BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//fwd-cloudsec-2026//talk//CNRMQR
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-fwd-cloudsec-2026-CNRMQR@pretalx.com
DTSTART;TZID=PST:20260601T130000
DTEND;TZID=PST:20260601T132000
DESCRIPTION:In virology\, gain-of-function research means deliberately maki
 ng a pathogen more dangerous so you can study how to stop it. We took the 
 same approach with AI coding agents and fine-tuned guardrail-less models -
  and built an AI worm.\n\nUnlike prompt injection research that attacks AI
  systems\, this worm uses the AI agent as the attack engine itself. We giv
 e it lean prompts and point it at a lab environment mirroring enterprise c
 loud infrastructure - AWS accounts\, Azure subscriptions\, CI/CD pipelines
 \, IaC repos\, data lakes - and it figures out the rest. It chains cross-a
 ccount trust relationships we never told it about. It backdoors Terraform 
 state we didn't know was there. It adapts its techniques depending on whic
 h cloud provider it lands in and exhibits worrisome emergent behaviors.\n\
 nCommercial models occasionally refuse when they sense something adversari
 al - a partial defense. So we went further: using LoRA fine-tuning\, ablit
 eration\, and other techniques to strip computer safety alignment out of o
 pen weights coding models entirely\, without degrading effectiveness. We'l
 l walk through these uncensoring techniques - what works\, what degrades m
 odel quality\, and what it costs - so defenders understand the threat mode
 l when refusals are off the table.\n\nThe good news: time-tested cloud sec
 urity fundamentals - least privilege\, egress filtering\, segmentation\, C
 I/CD hardening - are exactly the controls that matter most here. We'll map
  defenses to each domain the worm exploits and the roadblocks that stop it
 .
DTSTAMP:20260502T124111Z
LOCATION:Room 1
SUMMARY:What Building an AI Worm Taught Us About Stopping One - Kinnaird Mc
 Quade
URL:https://pretalx.com/fwd-cloudsec-2026/talk/CNRMQR/
END:VEVENT
END:VCALENDAR