AI in cybersecurity has moved past the proof-of-concept phase. Organizations are deploying agents in production, security teams are automating with LLMs, and attackers are already exploiting AI systems. But we're drowning in hype, vendor pitches, and CTF demos that don't translate to real environments.

This vendor-agnostic conference brings together practitioners building and breaking AI systems with leaders managing the strategic and organizational challenges. We want specifics: What actually works? What failed spectacularly? How is 2030 shaping up to look different from 2025? We're looking for 10-minute lightning talks and 25-minute deep dives that share real implementation details, hard-won lessons, and honest assessments. Not sales pitches or theoretical exercises.

NOTE: We strongly recommend you check out the main website for direct commentary from our review board for what they would like to see.

Presentation Tracks

TRACK 1: Building Secure AI Systems

• How are you architecting, testing, and operating AI/ML systems in production? We want the technical details others can learn from.
• Topics We’re Looking For:
• Prompt injection defenses (simple and complex multi-agent scenarios)
• Sandboxing approaches, action/intention quantification for agents
• SDLC/MDLC security practices that actually work
• AI supply chain risk management
• Security evaluation frameworks and datasets beyond red team CTFs
• Data poisoning, backdoors, model collapse, recursive pollution
• Real transparency solutions (not black boxes)
• Failures: what didn’t work and why

TRACK 2: Attacking AI Systems

How are AI systems actually being compromised in the wild?

Topics We’re Looking For:

• Prompt injection chains across multiple systems/agents
• Adversarial attacks on models in production environments
• Reinforcement learning exploitation and reward hacking
• Training data extraction, backdoors, poisoning
• Zero-day vulnerabilities specific to AI architectures
• Practical examples from real engagements (not sanitized demos)

TRACK 3: Using AI for Offensive Security

Show us AI tools you’ve deployed (or tried to deploy) for offensive security.

Topics We’re Looking For:

• Autonomous red teaming
• Vulnerability discovery and exploit generation
• Cost-effective fuzzing
• Hackbots and agentic penetration testing on production systems (not CTFs)
• Agentic workflows for research and attack

TRACK 4: Using AI for Defensive Security

Show us AI tools you’ve deployed (or tried to deploy) for defensive security:

Topics We’re Looking For:

• Threat detection, incident response automation, vulnerability management at scale
• Agentic systems for threat hunting, log analysis, triage
• Automated threat modeling, secure design assistance
• ROI reality check: what did AI replace vs. assist vs. make harder?
• Deepfake detection, deception as defense
• Augmenting or replacing security governance tools (audit evidence gathering, GRC automation, etc.)
• Tools your teams built internally that replaced vendors
• War stories and lessons learned

TRACK 5: Strategy, Governance & Organizational Reality

What are leaders grappling with as they deploy, govern, and scale AI?

Topics We’re Looking For:

• Talking to executives and boards about AI security risks and ROI
• Shadow AI: detection, management, policy that works
• Measuring what matters: benchmarks, metrics, real outcomes
• Skillsets needed and how to train non-early-adopters
• Enterprise challenges: immature tooling, lack of admin panels, configuration nightmares
• Regulatory compliance and policy navigation
• Organizational change management for AI adoption
• What are boards actually asking for?

TRACK 6: Practical Tools & Creative Solutions

Show us the AI tools, prompts, and workflows you’ve built that make your job easier—even if they’re not enterprise-grade or polished products. This is the “here’s something neat I made, you might find it useful” track.

Topics We’re Looking For:

• Custom GPTs, artifacts, and agents for specific security tasks
• Prompt engineering techniques that actually work (the ones most people don’t know about)
• Open-source tools and scripts that solve real problems
• Workflow automations using AI that save you time
• Engineering patterns that work well for AI-assisted development
• Examples: threat modeling assistants (like StrideGPT), analysis tools (like RAPTOR), triage helpers, evidence collectors, documentation generators
• We want to see what is tested and works well for you in real practice, not a CTF or theoretical demo

Submission Guidelines

What Makes a Strong Submission:

• Specific examples with enough detail others can apply
• Honest assessment of what worked and what didn't
• Data, metrics, or real-world validation (not vibes)
• Clear takeaways for attendees in similar situations
• Acknowledgment of tradeoffs and limitations

What We're NOT Looking For:

• Vendor product pitches
• Purely theoretical attacks with no production context
• Hype without implementation details
• Talks that could have been a blog post

Up to three hotel nights covered.