Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    Solving Modern Cybersecurity Problems with AI - Michael Glass - DCTLV2026
    Solving Modern Cybersecurity Problems with AI - Michael Glass - DCTLV2026

    Solving Modern Cybersecurity Problems with AI - Michael Glass - DCTLV2026

    Las Vegas 2026

    Name of Training: Solving Modern Cybersecurity Problems with AI
    Trainer(s): Michael Glass
    Dates: August 10-11, 2026
    Time: 8:00 am to 5:00 pm 
    Venue: Las Vegas Convention Center
    Cost: $2,250 (USD)

    Short Summary:

    Cybersecurity problems grow more complex every year. Companies expect staff to stay up to date with growing demands while running a lean and mean security team. In 2023 we saw the surge in interest in AI and LLMs adding to the already full plate of Cybersecurity practitioners who struggled to not only learn and threat model LLMs but to also leverage them effectively. This training presents a comprehensive framework aimed to equip students with the necessary skills to now only build their own LLM toolkits but to leverage AI and LLMs to solve both simple and complex problems unique to their own verticals and environments. This holistic approach is extremely hands-on and is designed to teach you in-demand skills and save you precious time in your day-to-day work in Cybersecurity. Come learn how to tame your AI dragon!

    Course Description:

    Have you ever wondered how the pros use AI to solve their complex cybersecurity problems? We have spent the last three years teaching students at DEF CON how to apply AI to real-world security challenges and now it is your turn to join the party! Updated with all the latest and greatest for 2026.

    Artificial Intelligence and Large Language Models have emerged as robust and powerful tools that have redefined how many professionals approach problem solving. The last few years have seen industry interest in AI surge while cybersecurity experts struggle not only to threat model LLMs but also to leverage them effectively. Our training presents a comprehensive educational framework aimed at equipping students with the necessary skills to build their own LLM toolkits and apply AI to solve complex problems unique to their own environments.

    This class is designed to start with accessible, practical foundations and then build toward more advanced concepts. Students will begin by learning core AI and LLM principles and then quickly move into hands-on exercises such as building a GPT before quickly moving on to creating their first agentic AI application from scratch. From there, students will progress into more advanced topics including fine-tuning and training of the SOCMAN model (our purpose built DEF CON AI model), building and integrating MCP tools, and developing MCP servers that can connect with our own applications to support real operational workflows. We will do this by building our very own version of Openclaw (aka Clawman).

    This class will teach students how to build their own AI frameworks to ingest data from either SaaS or on-prem data lakes. We will provide both the tools for data consumption and the supporting approach for data warehousing. From there, we will walk students through transforming this data and making it operationally effective and efficient for AI use. We will cover various types of data common to cybersecurity environments, potential issues with certain data types, and how to make the most of open-source tooling to help transform that data. 

    We also need to understand the risk that comes with the use of AI. For this purpose, we will discuss foundational knowledge to conduct both red team and blue team exercises regarding AI. We will cover risk analysis and threat modeling of AI, a holistic and practical approach to defending the supply chain, understanding vulnerability analysis, and modern adversary attacks and techniques that students are likely to encounter. Understanding modern security policy frameworks is just as important, so we will also cover several popular frameworks used to secure and apply policy to AI environments. We will cap this section of class off with a practicum focused on both attacking and defending the AI environment deployed in class.

    This class concludes with using our newly trained model to solve hand-picked operational problems. Students will learn how to augment queries using RAG, generate high-quality YARA and SIGMA rules using their own data, tune models to hunt complex patterns, improve application observability by adding context to unusual behavior, hunt for APT activity using real-world scenarios and logs such as Stuxnet, filter out noise to increase signal in the environment, and much more. All of these labs will be performed by students live and in-class!

    This well-established and content-packed 2 day class will arm you with the tools, techniques, and hands-on experience to put AI to work TODAY!

