There are conferences you attend because you have to, and there are conferences where you leave thinking the industry might actually be figuring something out. The AI SOC Summit on March 3rd in Tysons, VA fell firmly into the second category.
I was there to give a talk on detecting evasive command and control using deep learning foundation models. But this post is not about that. It is about the room, the conversations, and why this particular event felt different from most of what the security conference circuit has become.
Small rooms, real problems
The AI SOC Summit was not DEF CON. It was not RSA. It was deliberately sized and deliberately curated, and that made all the difference. If you remember what technical conferences felt like before 2020, before they became trade shows with a side of talks, this was closer to that. Practitioners in a room together, most of them running actual security operations or building tools that touch production environments, talking about what is and is not working. No theater. No keynote slides with stock photography of glowing padlocks.
Crogl organized the event and they deserve credit for a specific curatorial decision: they kept the vendor-to-practitioner ratio in check. The conversations I had in the hallways and between sessions were substantive in a way that is genuinely rare. People were asking hard questions. Not "what is your roadmap" questions. Questions grounded in operational reality, from people who had already tried things and had specific observations about what happened.
The talks had weight
The content across the day was dense in the right ways. Speakers came with working code, live demonstrations, and real failure modes rather than sanitized case studies. The ratio of concrete technical content to aspirational framing was notably high. Topics ranged from scaling AI red teaming and securing agentic pipelines to operationalizing GRC through RAG workflows and building detection that survives evasion. What held it together was a consistent standard: show what you built, show where it breaks, and leave the room with something they can use. That standard was largely met across the board.
Why the format worked
What made the AI SOC Summit work was the same thing that made pre-pandemic small technical conferences work: the talks were entry points for conversations, not destinations. The discussions between sessions had a specific quality that is increasingly hard to find at larger events. People were talking in specifics. Not about vision or direction or the future of the industry, but about actual implementation decisions, actual failure modes, and what they had seen work or not work in their own environments. The conversations were grounded in operational reality rather than shaped by the kind of vendor-influenced framing that tends to dominate larger conference floors. That is a harder thing to engineer than a good speaker lineup, and Crogl managed it.
On the talk I gave
I presented on detecting evasive C2 using LogLM, DeepTempo's deep learning foundation model. The core argument: individual flows can be made to look legitimate. Attackers can mimic protocols, respect rate limits, and blend into operational traffic patterns. What they cannot do is make the behavioral timeline structure of a C2 channel look like normal operational activity while also accomplishing their objectives. The structure reveals intent even when no single event would trigger a rule or cross a threshold. The audience asked sharp questions about deployment, false positive rates, and how the classifier layer interprets the embeddings produced by LogLM. Those are exactly the right questions, and the conversation continued well past the session slot.
Looking forward
Crogl put together something that the security industry needs more of. Not a bigger version of an existing conference format, but a different format that treats practitioners as the audience rather than the product. I expect next year's event will be harder to get into, which is a good sign. If you work in security operations or are building tools for security teams, it is worth tracking.
The problems the field is working on are real and unsolved. The AI SOC Summit is one of the few places I have been recently where people were actually working on them rather than presenting slide decks about working on them.
Get in touch to run a 30 day risk-free assessment in your environment. DeepTempo will analyze your existing data to identify threats that are active. Catch threats that your existing NDRs and SIEMs might be missing!
