If your talk could have been written b efore the project started, it’s probably not the right fit.
Let’s take AI back from the marketers.
Tracks
🔨 Build
You built something that made AI, security, or preferably both, better.
This track is for practitioners building secure AI systems, AI-powered security capabilities, and practical tools that solve real problems.
Working prototypes are welcome. Perfect products are not required.
We’re interested in deployments, experiments, and lessons from the field - not polished success stories.
Examples include:
💥 Break
You broke something, discovered it was already broken, or investigated interesting cases. We’d like to see how you did it and what you found out.
We want real attacks against AI systems, offensive security powered by AI, investigations involving threat actors. and research that demonstrates practical impact.
Engagement stories beat hypothetical attacks every time.
Examples include:
⚙️ Operate
You deployed AI into production, integrated it into real workflows, and then had to keep it alive.
This track is for security practitioners responsible for running and securing AI systems after launch: reliability, security operations, monitoring, access control, evaluation drift, abuse handling, and the messy gap between the architecture diagram and reality.
Show us what you shipped, what failed, what you measured and what users did that surprised you. What changed after the first incident?
Examples Include:
🏛️ Govern
We’re thinking about two specific areas:
This is our highest bar track. Your submissions should be as strong as if you submitted to the technical tracks.
Examples include:
Frontier and cross-border governance: "You work hands-on in AI governance that spans industries and borders: export controls, compute thresholds, third-party evaluation, red-team requirements. Report from the front lines, not from a literature review."
Example areas include:
We want talks that help this community participate in shaping industry self-regulation, open source oversight, legislation, and global standards, grounded in work you actually did.
🏋️ Train
You trained, tuned, or evaluated an open-weight model, and you have the receipts. Proprietary models work is welcome, but you’d have to show your work.
Open-weight models are in production now, and the hard problems have moved to the loop around them: post-training pipelines, gyms and environments, reward design, and evaluations that survive contact with real workloads. This track is for practitioners doing that work.
Runs that failed are as welcome as runs that converged. Bring loss curves, eval deltas, and cost numbers.
Examples include:
Talk Formats
Standard Session
Lightning Talk
Demo
What Makes a Great Submission?
Keep it detailed, but concise.
We especially value speakers willing to explain what didn’t work.
What Makes a Great Talk?
Talk best practices:
What Doesn’t Belong Here?
Please don’t submit:
If your talk could be replaced by a blog post, it probably isn’t right for this conference.
Submission Requirements
Your submission should include:
Tell us:
Confirm:
How We Review
The first review is completely blind. Reviewers evaluate submissions, not speakers.
The second pass considers: speaker, track, record, including how well you delivered at prior conferences. Blind scores drive the ranking; track record breaks ties.
Scoring is based on:
Important Dates
CFP Opens: Now
Submission Deadline: September 1, 2026
Speaker Notifications: September 20, 2026 (Notifications go out about five weeks before the conference; plan travel accordingly.)
Conference: October 27-29, 2026 • San Francisco
First-Time Speakers
Some of our best talks have come from people who had never spoken at a conference before.
If your work is strong and this is your first conference, we offer speaker mentorship to help you refine your talk and prepare for the stage.
Logistics
Accepted speakers get complimentary registration. We do not cover travel and lodging, so budget accordingly.
Talks are recorded. Recordings and slides get published. If your employer or your legal team has a problem with that, sort it out before you submit, not after you're accepted.
Everyone at [un]prompted agrees to the code of conduct. Speakers included. Read it.
Questions? [contact@unprompted.org.
If you haven't logged in before, you'll be able to register.
Using social networks to login is faster and simpler, but if you prefer username/password account - use Classic Login.