BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Ainave//Events//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
BEGIN:VEVENT
UID:findevil.devpost.com
DTSTAMP:20260426T124520Z
DTSTART;VALUE=DATE:20260415
DTEND;VALUE=DATE:20260616
SUMMARY:FIND EVIL!
DESCRIPTION:### Overview\nFIND EVIL! is a Devpost hosted hackathon focused on cybersecurity and autonomous incident response. The challenge invites participants to build AI driven defenders that can triage and respond to threats at machine speed using the SANS SIFT Workstation and Protocol SIFT frameworks. The event emphasizes speed\, reliability\, and auditable evidence when AI agents operate on security data. It is an online challenge designed for a broad audience including IR/security professionals\, AI/ML engineers\, students\, and open-source contributors. The goal is to advance autonomous incident response and create reusable tools that help defenders keep pace with attacker capabilities.\n\n### Timeline and format\nThe challenge runs from April 15 to June 15\, 2026. Teams may form up to five people\, though solo participation is allowed. The event offers substantial prizes totaling more than $22\,000 in cash\, plus additional rewards such as SANS Summit passes and related training resources. Registration occurs on Devpost\, with instructions to join the Protocol SIFT Slack and download the SIFT Workstation for evaluation. The schedule includes milestones like starter ideas\, architecture options\, starter resources\, and submission requirements. \n\n### Who should participate\nThe challenge targets a diverse set of contributors who want to push the boundaries of autonomous security tooling. It is suitable for IR/security professionals who want an AI partner to augment incident response\, AI/ML engineers who can apply rapid iteration to real security data\, students and early-career builders seeking practical\, in-demand experience\, and open-source contributors who want to deliver shareable tools that can be adopted by practitioners worldwide. \n\n### The Mission\nParticipants will build autonomous AI agents on the SIFT Workstation\, integrating a broad tool library of 200+ incident response tools. The objective is to connect AI agents to tooling through Protocol SIFT and Model Context Protocol (MCP). While the technology is powerful\, the challenge also acknowledges that AI can hallucinate or misinterpret data\, which is why the event emphasizes self-correcting behavior\, robust evidence handling\, and clear audit trails. The examples provided describe four primary architectural approaches to consider: Direct Agent Extension\, Custom MCP Server\, Multi-Agent Frameworks\, and Alternative Agentic IDEs. Each option has its own strengths\, trade-offs\, and guardrails.\n\n### What to build and how it will be evaluated\nFour main architectural patterns are outlined for participants:\n- Direct Agent Extension (e.g.\, Claude Code\, OpenClaw) to improve agent reasoning and self-correction.\n- Custom MCP Server that exposes structured functions to minimize context overload and ensure data integrity.\n- Multi-Agent Frameworks (AutoGen\, CrewAI\, LangGraph) to coordinate specialized agents and log interactions with timestamps.\n- Alternative Agentic IDEs (Cursor\, Cline\, Aider) for AI-native development environments\, with emphasis on traceability and guardrails.\n\nJudging criteria focus on autonomous execution quality\, IR accuracy\, depth of analysis\, architectural guardrails\, audit trails\, usability\, and documentation. Submissions should include a complete package: code repository\, a demo video\, architecture diagrams\, a written project description\, dataset documentation\, an accuracy report\, and agent execution logs. The contest encourages practical\, reproducible work that can be adopted by the defense community and extended by others in the field.\n\n### Resources and prizes\nParticipants are encouraged to download Protocol SIFT\, join the Protocol SIFT Slack community\, and view starter resources. The competition offers substantial cash prizes and recognition within the cybersecurity and DFIR communities. The event also highlights industry relevance\, including use cases that demonstrate how autonomous agents can triage\, correlate\, and report at scale to protect critical systems.\n\n### FAQs\nGeneral questions cover eligibility\, teamwork size\, data handling practices\, and how to submit. The event aims to be inclusive\, with clear rules and a focus on responsible security research and practical tool development. Details about specific sessions\, mentoring\, and judging procedures are provided on the Devpost and related pages.\n\n### Who benefits\nAnyone interested in advancing autonomous security tooling and learning best practices for building auditable\, self-correcting AI agents will find FIND EVIL! valuable for exploring new architectures\, testing against real world data\, and contributing to a growing ecosystem of security tooling.\nhttps://findevil.devpost.com?ref=ainave
LOCATION:
URL;VALUE=URI:https://findevil.devpost.com?ref=ainave
END:VEVENT
END:VCALENDAR