[un]prompted Security Practitioner Con 2026 podcast artwork

PODCAST · technology

[un]prompted Security Practitioner Con 2026

Every session of [un]prompted 2026: Nicholas Carlini, Daniel Miessler, Heather Adkins + 50 more who brought what they've learned from the edge: agents, detection, forensics, governance, llm security, offensive, prompt injection, threat intel. "It feels like a warp point in time: the moment security has to decide whether to stay deterministic, or jump into this non‑deterministic, AI‑driven world. But if we can pull just 2% of the people around us up one level, from "I type into ChatGPT like Google" to "I use agents and tools," then I believe we can change companies and countries.” - Gadi Evron.

  1. 58

    Ep 1 | Gadi Evron - Day One Remarks | [un]prompted 2026

    Day One opening and closing remarks from Gadi Evron at [un]prompted 2026.Gadi Evron is CFP Chair, [un]prompted and CEO, Knostic.

  2. 57

    Ep 2 | Gadi Evron - Day Two Remarks | [un]prompted 2026

    Day Two opening and closing remarks from Gadi Evron at [un]prompted 2026.Gadi Evron is CFP Chair, [un]prompted and CEO, Knostic.

  3. 56

    Ep 3 | Dan Hubbard - Zero Day Is Now the Space Between a Prompt and Prod | [un]prompted 2026

    Day 1 | Stage 1Dan Hubbard kicks off [un]prompted with a poem.Dan Hubbard is VP of Research, Vectra AI.Watch on YouTube: https://www.youtube.com/watch?v=cUMJTM9egiM

  4. 55

    Ep 4 | Heather Adkins & Four Flynn - Evaluating Threats & Automating Defense at Google | [un]prompted 2026

    Day 1 | Stage 1VP of Security Engineering from Google discusses advancing code security with a comprehensive overview of Google's AI security strategy. Shows how to evaluate emerging cyberattack capabilities and demonstrates how tools like CodeMender are helping build intrinsically safer software.Heather Adkins is VP of Security Engineering, Google.Four Flynn is VP Security and Privacy, Google DeepMind.Watch on YouTube: https://www.youtube.com/watch?v=B_7RpP90rUk

  5. 54

    Ep 5 | Joshua Saxe - The Hard Part Isn't Building the Agent: Measuring Effectiveness | [un]prompted 2026

    Day 1 | Stage 1As AI coding tools drive the cost of building security agents toward zero, the hard problem becomes knowing whether they'll actually work against real attacks and vulnerabilities not seen before. Presents a practical journey from naive precision/recall metrics to multi-dimensional evaluation that captures reasoning quality, evidence gathering, and tool-calling logic. Shows how proper measurement unlocks automated agent improvement using genetic algorithms and AI coding tools. Includes live demo.Joshua Saxe is AI Security Technical Lead, Meta.Watch on YouTube: https://www.youtube.com/watch?v=rO2yA52U_i4

  6. 53

    Ep 6 | Shruti Datta Gupta & Chandrani Mukherjee - Security Guidance as a Service | [un]prompted 2026

    Day 1 | Stage 1Explores how to provide consistent security guidance at scale, especially in AI-first environments. Discusses building an AI-Native Security Guidance as a Service that centralizes security knowledge and powers multiple defensive AI capabilities with consistent, evaluated and bespoke guidance.Shruti Datta Gupta is Product Security Engineer, Adobe.Chandrani Mukherjee is Product Security Engineer, Adobe.Watch on YouTube: https://www.youtube.com/watch?v=SMEZowlcyyo

  7. 52

    Ep 7 | Jeffrey Zhang & Siddh Shah - Guardrails beyond Vibes | [un]prompted 2026

    Day 1 | Stage 1Shares how Stripe is using AI agents to streamline high-friction security workflows including threat modeling and security request routing. Covers practical design choices that made these agents reliable in practice: modular orchestrator/child architectures, targeted tools, structured inputs/outputs, and validation to reduce variance and improve determinism. Walks through measuring and improving agent quality over time using offline and online evaluation loops.Jeffrey Zhang is Security Engineer, Stripe.Siddh Shah is Software Engineer, Stripe.Watch on YouTube: https://www.youtube.com/watch?v=KrKk8BGPeQA

