![AI Tinkerers San Francisco: Offensive Security Demo Night [AI Tinkerers - San Francisco]](https://images.aitinkerers.org/cdn-cgi/image/width=300,fit=scale-down,format=auto,quality=75/ai_tinkerers/logos/ai_tinkerers_-_san_francisco_laptop-sticker_190_2223ddc19bbf4d9ac23b5efacd0ca82d.png){kind=small}
AI Tinkerers San Francisco: Offensive Security Demo Night
Start your RSVP
First, verify your email. Then you'll finish your registration.
⚡ Live Exploits, Autonomous Pentesting, and Raw Craft
Join AI Tinkerers San Francisco and XBOW for an offensive security demo night. We are bringing together engineers, researchers, and security hackers to showcase live, technical show-and-tells of systems getting popped, innovative exploits, and autonomous pentesting agents.
This is a night of raw craft, code, and execution. We have an absolute ban on slide decks and product pitches. Presenters must show working code, live deployments, and actual execution.
Our featured sponsor, XBOW, is the front-runner in autonomous pentesting. Founded by GitHub Copilot creator Oege de Moor, XBOW uses AI agents to continuously find and exploit web application vulnerabilities at machine speed, recently demonstrating its capabilities by reaching the #1 spot on HackerOne using only black-box access. Engineers and researchers from their team will be in the room to discuss the architecture, failure modes, and safety boundaries of running autonomous offensive agents.
📅 Event Details
- Date: Thursday, June 25th, 2026
- Time: 5:30 PM – 8:30 PM PDT
- Venue: Hosted in San Francisco, CA (Exact location provided upon approval)
- Capacity: 150 Builders (Strictly curated)
⏱️ Format & Schedule
- 5:30 PM: Doors open, food, drinks, and Science Fair setup
- 6:00 PM: Brief introduction by AI Tinkerers and XBOW
- 6:15 PM: Main Stage Builder Demos (5-minute live runs + Q&A)
- 7:15 PM: Science Fair & Networking (Hands-on code walkthroughs and peer-to-peer technical deep dives)
- 8:30 PM: Doors close
🥽 Who Should Attend?
Entry is selective by design to maintain a high-signal environment. Space is limited to 150 participants, and our San Francisco events consistently reach capacity and move to a waitlist quickly. We require demonstrable proof of hands-on work with AI or offensive security.
This event is curated for:
- Security Engineers & Researchers building LLM-assisted vulnerability discovery pipelines.
- AI Engineers & Founders orchestrating multi-step agentic workflows that interact with untrusted environments.
- Offensive Hackers & Red Teamers interested in the technical limits of autonomous exploitation.
📢 Submit Your Demo Proposal
We want to see live, technical show-and-tells of things getting popped, innovative exploits, or autonomous pentesting hacks. Tell us what you plan to break or demonstrate live. No slides, no product pitches—just raw craft, code, and execution.
🥽 Speakers
North Korean Open-Source Attacks
Rene Brandel
CEO @ Casco
XBOW: Browser Hacking Agents
Nick Gregory
AI Researcher @ Xbow
Shai-Hulud: Agentic Secret Protection
Allie Howe
Member of Technical Staff @ Keycard
Securing LLM-Generated Code
Arjun Krishna
Robotics / Software Engineer @ WATonomous
LLM Security Loop for PRs
George Pickett
Founder @ Stealth startup
🤝 Sponsors
Featured Sponsors
XBOW is an autonomous offensive security company that automates penetration testing to discover and validate software vulnerabilities. Backed by Sequoia Capital, the platform uses AI agents to simulate targeted, multi-step attacks directly inside customer environments. Unlike traditional scanners, XBOW independently validates every finding to eliminate false positives and can safely execute blackbox testing against live websites.
Keycard is an identity, access, and governance platform built for AI agents.
As agents and multi-agent workflows take on real work - writing code, calling APIs, querying databases - they’re running on over-scoped, long-lived credentials that weren’t designed for this. Keycard fixes that by issuing scoped, short-lived credentials per action, enforcing policy at every tool call, and logging the full identity chain in real time. Agents get exactly the access they need - nothing more, and nothing standing still.
Additional Sponsors
Casco is an autonomous security testing company that continuously probes web apps, APIs, infrastructure, and AI systems for vulnerabilities. The platform deploys AI agents to run targeted, multi-step attacks against customer environments, surfacing issues like RCE, broken authorization, and prompt injection. Unlike traditional pentesters who test once a year, Casco tests year-round and validates every finding with step-by-step reproduction to eliminate false positives, delivering clear reports on what to fix and why it matters.
Venue Sponsor
WorkOS WorkOS is the modern API platform that empowers developers to quickly build and ship complex enterprise features, making any SaaS application enterprise-ready. It provides a set of essential building blocks and APIs for seamless integration with cloud services like Okta, Azure AD, and G Suite. Developers can rapidly implement features such as Single Sign-On (SSO), Directory Sync, and Audit Logs, significantly accelerating time-to-market for enterprise-grade infrastructure.
📸 Experience AI Tinkerers
Event photos
Interested in supporting future events or hosting a technical deep dive? View our sponsorship opportunities.
AI Tinkerers San Francisco Stats
- Attendees: This elite community of 7,317 technical professionals features a powerful distribution of skills: 48% specialize in agentic systems and multi-agent orchestration, 42% in advanced model engineering and PyTorch, and 38% in high-performance AI infrastructure and MLOps. Distinguished by a high density of venture-backed founders and researchers from top-tier labs like Google DeepMind and Meta, members actively collaborate on cutting-edge Model Context Protocol implementations and verifiable AI governance.
- Companies Represented: Featuring tech giants like Google, Meta, Apple, and Amazon, alongside AI pioneers such as OpenAI, Google DeepMind, Anthropic, and xAI, and rising startups like Replicate, Wordware, Chroma, and Vercel, and more
- Demos: 487 demos were submitted and 172 were accepted and presented. The most compelling themes covered agent-native product UX, real-time multimodal voice/vision experiences, and protocol-driven integrations (especially MCP). Technical exploration has also emphasized reliability via tracing/evals and verification, grounding via advanced retrieval/context strategies, and security-focused agent infrastructure including safe tool access, privacy controls, and human-in-the-loop patterns.
- Testimonials: