Vegas Forum Schedule

9:00am - 10:00am

10:00am - 12:00pm

10:00am - 10:15am

10:15am - 10:35am

10:40am - 11:00am

A retroactive look at the Anthropic ASL-3 attainment and challenges.

11:05am - 11:25am

To fully harness the potential of AI automation and maximize innovation in novel AI application areas, we need AI colleagues and personal assistants capable of making sensitive decisions in untrusted environments that may contain adversarial data. In my talk I’ll argue that while there is no universal, risk-free technical solution to this challenge, achieving agent security is not fundamentally different from previous technical security challenges, which similarly lacked risk-free solutions and required a multi-disciplinary and evolving set of strategies to achieve an acceptable—if not perfect—balance between security and utility. To flesh this out, I’ll draw parallels to how the security community has historically managed issues such as malware, software security, and ransomware protection. For years, the industry sought universal solutions for such problems, but success came from a continuous, multi-disciplinary, dialectical, "all of the above" approach that reduced risk to an acceptable, though not perfect, steady state.

11:30am - 10:50am

DARPA and ARPA-H are on a mission to advance AI-driven cybersecurity and usher in a future where we can patch vulnerabilities before they can be exploited. AI Cyber Challenge Program Manager Andrew Carney will deliver the latest news about the competition and discuss how the program is driving the innovation of responsible AI systems designed to address some of our most important digital issues today: the security of critical infrastructure and software supply chains.

12:00pm - 1:30pm

1:30pm - 2:30pm

Verifying a compute cluster's workloads and results could advance multiple goals, including: preventing model exfiltration, detecting rogue deployments, and verifying international agreements on AI. This session will give a technical overview of the state of the field and open challenges, based on recent research (https://www.arxiv.org/abs/2507.15916), followed by Q&A and brainstorming concrete options for getting involved.

It'd be helpful to hear a little about forum attendees' backgrounds/expertise

1:30pm - 2:30pm

In this hands-on workshop, you'll explore Inspect AI's capabilities for streamlining agentic evaluation development and build your own eval to run locally with Docker. Before you arrive: * Install Docker on your laptop or virtual machine * Test the installation: `docker run hello-world`

1:30pm - 2:00pm

From prompt exploits to agentic behaviour, how defenders must reshape assumptions, frameworks, and collaboration to meet AI-native threats head-on.

Wants session at 1:30pm. Fireside Convo with Rob Duhart, we will each ask questions of each other.

1:30pm - 2:00pm

A primer on targeting model registries and MLOps in cyber/EW warfare, the growing importance of AI in findings and weaponizing vulnerabilities, and the use of AI in offensive cyber operations.

Wants session 11-3pm

2:00pm - 2:30pm

Initially called out in the Biden Executive Order, the capabilities of models to execute offensive security tasks has been hotly debated. It is now 2025, and several examples of models not just performing these tasks, but excelling at them have been shown. This talk will discuss our findings across reversing, multi-step network attacks, bug bounty, threat intel, and more. This technology is multi-use at its core, and offers uplift to all sides.

Schedule before a break

2:00pm - 2:30pm

Can supply chains be trusted? This talk highlights how integrity can quietly fail from design to decommission, and why that matters for AI security, compliance, and export controls. Learn what you can implement today and what you can work on to advance the state of the art.

"Let me know if you have a preference that I talk about "physical attacks" instead of "supply chain attacks". I beliefe supply chain attacks is more urgent and more tractable right now, therefore I slightly lean to focus on that topic instead.”

2:30pm - 3:00pm

3:00pm - 4:00pm

Everyone wants to build cyber agents, but they don’t have the building blocks to go from PoC to production. In this workshop attendees will learn how to use our open-source frameworks to deploy agents on real world offensive tasks.

3:00pm - 4:00pm

The impact of superhuman AI over the next decade may be enormous, exceeding that of the Industrial Revolution. In this Tabletop exercise, we will explore how Security measures may be critical for AI progress. We'll simulate decisions and developments for labs, governments and state actors and get a glimpse of how impactful they might be.

3:00pm - 4:00pm

3:00pm - 3:30pm

This session introduces an innovative approach to assessing AI cyber capabilities through virtualised infrastructure rather than traditional CTF challenges. Current evaluations often test isolated skills using problems with published solutions, failing to measure real-world operational abilities. The UK AI Security Institute's open-source Proxmox integration for the Inspect framework enables testing against authentic cyber environments, providing more accurate assessment of AI systems' genuine problem-solving capabilities in operational contexts.

3:00pm - 3:30pm

AI developers will need to handle the possibility that their AI agents are conspiring against them. This problem has some fundamental structural differences from the most important security problems today, and will require creative and novel solutions. In this talk I'll explain how I think this problem compares to other security settings, and describe our prospects for solving it.

3:30pm - 4:00pm

3:30pm-4:00pm

4:00pm - 4:30pm

4:30pm - 5:00pm

Recent breakthroughs in zero-knowledge proof systems pave the way for a new security paradigm, where the computation is cryptographically verified. AI workloads possess certain properties that make them ideal candidates for this new technology. This talk shortly unpacks why AI is such a good candidate for verifiable compute and what the possible applications for it are in AI security, including preventing sabotage and theft of model weights.

“I marked not to share the recording online, I might allow it after the talk depending on how it goes :)”

4:30pm - 5:30pm

There’s often thought to be an irreconcilable tension between AI diffusion and security: broad access raises the risk of misuse or loss of control, while strict limitations can hinder innovation and reinforce power imbalances. Embedding privacy-preserving verification capabilities into the AI hardware stack would allow us to escape that tradeoff. This session explores how to make that possible. After a brief overview of the problem space and concrete use cases, we’ll break into small groups to workshop implementation ideas. We will consider different stakeholders (e.g. AI developers, auditors, end users), different form factors (e.g. on-chip, off-chip, software-only), and technical components (e.g. guarantee processors, analogous sensors, secure update mechanisms, anti-tamper enclosures).

4:30pm - 5:30pm

Using AI agents for AI R&D poses a number of unique threats compared to other applications. Most importantly, these AIs have access to many affordances that developers are very wary about granting to unvetted human employees: access to algorithmic secrets, sensitive model weights, and massive quantities of compute. In this session, we'll discuss the dynamics here, including a detailed discussion of which threat models seem particularly hard to mitigate using traditional computer security techniques.

4:30pm - 5:30pm

5:00pm - 5:30pm

5:00pm - 5:30pm

Schedule before a break

5:30pm - 6:00pm

6:00pm - 6:30pm

In this talk we will give an overview of the latest developments in AI for cybersecurity. Over the past decade, there has been a transformation in the world of cybersecurity due to scale of data. In this coming decade, cybersecurity will be transformed through adoption of AI. In this talk we will discuss some of the challenges the industry is facing in adopting AI and argue for open innovation in AI for cybersecurity.

6:00pm - 6:30pm

AI could be a critically important tool for securing AGI model weights and algorithmic secrets, yet very few projects are using AI to tackle the most important AGI security challenges. This talk will argue that building defensive AI is one of the most valuable approaches to AGI security. It will explore neglected approaches, like differential AI development, and discuss how to build for a world with abundant intelligence.

6:00pm - 6:30pm

6:30pm - 7:15pm

7:15pm - 11:00pm