Visible on website? | Status | Session Type | Session Name | Time | Presenters | Track | Room | Session Description | Special Requirements? | Privacy Preferences | Timeslot (Hidden) | GMT+3 Timeslot | Notes | Time Block |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
All details locked | Other | Registration & Breakfast | 9:00am - 10:00am | General | Ballroom Foyer | August 7, 2025 9:00 AM (GMT+3) → August 7, 2025 10:00 AM (GMT+3) | 9:00am-10:00am | |||||||
Session confirmed | 5-min Lightning Talk | Opening Remarks | 10:00am - 10:15am | General | Grand Ballroom 4-6 | August 7, 2025 10:00 AM (GMT+3) → August 7, 2025 10:15 AM (GMT+3) | 10:00am-12:00pm | |||||||
Session confirmed | Other | Opening Plenary | 10:00am - 12:00pm | General | Grand Ballroom 4-6 | August 7, 2025 10:00 AM (GMT+3) → August 7, 2025 12:00 PM (GMT+3) | 10:00am-12:00pm | |||||||
All details locked | 20-min Keynote | The State of AI Security | 10:15am - 10:35am | General | Grand Ballroom 4-6 | Sella will share highlights on how the field of frontier AI security has evolved in the past year - including in industry, government, civil society, and more. | None | None | August 7, 2025 10:15 AM (GMT+3) → August 7, 2025 10:35 AM (GMT+3) | 10:00am-12:00pm | ||||
All details locked | 20-min Keynote | The Path to ASL-3 at Anthropic | 10:40am - 11:00am | General | Grand Ballroom 4-6 | A retroactive look at the Anthropic ASL-3 attainment and challenges. | Don't shareDon't recordChatham House Rules | August 7, 2025 10:40 AM (GMT+3) → August 7, 2025 11:00 AM (GMT+3) | 10:00am-12:00pm | |||||
All details locked | 20-min Keynote | How to Securely Deploy Agents that Make Sensitive Decisions in Untrusted Environments | 11:05am - 11:25am | General | Grand Ballroom 4-6 | To fully harness the potential of AI automation and maximize innovation in novel AI application areas, we need AI colleagues and personal assistants capable of making sensitive decisions in untrusted environments that may contain adversarial data. In my talk I’ll argue that while there is no universal, risk-free technical solution to this challenge, achieving agent security is not fundamentally different from previous technical security challenges, which similarly lacked risk-free solutions and required a multi-disciplinary and evolving set of strategies to achieve an acceptable—if not perfect—balance between security and utility. To flesh this out, I’ll draw parallels to how the security community has historically managed issues such as malware, software security, and ransomware protection. For years, the industry sought universal solutions for such problems, but success came from a continuous, multi-disciplinary, dialectical, "all of the above" approach that reduced risk to an acceptable, though not perfect, steady state. | August 7, 2025 11:05 AM (GMT+3) → August 7, 2025 11:25 AM (GMT+3) | 10:00am-12:00pm | ||||||
All details locked | 20-min Keynote | Patching Critical Infrastructure: Lessons from DARPA’s AI Cyber Challenge | 11:30am - 11:50am | General | Grand Ballroom 4-6 | DARPA and ARPA-H are on a mission to advance AI-driven cybersecurity and usher in a future where we can patch vulnerabilities before they can be exploited. AI Cyber Challenge Program Manager Andrew Carney will deliver the latest news about the competition and discuss how the program is driving the innovation of responsible AI systems designed to address some of our most important digital issues today: the security of critical infrastructure and software supply chains. | None | Don't shareDon't record | August 7, 2025 11:30 AM (GMT+3) → August 7, 2025 11:50 AM (GMT+3) | 10:00am-12:00pm | ||||
All details locked | Break/Meal | Lunch | 12:00pm - 1:30pm | General | Grand Ballroom 1-3 | August 7, 2025 12:00 PM (GMT+3) → August 7, 2025 1:30 PM (GMT+3) | 12:00pm-1:30pm | |||||||
Session confirmed | 60-min Workshop | Open Problems in AI Verification and Technical Transparency | 1:30pm - 2:30pm | Hardware Enabled Verification | Harper A-B | Verifying a compute cluster's workloads and results could advance multiple goals, including: preventing model exfiltration, detecting rogue deployments, and verifying international agreements on AI. This session will give a technical overview of the state of the field and open challenges, based on recent research (https://www.arxiv.org/abs/2507.15916), followed by Q&A and brainstorming concrete options for getting involved. The session will focus on software and ML problems. | Set up for Workshop | Checking with employer | August 7, 2025 1:30 PM (GMT+3) → August 7, 2025 2:30 PM (GMT+3) | It'd be helpful to hear a little about forum attendees' backgrounds/expertise | 1:30pm-2:30pm | |||
