Call for Speakers

in 3 months

[un]prompted - The AI Security Practitioner Conference

event starts

27 Oct 2026

event ends

29 Oct 2026

location

San Francisco, California, United States


Whether you’re a CISO Excel jockey or a researcher sniffing for the scent of bits, we see you as part of our wider AI security practitioner community.


[un]prompted is an intimate, raw, and fun gathering for the professionals actually doing the work, from offense to threat hunting to program building to national policy. No fluff. No filler. Just sharp talks, real demos, and conversations that matter.


Let’s take AI back from the marketers.


What You Can Expect


[un]prompted was created by volunteers behind events such as Prompt||GTFO, fwd:cloudsec, ACoD, and ISOI.


We care about seeing what actually works for you in AI. As long as we keep the fluff out, talks can cover any topic from the deeply technical to national policy.


All sessions are 20 minutes long (+10 for questions), with an option to submit lightning talks at 10 minutes. Demos are encouraged, slides allowed but to be limited to the bare minimum.


Check the conference, our CFP, and review board on our site, here:https://unpromptedcon.org/

open, 49 days left
Call for Speakers
Call opens at 12:00 AM

14 Apr 2026

Call closes at 11:59 PM

01 Sep 2026

Call closes in Pacific Daylight Time (UTC-07:00) timezone.
Closing time in your timezone () is .

[un]prompted Call for Papers

Build. Break. Operate. Govern. Train.

October 27-29, 2026 • San Francisco

Organizations are deploying AI into production. Security teams are building agents into their workflows. Attackers are already exploiting AI systems in ways that didn’t exist a year ago.

A community of AI + security, [un]prompted is the conference for practitioners who do.

If you’ve shipped, attacked, defended, strategized, or trained your own, or spent months cleaning up after it - we want to hear your story.


If your talk could have been written b efore the project started, it’s probably not the right fit.

  • Bring architecture
  • Bring metrics
  • Bring failures
  • Bring lessons learned
  • Bring code/prompt

Let’s take AI back from the marketers.


Tracks

🔨 Build

You built something that made AI, security, or preferably both, better.

This track is for practitioners building secure AI systems, AI-powered security capabilities, and practical tools that solve real problems.

Working prototypes are welcome. Perfect products are not required.

We’re interested in deployments, experiments, and lessons from the field - not polished success stories.

Examples include:

  • Threat detection and incident response
  • Security evaluation frameworks
  • Supply chain security
  • Prompt injection defenses
  • Agent architectures and sandboxing
  • AI-powered SOC operations
  • AI-powered VulnOps
  • Custom GPTs, agents, and workflow automation
  • AI-assisted development
  • Open-source security tools


💥 Break

You broke something, discovered it was already broken, or investigated interesting cases. We’d like to see how you did it and what you found out.

We want real attacks against AI systems, offensive security powered by AI, investigations involving threat actors. and research that demonstrates practical impact.

Engagement stories beat hypothetical attacks every time.

Examples include:

  • Prompt injection chains
  • Adversarial attacks
  • AI threat investigations, intelligence, threat actors and attribution
  • Model extraction
  • Malware and AI
  • Data poisoning
  • AI-powered red teaming
  • Autonomous vulnerability discovery
  • Agentic attack chains
  • Exploit generation
  • Hardware and robotics attacks
  • Cyber enabled intrusions and tradecraft
  • Case studies from real investigations


⚙️ Operate 

You deployed AI into production, integrated it into real workflows, and then had to keep it alive. 

This track is for security practitioners responsible for running and securing AI systems after launch: reliability, security operations, monitoring, access control, evaluation drift, abuse handling, and the messy gap between the architecture diagram and reality. 

Show us what you shipped, what failed, what you measured and what users did that surprised you. What changed after the first incident? 

Examples Include:

  • Agent Runtime Security
  • Sandboxing and containment
  • Human-in-the-loop and human-on-the-loop (HITL/HOTL) oversight. 
  • Cost, latency, reliability and security tradeoffs
  • Operational postmortems


🏛️ Govern

We’re thinking about two specific areas:

  1. Organizational level:
    You created the rules, controls, review processes, or organizational systems that made AI safe enough to use, and then tested whether they worked.
  2. National and international level:
    You have been working actively on developing approaches to governance of AI that stretch across industries, and national borders.

This is our highest bar track. Your submissions should be as strong as if you submitted to the technical tracks.

Examples include:

  • Shadow AI discovery + remediation
  • Agentic governance-as-code
  • Novel shared responsibility models for governance and oversight
  • Export controls
  • Model, agent or vendor risk review processes
  • Regulation and standardization
  • Change management for enterprise AI adoption
  • Policy enforcement via technical controls
  • Acceptable-use policies that actually worked
  • Preparedness for emerging regulations (ISO 42001, AI Act & associated guidance, GDPR, …)
  • Geo-politics and AI technology

Frontier and cross-border governance: "You work hands-on in AI governance that spans industries and borders: export controls, compute thresholds, third-party evaluation, red-team requirements. Report from the front lines, not from a literature review." 

