// DEF CON 34 · Robotic Hacking Community

Call for
Papers

Robot systems are everywhere. The security research is not. That gap is where you come in. AI and autonomy attacks are our headline area. But if you've broken something in the robot stack, we want to hear about it. ROS 2, DDS, VLM-driven autonomy stacks, sensor pipelines. The attack surface is open. Submit what you found. Talks run 30 or 45 minutes with Q&A, in person, Las Vegas.

Submit Your Research
submissions close June 14, 2026  ·  23:59 PST
// research areas
We invite talks in the following areas. Cross-area submissions are welcome — pick the closest fit.
Headline Area
AI & Autonomy Attacks
VLM/VLA adversarial inputs, LLM prompt injection into task planners, perception manipulation, AI decision-making hijack. If it breaks the robot's brain, it belongs here.
Robot System & Protocol Exploitation
ROS 2 / DDS vulnerabilities, RTPS message tampering, middleware privilege escalation, authentication weaknesses in control frameworks.
Sensor Spoofing & Physical Attacks
LiDAR, camera, IMU spoofing. GPS manipulation on mobile robots. Actuator fault injection. EM/laser side-channel attacks on robot MCUs.
Firmware, Supply Chain & Cloud API
Firmware reverse engineering, OTA update hijacking, 3rd-party SDK vulnerabilities, cloud API abuse, digital twin and fleet management platform attacks.
Simulation Platforms & Defensive Design
Sim-to-real attack transfer in Gazebo, NVIDIA Isaac Sim, or Webots. Secure robot architecture and threat modeling. Runtime anomaly detection on CAN/DDS.
// what we look for
01
Technical depth. New findings.
We prioritize original, first-time research, but we also welcome high-quality work that has been previously published.
02
A working PoC.
Robot security requires proof. Submissions with a live demo or hands-on component get priority. If you can run it in the room, tell us that up front.
03
Specificity on platform.
Name the affected platform: ROS 2, a specific robot SDK, hardware, or cloud service. "General robot vulnerabilities" is not a platform.
04
No sales pitches.
Vendor-neutral research only. Naming a vendor is fine if you found something real. Pitching your product is not a talk.
automatic rejection
// timeline
Now open
Accepting submissions
CFP openSubmit through the form below
June 14, 2026 · 23:59 PST
Submissions closeNo extensions
July 3, 2026
Acceptance notificationsAll submitters notified regardless of outcome
August 6–9, 2026
Speak at Robotic Hacking Community · DEF CON 34

Ready to submit?

Fill out the form. Include everything.

Submit via Google Form

Questions: robotichackingcommunity@proton.me  ·  Talks are recorded and published post-event unless you opt out at submission