DefenseML 2025

Advanced Persistent Threats (APTs) operate through sequences of subtle, strategic actions that unfold over time. To defend against them, organizations must think like attackers. This talk introduces a novel approach: using Large Language Models trained to model attacker behavior as sequences of atomic actions expressed in natural language. These models don’t just simulate attacks, they understand and deconstruct them.

We demonstrate how these LLMs can project attacker actions onto the live organizational context, aligning modeled behavior with real-time system configurations, logs, and network structures. By bridging the gap between theoretical attack chains and actual enterprise environments, we unlock a new capability: automated mapping of potential threats, tailored to each organization’s unique digital footprint.

Disconnected cloud solutions provide unique advantages over traditional approaches, enabling organizations to meet strict requirements without compromising agility. In this session, we will show how integrating advanced AI and data processing capabilities unlocks smarter decision-making and operational efficiency.

The AI landscape is undergoing a huge shift, and we have now entered the era of Physical AI. A defining characteristic of Physical AI is that instead of just doing things, machines are now able to reason about things.  Multimodal Large Language Models are a cornerstone of Physical AI.  LLMs enable machines to interact with the physical world and make real-time decisions.

Effective Physical AI solutions require state-of-the-art silicon and software.  The silicon must be able to execute LLMs with both high performance and low power consumption, and the software must be able to support the ever-changing landscape of LLMs.  In this presentation, I will discuss how SiMa’s state-of-the-art silicon and software stack are ideally suited for Physical AI applications.

Data science can become a highly competitive field, especially when applied to defense challenges. Since 2018, we have developed, executed, and managed the MAFAT Challenge, a series of data science competitions addressing real-world problems in domains such as radar signal processing, computer vision, and natural language processing. More than 3,000 participants have taken part in 6 competitions, with total prizes exceeding $250K.

In this talk, we will share the main lessons learned from managing these challenges—highlighting what architectures and methodologies worked, what didn’t, and how these insights can inform the design of future solutions.

Advances in AI are unlocking powerful capabilities for defense applications, but the sensitive nature of the data powering these models raises significant concerns regarding security and privacy. Homomorphic Encryption (HE) offers a promising solution by enabling computation directly on encrypted data, ensuring information remains protected throughout processing. In this talk, we will introduce the fundamentals of HE and its role in enabling secure AI processing, highlight the unique challenges of adapting transformer-based deep learning models to operate efficiently under HE, and present recent innovations addressing these obstacles. We will illustrate the potential through a defense-relevant scenario: encrypted suspect detection in surveillance footage, where the system can identify persons of interest without ever revealing the underlying images. This approach could pave the way for secure, privacy-preserving AI in future defense systems.

As AI revolutionizes how we write, code, and communicate, visual data remains the final frontier. Every day, billions of images and videos are generated, but lack the tools to search, analyze, and act on them efficiently. Visual Layer is building the default AI-native environment for visual data, combining multimodal understanding, natural language prompts, and agent-based automation into a unified platform. In this session, we’ll share our vision, show real-world examples of rare events found in millions of social videos, and discuss why the shift to multimodal-native workflows is happening now.

AI has become infrastructure. And like the internet or electricity, this infrastructure depends on factories. Today, these “factories” are the systems we build to power AI agents and physical AI. Ofir Zamir, Senior Director of AI Architecture at NVIDIA Israel, will showcase the latest technologies that enable developers to build, optimize, and scale AI agents, covering the full lifecycle from onboarding to fine-tuning to test-time scaling.

Deep Neural Networks (DNNs) are revolutionizing defense and aerospace systems, offering unprecedented capabilities in autonomous navigation, target recognition, and mission planning. However, a critical vulnerability threatens their deployment in safety-critical applications: DNNs can be fooled by imperceptible input modifications, causing catastrophic misclassifications. For example, adding carefully crafted noise invisible to human eyes can cause an aircraft recognition system to mistake a military jet for a civilian plane—a failure that could have devastating consequences.

Current certification standards, developed for traditional software, cannot address this unique challenge of neural networks. In aerospace environments where a single wrong decision can compromise missions or endanger lives, we need new approaches to ensure AI reliability.

This presentation introduces DEM (DNN Enable Monitor), a groundbreaking runtime verification system that analyzes input trustworthiness in real time, delivering reliability assessments in under one second. DEM focuses on individual predictions rather than attempting to certify entire networks. When the system makes a prediction, DEM rapidly tests how stable that prediction remains under slight perturbations. Stable predictions are automatically certified as reliable, while unstable ones are flagged for immediate human expert review.

This real-time capability makes DEM uniquely suited for operational defense environments where split-second decisions are critical. Our evaluation demonstrated exceptional performance, with over 90% success in identifying unreliable predictions across multiple scenarios. DEM operates without access to AI systems' internal workings, making it universally applicable across all defense platforms.

DEM enables the safe deployment of AI in mission-critical applications by providing mathematical guarantees about prediction reliability within operational timeframes. This breakthrough positions Israel as a leader in trustworthy AI for national security, bridging the gap between cutting-edge AI capabilities and the safety requirements of defense systems.

Building an MLOps platform for top-secret data and diverse client needs means balancing security with flexibility.

It must operate in air-gapped, classified environments with zero external dependencies.

At the same time, it must support varied workflows, tools, and data types, from deep learning to real-time inference.

The platform must be modular, self-service, and adaptable to every project's unique requirements.

This dual challenge demands a secure, composable, and resource-aware MLOps foundation built for mission-critical AI.

Imagine you are asking your agent to handle a simple request you received through a bug report, and unknowingly opening doors across your company's entire digital infrastructure.

This unsettling scenario is no longer hypothetical, it is the reality revealed by our recent research into the rapid growth of agentic AI platforms, such as multi-agent control frameworks (MCPs) and AI-powered browsers.

Meet IdentityMesh, a critical vulnerability in these advanced AI systems. At its core, IdentityMesh collapses the boundaries between multiple distinct user identities, merging them into a single "operational entity." The result? A seemingly innocent action in one area, where a single click can unleash unauthorized activities across completely unrelated systems. Alarmingly, in one real-world scenario, an attacker’s crafted message submitted via a benign “Contact Us” form triggered hidden actions in Slack, GitHub, email platforms, and more, completely without user intent or detection.

IdentityMesh isn’t confined to open or external environments; even closed, supposedly secure internal networks are vulnerable. In these trusted environments, agentic systems can silently bridge segregated domains, enabling stealthy lateral movement that evades conventional security measures. The repercussions are severe: unauthorized access, untraceable malware propagation, and covert manipulation of internal workflows become not just possible, but trivial.

This session will unravel the story of IdentityMesh, exploring how a subtle flaw in AI architecture can transform ordinary users into unwitting agents of malicious intent.

Detecting malicious behavior in forensic text artifacts is a challenging task, particularly when dealing with long or noisy datasets. In this talk, we present our methods for leveraging Large Language Models (LLMs) to parse and analyze forensic text artifacts. We discuss our approach to model selection, evaluation strategies, and the challenges of tokenization, highlighting how we address these issues to advance forensic analysis of malicious activity.