  8. 51

    Ep 8 | Paul McMillan & Ryan Lopopolo - Code Is Free: Securing Software | [un]prompted 2026

    Day 1 | Stage 1An AI-maximalist vision of securing software in the agentic future. Presents engineering-first ways to improve security of projects with zero-friction additions. Advocates for using LLMs to write code and security, arguing that if engineers use LLMs for code, they should use them for security too.Paul McMillan is Security Engineer, OpenAI.Ryan Lopopolo is Member of Technical Staff, OpenAI.Watch on YouTube: https://www.youtube.com/watch?v=U2O14Jd3MBU

  9. 50

    Ep 9 | Brendan Dolan-Gavitt & Vincent Olesen - Agents Exploiting "Auth-by-One" Errors | [un]prompted 2026

    Day 1 | Stage 1Presents techniques for finding and validating access control flaws using AI agents. Uses strict validators for identifying successful logins (AuthN) and protected resource access (AuthZ) to build capable attack agents. Shows how to enable LLM-powered agents to discover and validate access control vulnerabilities at scale.Brendan Dolan-Gavitt is AI Researcher, XBOW.Vincent Olesen is AI Researcher, XBOW.Watch on YouTube: https://www.youtube.com/watch?v=996zolUsXog

  10. 49

    Ep 10 | Natalie Isak & Waris Gill - Developing & Deploying AI Fingerprints | [un]prompted 2026

    Day 1 | Stage 1Introduces BinaryShield, a privacy-preserving fingerprinting system that enables cross-service threat intelligence without exposing sensitive user prompts. As LLM-powered services proliferate with prompt injection attacks, this system allows sharing threat data across organizational boundaries while preserving privacy. Covers research and practical deployment applications with demo.Natalie Isak is Software Engineer, Microsoft.Waris Gill is Applied Scientist, Microsoft.Watch on YouTube: https://www.youtube.com/watch?v=u7pag5p9z5o

  11. 48

    Ep 11 | Sean Park - When Passports Execute: Exploiting AI Driven KYC Pipelines | [un]prompted 2026

    Day 1 | Stage 1Shows how modern KYC workflows that delegate passport parsing, database writes, and customer verification to AI-driven extraction agents are vulnerable. Document-embedded injects and compliance controls together steer AI agents into cross-record reads and writes, enabling data theft and exfiltration without bypassing access controls. Presents a scalable exploitation approach across KYC extraction agents using LLM-generated high-success payloads.Sean Park is Principal Threat Researcher, TrendAI.Watch on YouTube: https://www.youtube.com/watch?v=XVos-fhnsek

  12. 47

    Ep 12 | Peter Girnus & Derek Chen - FENRIR: AI Hunting for AI Zero-Days at Scale | [un]prompted 2026

    Day 1 | Stage 1FENRIR has discovered 100+ vulnerabilities across AI infrastructure since mid-2025, with 21 CVEs patched including multiple CVSS 9.8 RCEs. Presents FENRIR's multi-stage verification pipeline: static analysis pre-triage, two-layer LLM validation (L1 prune → L2 deep-verify), and confidence-based human routing. Covers what worked (research-backed context generation, CWE-specific agents, pattern recognition) and what failed.Peter Girnus is Senior Threat Researcher, Trend Micro's Zero Day Initiative (ZDI).Derek Chen is Vulnerability Researcher, TrendAI.Watch on YouTube: https://www.youtube.com/watch?v=c6_bRzHCf3U

  13. 46

    Ep 13 | Joe Sullivan - AI Notetakers: The Most Important Person in the Room | [un]prompted 2026

    Day 1 | Stage 1The most important attendee in meetings is now the AI notetaker that assigns action items, determines importance, and creates the official record. Covers steering techniques for influencing what the notetaker captures, risks from governance gaps when notetakers become infrastructure, opportunities for reliable incident response systems of record, and enterprise readiness frameworks.Joe Sullivan is CEO, Ukraine Friends and Joe Sullivan Security.Watch on YouTube: https://www.youtube.com/watch?v=oXj1Kee_crw

