EventsJul 1, 2026 8 min

Preview: The Autonomous Future Summit 2026 in San Francisco — and Why Physical AI Needs a Security Layer

On July 16, 2026, the robotics and physical-AI ecosystem lands at The Midway in San Francisco. We're heading in — here's the agenda we're watching, and how TrendGuru fits into a stack that is quickly moving from pixels to atoms.

Humanoid robot and autonomous mobile robot on a warehouse floor with San Francisco skyline
By TrendGuru Research

On July 16, 2026, a curated slice of the robotics and physical-AI world will spend the day at The Midway in San Francisco for the Autonomous Future Summit — the annual gathering that Autonomous Future Co. positions as the premier conference for robotics founders, investors, and physical-AI builders. Two stages, fifty speakers, and a room deliberately sized so that the person standing next to you at coffee is probably shipping robots into production.

TrendGuru will be on the floor. We're going for the same reason we went to The smarter E in Munich: the fastest-moving parts of the AI stack are also the ones being deployed into the physical world first, and the security layer around them is still being written in real time. Below is a short preview of the agenda we're watching, the companies we're most curious to meet, and where we think the AI-security story fits into a day that's officially about robots.

Why this event, why now

The line between "AI" and "robotics" collapsed sometime in the last twenty-four months. Foundation models for manipulation and locomotion, simulation-first training pipelines, and reinforcement learning at fleet scale have moved from research posters to production roadmaps. Autonomous Future has bet the entire summit on that transition, and the speaker list is the tell:

  • Deepak Pathak (CEO, Skild AI) on general-purpose robot foundation models.
  • Jamie Shotton (Chief Scientist, Wayve) on end-to-end learned driving.
  • Shayegan Omidshafiei (Chief Scientist, FieldAI) on field-robotics autonomy.
  • Samir Menon (CEO, Dexterity) and Ed Mehr (CEO, Machina Labs) on manipulation at industrial scale.
  • James Kuffner (CTO, Symbotic) on warehouse autonomy at Walmart-scale volume.
  • Kanu Gulati (Partner, Khosla Ventures) and the DCVC team on where the capital is actually flowing.

Add operators from Bear Robotics, Serve Robotics, Torc Robotics, Bot Auto, Bedrock Robotics, Dusty Robotics, Built Robotics, GreyOrange, Simbe, Carbon Robotics, Kodiak, Symbotic and Skydio, and the room is — as advertised — the full physical-AI ecosystem in a single venue.

What we're watching for

Three threads run through this year's program, and each one has a security shadow that almost no one is talking about yet.

1. Robot foundation models leave the lab

Skild AI, Field AI and Wayve are all shipping general-purpose learned policies into real hardware. The upside is obvious: one model, many form factors, fast adaptation. The security question is equally obvious once you look for it — a foundation model that controls actuators is a piece of software that can hurt people, and its supply chain (weights, tokenizers, fine-tuning data, evaluation harnesses) needs to be treated with the same rigor as the firmware sitting next to it.

2. Warehouse and logistics autonomy at production scale

Symbotic, GreyOrange, Dexterity, Simbe and Bear Robotics are past pilot phase. They are running fleets. Fleet-scale robotics means fleet-scale telemetry, fleet-scale updates, and — increasingly — fleet-scale LLM copilots for the operators watching the dashboards. Every one of those copilots is an indirect-prompt-injection surface sitting next to a system that moves multi-ton pallets.

3. Autonomous driving, freight, and off-road

Wayve, Kodiak, Torc, Bot Auto, Bedrock and Built Robotics are all shipping autonomy into vehicles that operate outside a cage. The regulatory environment (FMVSS updates, EU AI Act Article 15, the emerging NHTSA framework for AV safety cases) is finally converging on the idea that the model itself is a safety-critical component. We're going to Autonomous Future partly to hear how operators are actually preparing evidence for that.

Robotic hand cradling a glowing security shield
The security layer around physical AI is being written right now — mostly in production, mostly under deadline.

Where TrendGuru fits

TrendGuru does not build robots. We build the intelligence and security layer for the AI systems inside them. Concretely, for teams in this room, that means four things:

  • Model supply-chain assurance. Continuous scanning of every third-party model artifact, tokenizer, and dependency in the perception, planning, and manipulation stack — matched against known-bad hashes, typosquats, and licenses that will not survive a customer's compliance review.
  • Copilot and operator-LLM red-teaming. Structured indirect-injection test suites executed against operator-facing copilots — the ones reading tickets, PDFs, vendor advisories, and DSO messages next to systems that can move real hardware.
  • Runtime behavior monitoring. Anomaly detection on the recommendations and setpoints coming out of learned policies. A quiet drift in derate rates across a fleet is cheaper to catch as data drift than as a warranty dispute.
  • Audit-ready evidence. Immutable logs of every AI decision that touches a physical actuator, mapped to IEC 62443, ISO/SAE 21434, and the EU AI Act Article 12 evidence requirements auditors will start asking for in 2027.
If your model decides where a forklift goes, or when a truck brakes, then that model is part of the safety case. Treat it that way.

Practical: a short checklist if you're shipping physical AI

For robotics OEMs, fleet operators, and physical-AI platform teams — the exact demographic Autonomous Future is built around:

  • Inventory every model in the perception, planning, and control paths. Provider, version, training-data provenance, last evaluation date.
  • Treat any operator-facing LLM as an untrusted-input surface. Tickets, PDFs, vendor advisories and even sensor-derived text can carry indirect prompt injection into a system that moves atoms.
  • Segment the AI runtime from the safety-critical control loop with hardware-enforced boundaries. Do not co-locate an internet-reachable model host with a motion-control network.
  • Log every AI decision that reaches an actuator. Store the log outside the model's reach.
  • Align now with IEC 62443-3-3 SL2+ for the AI runtime, ISO/SAE 21434 for automotive, and treat the EU AI Act Article 15 obligations as a floor.

Come say hi

If you're building in this space — foundation models, perception, planning, manipulation, logistics autonomy, off-road, or fleet operations — and you want to talk about the security layer around what you're shipping, find us at the summit. We'll be the ones asking uncomfortable questions about your model supply chain over the coffee cart.

San Francisco is going to be, in a real sense, a preview of the next decade of physical infrastructure. The autonomy is arriving on schedule. The security layer around the AI that will run it is not — yet. Let's fix that together.
Share this article
Keep Reading

© 2026 TrendGuru AI