Sangyoon (David) Yu, AIM Intelligence
Every frontier model we have been given access to, hardened ones included, was jailbroken. That was tolerable when the worst outcome was a bad answer. It no longer is: AI agents act, and we now see sessions where every individual step passes policy while the session as a whole is the attack. Drawing on daily red-teaming of frontier models and Korea's national AI red-team programs, this talk walks through what the field actually looks like: the lethal trifecta showing up in production agents, MCP as a shared supply-chain attack surface, attacks extending past text into pixels, sound, and robots, and why the economics structurally favor the attacker. On defense, I cover why single-wall guardrails provably cannot hold and what works instead: per-action zero trust in a defense-in-depth lattice. I close with evidence that safety does not transfer across languages and countries, and a replicable public-private model for independent adversarial testing.

Sangyoon (David) Yu is CEO and co-founder of AIM Intelligence, a Korean AI-security company that both attacks and defends AI systems: automated red-teaming that finds vulnerabilities in frontier models and agents, and real-time guardrails that control them in production. His team has published 17 papers at venues including ACL, ICML, ICLR, NeurIPS, CVPR, and Nature, partners with OpenAI on guardrails, and co-runs Korea's national AI red-team programs, working with 15+ enterprises and 7+ government agencies across finance, manufacturing, telecom, and the public sector.