  14. 45

    Ep 14 | Adam Laurie (Major Malfunction) - AI go Beep Boop! | [un]prompted 2026

    Day 1 | Stage 1Hardware hacking with AI at the controls. Gave Claude access to hardware lab (Laptop, USB hub, XYZ platform, PICO2, Jlink-pro, Oscilloscope, Chipshouter and targets). Within 7 minutes it pwned an LPC chip that took 6 weeks of human glitching. Within a month it rewrote the entire glitching platform and now autonomously hacks new targets while the author sleeps.Adam Laurie (Major Malfunction) is Hardware Hacker turned CISO, Alpitronic.Watch on YouTube: https://www.youtube.com/watch?v=_tqqnkemYsg

  15. 44

    Ep 15 | Rami McCarthy - Zeal of the Convert: Taming Shai-Hulud with AI | [un]prompted 2026

    Day 1 | Stage 1Post-mortem of 2025 Shai-Hulud attacks leaking massive victim data onto GitHub. Shows real-world evolution from simple "vibe-coded" scrapers to multi-agent triage engines that parallelize victimology and automate secret-impact analysis. Covers what actually worked, where ground has shifted, how "lazy" AI fails, with practical prompts, scripts, and lessons learned.Rami McCarthy is Principal Security Researcher, Wiz.Watch on YouTube: https://www.youtube.com/watch?v=6P77Zbo2TA4

  16. 43

    Ep 16 | Daniel Miessler - Anatomy of an Agentic Personal AI Infrastructure | [un]prompted 2026

    Day 1 | Stage 1Deepdive on personal AI infrastructure system and the open-source project that mirrors it.Daniel Miessler is Founder, Unsupervised Learning.Watch on YouTube: https://www.youtube.com/watch?v=l9CPmPk2R-M

  17. 42

    Ep 17 | Nicholas Carlini - Black-hat LLMs | [un]prompted 2026

    Day 1 | Stage 1Large language models are now capable of automating attacks previously only possible by human adversaries. Discusses several ways adversaries could misuse current models to cause harm at larger scale and lower cost than currently possible. Recent state-of-the-art models can find 0-day vulnerabilities in large software projects extensively tested by humans for decades. These new capabilities alter the threat landscape and require rethinking security.Nicholas Carlini is Research Scientist, Anthropic.Watch on YouTube: https://www.youtube.com/watch?v=1sd26pWhfmg

  18. 41

    Ep 18 | Piotr Ryciak - Vibe Check: Security Failures in AI-Assisted IDEs | [un]prompted 2026

    Day 1 | Stage 1AI IDEs and coding agents expand the practical attack surface of development workflows by introducing new paths from untrusted workspace inputs to high-impact actions. Presents a catalog of exploitation patterns derived from vulnerability research across major AI-assisted IDEs and agents (OpenAI Codex, Amazon Kiro, Google Antigravity, Cursor, others), organized by attacker effort and trigger model. Provides repeatable playbook and checklist for security teams.Piotr Ryciak is AI Red Teamer, Mindgard.Watch on YouTube: https://www.youtube.com/watch?v=mKb_IKVrcIc

  19. 40

    Ep 19 | Billy Norwood - Establishing AI Governance Without Stifling Innovation | [un]prompted 2026

    Day 1 | Stage 2CISO from FFF Enterprises shares strategy and implementation of a risk-based AI governance committee in a healthcare services firm, discussing successes and failures along the way.Billy Norwood is CISO, FFF Enterprises.Watch on YouTube: https://www.youtube.com/watch?v=sh9LpVM1QBM

  20. 39

    Ep 20 | Ragini Ramalingam - Enterprise AI Governance at Snowflake | [un]prompted 2026

    Day 1 | Stage 2Director of Enterprise Security at Snowflake shares perspectives on supporting responsible AI adoption within a large, dynamic enterprise environment. Discusses practical approaches to establishing governance frameworks, fostering cross-functional collaboration, and embedding security considerations into emerging technologies.Ragini Ramalingam is Director, Enterprise Security, Snowflake.Watch on YouTube: https://www.youtube.com/watch?v=RF4gR5uviv0

  21. 38

    Ep 21 | Chase Hasbrouck - Three Phases of AI Adoption | [un]prompted 2026

    Day 1 | Stage 2Chief of Forensics/Malware Analysis from U.S. Army Cyber Command discusses the Army's path to enterprise AI showing deployment constraints shape adoption more than security policies. Covers 2023's fragmented research previews (high innovation but no institutional knowledge), 2024's centralized solutions (killed experimentation), and 2025's enterprise agreements (now grappling with cultural change convincing people the tool is actually usable).Chase Hasbrouck is Chief of Forensics/Malware Analysis, U.S. Army Cyber Command.Watch on YouTube: https://www.youtube.com/watch?v=UOtVmYR0mRg

