Detection & Deception Engineering in the Matrix
Bob Rudis, Glenn Thorpe
[un]prompted 2026 — AI Security Practitioner Conference · Day 2 · 1
GreyNoise's adversary engineering team built Orby — an AI-powered threat intelligence analyst that operates over a planetary-scale sensor network generating 22 terabytes of packet captures and 20 million Elasticsearch documents every 90 days. By building a "skill" system that loads domain expertise into the model at runtime, Orby can triage thousands of detection tags, profile novel threat actor infrastructure, and validate its own findings — and it demonstrated all of this live during the talk. ---
AI review
The closing keynote that actually earned the slot. GreyNoise is doing planetary-scale threat intelligence with a small team, 22 terabytes of packet captures per 90 days, and they built the agent that handles it — live during the talk. The skill system, the validator, and the DuckDB-for-analytics-not-the-LLM insight are individually worth flying to San Francisco for.