Home > Press Releases

Nullcon Anchors 16th Edition of Goa Conference Around AI Exploit Research and Discovery

Pooja Tikekar

Nullcon Goa 2026 Brings Real-Time AI Vulnerability Discovery to the Conference Floor, Benchmarked Against the OWASP LLM Top 10 Risk Framework

Princeton, NJ – Nullcon, Asia’s leading hacker-first cybersecurity conference, returns for its 16th edition from February 28 to March 1 at BITS Pilani, Goa Campus, convening researchers, practitioners and security leaders to confront the realities of a rapidly evolving threat landscape.

This year’s agenda reflects a defining industry shift: The attack surface is no longer simply expanding – it is learning, adapting and accelerating.

From LLM-assisted coding pipelines and autonomous agents to AI-driven orchestration layers inside enterprise environments, organizations are deploying AI at unprecedented scale. Security controls, however, are trailing implementation. Nullcon Goa 2026 addresses this widening gap with a deeply technical AI security program designed to examine how these systems can be manipulated, misled or exploited.

Where most AI security forums focus on policy and awareness, Nullcon grounds its program in adversarial research, exploit development and real-time validation. Sessions will analyze prompt injection, deception techniques and identity impersonation risks in AI-driven environments, while also examining AI-based exposure management strategies that aim to close newly created blind spots.

This technical focus will be brought to life through a series of deeply research-driven presentations, including:

  • “Why Did the Model Think That? Demystifying the Black Box With Explainable AI” will focus on model transparency and interpretability in high-risk environments.
  • “When the Model Outsmarts the Challenge: Building and Breaking AI Security CTFs” will explore the design and exploitation of AI-centric security challenges.
  • “No CVE for That: Invisible Breach Paths From AI Leftovers” will examine residual artifacts, contextual leakage and overlooked integration gaps that create breach paths not yet codified in traditional vulnerability databases.

Live Bug Hunting: Turning Insight Into Action

A defining element of Nullcon’s technical identity, live bug hunting will run across both conference days, transforming the event into an active research arena rather than a passive learning environment. Researchers will compete in real time to identify vulnerabilities in AI systems, including risks mapped to the OWASP Top 10 for LLM applications. This initiative reinforces Nullcon’s long-standing emphasis on practical impact by enabling participants to identify and responsibly disclose AI-related vulnerabilities, apply offensive techniques in controlled but realistic scenarios and validate exploitability against modern AI workloads. Top-performing researchers will be recognized for technical excellence and measurable impact, reinforcing the conference’s commitment to outcomes that extend beyond theoretical discussion.

Offensive Research Beyond AI

While AI security anchors the 2026 narrative, Nullcon maintains its reputation for uncompromising technical depth across the broader attack landscape. Sessions will examine HTTP/3 fuzzing and QUIC protocol exploitation, supply chain worm development, kernel and driver-level vulnerability research, TLS-based stealth exfiltration and identity impersonation in distributed trust environments. The program also addresses resilience in critical infrastructure and operational technology systems, reflecting the continued convergence of IT, cloud and industrial networks.

The conference structure integrates advanced research presentations, hands-on workshops and Capture the Flag competitions to foster collaborative problem-solving and adversarial experimentation.

“Nullcon has always been about original research and practical application,” said Rahul Neel Mani, director at Nullcon. “As AI systems generate code, automate workflows and influence critical decisions, security research must evolve just as quickly. Live adversarial testing and open technical scrutiny remain central to how we strengthen the ecosystem. Our goal is to create an environment where vulnerabilities are surfaced responsibly, techniques are shared transparently, and the community moves forward together.”

In an era where adaptive systems introduce adaptive risks, Nullcon Goa 2026 reinforces the principle that rigorous testing, open collaboration and technical integrity remain the strongest defenses against an evolving digital adversary.

Nullcon Goa 2026 features Day Zero on Feb. 27 and the main conference from Feb. 28 to March 1 – all at BITS Pilani, Goa Campus.

For registration and event details, click here.

***

About ISMG

Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to cybersecurity, information technology, artificial intelligence and operational technology. Each of our 38 media properties provides education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment, OT security, AI and fraud. Our annual global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

About Nullcon

Nullcon came into existence in 2010 and is managed and marketed by Payatu Technologies Pvt. Ltd. With the advent of cutting-edge technologies, security is crucial as technology brings a myriad of threats along. Nullcon is an extensive platform for the exchange of information about zero-day vulnerabilities, latest attack vectors and other cyberthreats. Here, security researchers and experts from various fields discuss information security, along with showcasing multiple offensive and defensive security technologies.

About ISMG Events

ISMG Events is a premier platform for security professionals and practitioners worldwide. Our global, annual events bring together the ISMG Events Community, comprising over 40,000 members, to exchange knowledge, insights, and best practices in the field of cybersecurity. The cornerstone of our event portfolio is the ISMG Global Summit Series. These summits take place both virtually and in-person, offering participants a diverse range of topics to explore. In addition to our Global Summit Series, ISMG Events hosts exclusive Executive Roundtables and Custom events.

Our Press Releases

Nullcon 2026 Launches ‘Day Zero’ Forum, Connecting Exploit Research to C-Suite Strategy

C-suite and Policymakers Converge at Nullcon 2026 as Demand for Hands-on Trainings Increases Amid AI-Driven Risk Debates Princeton, NJ – Nullcon, Asia’s largest and longest-running hacking and cybersecurity conference and training, returns for its 16th edition with the debut of “Day Zero,” a new executive forum designed to connect exploit research and C-suite strategy and […]

Read more

Nullcon 2026 Introduces ‘Day Zero’ to Bridge Cybersecurity Research and Boardroom Cyber Strategy

Senior Government Officials, Enterprise CISOs and National Cyber Leaders to Convene at Nullcon Goa 2026’s Inaugural Leadership Forum Princeton, NJ – Nullcon, Asia’s largest hacking and cybersecurity conference, is expanding its 16th edition with the launch of Day Zero, an invite-only leadership forum scheduled for Feb. 27 at BITS Pilani, Goa Campus, ahead of the […]

Read more

ISMG-GISEC Partnership to Amplify Middle East Cybersecurity Leadership on the Global Stage

ISMG.Studio’s On-Site Production to Deliver Executive Interviews and Regional Cyber Intelligence to Global Audience Princeton, NJ – ISMG, a global media organization focused on cybersecurity, IT, OT and artificial intelligence, has been named an official media partner for the 15th edition of the upcoming Gulf Information Security Expo & Conference. GISEC – organized and managed […]

Read more
View More