  22. 37

    Ep 22 | Rob T. Lee - SIFT-FIND EVIL! I Gave Claude Code R00t on DFIR SIFT Workstation | [un]prompted 2026

    Day 1 | Stage 2Chief AI Officer from SANS Institute explains wiring agentic AI into SIFT via Model Context Protocol—timeline generation, memory analysis, malware sweeps, all via natural language. References Anthropic's GTG-1002 report showing adversaries running Claude Code at 80-90% autonomous execution. Shows live demo where typing "SIFT!! Find Evil!" actually works. Based on 40+ hours of testing.Rob T. Lee is Chief AI Officer (CAIO) and Chief of Research, SANS Institute.Watch on YouTube: https://www.youtube.com/watch?v=OsUg3TlAqjQ

  23. 36

    Ep 23 | Mika Ayenson - Can You See What Your AI Saw? | [un]prompted 2026

    Day 1 | Stage 2Threat Research & Detection Engineer from Elastic explores GenAI endpoint observability from a practitioner's perspective. As GenAI coding assistants become standard developer tools, detection engineers face challenges understanding what happens when AI executes commands on behalf of users. Discusses what telemetry exists, where gaps are, and why standardized schemas for AI activity are needed.Mika Ayenson is Threat Research & Detection Engineer, Elastic.Watch on YouTube: https://www.youtube.com/watch?v=cEbPSQaSLXM

  24. 35

    Ep 24 | Mohamed Nabeel - Detecting GenAI Threats at Scale with YARA-Like Semantic Rules | [un]prompted 2026

    Day 1 | Stage 2Sr Principal Researcher from Palo Alto Networks introduces SYARA (Super YARA), extending YARA's syntax with multi-modal semantic detection. Combines string matching, embeddings, ML classifiers, and LLMs in a single rule. Teaches hunting for GenAI-era threats including prompt injection, phishing, malicious intent identification, and disinformation detection, achieving 98% detection rates.Mohamed Nabeel is Sr Principal Researcher, Palo Alto Networks.Watch on YouTube: https://www.youtube.com/watch?v=PZYtJL6TCwo

  25. 34

    Ep 25 | Aaron Grattafiori & Skyler Bingham - Tenderizing the Target | [un]prompted 2026

    Day 1 | Stage 2Principal Offensive AI Security Researchers from NVIDIA discuss Marinade, an agentic workflow solving the problem of getting realistic vulnerable applications. Analyzes codebases (Django, Spring Boot, Java, Rails), understands attack surface, and injects realistic, exploitable vulnerabilities that blend naturally into existing code. AI is surprisingly adept at weakening security controls rather than clumsily removing them.Aaron Grattafiori is Principal Offensive AI Security Researcher, NVIDIA.Skyler Bingham is Principal Applied Researcher, NVIDIA.Watch on YouTube: https://www.youtube.com/watch?v=nRH_rdW7EL8

  26. 33

    Ep 26 | Matt Maisel - Hooking Coding Agents with the Cedar Policy Language | [un]prompted 2026

    Day 1 | Stage 2CTO and Cofounder of Sondera demonstrates a reference monitor using Rust hooks and Cedar policies to deterministically intercept every shell command, file read, and other actions. Coding agents wield dangerous access to code and terminal, and prompt injection renders soft guardrails useless. Live demo forbids exfiltration and destructive behaviors with open-source tool compatible with Cursor, Claude Code, and GitHub Copilot CLI.Matt Maisel is CTO and Cofounder, Sondera.Watch on YouTube: https://www.youtube.com/watch?v=m6pzrqFJ6hE

  27. 32

    Ep 27 | Carl Hurd - Glass-Box Security: Operationalizing Mechanistic Interpretability | [un]prompted 2026