Session confirmed | 60-min Workshop | Workshop: Building Agentic Evals with Inspect Cyber | 1:30pm - 2:30pm | Offensive Security / Evals | Harper C-D | In this hands-on workshop, you'll explore Inspect AI's capabilities for streamlining agentic evaluation development and build your own eval to run locally with Docker. Before you arrive: * Install Docker on your laptop or virtual machine * Test the installation: `docker run hello-world` | Set up for Workshop | None | August 7, 2025 1:30 PM (GMT+3) → August 7, 2025 2:30 PM (GMT+3) | 1:30pm-2:30pm | ||||
All details locked | 25-min Fireside Chat | Fireside Chat: Threat Modeling in the Age of Autonomous Systems - Rethinking Risk When the System Evolves | 1:30pm - 2:00pm | AI for defensive security | Grand Ballroom 4-6 | From prompt exploits to agentic behaviour, how defenders must reshape assumptions, frameworks, and collaboration to meet AI-native threats head-on. | Set up for 2 people | None | August 7, 2025 1:30 PM (GMT+3) → August 7, 2025 2:00 PM (GMT+3) | Wants session at 1:30pm. Fireside Convo with Rob Duhart, we will each ask questions of each other. | 1:30pm-2:30pm | |||
Session confirmed | 25-min Talk | Offensive AI: Welcome to the Party | 2:00pm - 2:30pm | Offensive Security / Evals | Grand Ballroom 4-6 | Initially called out in the Biden Executive Order, the capabilities of models to execute offensive security tasks has been hotly debated. It is now 2025, and several examples of models not just performing these tasks, but excelling at them have been shown. This talk will discuss our findings across reversing, multi-step network attacks, bug bounty, threat intel, and more. This technology is multi-use at its core, and offers uplift to all sides. | None | None | August 7, 2025 2:00 PM (GMT+3) → August 7, 2025 2:30 PM (GMT+3) | Schedule before a break | 1:30pm-2:30pm | |||
Session confirmed | 25-min Talk | Securing AI Infrastructure Against Hardware Supply Chain Attacks | 2:00pm - 2:30pm | Securing AI Infrastructure | Madison A-C | Can supply chains be trusted? This talk highlights how integrity can quietly fail from design to decommission, and why that matters for AI security, compliance, and export controls. Learn what you can implement today and what you can work on to advance the state of the art. | None | None | August 7, 2025 2:00 PM (GMT+3) → August 7, 2025 2:30 PM (GMT+3) | 1:30pm-2:30pm | ||||
All details locked | Break/Meal | Break & Demos | 2:30pm - 3:00pm | General | Ballroom Foyer | August 7, 2025 2:30 PM (GMT+3) → August 7, 2025 3:00 PM (GMT+3) | 2:30pm-3:00pm | |||||||
Session confirmed | 60-min Workshop | Workshop: Building Offensive Cyber Agents | 3:00pm - 4:00pm | Offensive Security / Evals | Harper A-B | Everyone wants to build cyber agents, but they don’t have the building blocks to go from PoC to production. In this workshop attendees will learn how to use our open-source frameworks to deploy agents on real world offensive tasks. Attendee requirements: Bring your laptop and make sure you have python installed. | Set up for Workshop | None | August 7, 2025 3:00 PM (GMT+3) → August 7, 2025 4:00 PM (GMT+3) | 3:00pm-4:00pm | ||||
Session confirmed | 60-min Workshop | Tabletop Exercise: Security & AI | 3:00pm - 4:00pm | Securing AI Infrastructure | Harper C-D | The impact of superhuman AI over the next decade may be enormous, exceeding that of the Industrial Revolution. In this Tabletop exercise, we will explore how Security measures may be critical for AI progress. We'll simulate decisions and developments for labs, governments and state actors and get a glimpse of how impactful they might be. | Set up for Workshop | Don't recordDon't share | August 7, 2025 3:00 PM (GMT+3) → August 7, 2025 4:00 PM (GMT+3) | 3:00pm-4:00pm | ||||
Session confirmed | 25-min Talk | Mitigating Insider Threat from AI: A Novel Computer Security Challenge | 3:00pm - 3:30pm | AI for defensive security | Grand Ballroom 4-6 | AI developers will need to handle the possibility that their AI agents are conspiring against them. This problem has some fundamental structural differences from the most important security problems today, and will require creative and novel solutions. In this talk I'll explain how I think this problem compares to other security settings, and describe our prospects for solving it. | None | None | August 7, 2025 3:00 PM (GMT+3) → August 7, 2025 3:30 PM (GMT+3) | 3:00pm-4:00pm | ||||
