9:00am - 10:00am

10:00am - 12:00pm

12:00pm - 1:30pm

1:30pm - 2:30pm

In this hands-on workshop, you'll explore Inspect AI's capabilities for streamlining agentic evaluation development and build your own eval to run locally with Docker. Before you arrive: * Install Docker on your laptop or virtual machine * Test the installation: `docker run hello-world`

1:30pm - 2:30pm

Verifying a compute cluster's workloads and results could advance multiple goals, including: preventing model exfiltration, detecting rogue deployments, and verifying international agreements on AI. This session will give a technical overview of the state of the field and open challenges, based on recent research (https://www.arxiv.org/abs/2507.15916), followed by Q&A and brainstorming concrete options for getting involved.

1:30pm - 2:00pm

A primer on targeting model registries and MLOps in cyber/EW warfare, the growing importance of AI in findings and weaponizing vulnerabilities, and the use of AI in offensive cyber operations.

1:30pm - 2:00pm

From prompt exploits to agentic behaviour, how defenders must reshape assumptions, frameworks, and collaboration to meet AI-native threats head-on.

2:00pm - 2:30pm

Can supply chains be trusted? This talk highlights how integrity can quietly fail from design to decommission, and why that matters for AI security, compliance, and export controls. Learn what you can implement today and what you can work on to advance the state of the art.

2:00pm - 2:30pm

Initially called out in the Biden Executive Order, the capabilities of models to execute offensive security tasks has been hotly debated. It is now 2025, and several examples of models not just performing these tasks, but excelling at them have been shown. This talk will discuss our findings across reversing, multi-step network attacks, bug bounty, threat intel, and more. This technology is multi-use at its core, and offers uplift to all sides.

2:30pm - 3:00pm

3:00pm - 4:00pm

Everyone wants to build cyber agents, but they don’t have the building blocks to go from PoC to production. In this workshop attendees will learn how to use our open-source frameworks to deploy agents on real world offensive tasks.

3:00pm - 4:00pm

The impact of superhuman AI over the next decade may be enormous, exceeding that of the Industrial Revolution. In this Tabletop exercise, we will explore how Security measures may be critical for AI progress. We'll simulate decisions and developments for labs, governments and state actors and get a glimpse of how impactful they might be.

3:00pm - 3:30pm

This session introduces an innovative approach to assessing AI cyber capabilities through virtualised infrastructure rather than traditional CTF challenges. Current evaluations often test isolated skills using problems with published solutions, failing to measure real-world operational abilities. The UK AI Security Institute's open-source Proxmox integration for the Inspect framework enables testing against authentic cyber environments, providing more accurate assessment of AI systems' genuine problem-solving capabilities in operational contexts.

3:00pm - 3:30pm

AI developers will need to handle the possibility that their AI agents are conspiring against them. This problem has some fundamental structural differences from the most important security problems today, and will require creative and novel solutions. In this talk I'll explain how I think this problem compares to other security settings, and describe our prospects for solving it.

3:30pm - 4:00pm

3:30pm-4:00pm

4:00pm - 4:30pm

4:30pm - 5:00pm

Recent breakthroughs in zero-knowledge proof systems pave the way for a new security paradigm, where the computation is cryptographically verified. AI workloads possess certain properties that make them ideal candidates for this new technology. This talk shortly unpacks why AI is such a good candidate for verifiable compute and what the possible applications for it are in AI security, including preventing sabotage and theft of model weights.

4:30pm - 5:30pm

There’s often thought to be an irreconcilable tension between AI diffusion and security: broad access raises the risk of misuse or loss of control, while strict limitations can hinder innovation and reinforce power imbalances. Embedding privacy-preserving verification capabilities into the AI hardware stack would allow us to escape that tradeoff. This session explores how to make that possible. After a brief overview of the problem space and concrete use cases, we’ll break into small groups to workshop implementation ideas. We will consider different stakeholders (e.g. AI developers, auditors, end users), different form factors (e.g. on-chip, off-chip, software-only), and technical components (e.g. guarantee processors, analogous sensors, secure update mechanisms, anti-tamper enclosures).

4:30pm - 5:30pm

Using AI agents for AI R&D poses a number of unique threats compared to other applications. Most importantly, these AIs have access to many affordances that developers are very wary about granting to unvetted human employees: access to algorithmic secrets, sensitive model weights, and massive quantities of compute. In this session, we'll discuss the dynamics here, including a detailed discussion of which threat models seem particularly hard to mitigate using traditional computer security techniques.

5:00pm - 5:30pm

5:30pm - 6:00pm

6:00pm - 6:30pm

In this talk we will give an overview of the latest developments in AI for cybersecurity. Over the past decade, there has been a transformation in the world of cybersecurity due to scale of data. In this coming decade, cybersecurity will be transformed through adoption of AI. In this talk we will discuss some of the challenges the industry is facing in adopting AI and argue for open innovation in AI for cybersecurity.

6:00pm - 6:30pm

AI could be a critically important tool for securing AGI model weights and algorithmic secrets, yet very few projects are using AI to tackle the most important AGI security challenges. This talk will argue that building defensive AI is one of the most valuable approaches to AGI security. It will explore neglected approaches, like differential AI development, and discuss how to build for a world with abundant intelligence.

6:30pm - 7:15pm

7:15pm - 11:00pm