Live from The Midway: Day-One Dispatch from the Autonomous Future Summit 2026
The Autonomous Future Summit kicks off today in San Francisco. Here's our on-the-ground dispatch from The Midway — the demos that landed, the conversations we're pulling into the hallway, and the security questions the mainstage keeps skipping.

Doors opened this morning at The Midway in San Francisco for the Autonomous Future Summit 2026 — the day the robotics and physical-AI ecosystem we previewed two weeks ago actually shows up in a single room. This is our live day-one dispatch: what we saw between keynotes, what the hallway conversations sound like, and where the security story keeps quietly surfacing next to the demos.
The tone this year is different from 2025. Last year the pitch was capability — look what our robot can do. This year the pitch is deployment — look how many of them are running, and how few humans are in the loop. That shift is the entire security story compressed into one sentence.
The mainstage: from research posters to production roadmaps
The opening block set the frame. Deepak Pathak (Skild AI) walked through fleet-scale evaluation of a general-purpose robot foundation model across five form factors — the same weights, different bodies, converging on comparable success rates within days of adaptation. Jamie Shotton (Wayve) followed with an end-to-end learned-driving update grounded in production miles, not simulator hours. Shayegan Omidshafiei (FieldAI) closed the block with off-road autonomy that has stopped apologizing for being learned rather than engineered.
Three talks, one message: the model *is* the product now, and the model is shipping.
What the demo floor is actually showing
Between the mainstage sessions, the demo alley is where the real conversations happen. A few threads from the first half of the day:
- Dexterity and Machina Labs running side-by-side manipulation demos on the same SKUs — one bin-picking, one metal-forming — and both quietly acknowledging the same operator-copilot stack behind the dashboard.
- Symbotic and GreyOrange demoing warehouse orchestration with LLM-summarized incident feeds. The summaries are impressive. The provenance of what feeds those summaries is not on the slide.
- Bear Robotics and Serve Robotics with front-of-house units taking natural-language instructions from staff. Fun on the floor; a wide-open indirect-injection surface in a restaurant.
- Kodiak, Torc, Bot Auto and Bedrock Robotics in a shared freight-autonomy corner, comparing safety-case evidence pipelines. This is the most mature conversation of the show and the one regulators should be listening to.

The hallway consensus (so far)
By lunch, three themes had cemented in the coffee line:
1. Fleet-scale is here; fleet-scale security is not
Every operator we spoke with is past the pilot phase. Nobody we spoke with has a dedicated red-team budget for the models running those fleets. The gap is not a lack of awareness — it is a lack of anyone whose job title makes them responsible.
2. Operator copilots are the new perimeter
The LLM sitting next to the dashboard — reading tickets, PDFs, vendor advisories, DSO messages — is the single most under-defended component of every stack we saw this morning. Indirect prompt injection is not a research toy on this floor; it is the shortest path from an email attachment to a moving actuator.
3. Regulators are further along than the show admits
The freight-autonomy corner is quietly preparing evidence for NHTSA's AV safety-case framework, EU AI Act Article 15, and ISO/SAE 21434 audits at the same time. If you are shipping physical AI and you are not preparing that evidence in parallel with the model, you are already behind.
Five questions we're asking every booth today
If you're on the floor with us, steal these:
- Which model artifacts in your perception, planning and control paths come from third parties, and when did you last verify their hashes?
- What is the trust boundary between your operator-facing LLM and the motion-control network?
- Where do you log every model decision that reaches an actuator, and who can read that log?
- What is your evaluation cadence for fine-tuned policies deployed into the fleet?
- Which of your evidence artifacts would survive an ISO/SAE 21434 or EU AI Act Article 12 audit today, unchanged?
If a vendor cannot answer three of these five without checking with engineering, that is the answer.
What we're watching this afternoon
The afternoon block runs the investor track (Khosla Ventures, DCVC), the manipulation deep-dive (Dexterity, Machina Labs), and the fleet-operations panel (Symbotic, GreyOrange, Simbe, Bear). We'll be in the manipulation deep-dive and the fleet-ops panel — the two rooms where the security questions are hardest to dodge.
Expect a follow-up dispatch tomorrow with the sessions that actually moved our threat model, and a longer write-up next week with the vendor conversations we can name.
Come find us
If you're building perception, planning, manipulation, logistics autonomy, off-road, or fleet operations — and you want to compare notes on the security layer around what you're shipping — we're the ones near the coffee cart asking uncomfortable questions about your model supply chain. Say hi.

