Conference talks worth your timeOpenSSF
Attackers registered a one-character lookalike of pypi.org, ran a MitM proxy to capture TOTP sessions and mint API tokens, then published a Scavenger Loader variant via num-to-words—a transitive dependency of Hugging Face Transformers. WebAuthn would have blocked the attack; response took 40 volunteer hours across registrars and maintainers.
aiware
The framework chains three components: SEER, an RL model trained on real GitHub issues; SelfPlay-IO, where a bug-injector and bug-fixer agent compete to generate synthetic training data; and LiveAgent, which freezes weights but lets agents author new tools on-the-fly. Benchmarks show SelfPlay-IO outperforms static real-world datasets.
ACM
VRL's evolution from research to production reveals that optimizations like speculative decoding, resharding, and batching changes silently alter training dynamics—policy consistency, reward matching, convergence. The talk introduces trajectory-level asynchrony (Lumina) and argues for principled risk classification of optimizations rather than empirical validation alone.
CppCon
Jonathan Stein walks through concrete cases where accepted C++ wisdom breaks down: inline template advice that increases register pressure, flawed CPU capacity math, architecture benchmarks run on wrong workloads, and pointer-to-member-function overhead. Compiler bugs compound the problem — the fix is measurement, not intuition.
OffensiveCon
Ollie Whitehouse argues defense requires a functioning offensive ecosystem, then details how LLMs are eroding the premium vulnerability market and gutting entry-level researcher incentives. He outlines the NCSC's Pammal bifurcation strategy—supporting responsible vendors while easing disruption of irresponsible ones—and calls for evidence-based metrics on defensive ROI.
Simons Institute for the Theory of Computing
AlphaEvolve mutates programs that generate candidate proof objects—gadgets and graphs—scored by fast heuristic verifiers, then exhaustively verified. It tightened TSP inapproximability to 111/110, matched analytical max-cut bounds, and pushed Ramsey lower bounds 1-4 nodes past prior state-of-the-art where SAT/SMT solvers stalled.