ObjectSecurity will present two sessions on AI security and advanced binary analysis at SCALE 23x, North America’s largest community-run open source conference, taking place March 5–8, 2026 at the Pasadena Convention Center. Both sessions reflect ObjectSecurity’s continued focus on securing real-world systems, where AI models are reused, software is deployed as binaries, and traditional security assumptions no longer hold.
One presentation will be delivered at SunSecCon, co-located with SCALE on March 5–6, and the second will take place as part of the main SCALE conference program.
Poison Once, Compromise Many: How Model Reuse Amplifies AI Vulnerabilities
SunSecCon | March 6, 2026 | 2:00–2:45 PM | Ballroom C
Modern AI development increasingly depends on reused and fine-tuned models rather than training from scratch. While this accelerates deployment, it also introduces an opaque supply chain where vulnerabilities can persist and propagate across generations of models. Attacks such as backdoors, poisoning, and evasion may originate in a base model and silently survive transfer learning, compromising downstream systems that never directly handled malicious data. This session examines how these transferable threats undermine AI reliability across both generative and non-generative systems. Drawing on academic research and real-world examples, ObjectSecurity will break down common inherited attack patterns and present a practical framework for evaluating model provenance, testing for poisoning and backdoors, and understanding which transfer learning workflows are most susceptible to inherited risk.
Beyond Static Analysis: Applying Symbolic Execution to Embedded Linux
SCALE 23x | March 7, 2026 | 2:30–3:30 PM | Room 211
Static Application Security Testing plays a critical role in securing embedded Linux software, but it often struggles with dynamic behavior, complex control flow, and environment-dependent execution. In systems where firmware, drivers, and user-space components interact tightly, these limitations can lead to missed vulnerabilities or noisy results that are difficult to act on. This talk explores how symbolic execution complements static analysis by modeling runtime behavior and exploring multiple execution paths through constraint solving. ObjectSecurity will discuss practical tools, key challenges such as scalability and path explosion, and real embedded Linux examples where symbolic execution uncovered issues that traditional static analysis failed to detect.
