DEF CON 34 AI Village 2026: Schedule, Competitions, and AI Security Research to Watch

What to expect from DEF CON 34's AI Village track, how competitions work, and how the research connects to autonomous vulnerability discovery in 2026

~$460
DEF CON ticket price (cash only, at the door)
200+
Project Glasswing coordinated vulnerability disclosure partners
10,000+
AI-identified findings submitted through Project Glasswing
21/41
V8 JavaScript engine ACEs solved by Glasswing (no other model above zero)

SponsoredRetool

Retool's new app builder is where AI-generated code ships safely

Building apps with AI is easy. Getting them to production safely is another story.

Start building for free today

DEF CON 34 runs approximately August 7-10, 2026 at the Las Vegas Convention Center, immediately after Black Hat. For practitioners who follow AI security research, the AI Village is the highest-density content track at the conference: hands-on competitions, live red teaming against deployed AI systems, and research presentations that often preview findings that will take months to surface elsewhere. In 2026, with Project Glasswing having established that AI can autonomously discover and exploit real vulnerabilities at scale, the AI Village is where the practitioner community will be stress-testing what that actually means.

What DEF CON AI Village Is and How It Started

The AI Village launched at DEF CON in 2018 as a dedicated space for security researchers focused on machine learning systems. At the time, the primary concerns were adversarial examples: carefully crafted inputs that caused neural networks to misclassify images or audio. By 2023, the focus had shifted dramatically toward large language models, prompt injection, and the emerging category of AI-assisted security research. By 2025, the Village was running structured competitions where participants attempted to get LLMs to produce restricted outputs, bypass safety systems, or perform tasks they were designed to refuse. In 2026, with autonomous vulnerability discovery a documented reality rather than a theoretical concern, the Village is likely to be the first public venue where researchers demonstrate AI systems exploiting real software vulnerabilities in a live competition format.

Competition Format: Red Teaming LLMs and Capture the Flag

AI Village competitions generally run in two formats. The first is structured red teaming, where participants are given access to a deployed AI system and a defined objective (extract a hidden flag, generate a specific type of restricted output, bypass a safety classifier) and scored based on success rate and efficiency. The second format is a traditional Capture the Flag with AI-themed challenges: reversing a trained model, crafting adversarial inputs, exploiting a vulnerable AI API, or demonstrating a prompt injection attack chain. Prize pools vary by sponsor and year. Some competitions offer cash prizes in the $1,000-10,000 range. Others are recognition-based. The most valuable outcome for most participants is not the prize but the contact list: AI Village CTF draws researchers who work on AI security professionally, and the hallway conversations are often worth more than the formal sessions.

Free daily briefing

Briefings like this, every morning before 9am.

Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.

2026 AI Security Research Preview

The research landscape heading into DEF CON 34 is shaped by several confirmed data points. Project Glasswing has demonstrated that an AI system can autonomously identify, reproduce, and report real vulnerabilities at scale: 10,000 or more findings, 9 confirmed CVEs, and 21 of 41 V8 JavaScript engine ACEs solved with no other model above zero. Independent researchers have been working in parallel on similar capabilities. What DEF CON AI Village 2026 is likely to surface: demonstrations of autonomous vulnerability discovery pipelines running against real targets, research on AI safety bypass techniques that exploit the same code reasoning capabilities that Glasswing uses for legitimate CVD, and new categories of AI-specific vulnerabilities in deployed LLM infrastructure. Practitioners who understand the Glasswing context will have a significant advantage in interpreting what the Village research means operationally.

How AI Village Connects to Glasswing and Mythos Context

Project Glasswing is Anthropic's coordinated vulnerability disclosure program. It uses Claude models to autonomously discover vulnerabilities in real software, then discloses them through coordinated channels with 200 or more partner organizations. The program has produced 9 CVEs and submitted more than 10,000 findings. The ExploitBench result, where Glasswing-class capability solved 21 of 41 V8 ACEs while no other model scored above zero, establishes a capability threshold that independent security researchers will be attempting to replicate and extend at DEF CON. The AI Village in 2026 is, in practical terms, the public red team for Glasswing-class capability. Researchers there will be testing what happens when these tools are in more hands, pointed at a wider range of targets, and run without the safety constraints that Anthropic builds into the production system. Practitioners who read Mythos Brief will have the threat model context to interpret these demonstrations before they become incidents.

