Every August, the security world makes its pilgrimage to Las Vegas. Black Hat sets the corporate tone earlier in the week, and then DEF CON — the loud, irreverent, badge-soldering heart of the thing — takes over. This year the timing is the same and the stakes are higher. DEF CON 34 runs August 6-9, 2026 at the Las Vegas Convention Center, immediately on the heels of Black Hat, and the organizers have picked a theme that tells you exactly where the field's collective anxiety is pointed: "Agency."
This is a preview, not a recap. As of this writing the conference is still weeks away, so nobody has won the CTF yet, no talk has dropped a zero-day on stage, and no badge has been fully reverse-engineered. What follows is what we know is coming, why it matters, and how to get more out of the trip than a hangover and a lanyard full of stickers.
"Agency" Is a Pun, and Both Halves Matter
DEF CON themes are never throwaway marketing. This year's choice carries two meanings on purpose. The first is the older, more political sense of the word: human agency — self-determination in how people use technology, choosing tools that serve them rather than surveil them. That has been a DEF CON throughline since the beginning.
The second meaning is the one that will dominate the hallway conversations: agentic AI. Autonomous systems that take actions in the world on a user's behalf — booking things, writing code, calling APIs, chaining tools together without a human in the loop for each step. The theme is a tell. The community has spent the past two years arguing about whether large language models can find real bugs. That argument is largely over. The new argument is about what happens when you give those models hands.
If you only track one storyline at DEF CON 34, track this one. Agentic AI security is the highest-signal topic in cybersecurity right now, and DEF CON is where the offensive research community pressure-tests the marketing claims that vendors made in the spring.
The AI Village Is Where the Real Story Lives
The AI Village has grown from a curiosity into one of the most consequential spaces at the conference. For DEF CON 34 the village has said it will run demos, a CTF, and a new poster track focused specifically on adversarial attacks against agents and agentic systems. The headline competition is built around teaching participants to write and fine-tune their own pentesting agent using open-source models — which is a neat inversion of the usual "defend against the AI" framing. Here, you build the attacker.
That is worth sitting with. A CTF where the objective is to construct an offensive agent is a far more honest stress test than a benchmark run in a lab. Benchmarks are static; a room full of competitive hackers is adversarial in the way the real world is adversarial. Prompt injection, tool poisoning, and goal hijacking stop being slides and start being scoreboard mechanics.
There is also recent context that makes this year's village especially interesting. From roughly April through December 2025, the AI Village ran an experiment that handed real-world goals to nineteen frontier models from labs including OpenAI, Anthropic, and Google — giving the agents computers, internet access, and the freedom to coordinate. Tasks reportedly ranged from raising money for charity to building a Substack following. Whatever you think of the methodology, it is exactly the kind of open, messy, in-public research DEF CON exists to host. Expect the findings to surface in hallway debates even where they are not on the formal schedule.
Don't Sleep on the Other Villages
It is easy to let agentic AI eat the whole narrative, but DEF CON's strength has always been breadth. The villages are the conference's true center of gravity — small, focused, hands-on spaces run by domain communities rather than the main stage.
Based on how recent years have run, expect the usual heavy hitters to return in some form: Cloud Village with its multi-day jeopardy-style CTF spanning cloud infrastructure and recon; Adversary Village and its adversary-emulation challenges; plus the long-running car hacking, hardware, lock picking, social engineering, and recon communities. None of these are confirmed in their final shape until the schedule locks, so treat the specifics as likely rather than guaranteed.
A practical note for first-timers: the villages are where you actually learn things. The main-stage talks are recorded and posted afterward. The villages are not — the value there is in the conversation, the soldering iron in your hand, and the person next to you who has been breaking the same protocol for a decade.
There is a reason this format scales. A single keynote can tell you what the field thinks is important; a dozen villages running in parallel show you what people are actually working on, including the parts that have not been packaged into a clean narrative yet. The supply-chain angle threads through all of it. An offensive agent built in the AI Village still pulls open-source models, packages, and tooling from the same ecosystem everyone else depends on, which means the model-poisoning and dependency questions raised in one room are live in the next. The villages that look unrelated on the schedule are usually arguing about different faces of the same problem.
Badge Culture Is Still the Point
If you have never been, the badge is hard to explain. It is part art project, part puzzle, part status symbol, and part functioning piece of hardware. In recent years the official badge challenge has tied into a web-hosted CTF platform where finding flags earns you a dispense code, with challenges spanning hardware hacking, reverse engineering, OSINT, network security, phreaking, wireless, and crypto.
The badge matters because it encodes the conference's actual values. DEF CON rewards curiosity and persistence over credentials. A teenager who solders well and reads datasheets carefully can out-hack a principal engineer with a corporate title. That ethos is also the thing every security leader should be importing back to their own org. The people who break your systems for fun on a Saturday do not respect your org chart, and neither does an autonomous agent that has been pointed at your API surface.
How to Prepare Before You Go
A few unglamorous logistics that pay off. Bring a burner mindset for your devices — DEF CON's network is famously hostile, and "the Wall of Sheep" exists for a reason. Plan your village time in advance, because the popular ones fill up. And if agentic AI is your focus, spend the weeks beforehand getting hands-on with the actual failure modes: prompt injection, tool poisoning, over-broad agent permissions, and the supply-chain risk of the open-source models and components these agents are built on. You will get far more out of the AI Village if you arrive with scar tissue rather than slides.
How Safeguard Helps
The lesson DEF CON 34 is about to make loud is the one we have been building around: a capable model is the easy part, and reliability lives in the verification and orchestration layer above it. Safeguard's Multi-Agent TAOR Deep Think AI Engine and Griffin AI treat the underlying model as a swappable component — bring your own model — while multi-agent verification cuts false positives and our policy gates, AIBOM, and provenance tracking keep the agentic supply chain honest. It is the same instinct the AI Village CTF is testing: the danger is not the agent, it is the unverified action the agent takes. If you want to pressure-test your own agentic and supply-chain exposure before Vegas, reach out and we will walk your stack with you.