AI security and AI in cybersecurity and general shenanigans will likely drive every hallway conversation that matters to me in Las Vegas. When Black Hat USA opens its doors, Mandalay Bay turns into a temporary capital of offensive and defensive techniques. Yet the most valuable insights often surface away from the main stage.

This year, I am super excited for:

• Groundbreaking research

• BSides Las Vegas

• OWASP Agentic Top 10 Global Kickoff

• OWASP GenAI Security, Agentic Briefing & Brews

• OWASP GenAI Security Project Insecure Agents Hackathon at DEFCON

• Policy signals from marquee keynotes

• Hallway-con with friends old and new

I look forward to riffing on whether we can turn promising ideas into solid controls before autonomous threats out-innovate us.

AI Security Research Conversations Everywhere

Generative tooling has evolved from novelty to critical dependency in just a few conference cycles. Most technology stacks now rely on at least one large-language model, and adversaries know it. That reality will hang over every briefing and vendor demo in Las Vegas. Rather than chase slide decks, I plan to spend my mornings comparing notes with practitioners who red-team production models. We will swap playbooks for guarding context windows, throttling tool access by risk tier, and measuring guardrail drift over time.

Nobody needs to have had their CFP acceptance to share lessons. Mine wasn’t

Hallway-Con often produces the best conversations and opportunities for learning. If you hear someone unpacking prompt-injection defenses, join the circle. You will leave with at least one experiment worth running when you get home.

BSides Las Vegas: The Intimate Lab

Before Black Hat’s briefings begin, BSides Las Vegas offers a grassroots arena where ideas get challenged without filters. The rooms are deliberately small, and the Q&A can last longer than the talk itself. I expect lively debate on how to balance transparency with security when publishing attack datasets, and whether federated learning can ever be auditable enough for critical infrastructure. Bring your unpolished concepts; BSides rewards authenticity over polish.

OWASP GenAI Events You Shouldn’t Miss

Three community gatherings promise concrete takeaways for anyone securing agentic systems:

• OWASP Agentic Top 10 Global Kickoff: Four Seasons, August 5, morning. The project team reveals the first-ranked list of threats unique to LLM-driven agents and opens the floor for community review. Expect spirited discussion about wording, severity, and coverage gaps.

• OWASP GenAI Security, Agentic Briefing & Brews: Late afternoon, August 6. Yours truly will be speaking. A rapid-fire briefing highlights real incidents discovered in the past year, followed by an informal networking session two blocks from Mandalay Bay. The mix of practitioners and researchers makes this the place to test assumptions before they calcify.

• OWASP GenAI Security Project Insecure Agents Hackathon at DEFCON: August 9, Las Vegas Convention Center. Participants weaponize intentionally flawed agents, then harden them, vying for a spot on the project’s Hall of Fame. Bring your laptop and a sense of adventure.

These events matter because they bridge theory and practice. I’ll be speaking about the current regulatory landscape at the Agentic Briefing and Brews.

Policy Signals and Keynotes

Black Hat keynotes always set the tone for the broader industry. This year, veteran threat hunters, citizen-lab investigators, and former policymakers share the stage. I am listening for hints about how export controls, breach-reporting mandates, and model governance frameworks will shape product roadmaps. Hearing directly from researchers tracking state-sponsored operations helps refine the risk models I bake into client engagements.

Friends, More Hallway-Con, and the Business Hall

Conferences succeed or fail on relationships. My calendar is packed with peers who have shipped agentic SOC automations in the past nine months. We will compare metrics on detection accuracy, containment speed, and operator trust. Over coffee, or maybe a late-night beverage, we will test whether our shiny new controls survive real-world constraints like latency budgets and resource quotas.

The Business Hall adds another dimension. Startups race to solve the same problems we debate in the hallway. Will we start to see vendors venturing into secure RAG, provenance stamping, and policy-aware memory layers?

DEF CON Hackathon: Break, Fix, Repeat

After Black Hat ends, DEFCON turns the city into an open-air peer review. The OWASP GenAI Security Project Insecure Agents Hackathon at DEFCON hackathon on August 9 lets you probe autonomous agents until they spill secrets, elevate privileges, or enter infinite loops. Then you flip sides, patch the holes, and see if your fix holds up. The exercise rewires your intuition about what “secure by design” really means for self-directed systems.

Black Hat week rewards practitioners who show up curious, challenge their frameworks, and leave with experiments ready for the next sprint. AI security research moves fast; Las Vegas compresses a year of hallway wisdom into a few intense days.

Call to Action

Want to measure your stack against the threats that dominate these conversations?

👉 Book a Complimentary Risk Review.

👉 Register for all of the OWASP GenAI events I linked to above

👉 Subscribe for more AI security and governance insights with the occasional rant.

RockCyber Musings

AI and Cyber Geek

By Rock Lambros