DeepSec 2026 Review: AI, Training, Tools, GitHub, Login, User Experience and FAQs

DeepSec Review in 2026: A Closer Look

DeepSec, often written as DeepSec IDSC, is an in depth security conference that has been running annually in Vienna since 2007. The brand positions itself as non vendor biased, which is rare in a space where most events feel like marketing showcases for the latest endpoint detection tool. The organisers describe their goal as facts not ads, and the program reflects that posture more often than not.

In 2026 the conference covers four full days. The first two are dedicated to hands on trainings, and the final two are for talks and panels. The format is straightforward, the sessions run 45 minutes plus 5 minutes for questions, and the trainings stretch from 09:30 to 18:30 on both days. For anyone who has sat through fluffy keynote heavy events, the structure feels refreshingly serious.

That said, the conference is not without its limits. The venue capacity is modest by global standards, the website is dated, and several attendees we reviewed feedback from felt that the program leans heavily on returning speakers. We will get into all of that. Our overall rating sits at 3.0 out of 5.0, which reflects strong content paired with weaker accessibility and digital experience.

AI at DeepSec 2026

Artificial intelligence is everywhere in cybersecurity right now, and DeepSec has not ignored the shift. The 2026 call for papers explicitly asks contributors to share use cases for large language models, both for defence and for attack. That phrasing matters. A lot of conferences treat AI as a buzzword to slap on a panel title, but DeepSec is pushing speakers to bring real research.

Topics that have surfaced in recent editions and are expected again in 2026 include prompt injection in production systems, adversarial machine learning, post quantum cryptography assisted by AI, and the use of LLMs in red team automation. The organisers have also flagged the geopolitical context, asking how teams are adapting to a constantly shifting threat landscape where AI tools accelerate both sides.

Our take is that DeepSec is solid on AI substance but light on AI spectacle. If you want flashy demos and big name AI vendor keynotes, you will not find them here. If you want grounded talks from people who actually broke or built something, you will probably leave satisfied.

DeepSec Training Programs

Training is one of the strongest pillars of the DeepSec brand. Each session runs for two full days, includes lunch and coffee breaks, and requires a minimum of five participants to run. The instructors are drawn from working practitioners, not full time trainers, which gives the courses a battle tested feel.

Recent and upcoming training topics include full stack attacks against web applications, threat modeling, eCrime intelligence, covert entry against mechanical and electronic locks, mobile penetration testing for Android and iOS, and red team tradecraft using benign file formats. The covert entry course in particular, delivered by Red Team Alliance instructors, has earned praise for being one of the more unique offerings in the European conference circuit.

Where DeepSec stumbles is on price transparency and remote access. Trainings are not cheap, and the booking flow requires you to email the team for some packages. A live virtual option is limited compared to what other global events offer. For an attendee flying in from outside Europe, the cost stack can be steep.

Tools and Research Showcased

DeepSec talks tend to drop new tools or new variations of existing tools on a regular basis. The 2025 edition featured an open source GitHub security posture scanner from Sina Yazdanmehr and Hugo Baccino, and the team has signalled plans to extend that tool to GitLab and other platforms in 2026.

Other tool focused talks in recent years have covered information stealer comparison frameworks, JWT abuse across shared signing keys, AWS cloud detection capabilities for log abuse, and offensive tooling for bypassing modern EDR via overlooked file formats. The conference is a good place to spot tools before they trend on security Twitter or Mastodon.

If you are a defender or a red teamer who builds your own tooling, DeepSec is worth the trip for the Hacker's Lounge alone, where demos and informal exchanges happen all day long.

DeepSec and GitHub Presence

People searching for DeepSec on GitHub usually stumble onto a few different things, and it is worth clearing up the confusion. The conference itself does not maintain a heavy public GitHub organisation. Most repositories that come up under the name belong to two separate projects.

DeepSec prover, an academic verification tool for cryptographic protocols hosted at github.com/DeepSec-prover. It is unrelated to the Vienna conference.

Vercel labs deepsec, a security scanner harness for codebases that uses coding agents, hosted at github.com/vercel-labs/deepsec. Also unrelated to the conference.

Speaker repositories, where individual DeepSec presenters drop slides, demo code, or tools after their talks. These live on personal accounts and are usually linked from the official blog post for each talk.

So if you arrived at this review expecting an official DeepSec conference GitHub with curated tools, the reality is messier. Talk slides and code from past editions are scattered across personal repos and the blog at blog.deepsec.net. That fragmentation hurts the brand a little, in our view.

DeepSec Login and Account Access

There is no single DeepSec login portal in the way you might expect from a SaaS platform. The brand uses different access points for different parts of the experience.

Ticket buyers access their order through a Pretix link sent by email after booking. If the link is lost, the Pretix page at pretix.eu/deepsec lets you request a fresh one using the booking email address.

Call for papers submissions are made directly through the deepsec.net/cfp page rather than an account.

