AI Agents vs. Canaries: Detecting Attacks That Move at AI Speed

AI agents can now compromise a cloud environment in minutes - and they're only getting faster. Tracebit benchmarked ten frontier AI models inside a controlled AWS cyber range to measure how quickly they can escalate to admin, and whether deception technology catches them in time. Across 951 attack runs, AI reached admin privilege escalation in an average of 14 minutes - but canaries warned the defender before the attack landed in 95.9% of those runs, a median 8 minutes ahead of the attacker's first critical action.

In this technical session, the researchers behind the study share what they found. They'll walk through the benchmark design, a synchronized replay of AI agents attacking the same account with and without canaries, and what it means for defending against offensive AI agents.

Join Tracebit's Alessandro Brucato (Security Researcher) and Sam Cox (Co-founder & CTO), alongside Nick Reva, Director of Security Engineering at DoorDash, for a hands-on look at detection in the age of AI attackers.

The team will also dig into a challenge they faced: using AI to research AI. They'll cover how to get reliable signal out of models that tend to agree with whatever you put in front of them, and how to keep your testing objective so the results aren't skewed by a model telling you what you want to hear.

What you'll take away:

Who Should Attend:

• Security leaders preparing their detection strategy for offensive AI agents
• Security engineers and architects building detection and deception programs
• Detection and response teams focused on high-fidelity signal and early warning
• Cloud security teams responsible for AWS, GCP, and Azure environments