When M3AAWG gathered for the 67th General Meeting earlier this month in Montréal a sense of urgency was felt throughout the week as the anti-abuse community confronted rapidly evolving threats across AI messaging, Identity, and online safety.
If you didn't make the trip, we're spotlighting some of what you missed as our community came together to build awareness, trust, and stronger relationships to counter these threats.
Rethinking Trust Across AI, Networks, and Software Supply Chains
Xin Qiu, PhD, Head of Security Solutions and PKI Center at Aurora Networks, presented twice. Her first session, titled “From Integrity to Trust: Rethinking Software Supply Chain Security” demonstrated why conventional security practices, which are largely artifact-based at release and point-in-time, must change.
"Today, organizations rely on signatures, SBOMs, and compliance artifacts, but these do not reflect how software actually behaves in operational environments or how risk evolves over time,” Dr. Qiu said.
Dr. Qiu's second presentation, “AI on Both Sides of the Wire: Building Cryptographic Guardrails" shed light on how cryptographic guardrails are designed and anchored upfront, providing trusted identity and integrity.
“Cryptographic guardrails are foundational and meant to complement human-based decision-making, because at machine speed, humans cannot evaluate every interaction or decision point,” Dr. Qiu added.
A New Frontier in Spear Phishing Demands Automated Agentic Defense
Bin Lu, Chief Architect and Principal Engineer at Aegis AI Security, made the case that AI-based spear phishing is reaching new heights of sophistication, rendering traditional email filters and user training less effective. His session, “AI vs. AI: Fighting for Control of the Digital Perimeter,” argued that phishing attacks will reach near perfection, making them much harder for humans to identify.
Despite the challenges ahead, he emphasized that AI-driven defense offers a promising path forward, enabling organizations to detect and respond to threats at a scale impossible through human efforts alone. He also notes:
- The focus must shift to architectural agentic AI models.
- Automated agentic defense scales to defeat polymorphic and zero-day attacks and generalizes across attack mutations. (While occasional retraining to address missed attacks is required, much less retraining than traditional approaches is needed.)
- The role of humans will shift to reviewing agent reasoning, providing feedback, and tuning agentic AI models.
Cybercrime and the Front Lines of Fighting Sextortion
Paul Raffile's keynote address highlighted much of what he's uncovered as a prolific cybercrime investigator. His powerful keynote brought attention to the victims and inner workings of an online sextortion ring called “The Yahoo Boys.”
“The Yahoo Boys are one of the most harmful cybercrime groups out there — and almost no one knows about them,” Paul said.
His presentation highlighted the real-world consequences of cybercrime and the importance of collaboration among industry, law enforcement, and researchers to protect vulnerable users.
AI Chatbots, Children, and the Visibility Problem
Jake Rozran, a data scientist and co-founder of MyDD, a Children's Online Privacy Protection Act (COPPA)-compliant tool built for educating children, brought a sobering look at what happens when millions of kids engage in unsupervised conversations with AI chatbots.
“Jake gave examples of the risks that come with minors using AI, and how quickly the abuse possibilities pile up. Presentations like this keep M3AAWG a step ahead, giving us a lot to think about and discuss in upcoming Committee and SIG calls—which is where our strongest anti-abuse strategies are sparked,” said Alex Brotman, who moderated the discussion and serves as Data & Identity Protection SIG Leader and Program Committee Chair with M3AAWG.
M3AAWG67: By The Numbers
We extend our gratitude to the 280 attendees from 19 different countries, including 58 new attendees who joined us in Montréal. Overall, it was also a strong round of ORTs with 8 proposed outcomes.
M3AAWG67 brought together all four Priority Committees for in-person working sessions to outline road maps for addressing the abuse challenges ahead. If you are a M3AAWG member, please visit the meeting's Presentation Page to access presentations approved by speakers for posting.
See You in Paris
We hope to see you in Paris for our 68th General Meeting, October 26-29, 2026. Stay tuned to this blog and M3AAWG's LinkedIn and Facebook pages for upcoming details. You can submit your proposals here for keynotes, panels, lightning talks, and training sessions. ORT topic submissions are also open for our upcoming meetings. Nominations are now open for the M3AAWG's J.D. Falk Award 2026, and Mary Litynski Award 2027. Submit your J.D. Falk Award nominations by August 10th.