Session confirmed | 25-min Talk | Fireside Chat: Founding Fields and Companies to Secure AI Model Weights | 3:00pm - 3:30pm | Securing AI Infrastructure | Madison A-C | Dan co-wrote the securing model weights report (which has influenced the work of several speakers at this forum) and founded Pattern Labs which (amongst other things) aims to radically improve the security posture of AI companies. Dan and Caleb will chat about his field building work, realities of securing model weights from outside labs, and areas that he’s most excited for people to work on in future. | None | None | August 7, 2025 3:00 PM (GMT+3) → August 7, 2025 3:30 PM (GMT+3) | 3:00pm-4:00pm | ||||
Session confirmed | 25-min Talk | Beyond CTFs: Evaluating AI Cyber capabilities in Real-World Environments | 3:30pm - 4:00pm | Offensive Security / Evals | Grand Ballroom 4-6 | This session introduces an innovative approach to assessing AI cyber capabilities through virtualised infrastructure rather than traditional CTF challenges. Current evaluations often test isolated skills using problems with published solutions, failing to measure real-world operational abilities. The UK AI Security Institute's open-source Proxmox integration for the Inspect framework enables testing against authentic cyber environments, providing more accurate assessment of AI systems' genuine problem-solving capabilities in operational contexts. | None | None | August 7, 2025 3:30 PM (GMT+3) → August 7, 2025 4:00 PM (GMT+3) | 3:00pm-4:00pm | ||||
Session confirmed | 25-min Talk | Securing History's Greatest Infrastructure Buildout | 3:30pm - 4:00pm | Securing AI Infrastructure | Madison A-C | The gigawatt scale AGI data centers underway will be perhaps the most critical locations on earth. But how should we think about security in the domain of megaprojects?This talk will walk through a full-stack, interactive demo of the attack surface at one of the world's largest cluster build-outs, based on publicly available, "open source intelligence" (OSINT).It will combine sources like satellite footage, amateur drone recordings, and utility diagrams; as well as quantitative simulations of the network topology of clusters of tens of thousands of Nvidia GB200s --- with an aim of understanding end-to-end attack chains across the cyber and physical domains, and how to defend against them. | None | Don't record | August 7, 2025 3:30 PM (GMT+3) → August 7, 2025 4:00 PM (GMT+3) | 3:00pm-4:00pm | ||||
All details locked | Break/Meal | Break & Demos | 4:00pm - 4:30pm | General | Ballroom Foyer | August 7, 2025 4:00 PM (GMT+3) → August 7, 2025 4:30 PM (GMT+3) | 4:00pm-4:30pm | |||||||
Session confirmed | 25-min Talk | Massively Accelerating Software Verification | 4:30pm - 5:00pm | AI for defensive security | Madison A-C | August 7, 2025 4:30 PM (GMT+3) → August 7, 2025 5:00 PM (GMT+3) | 4:30pm-5:30pm | |||||||
Session confirmed | 25-min Talk | Using Zero-Knowledge Proofs for Weight Protection | 4:30pm - 5:00pm | Securing AI Infrastructure | Grand Ballroom 4-6 | Recent breakthroughs in zero-knowledge proof systems pave the way for a new security paradigm, where the computation is cryptographically verified. AI workloads possess certain properties that make them ideal candidates for this new technology. This talk shortly unpacks why AI is such a good candidate for verifiable compute and what the possible applications for it are in AI security, including preventing sabotage and theft of model weights. | None | Don't share | August 7, 2025 4:30 PM (GMT+3) → August 7, 2025 5:00 PM (GMT+3) | “I marked not to share the recording online, I might allow it after the talk depending on how it goes :)” | 4:30pm-5:30pm | |||
Session confirmed | 60-min Workshop | Workshop: Equipping the AI Hardware Stack for Verification - Workshopping Implementation Ideas | 4:30pm - 5:30pm | Hardware Enabled Verification | Harper A-B | There’s often thought to be an irreconcilable tension between AI diffusion and security: broad access raises the risk of misuse or loss of control, while strict limitations can hinder innovation and reinforce power imbalances. Embedding privacy-preserving verification capabilities into the AI hardware stack would allow us to escape that tradeoff. This session explores how to make that possible. After a brief overview of the problem space and concrete use cases, we’ll break into small groups to workshop implementation ideas. We will consider different stakeholders (e.g. AI developers, auditors, end users), different form factors (e.g. on-chip, off-chip, software-only), and technical components (e.g. guarantee processors, analogous sensors, secure update mechanisms, anti-tamper enclosures). | Set up for Workshop | None | August 7, 2025 4:30 PM (GMT+3) → August 7, 2025 5:30 PM (GMT+3) | 4:30pm-5:30pm | ||||
