EasyChair Smart CFPUser guide
CFP
aiv8: AI Village
Vegas, NV, United States, August 7-9, 2026
Conference web pagehttps://aivillage.org
Submission linkhttps://easychair.org/conferences/?conf=aiv8
Submission deadlineJune 14, 2026
Topics: artificial intelligence agents adversarial agents adversarial ai

AI Village @ DEF CON 34: Call for Posters

Theme: Adversarial Attacks Against Agents and Agentic Systems

DEF CON 34 · Las Vegas Convention Center · August 6–9, 2026

What we want

The AI Village is opening a poster track to sit alongside this year's demos and CTF. Posters are the right format for work that doesn't fit a talk slot but deserves a hallway audience: in-progress research, negative results, reproductions, novel taxonomies, threat models, tooling sketches, and the kind of weird findings that come out of actually attacking deployed systems.

Agents (LLMs wired up to tools, browsers, code execution, memory, and other agents) are where a lot of the interesting failure modes are emerging right now. We want posters that engage with that reality. The demos and CTF will give attendees hands-on time with agentic targets; the poster track is where the underlying research, methodology, and harder questions get aired out.

All posters will be displayed in the AI Village. Your poster will be presented on a 65” monitor, and you will have a scheduled time slot for walk-up Q & A for your poster.

The top 8 Poster submissions as reviewed by the Program Committee will be recommended to give an AI Village Creator Stage Talk.

Topics in Scope

We're interested in original work on the security of agents and agentic systems, including but not limited to:

  • -Prompt injection in tool-using agents: direct, indirect, and cross-tool. Especially work that goes beyond "we got the chatbot to say a bad word" and into goal hijacking, tool misuse, or persistence.
  •  
  • -Attacks that exploit agent memory, context windows, or retrieval pipelines (RAG poisoning, memory injection, context smuggling).
  •  
  • -Confused-deputy and privilege-boundary failures when agents act on behalf of users across systems (email, calendar, code hosts, payments, browsers).
  •  
  • -Multi-agent attacks: prompt injection that spreads agent-to-agent, collusion, sycophantic cascades, swarm-level failure modes.
  •  
  • -Browser-using and computer-using agents: Document Object Model (DOM)-level adversarial content, screenshot injection, accessibility-tree attacks, click-jacking analogues.
  •  
  • -Coding agents and supply-chain implications: package hallucination, malicious dependency suggestions, sandbox escapes, repo-level injection.
  •  
  • -Data exfiltration via tool calls, side channels, or rendered output (markdown image tricks, link previews, etc.).
  •  
  • -Evaluation methodology: how to actually measure agent robustness, what current benchmarks miss, reproducibility of published attacks.
  •  
  • -Defenses, mitigations, and their failure modes: guardrails, planners, sandboxing, capability restriction, human-in-the-loop, and where these break.
  •  
  • -Red-team tooling, harnesses, and frameworks for agent assessment.
  •  
  • -Threat models, taxonomies, and policy/governance work specifically about agentic systems.

Reproductions of published attacks, well-documented negative results, and "we tried this and it failed interestingly" posters are explicitly welcome. So is student work.

Out of Scope

  • -Generic LLM jailbreaks with no agentic component.
  •  
  • -Pure marketing or product pitches.
  •  
  • -Work that requires non-consensual targeting of real users or real third-party services without authorization.

What to Submit

A short proposal (no full paper/final poster required):

  • Title
  •  
  • Author(s) and affiliation (independent researchers welcome; affiliation is optional)
  •  
  • Abstract, 250 words max, describing the problem, what you did, and what someone walking by your poster will learn
  •  
  • Artifacts: links to code, datasets, prior writeups, or demo videos if they exist (not required)
  •  
  • Status: completed work, work in progress, or negative result
  •  
  • Disclosure: if the work involves a real deployed system, confirm it has been responsibly disclosed or is on a public bug bounty / authorized target

Dates

  • CFP opens: May 24, 2026
  •  
  • CFP closes: June 14, 2026
  •  
  • Acceptance notifications: June 28, 2026
  •  
  • Poster session at AI Village: during DEF CON 34, August 6–9, 2026

Format

  • -A digital format that will be displayed on a 65” TV screen. Recommend saving your digital poster in a pdf, or similar static format.
  •  
  • -At least one author must be present at AI Village during the scheduled poster session to discuss the work. Walk-up Q&A is the point.
  •  
  • -A digital copy will be archived on the AI Village site after the conference unless you opt out.

Why bother?

Posters are an underrated format. You get more substantive conversations than a talk, no slide deck to polish, and your audience is self-selected for actually caring. If you're working on something agent-security adjacent and you want feedback from the people building the attacks and the defenses, this is the room.

If you're not sure whether your work fits, send a one-line pitch to sarah@aivillage.org before the deadline and we'll tell you.

Committees

Program Committee Chairs

  • Sven Cattell
  • Bill Stout
  • Sarah Evans

Contact

The AI Village is a community of hackers and data scientists working on the security and privacy implications of AI. Find us at aivillage.org.

All questions about submissions should be emailed to sarah@aivillage.org.

Copyright © 2002 – 2026 EasyChair