Example areas include: 

  • Fabrication
  • export controls
  • compute thresholds
  • KYC for those running massive clusters
  • on-chip governance
  • training data regulation
  • model safeguards
  • third party evaluations
  • independent red-team testing
  • government pre-deployment reviews

We want talks that help this community participate in shaping industry self-regulation, open source oversight, legislation, and global standards, grounded in work you actually did. 


🏋️ Train

You trained, tuned, or evaluated an open-weight model, and you have the receipts. Proprietary models work is welcome, but you’d have to show your work.

Open-weight models are in production now, and the hard problems have moved to the loop around them: post-training pipelines, gyms and environments, reward design, and evaluations that survive contact with real workloads. This track is for practitioners doing that work.

Runs that failed are as welcome as runs that converged. Bring loss curves, eval deltas, and cost numbers.

Examples include:

  • Post-training and fine-tuning open-weight models for security tasks
  • RL gyms, environments, and simulation infrastructure
  • Reward functions and verifiers
  • Benchmark and eval construction, including what your benchmarks got wrong
  • Synthetic and procedurally generated training data
  • Mechanistic interoperability and security
  • Distillation, small models, and edge deployment
  • Eval harnesses, regression testing, and model comparison methodology
  • Open-source training and eval tooling


Talk Formats

Standard Session

  • 20-minute presentation + 5-minute Q&A

Lightning Talk

  • 5-minute presentation + 5-minute Q&A

Demo

  • 10-minute live walkthrough of a tool, dataset, framework, or workflow
  • Code and demonstrations are strongly encouraged
  • Slides are optional


What Makes a Great Submission?
Keep it detailed, but concise.

  • Real deployments
  • What you learned from failures
  • Numbers and measurable outcomes
  • Code, demos, or artifacts
  • Practical takeaways attendees can apply immediately
  • Focus

We especially value speakers willing to explain what didn’t work.


What Makes a Great Talk?

Talk best practices:

  • Show the work
  • Expect the audience to be peers, or be willing to go study after your talk
  • Less slides, more practical examples and demos
  • Very short (if any) introduction


What Doesn’t Belong Here?

Please don’t submit:

  • Product pitches
  • Marketing presentations
  • Thought leadership without evidence
  • AI-generated content without original work behind it
  • AI-generated content without you thoroughly reviewing and editing it
  • Frameworks without deployments
  • Theoretical attacks with no practical validation
  • Long introductions and hype
  • No Sun Tzu quotes (unless they are brand new 0day one

If your talk could be replaced by a blog post, it probably isn’t right for this conference.


Submission Requirements

Your submission should include:

  • A title
  • An abstract (maximum 200 words)
  • A detailed outline (3–5 bullets with estimated timing)
  • Evidence supporting the talk (deployment data, code, metrics, attack results, dashboards, case studies, or other artifacts)
  • Speaker bio (100 words maximum)

Tell us:

  • Is this your first conference presentation?
  • Would you like to participate in our speaker mentorship program?

Confirm:

  • You will submit your presentation four weeks in advance.
  • You agree to run a pilot session of your talk with CFP committee members before the conference. This is how the talks stay strong.' 


How We Review

The first review is completely blind. Reviewers evaluate submissions, not speakers.

The second pass considers: speaker, track, record, including how well you delivered at prior conferences. Blind scores drive the ranking; track record breaks ties. 

Scoring is based on:

  • 40% Technical depth
  • 40% Evidence quality
  • 10% Practitioner relevance
  • 10% Novelty
  • Important:
  • The earlier the submission, the higher likelihood of acceptance it has.
  • To keep the program diverse, we generally accept no more than 2-3 talks per organization.


Important Dates

CFP Opens: Now

Submission Deadline: September 1, 2026

Speaker Notifications: September 20, 2026 (Notifications go out about five weeks before the conference; plan travel accordingly.)

Conference: October 27-29, 2026 • San Francisco


First-Time Speakers

Some of our best talks have come from people who had never spoken at a conference before.

If your work is strong and this is your first conference, we offer speaker mentorship to help you refine your talk and prepare for the stage.


Logistics

Accepted speakers get complimentary registration. We do not cover travel and lodging, so budget accordingly.

Talks are recorded. Recordings and slides get published. If your employer or your legal team has a problem with that, sort it out before you submit, not after you're accepted.

Everyone at [un]prompted agrees to the code of conduct. Speakers included. Read it.

Questions? [contact@unprompted.org.


event fee

free for speakers

Login with your preferred account


If you haven't logged in before, you'll be able to register.

Using social networks to login is faster and simpler, but if you prefer username/password account - use Classic Login.