Session confirmed | 60-min Workshop | Workshop: Deep Dive on Threats from Using AI Agents for AI R&D | 4:30pm - 5:30pm | AI for defensive security | Harper C-D | Using AI agents for AI R&D poses a number of unique threats compared to other applications. Most importantly, these AIs have access to many affordances that developers are very wary about granting to unvetted human employees: access to algorithmic secrets, sensitive model weights, and massive quantities of compute. In this session, we'll discuss the dynamics here, including a detailed discussion of which threat models seem particularly hard to mitigate using traditional computer security techniques. | None | None | August 7, 2025 4:30 PM (GMT+3) → August 7, 2025 5:30 PM (GMT+3) | 4:30pm-5:30pm | ||||
Session confirmed | 25-min Talk | Mining Docker Hub for 0-days and Offsec Benchmarks | 5:00pm - 5:30pm | Offensive Security / Evals | Madison A-C | CTF challenges have become the backbone of cybersecurity evaluations for AI. However, they tend to be unrealistic in various ways (e.g., smaller than real apps, contain hints to the solution, etc.). We describe an alternative: we scrape Docker Hub for appropriate applications (web apps, in our case), automatically set them up using an LLM agent & plant CTF-style flags, and then attack them with our offsec agent to find 0-day vulnerabilities. | None | None | August 7, 2025 5:00 PM (GMT+3) → August 7, 2025 5:30 PM (GMT+3) | 4:30pm-5:30pm | ||||
Session confirmed | 25-min Fireside Chat | Fireside Chat: Report on “Achieving A Secure AI Agent Ecosystem” | 5:00pm - 5:30pm | Securing AI Infrastructure | Grand Ballroom 4-6 | Set up for 3 people | None | August 7, 2025 5:00 PM (GMT+3) → August 7, 2025 5:30 PM (GMT+3) | Schedule before a break | 4:30pm-5:30pm | ||||
Session confirmed | Break/Meal | Break & Demos | 5:30pm - 6:00pm | General | Ballroom Foyer | August 7, 2025 5:30 PM (GMT+3) → August 7, 2025 6:00 PM (GMT+3) | 5:30pm-6:00pm | |||||||
Session confirmed | 25-min Talk | Frontier Models for Cybersecurity | 6:00pm - 6:30pm | AI for defensive security | Grand Ballroom 4-6 | In this talk we will give an overview of the latest developments in AI for cybersecurity. Over the past decade, there has been a transformation in the world of cybersecurity due to scale of data. In this coming decade, cybersecurity will be transformed through adoption of AI. In this talk we will discuss some of the challenges the industry is facing in adopting AI and argue for open innovation in AI for cybersecurity. | None | None | August 7, 2025 6:00 PM (GMT+3) → August 7, 2025 6:30 PM (GMT+3) | 6:00pm-7:15pm | ||||
Session confirmed | 25-min Talk | How and Why to Build AI Tools for AGI Security | 6:00pm - 6:30pm | AI for defensive security | Madison A-C | Leveraging AI will be critical for securing AGI model weights and algorithmic secrets. Yet, despite a boom in AI-powered cybersecurity, very few projects are applying AI to the most important AGI security challenges. This talk argues for more work in this area, and outlines two strategies for builders: • Rethinking security from first principles for a world with abundant intelligence, rather than merely automating existing processes. • Accelerating the development of key defensive AI capabilities. | None | None | August 7, 2025 6:00 PM (GMT+3) → August 7, 2025 6:30 PM (GMT+3) | 6:00pm-7:15pm | ||||
Session confirmed | Other | Closing Plenary | 6:30pm - 7:15pm | General | Grand Ballroom 4-6 | August 7, 2025 6:30 PM (GMT+3) → August 7, 2025 7:15 PM (GMT+3) | 6:00pm-7:15pm | |||||||
All details locked | Break/Meal | Buffet Dinner, Drinks, and Networking (Co-sponsored by CoSAI) | 7:15pm - 11:00pm | General | Grand Ballroom 1-3 | August 7, 2025 7:15 PM (GMT+3) → August 7, 2025 11:00 PM (GMT+3) | 7:15pm-11:00pm | |||||||
All details locked | Break/Meal | Demo Fair | 7:30pm - 8:30pm | General | Ballroom Foyer | August 7, 2025 7:30 PM (GMT+3) → August 7, 2025 8:30 PM (GMT+3) | 7:15pm-11:00pm | |||||||
Ideas | AIxCC | |||||||||||||
Ideas | Tim Fist | |||||||||||||
Ideas | Illia Shumailov? |