ConferenceTechnology AI & Machine Learning500 attendees

[un]prompted | The AI Security Practitioner Conference

Name: [un]prompted | The AI Security Practitioner Conference
Start: 2026-03-03
End: 2026-03-04
Location: San Francisco, CA

Mar 3–4, 2026San Francisco, CA, US

500

Attendees

Speakers

Sponsors

Exhibitors

About

[un]prompted is back for the second time in (or around) September, in SF. Dates, CFP, and registration to be announced.

Speakers (15)

View all 15 →

0–

08:30 – 09:00

**Gathering & Mingling**

0–

09:10 – 09:35

**200 Bugs/Week/Engineer: How We Rebuilt Trail of Bits Around AI** Dan Guido, CEO, Trail of Bits

0–

09:20 – 09:35

**Evaluating Threats & Automating Defense: How Google is Advancing Code Security** Heather Adkins, VP of Security Engineering, Google Four Flynn, VP Security and Privacy, Google Deepmind

0–

09:35 – 10:00

**The Hard Part Isn’t Building the Agent: On Measuring Agent Effectiveness to Improve It** Joshua Saxe, AI Security Technical Lead, Meta

1–

10:00 – 10:25

**Security Guidance as a Service: Building an AI-Native Blueprint for Defensive Security** Shruti Datta Gupta, Product Security Engineer, Adobe Chandrani Mukherjee, Product Security Engineer, Adobe

1–

10:25 – 10:45

**Coffee break**

1–

10:25 – 10:55

**Coffee break**

1–

13:30 – 13:55

**When Passports Execute: Exploiting AI Driven KYC Pipelines** Sean Park, Principal Threat Researcher, TrendAI

1–

13:55 – 14:20

**FENRIR: AI Hunting for AI Zero-Days at Scale** Peter Girnus, Senior Threat Researcher, TrendAI Derek Chen, Vulnerability Researcher, TrendAI

1–

14:20 – 14:35

**AI Notetakers: The Most Important Person in the Room** Joe Sullivan, CEO, Ukraine Friends and Joe Sullivan Security

1–

14:20 – 14:45

**Training BrowseSafe: Lessons from Detecting Prompt Injection in Production Browser Agents** Kyle Polley, Member of Technical Staff, Security Perplexity

1–

14:35 – 14:55

**Coffee break**

Sponsors (94)

08:30 – 09:0009:00 – 09:1009:10 – 09:2009:10 – 09:3509:20 – 09:3509:35 – 10:0010:00 – 10:2510:25 – 10:4510:25 – 10:5510:45 – 11:1010:55 – 11:2011:10 – 11:3511:20 – 11:4511:35 – 12:0011:45 – 12:1012:00 – 12:2512:10 – 12:2512:25 – 13:3013:30 – 13:5513:55 – 14:2014:20 – 14:3514:20 – 14:4514:35 – 14:5514:45 – 14:5514:45 – 15:0514:55 – 15:2015:05 – 15:3015:20 – 15:4515:30 – 15:5515:45 – 16:1015:55 – 17:0016:10 – 16:3516:35 – 17:0017:00 – 18:001.8M Prompts, 30 Alerts: Hunting Abuse in a User-Defined Agent Ecosystem200 Bugs/Week/Engineer: How We Rebuilt Trail of Bits Around AI8 Minutes to Admin. We Caught It in the Wild. Welcome to VibeHackingAgenda:AI Agents for Exploiting “Auth-by-One” ErrorsAI Found 12 Zero-Days In OpenSSL. What Does It Mean For The Industry?AI go Beep Boop!AI Notetakers: The Most Important Person in the RoomAI Security with GuaranteesAnatomy of an Agentic Personal AI InfrastructureBeyond the Chatbot: Delivering an Agentic SOC for Real-World DefenseBlack-hat LLMsBreaking the Lethal Trifecta (Without Ruining Your Agents)Building Secure Agentic Systems: Lessons from Daily-Driver AgentsCode Is Free: Securing Software in the Agentic FutureCoffee breakDetecting GenAI Threats at Scale with YARA-Like Semantic RulesDetection & Deception Engineering in the MatrixDeveloping & Deploying AI Fingerprints for Advanced Threat DetectionEnterprise AI Governance at Snowflake: Balancing Innovation and RiskEstablishing AI Governance Without Stifling Innovation: Lessons LearnedEvaluating Threats & Automating Defense: How Google is Advancing Code SecurityEvening events:Exploring the AI Automation Boundary for Threat Hunting at DatadogFENRIR: AI Hunting for AI Zero-Days at ScaleGathering & MinglingGuardrails beyond Vibes: Shipping Security Agents in ProductionHooking Coding Agents with the Cedar Policy LanguageInjecting Security Context During Vibe CodingKinetic Risk: Securing and Governing Physical AI in the WildLunch BreakMarch 3-4, The Hibernia, San Francisco.Mingling & Something sweetMonday, March 2, 2026 \| 6:00-10:00 PMMove between roomsOpening Event – Unofficial ReceptionOpening WordsOpening Words – “Research conferences aren’t effective.”Operation Pale Fire: How We Red-Teamed Our Own AI AgentPromp2Pwn – LLMs Winning at Pwn2OwnRethinking how we evaluate security agents for real-world useSecuring Workspace GenAI at Google Speed: Surviving the Perfect StormSIFT – FIND EVIL!! I Gave Claude Code R00t on the DFIR SIFT WorkstationSource to Sink: How to Improve LLM First-Party Vuln DiscoveryTenderizing the Target: Soaking Code in Synthetic VulnerabilitiesThe Advent of Confidential AIThe AI Security Larsen Effect: How to Stop the Feedback LoopThe HiberniaThe Parseltongue Protocol: A Deep Dive into 100+ Textual Obfuscation MethodsThe UNDERDOGS CantinaThree Phases of AI Adoption: From GPU Lottery to Enterprise AgreementsTotal Recon: How We Discovered 1000s of Open Agents in the WildTrajectory-Aware Post-Training of Open-Weight Models for Security AgentsTuesday, March 3, 2026 \| 5:00-8:00 PM\[un\]prompted\[un\]prompted eventVibe Check: Security Failures in AI-Assisted IDEsWhen Passports Execute: Exploiting AI Driven KYC PipelinesYour Agent Works for Me NowZeal of the Convert: Taming Shai-Hulud with AI

Exhibitors (4)

4th March: Easy-going get-togetherAn easy Google sheetDay 1Day 2