    Day 1 | Stage 2Co-Founder & CTO of Starseer introduces "Glass-Box Security" utilizing Mechanistic Interpretability and Latent Space Geometry to monitor model's internal state for malicious intent and data exfiltration. Perimeter defenses are failing against next-generation AI agents. Presents Starseer architecture—a technical reference for building "Internal EDR" replacing fragile regex filters with "semantic tripwires" detecting deception and code leakage at the neuron level.Carl Hurd is Co-Founder & CTO, Starseer.Watch on YouTube: https://www.youtube.com/watch?v=JZlaijmG-Ng

  28. 31

    Ep 28 | Maxim Kovalsky - The AI Security Larsen Effect: How to Stop the Feedback Loop | [un]prompted 2026

    Day 1 | Stage 2Managing Director from Consortium Networks introduces a capability-based framework for AI security. The market has 60+ vendors with unclear guidance. Framework zeros in on risks actually relevant to your architecture, helps decide how to address them (configure, buy, or build), and produces rational vendor shortlist instead of analysis paralysis. Live demo with realistic scenario: agentic healthcare chatbot with PHI data.Maxim Kovalsky is Managing Director, AI Security CoE, Consortium Networks.Watch on YouTube: https://www.youtube.com/watch?v=U1TJpMpxZiU

  29. 30

    Ep 29 | Padma Apparao - Kinetic Risk: Securing and Governing Physical AI in the Wild | [un]prompted 2026

    Day 1 | Stage 2Security architect for government agencies discusses when AI leaves the screen and enters the physical world, failure shifts from misinformation to kinetic damage. Physical AI is fundamentally different: while performance dominates design, security, risk, and governance must be built in from start. Examines VLA-specific risks like sensor spoofing and embodied instruction manipulation that can lead to unsafe physical actions.Padma Apparao is Security Architect, Government Agencies.Watch on YouTube: https://www.youtube.com/watch?v=YzP3Fif_DHU

  30. 29

    Ep 30 | Aaron Brown & Madhur Prashant - Trajectory-Aware Post-Training Security Agents | [un]prompted 2026

    Day 1 | Stage 2Agentic AI Builder from AWS presents complete open-source pipeline for trajectory-aware post-training of open-weight SLMs for cybersecurity tasks. Everyone talks about AI agents for security but almost no one discusses post-training underlying open-weight models. Frontier APIs work for prototypes but scaling autonomous security operations requires fine-tuned small language models optimized for specific tooling and reasoning patterns.Aaron Brown is Agentic AI Builder, AWS.Madhur Prashant is Applied AI/ML Engineer, AWS.Watch on YouTube: https://www.youtube.com/watch?v=4zoYCfHwhEk

  31. 28

    Ep 31 | Adam Krivka & Ondrej Vlcek - AI Found 12 Zero-Days in OpenSSL | [un]prompted 2026

    Day 1 | Stage 2AI Security Researchers from AISLE discuss AI finding 12 zero-days in OpenSSL (one of the most audited codebases on the planet). Three had been hidden for over two decades. AI has fundamentally changed vulnerability discovery economics—what once required elite expertise and months can now be done in hours. Explores what it takes to make AI vulnerability discovery effective at scale.Adam Krivka is AI Security Researcher, AISLE.Ondrej Vlcek is Co-founder & CEO, AISLE.Watch on YouTube: https://www.youtube.com/watch?v=IjL2qN1KDe8

  32. 27

    Ep 32 | Dan Guido - 200 Bugs/Week/Engineer: How We Rebuilt Trail of Bits Around AI | [un]prompted 2026

    Day 2 | Stage 1CEO of Trail of Bits explains strategy to turn the consulting firm into an AI-native organization. AI isn't a feature to "adopt"—it's a force that commoditizes effort and shortens half-life of best practices, especially in security work. Core idea is a compounding operating system built from incentives, defaults, guardrails, and verification loops letting humans and autonomous agents ship high-rigor work at dramatically higher throughput.Dan Guido is CEO, Trail of Bits.Watch on YouTube: https://www.youtube.com/watch?v=kgwvAyF7qsA

  33. 26

    Ep 33 | Sergej Epp - 8 Minutes to Admin. We Caught It in the Wild. | [un]prompted 2026

    Day 2 | Stage 1CISO from Sysdig discusses two AI-assisted attack campaigns caught: an 8-minute AWS escalation from stolen creds to full admin, and EtherRAT (fileless Node.js implant using Ethereum smart contracts for C2). Neither introduced novel attack primitives but compressed known techniques to speeds/scales breaking traditional detection models. Introduces behavioral methodology for attributing AI-assistance and shows why blockchain C2 is actually the defender's greatest forensic gift.Sergej Epp is CISO, Sysdig.Watch on YouTube: https://www.youtube.com/watch?v=xCtcQkJBReQ

