Editor's Picks

Best Talks at BSides Seattle 2026

Hand-picked from in-depth reviewer verdicts — the top 12 talks from this conference. Skip the noise, find the signal.

← All talks at BSides Seattle 2026

  1. 1

    Ghosts in the Hypervisor: Dissecting TTPs Behind Ransomware Attacks on Virtualization Infrastructure

    Austin Gaton

    Austin Gaton, CTO and co-founder of Valley Cyber (a Linux and hypervisor security company), delivers a technically dense talk on how attackers are targeting VMware ESXi hypervisors for both ransomware and espionage campaigns. Backed by multiple live demos, Gaton walks through…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  2. 2

    Pwning Electric Motorcycles

    Mitchell Marasch, Panie

    Mitchell and Panie, security researchers sponsored by Veraritoss, present their deep-dive into the firmware security of an electric motorcycle manufacturer they pseudonymously call "Moto Motorcycles" due to ongoing disclosure constraints. Despite the manufacturer's aggressive…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  3. 3

    The Phantom of the Infrastructure: Investigating the Hidden IAM Risks in Bedrock API Keys

    Sergio Garcia

    Sergio Garcia, a security researcher at BeyondTrust and former founding engineer at Prowler, reveals a significant security design flaw in **Amazon Bedrock API Keys** -- a new credential type AWS launched in July 2025 to simplify AI development. When a user generates a…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  4. 4

    Attacking AI

    Jason Haddix

    Jason Haddix, founder of Arcanum and a veteran offensive security researcher, delivers a practitioner's guide to hacking enterprise AI systems. Drawing from three years of real-world AI penetration tests against production systems -- not CTFs -- Haddix walks through Arcanum's…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway STRONG ACCEPT ★★★★☆
  5. 5

    Identity Crisis: IAM's Wild Ride in the AI Jungle

    Sarah

    The identity community is building under fire. With the ratio of non-human identities (NHI) to humans reaching 144:1 in H1 2025 (up from 92:1 just a year earlier) and 44% year-over-year growth, traditional identity frameworks are crumbling under the weight of agentic AI. In…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★
  6. 6

    Signed Twice, Broken Never: The Rise of Hybrid PKI

    Ganesh Mallaya

    Ganesh Mallaya, who works at Appux and contributes to the **CA/Browser Forum** and **IETF** standards bodies on post-quantum cryptography signature standards, delivered a dense technical briefing on why and how organizations should begin transitioning their PKI infrastructure…

    0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway MUST SEE ★★★★★
  7. 7

    No Time to Spy: Uncovering Domains Distributing SpyNote Malware

    Dana Schwabby

    Dana Schwabby, Head of Investigations and CISO at DomainTools, delivered a detailed walkthrough of how the **SpyNote** Android remote access Trojan (RAT) is distributed through fake Google Play Store pages and how passive DNS analysis can unravel the attacker infrastructure…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆
  8. 8

    These Are NOT the Vulnerabilities You Are Looking For: Hiding Vulnerabilities in Containers

    Kyle Quest

    Kyle Quest, creator of the popular open-source tool **DockerSlim** (now called **MinToolkit**), demonstrates how container vulnerability scanners can be trivially deceived by removing or mutating the metadata they depend on -- reducing a container with 9,000 vulnerabilities to…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆
  9. 9

    Zero Trust in the Matrix: Hardening Kubernetes for the AI Frontier

    Apoorv Dayal

    As every company races to become an AI company, the infrastructure running large language models is rapidly becoming the most attractive target on the network. In this fast-paced closing talk at BSides Seattle, Apur, a security engineer at Microsoft with research interests in…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆
  10. 10

    Evading Detection with Dynamic AI Mimicry

    Darren, Mosam

    What happens when you take polymorphic AI malware and teach it to blend into the victim's own cloud traffic? Darren and Mosam presented their research on a framework called **LL MALJ** that advances the offensive tradecraft of AI-driven malware by solving the detection gap that…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆
  11. 11

    Breaking BOTS: Cheat Blue Team CTFs by Building AI Agents That Investigate

    Leo Meyerovich

    Leo from Graphistry presented a deeply practical talk on using AI agents to solve blue team CTFs — specifically Splunk's Boss of the SOC (BOTS) — and what that tells us about the future of AI-assisted security investigations. The talk progresses from a simple "just throw Claude…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆
  12. 12

    Securing Non-Human Identities in CI/CD Pipelines: The Next Major Attack Vector

    Diva Bala Subramanion, Vikas

    Diva Bala Subramanion (Diva/Divs), a cybersecurity leader at Southwest Airlines specializing in identity and access management, and her co-presenter Vikas deliver a comprehensive beginner-friendly session on securing non-human identities (NHIs) in CI/CD pipelines. The talk…

    0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway STRONG ACCEPT ★★★★☆

View all talks at BSides Seattle 2026 →