    Course Outline: 

    Day 1: Foundations to Applied AI
    • Discuss AI, LLMs, and contemporary viewpoints on the utility of AI
    • LAB: Introduction to the AI Environment
    • AI 101: A high level primer on artificial intelligence fundamentals
    • LAB: Building a GPT
    • In-Class hackathon: Who builds the better GPT?!
    • Technical Deep Dive: Pulling the curtain back on how models really work, their strengths, weaknesses, and how we compensate
    • Introduce SOCMAN, the DEF CON AI model
    • Primer on self-hosting vs SaaS, CUDA, and rightsizing successful deployments
    • LAB: Visualizing AI Models with Google Colab and Jupyter
    • Introduction to the OpenSearch as a SIEM and search engine
    • Popular APIs and technical AI frameworks in-use today
    • What's the deal with vector databases?
    • Lexical, Semantic, and Hybrid searches, oh my!
    • LAB: Installing and Configuring Your SIEM to Be AI Ready
    • Explore how to perform contextual searches and retrieve relevant information in our SIEM, including RAG concepts
    • Discussion on using AI as middleware
    • Common problems when using AI in complex scenarios
    • Explore issues such as false positives, false negatives, and hallucinations in AI applications and how to overcome them
    • Agentic AI concepts and design patterns
    • LAB: Building Your Own OpenClaw Agentic AI Application (Clawman)
    • LAB: Creating Your First MCP Server
    • LAB: Integrating MCP with Clawman
    Day 2: Model Customization, Security, and Operational Use Cases
    • Discussion on Low-Rank Adaptation, fine-tuning, and training AI models
    • LAB: Fine-tuning SOCMAN
    • LAB: Training SOCMAN
    • Red team perspective on AI
    • Adversary tactics and controls
    • Risk/Threat modeling LLMs
    • LAB: Hunting for Malware
    • Supply chain attacks against AI and how we defend against them
    • LAB: Securing LLM Supply Chains with Model Validation
    • Understanding the modern threat landscape of AI using real vulnerabilities and case studies from 2023-2026
    • Discussion on potential threats to AI systems, including attacks and vulnerabilities
    • Introduction to core principles for secure AI development using the most popular and adopted risk frameworks
    • LAB: Generating SIGMA and YARA Rules Using IOCs
    • LAB: Automatic Pattern Analysis in Web Application Traffic
    • LAB: Alert Analysis and Hallucination Detections
    • LAB: Weird Behavior and Malicious Identification of Lateral Movement
    • LAB: AI Assisted Malware Triage using Clawman
    • LAB: Improving AI Contextual Analysis Using Threat Intelligence with Stuxnet
    • Assist students with exporting training data
    Students keep all materials and maintain access to all cloud environments for 30 days after the class runs. We will continue to provide support through this 30 day window as well so fear not!

    Difficulty Level:

    Intermediate to Advanced

    Intermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

    Advanced Definition - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.

    Suggested Prerequisites:

    Specific skills should include:

    • Basic understanding of AI concepts (have you used ChatGPT?)
    • Basic understanding of Github (for pulling lab documentation)

    What Students Should Bring: 

    Laptop with a dedicated GPU (Nvidia preferred) for running local models (we will explain how to do this step-by-step in the class!)

    What the Trainer Will Provide:

    We will provide access to course labs and dedicated AI cloud lab for 90 days post training.

    Trainer(s) Bio:

    Michael Glass AKA "Bluescreenofwin" is currently a Principal Security Engineer for the financial AI space and has provided security leadership for some of the largest companies in the world including one of the largest streaming technology companies. He specializes in AI, Blue Team, SecOps, and Cloud. Using this diverse background he has founded the company "Glass Security Consulting" in order to provide world class Cybersecurity instruction for Information Security Professionals and Hackers alike.

    Michael is also a cybersecurity researcher, prolific speaker, and hacker. He has been in the hacking and security scene for over 15 years working on a wide range of projects and has given 8 talks across various hacker/infosec conferences. Most recently has published academic white papers on the efficacy of cybersecurity instruction and applies this research to his classes so that students receive the attention and instruction they deserve.

    Proficiency Exam Option:

    This course has the option for a proficiency certificate add-on. 

    Exams will be a combination of multiple choice questions and demonstrating proficiency in 2 labs (labs are graded pass/fail and are worth 15% each). Threshold for passing the exam is a 70% or greater score on the overall exam.

    Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.

    Registration Terms and Conditions: 

    Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

    Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

    All trainings are non-refundable after August 5, 2026.

    Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

    If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

    Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

    DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

    By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

    Several breaks will be included throughout the day. Please note that food is not included.

    All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.

    $2,050.00
    $2,250.00