  34. 25

    Ep 34 | Olivia Gallucci - macOS Vulnerability Research | [un]prompted 2026

    Day 2 | Stage 1Security Engineer from Datadog discusses operationalizing Apple's partial open-source codebase for offensive security. While Apple is known for closed ecosystem, significant portions of macOS and iOS are open source including security components. Walks through integrating generative AI and AI tooling into workflow for automating triage of open-source diffs, identifying code changes with high exploit potential.Olivia Gallucci is Security Engineer, Datadog.Watch on YouTube: https://www.youtube.com/watch?v=_f30RyXc_8Q

  35. 24

    Ep 35 | Georgi G - Promp2Pwn - LLMs Winning at Pwn2Own | [un]prompted 2026

    Day 2 | Stage 1Director of Research at Interrupt Labs built an agentic AI to hunt bugs for Pwn2Own. Found vulnerability in Samsung's own AI assistant, Bixby. Shows how it was wired up, what worked, what didn't, and why letting machines hunt bugs made Pwn2Own fun again.Georgi G is Director of Research, Interrupt Labs.Watch on YouTube: https://www.youtube.com/watch?v=c5XAvRbma6Y

  36. 23

    Ep 36 | Andrew Bullen - Breaking the Lethal Trifecta (Without Ruining Your Agents) | [un]prompted 2026

    Day 2 | Stage 1AI Security Lead from Stripe addresses the prompt injection elephant in the AI Security room—there's no deterministic defense, yet urgency driving AI adoption means many teams feel forced to accept risk or hobble agents. Presents a third path: containment. Shows Stripe's architectural guardrails for protecting agent platform: preventing data exfiltration through controlled egress, UI patterns for human confirmation flows, enforcing guardrails at CI-time using tool annotations.Andrew Bullen is AI Security Lead, Stripe.Watch on YouTube: https://www.youtube.com/watch?v=cNE7P5FkqR8

  37. 22

    Ep 37 | Brooks McMillin - Building Secure Agentic Systems | [un]prompted 2026

    Day 2 | Stage 1AI Security Researcher & Security Engineer from Dropbox shows what actually breaks when building agents used every day. Walks through real patterns from building specialized agents: capability bounding to prevent tool abuse, prompt injection detection requiring real-world tuning, multi-agent memory isolation failures and fixes, OAuth device flow for headless operation. Includes live demos and actual code.Brooks McMillin is AI Security Researcher & Security Engineer, Dropbox.Watch on YouTube: https://www.youtube.com/watch?v=SzLVXAzjOEU

  38. 21

    Ep 38 | Mudita Khurana - Rethinking how we evaluate security agents for real-world use | [un]prompted 2026

    Day 2 | Stage 1Staff Security Engineer from Airbnb addresses how security agents remain rooted in narrow, outcome-only benchmarks. These evaluations tell whether agent produced correct answer but not "how" or whether behavior remains stable once deployed. In practice, security is connected end-to-end workflow (find → confirm exploit → patch → validate loop). Introduces practical, capability-centric framework for evaluating security agents.Mudita Khurana is Staff Security Engineer, Airbnb.Watch on YouTube: https://www.youtube.com/watch?v=uImn7_dmeoY

  39. 20

    Ep 39 | Flash Talks - Ilia Shumailov, Rob Joyce, Ragini Ramalingam + more | [un]prompted 2026

    Day 2Flash talks from Ilia Shumailov, Rob Joyce, Ragini Ramalingam, and more.

