TALKS & SPEAKERS
Two days of conferences | 1 talks | 2 speakers
Click on a talk to see the speaker's presentation
Opening Keynote
Bruce Dang, Thai DuongOpening Keynote
Abstract
2026 has been the year of AI for vulnerability research. Within a period of a few months, frontier models such like Mythos and the likes have changed the entire research community and its experts’ outlook on computer security. The AI is simultaneously a security expert in firmware, kernels, browsers, web applications, cryptography, network security, reverse engineering … and has the patience to happily audit 1,000,000+ lines of Reactive Java SpringBoot code without needing drugs or mental therapy. How are we suppose to co-exist with it in this new world? In this keynote, we will share our experiences in using AI for vulnerability research and discuss its strengths and limitations. We will also discuss how the industry may need to rethink and change its approaches disclosure, detection/response, and software updates.
Speakers
Bio
Bruce Dang is a failed recluse who has been dabbling with computer for a few years. He started his security career in the primordial days of the Microsoft Security Response Center (MSRC) when it averaged three or 4 Windows bugs per month. Along the way, he analyzed Stuxnet and wrote a popular children's book called _Practical Reverse Engineering_ with some friends. After realizing the impermanence of Windows, he seeked out the elders at Apple and was re-educated in computer security. As a novice mendicant at Apple, he learned the real challenges of privacy, security, and debugging without attachment or anger. His single-minded pursuit was interrupted by the iconoclasts at Calif.io; they convinced him that AI is the only true path to enlightenment. Since then, he has been studying the endless sacred scriptures of Claude. He has not reached AGI.
Bio
Thai was born in Saigon and grew up on the Internet. He has spent most of his adult life breaking things for a living. During 12 years at Google, he worked on security and cryptography, helping create tools such as Google Tink and Project Wycheproof. Before that, he helped discover the SSL attack trilogy: BEAST, CRIME, and POODLE. Together with Juliano Rizzo, he won a Pwnie Award for Best Server-Side Bug. These days, Thai is part of Calif, a security research firm specializing in AI security. His official title is CEO, which, according to Dilbert, makes him the least competent person in the company.