Attending DEF CON After Black Hat: Logistics

Black Hat Briefings conclude on August 6. DEF CON 34 opens approximately August 7. The transition is straightforward if you have planned for it. The primary logistics challenge is the venue change: Mandalay Bay (south Strip) to the Las Vegas Convention Center (north Strip), approximately 5 miles apart. Most practitioners staying for both conferences handle this with rideshares. If you are staying at a hotel midway between the two venues, the commute is manageable in both directions. Budget an extra half day for the transition: check out of your Black Hat hotel, get to LVCC, get your DEF CON badge (cash, at the door, expect a line), and orient to a very different physical space. LVCC is large and DEF CON fills it with villages, which do not have the same physical organization as a traditional conference.

DEF CON Badge and Ticket Process

DEF CON does not sell tickets online or in advance. You purchase a badge at the door with cash. DEF CON 34 will open badge sales at the LVCC entrance when the conference begins in early August 2026. Current pricing is approximately $460. Arrive early on the first day to minimize wait time. DEF CON badge lines move, but a late arrival on the first morning can mean a two-hour wait before you are inside. Bring more cash than you think you need: DEF CON vendors, the DEF CON merchandise table, and the general Las Vegas cash economy make a $600 cushion reasonable for a full weekend. ATMs inside LVCC during DEF CON often run out of cash. Use an ATM before you arrive.

DEF CON Culture vs. Black Hat Culture

The two conferences are adjacent in time and geography but very different in culture. Black Hat is a professional conference: vendor floor, sponsored talks, business cards, and enterprise context throughout. The audience skews toward practitioners in enterprise security roles, CISOs, and vendors. DEF CON is a hacker conference. The audience includes the full range from students and hobbyists to government researchers and elite red teamers. Vendors are not the center of DEF CON. Villages are. The AI Village, Hardware Hacking Village, Car Hacking Village, and roughly 30 other focused tracks run simultaneously, each organized by a volunteer community with deep expertise. The culture rewards demonstrated technical skill over job title. Practitioners who move from Black Hat directly into DEF CON sometimes need a half day to recalibrate expectations. The adjustment is worth it.

What to Prioritize If You Can Only Attend One

Choose Black Hat if your primary goal is enterprise context: how do current vulnerabilities affect your specific stack, what are vendors doing about it, and what should your board know. Choose DEF CON if your primary goal is raw technical depth: what are the actual attack techniques, how do AI systems break under adversarial conditions, and where is research heading in the next 12 months. For practitioners who work in AI security specifically, the DEF CON AI Village in 2026 is likely to have a higher density of relevant content per dollar than Black Hat, simply because the research is newer, the speakers are less filtered by enterprise audience considerations, and the hands-on competitions provide direct skill development that a talk cannot.

DEF CON 34 AI Village Prep Resources for Subscribers

The following resources are curated for Decryption Digest subscribers preparing for DEF CON 34 AI Village 2026.

Subscribe to unlock Remediation & Mitigation steps

Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.

The bottom line

DEF CON AI Village is the best venue in 2026 for practitioners who need to understand what autonomous vulnerability discovery looks like in adversarial hands. If you are planning to attend Black Hat as well, Decryption Digest is giving away one full Briefings pass at decryptiondigest.com/blackhat-2026. Enter now and attend both.

Frequently asked questions

What is DEF CON AI Village?

DEF CON AI Village is a dedicated track within DEF CON where security researchers focus specifically on AI security. Sessions cover LLM red teaming, AI vulnerability discovery, adversarial machine learning, AI-generated exploits, and AI as a defensive tool. The Village runs Capture the Flag competitions against live AI systems and features talks from both academic researchers and industry practitioners.