  40. 19

    Ep 40 | Nicolas Lidzborski - Securing Workspace GenAI at Google Speed | [un]prompted 2026

    Day 2 | Stage 1Principal Engineer from Google Workspace Security discusses GenAI agents navigating a perilous "Perfect Storm" of access to sensitive data, exposure to untrusted content, and capability to execute external commands. Technical deep dive into architectural principles and defense strategies protecting Gemini and Google Workspace ecosystem. Shares real-world attacks including vulnerability where attacker could hijack agent via calendar invitation.Nicolas Lidzborski is Principal Engineer,Google Workspace Security.Watch on YouTube: https://www.youtube.com/watch?v=J9B6Ez2ynvk

  41. 18

    Ep 41 | Wes Ring & Josiah Peedikayil - Operation Pale Fire | [un]prompted 2026

    Day 2 | Stage 1From Block discuss red-teaming their own AI agent, goose (Block's open source AI agent). Best defense is good offense. When releasing goose, proactively identified how attackers will attempt to abuse it. Enter: Operation Pale Fire.Wes Ring is Security Engineer, Block.Josiah Peedikayil is Security Engineer, Block.Watch on YouTube: https://www.youtube.com/watch?v=SUa1nta8FGQ

  42. 17

    Ep 42 | Kyle Polley - Training BrowseSafe: Lessons from Detecting Prompt Injection | [un]prompted 2026

    Day 2 | Stage 1Member of Technical Staff at Perplexity shares experience training and deploying BrowseSafe for detecting prompt injection in production browser agents. Deploying AI agents that browse the web creates critical security challenge preventing malicious websites from hijacking agent behavior through embedded prompt injections. Built BrowseSafe-Bench—a realistic benchmark with attacks in high-entropy HTML pages. Fine-tuned Mixture-of-Experts model (Qwen-30B) achieves ~0.91 F1 scores with sub-100ms latency.Kyle Polley is Member of Technical Staff, Perplexity.Watch on YouTube: https://www.youtube.com/watch?v=Fzgqx1MauJg

  43. 16

    Ep 43 | Arthi Nagarajan - Exploring the AI Automation Boundary | [un]prompted 2026

    Day 2 | Stage 1Software Engineer for Internal Threat Detection at Datadog explores how AI can help security practitioners navigate overwhelming telemetry volumes. Automated three parts of threat hunting workflow: hypothesis-driven query generation, iterative refinement, narrowing toward pivotal evidence. Shares learnings evolving from single agent to orchestrator-subagent system focusing on trust, hallucinations, evaluations amidst real-world constraints.Arthi Nagarajan is Software Engineer, Internal Threat Detection, Datadog.Watch on YouTube: https://www.youtube.com/watch?v=EZSLjT8O2rw

  44. 15

    Ep 44 | Bob Rudis & Glenn Thorpe - Detection & Deception Engineering in the Matrix | [un]prompted 2026

    Day 2 | Stage 1V.P. Data Science and Sr. Director from GreyNoise Labs built Orbie—an AI agent operating on internet-scale honeypot data to surface emergent threats, identify campaigns, and write detection rules. Shares what works, what doesn't, and specific campaigns caught that traditional methods missed. Shows how domain expert knowledge embedded in tooling lets LLMs operate on billions of network sessions.Bob Rudis is VP Data Science, Security Research & Detection+Deception Engineering, GreyNoise Labs.Glenn Thorpe is Sr. Director, Security Research & Detection Engineering, GreyNoise Intelligence.Watch on YouTube: https://www.youtube.com/watch?v=k19CmI_Ni3M

  45. 14

    Ep 45 | Rob T. Lee, Glenn Thorpe, Dan Hubbard & Sergej Epp - Vibe Coded | [un]prompted 2026

    Day 2 | Stage 1Panel of creators who vibecoded at the conference to make it better, creating tools at the conference. Micro talks on what they did.Rob T. Lee is Chief AI Officer (CAIO) and Chief of Research, SANS Institute. Glenn Thorpe is Sr. Director, Security Research & Detection Engineering, GreyNoise Intelligence.Dan Hubbard is VP of Research, Vectra AI.Sergej Epp is CISO, Sysdig.Watch on YouTube: https://www.youtube.com/watch?v=2_Vq4vY5EaA

  46. 13

    Ep 46 | Gadi Evron for Zenity: PowerPoint Karaoke Presenting My Competitors Unreleased Research | [un]prompted 2026

    Day 2 | Stage 1Zenity Labs was supposed to present their research on agentic browser attacks, but the speakers were stranded in Israel when the airspace closed. Gadi stepped in to present their slides cold — he saw them for the first time on stage — in a session he calls PowerPoint karaoke. The research covers two attack chains targeting Comet, an agentic browser: the first uses a malicious calendar invite to navigate Comet to an attacker-controlled site and exfiltrate documents; the second abuses Comet's interaction with 1Password's autocomplete to gain access to the emergency kit.Gadi Evron is CEO of Knostic, presenting on behalf of Zenity Labs.Watch on YouTube: https://www.youtube.com/watch?v=yUqBC3mc544

