2025
Keynotes
The evolution of fuzz testing: from heuristics-based to AI-driven
Abstract:
Fuzz testing, or fuzzing, is a popular technique for finding software vulnerabilities automatically. Fuzzing started as a technique based on heuristics and struggled to achieve high code coverage and to reach deep program states. Fuzzing has improved significantly after incorporating AI techniques. I will describe two applications of AI to fuzzing. The first one formulates fuzzing as an optimization problem
and applies principled algorithms instead of heuristics. The second one uses large language models (LLM) to help generate fuzz drivers for fuzzing library APIs. I will discuss the future of fuzzing and AI-driven software security.
Monday
June 23, 2025, at 8:30 a.m.
Hao Chen,
Professor in CS at the University of California, Davis.
Bio: Hao Chen is a professor at the University of California, Davis. His current research interests are AI-driven security and software engineering, and AI security and robustness. He is a fellow of IEEE and a distinguished member of ACM.
Tuesday
June 23, 2025, at 7:00 a.m.
Prajakta (PJ) Jagdale,
Senior Director, Palo Alto Networks
Bio: Prajakta (PJ) Jagdale is a seasoned cybersecurity leader with 18 years of industry experience. As the Sr. Director of Offensive Security and Threat Command at Palo Alto Networks, she spearheads critical initiatives in Red Team operations, product penetration testing, and threat landscape monitoring. Prajakta's expertise spans application security research, security architecture, and product security, making her a versatile and invaluable asset in the cybersecurity realm.
With a Master's in Information Security complementing her Computer Engineering background, Prajakta drives innovation and preparedness against evolving cyber threats. Her commitment to industry advancement extends beyond her role, as she serves on the Board of Directors for Women in Cybersecurity, championing diversity in the field.
Doomscrolling Through Cybersecurity: In Preparation for When Your Toaster Joins the Dark Web
Abstract:
“Here Come the AI Worms" was the title of a Wired article published just over a year ago, evoking memories of the Morris worm and the Samy worm that once defined our digital threat landscape. As we stand at the dawn of commercial AI, a critical question emerges: is history about to repeat itself? Let's examine together whether we're capable of preventing the security mistakes of the past as we enter this new technological era. Drawing on two decades of frontline cybersecurity experience and an admitted addiction to both cybersecurity and doomscrolling, this presentation will take audiences on a 40-minute journey through the evolution of cyber threats. We'll scroll-though not mindlessly-through pivotal security events including nation-sponsored espionage campaigns like Project Aurora, critical infrastructure attacks such as Stuxnet, the ransomware epidemic that has cost billions in digital ransoms, devastating supply chain compromises exemplified by SolarWinds, and DPRK agent infiltration into the tech industry. As AI-driven threats emerge with unprecedented speed, with novel social engineering attacks increasing 135% following ChatGPT's release, we find ourselves at a unique moment: for the first time, the cybersecurity industry has the opportunity to be early during a transformative technological revolution. Together, we'll chart a course to break the cycle of security afterthoughts and ensure that in this new AI-powered landscape, we don't just witness history-we rewrite it before Talkie Toaster (Red Dwarf: White Hole, BBC Studios broadcast Mar. 7, 1991) starts asking, "Howdy doodly do, would you like some malware with your toast?
TBD
Tuesday
June 24, 2025, at 8:30 a.m.
Yih-Chun Hu, Professor, University of Illinois at Urbana-Champaign
Wendesday
June 25, 2025, at 8:30 a.m.
Darren Meyer,
Director of Engineering, Google Search
Bio: Darren leads Google Search security work as a Director of Engineering. Previously, he was an Engineering Manager on YouTube Live Streaming, YouTube TV, Google Play for Education, and Google Books. Prior to Google, Darren worked in engineering and product management roles within the speech industry, including at Nuance Communications, and in the telecommunications industry.
Navigating the Data-Centric Security Landscape in the Age of Generative AI
Abstract:
The rise of Generative AI (GenAI) is revolutionizing how organizations interact with large-scale data, unlocking unprecedented opportunities while simultaneously introducing complex new security challenges. This talk will explore the industry-wide trend towards data-centric security, a paradigm shift driven by the increasingly intricate and interconnected nature of data in large-scale computing systems, with GenAI as a major new accelerant. As data becomes entangled from myriad sources, the traditional perimeter-based security model proves insufficient. This presentation will delve into the expanding attack surface and heightened data risks stemming from GenAI's data aggregation, focusing particularly on the critical challenges of data provenance tracking and comprehensive risk assessment. Drawing from my personal experience, I will share insights into the evolving threat landscape and discuss emerging strategies for securing sensitive information in this dynamic environment. This includes exploring practical approaches to data governance, access control, and threat detection that are essential for mitigating risks and maintaining trust in the age of GenAI.