How do I get DEF CON tickets?

DEF CON tickets are sold cash-only at the door at the Las Vegas Convention Center. DEF CON 34 is expected to run approximately August 7-10, 2026. Arrive early on the first day to avoid long badge lines. There is no online pre-sale. Bring cash. The current ticket price is approximately $460.

Is DEF CON cheaper than Black Hat?

Significantly cheaper. DEF CON costs approximately $460 cash at the door. Black Hat Briefings passes start at $2,495 and climb higher for early registration windows that have passed. For practitioners with budget constraints, DEF CON provides access to a substantial volume of security research content at roughly one-fifth the cost.

Can I attend both Black Hat and DEF CON?

Yes, and many practitioners do. Black Hat Briefings run August 4-6, 2026, and DEF CON 34 runs approximately August 7-10. Both are in Las Vegas, though at different venues (Mandalay Bay for Black Hat, Las Vegas Convention Center for DEF CON). With a four-day Black Hat pass and a DEF CON badge, you can attend both conferences in a single Las Vegas trip of approximately ten days.

What AI security competitions happen at DEF CON?

The AI Village historically runs Capture the Flag competitions focused on exploiting or manipulating AI systems, including prompt injection challenges, model extraction attacks, and adversarial input generation. Some years feature sponsored competitions with cash prize pools. The Village also runs structured red teaming exercises against large language models, where competitors attempt to elicit harmful outputs or bypass safety guardrails under defined rules.

What prerequisite skills should a practitioner develop before competing in the DEF CON AI Village CTF for the first time?

First-time DEF CON AI Village CTF competitors should develop four foundational skill areas before arriving. First, prompt injection mechanics: understand the difference between direct injection (instructions embedded in user input) and indirect injection (instructions embedded in content the model processes), and practice exploiting each using the PortSwigger Web Security Academy LLM labs and the Gandalf prompt injection challenge series, both of which are free and publicly accessible. Second, API interaction with LLMs: be comfortable making raw API calls to OpenAI, Anthropic, and Hugging Face endpoints with curl and Python, since CTF challenges frequently require scripted interaction rather than a chat interface. Third, model output analysis: practice distinguishing between a model that genuinely cannot do something and a model that is instructed to claim it cannot, which is a core skill for bypass challenges. Fourth, basic Python scripting for automation: many CTF scoring systems require submitting answers programmatically, and competitors who cannot automate their attempts are at a significant disadvantage in time-limited rounds. Hack The Box Academy's AI red teaming path and TCM Security's AI security course cover each of these areas at a practitioner level for under $200 combined.

Sources & references

  1. DEF CON AI Village Official Site
  2. DEF CON 34 Official Site
  3. Project Glasswing: Anthropic CVD Program
  4. Black Hat USA 2026 Official Site
  5. ExploitBench AI Vulnerability Research

Free resources

25
Free download

Critical CVE Reference Card 2025–2026

25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.

No spam. Unsubscribe anytime.

Free download

Ransomware Incident Response Playbook

Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.

No spam. Unsubscribe anytime.

Free newsletter

Get threat intel before your inbox does.

50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.

Unsubscribe anytime. We never sell your data.

Eric Bang
Author

Founder & Cybersecurity Evangelist, Decryption Digest

Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.

Black Hat Giveaway

Win a $2,495 Black Hat pass.

Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.

Joins Decryption Digest daily briefing. Unsubscribe anytime.

Giveaway: Black Hat USA 2026 Full-Access Pass ($2,495 value)

Details →
Daily Briefing

Subscribe to enter the giveaway

Every subscriber is automatically entered. You also get daily threat intel every morning: zero-days, ransomware, and nation-state campaigns. Free. No spam.

Already subscribed? You're already entered.

Giveaway

Win a $2,495 Black Hat USA 2026 pass.