  47. 12

    Ep 47 | Jackson Reed - Are you thinking what I'm thinking? | [un]prompted 2026

    Day 2 | Stage 1Founder & CEO of Barding Defense short talk.Jackson Reed is Founder & CEO, Barding Defense.Watch on YouTube: https://www.youtube.com/watch?v=j2_VsH6aNzY

  48. 11

    Ep 48 | Roey Ben Chaim - Total Recon: How We Discovered 1000s of Open Agents in the Wild | [un]prompted 2026

    Day 2 | Stage 2Staff Engineer from Zenity discusses how AI agents quietly created a new external attack surface: copilots, custom agents, AI middleware deployed to internet often without anyone realizing they're reachable, enumerable, or over-permissioned. Shows how attackers can find agents in the wild and used these details to find 1000s of exposed agents. Covers measuring exposure, proving obscurity fails, detecting threat-actor agent-focused recon.Roey Ben Chaim is Staff Engineer, Zenity.Watch on YouTube: https://www.youtube.com/watch?v=N0DukgZSREo

  49. 10

    Ep 49 | Johann Rehberger - Your Agent Works for Me Now | [un]prompted 2026

    Day 2 | Stage 2Red Team Director discusses how agentic AI in personal assistants, developer tools, and enterprise platforms can be infected with promptware—engineered prompts acting like malware. Demonstrates attacks and exploit chains including delayed tool invocation and intent activation tricks bypassing existing mitigations. Enables persistence, lateral movement, promptware-powered C2, and data exfiltration. Several exploit demos have not been publicly disclosed before.Johann Rehberger is Red Team Director.Watch on YouTube: https://www.youtube.com/watch?v=zVUm23P7ZNg

  50. 9

    Ep 50 | Niki Aimable Niyikiza - Capability-Based Authorization for AI Agents | [un]prompted 2026

    Day 2 | Stage 2Senior Security Engineer & AI Security Researcher from Snap addresses how prompt injection filters and coarse IAM roles consistently fail in multi-agent setups. Shows working alternative: treating agent authority as ephemeral, cryptographic warrants that attenuate on delegation (inspired by Macaroons/UCAN). Task-scoped, holder-bound, verified offline by tools in microseconds. Even fully compromised agent can't escalate or exfiltrate beyond bounds. Includes live demos and benchmarks.Niki Aimable Niyikiza is Senior Security Engineer & AI Security Researcher, Snap.Watch on YouTube: https://www.youtube.com/watch?v=bw928cFShK4

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

Every session of [un]prompted 2026: Nicholas Carlini, Daniel Miessler, Heather Adkins + 50 more who brought what they've learned from the edge: agents, detection, forensics, governance, llm security, offensive, prompt injection, threat intel. "It feels like a warp point in time: the moment security has to decide whether to stay deterministic, or jump into this non‑deterministic, AI‑driven world. But if we can pull just 2% of the people around us up one level, from "I type into ChatGPT like Google" to "I use agents and tools," then I believe we can change companies and countries.” - Gadi Evron.

HOSTED BY

[un]prompted

CATEGORIES

Frequently Asked Questions

How many episodes does [un]prompted Security Practitioner Con 2026 have?

[un]prompted Security Practitioner Con 2026 currently has 50 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is [un]prompted Security Practitioner Con 2026 about?

Every session of [un]prompted 2026: Nicholas Carlini, Daniel Miessler, Heather Adkins + 50 more who brought what they've learned from the edge: agents, detection, forensics, governance, llm security, offensive, prompt injection, threat intel. "It feels like a warp point in time: the moment security...

How often does [un]prompted Security Practitioner Con 2026 release new episodes?

[un]prompted Security Practitioner Con 2026 has 50 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to [un]prompted Security Practitioner Con 2026?

You can listen to [un]prompted Security Practitioner Con 2026 on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts [un]prompted Security Practitioner Con 2026?

[un]prompted Security Practitioner Con 2026 is created and hosted by [un]prompted.
URL copied to clipboard!