DeepINTEL, the sister event, is invitation only and requires a vetting process. There is no self service login for it at all.

This split setup works for organisers but feels clunky for first time attendees. We would expect a brand of this stature to have a unified portal by now. The lack of one is part of why our rating sits where it does.

User Experience: Website, Venue, and Atmosphere

The DeepSec website has a function over form vibe. Navigation is straightforward, the schedule is laid out clearly, and the call for papers page tells you exactly what is expected. There are no aggressive popups, no marketing chatbots, and no email harvesting flows. That alone earns a small bonus in our scoring.

However the design itself looks like it has not changed much in years, the mobile experience is rough on small screens, and important details like training prices sometimes require you to email the team directly. The booking process through Pretix is reliable but feels disconnected from the main brand.

At the venue itself, attendees consistently praise the Renaissance Wien Hotel for its quiet rooms, decent food, and intimate scale. The Hacker's Lounge, where demos and conversations happen between sessions, is a recurring favourite in attendee write ups. Vienna is also a draw in itself, easy to fly into, easy to walk around, and full of post conference dinner options.

If you are coming for content and conversation, the experience is strong. If you are coming for a slick digital journey from registration to follow up, expect some friction.

Our Verdict: 3.0 / 5.0

DeepSec 2026 looks set to deliver on what it has always done well, which is honest technical content in an intimate setting. The AI track is shaping up to be substantive, the trainings remain a high point, and the speaker mix continues to favour novelty over big names.

Our 3.0 rating reflects a balance. The conference earns top marks for content quality, neutrality, and the strength of its training program. It loses points for digital experience, fragmented online presence, pricing transparency, and limited remote access. For European security professionals, particularly those based in or near Austria, it is an easy recommend. For attendees flying in from the US or Asia, the value calculation is tighter.

If you want to compare it to other events, DeepSec sits below the very top tier of global conferences but well above generic regional summits. It is a serious event for serious practitioners, with room to modernise.

Frequently Asked Questions About DeepSec

1. What is DeepSec and who runs it?

DeepSec is an annual in depth security conference held in Vienna, Austria, organised by DeepSec GmbH. It has been running since 2007 and is known for its non vendor biased program covering computer, network, and application security. Co founder René Pfeiffer is one of the long standing figures behind the event.

2. When and where is DeepSec 2026 happening?

DeepSec 2026 takes place from November 17 to 20, 2026 at the Renaissance Wien Hotel in Vienna, Austria. The first two days are reserved for hands on trainings, and the last two days are dedicated to conference talks.

3. How much does a DeepSec 2026 ticket cost?

Early bird conference tickets for the two day talks portion start at around 793 EUR excluding VAT. Business tickets, which include DeepINTEL access, accommodation, and other perks, start at around 2,465 EUR early bird excluding VAT. Training prices vary by course and are often arranged via email.

4. Does DeepSec cover AI security topics?

Yes. The 2026 call for papers specifically invites talks on the use of large language models for both defensive and offensive security. Recent editions have included sessions on prompt injection, adversarial machine learning, post quantum cryptography, and AI assisted red team tooling.

5. Is there an official DeepSec GitHub for tools and slides?

Not in a centralised way. The conference does not run a unified GitHub organisation for talk materials. Speakers typically publish slides and tools on their own repositories, and these are linked from individual talk announcements on blog.deepsec.net. Be careful, the GitHub accounts named DeepSec prover and vercel labs deepsec are unrelated to the Vienna conference.

6. How does DeepSec login or account access work?

There is no single DeepSec login portal. Tickets are managed through Pretix at pretix.eu/deepsec, and order links are sent by email. The call for papers uses a separate submission page on deepsec.net. DeepINTEL access is invitation only and uses a vetting process rather than self service registration.

7. What kind of trainings are offered at DeepSec 2026?

Trainings are two day deep dives. Recent topics include full stack web application attacks, threat modeling, eCrime intelligence, covert entry against mechanical and electronic locks, mobile penetration testing for Android and iOS, and stealthy red team tradecraft. Each course needs a minimum of five participants to run.

8. Is DeepSec worth attending compared to bigger conferences?

It depends on what you want. DeepSec is smaller and more intimate than events like Black Hat or DEF CON, with a stronger focus on novelty and honest research over vendor showcases. If you value direct access to speakers, a single track style, and serious training, it is worth the trip. If you want a giant expo floor and celebrity keynotes, you will be happier elsewhere.

9. Does DeepSec offer remote or virtual attendance?

Limited. The conference has experimented with live streaming for some editions, but the main experience is firmly in person. Most trainings are not delivered remotely, and the Hacker's Lounge networking value really only exists on site.

10. How can I submit a talk or training to DeepSec?

Submissions go through the call for papers form at deepsec.net/cfp. The deadline for the 2026 edition was July 31, 2026 at 23:59 CEST, though late submissions are sometimes considered to fill remaining slots. The program committee evaluates entries based on novelty, quality, and impact rather than speaker pedigree.