Agenda

AI vs AI: Navigating the New Era of the Cyber Battlefield

Céleste Manenc, Corporate Sales Engineer, CrowdStrike

Artificial intelligence is changing the pace and scale of cyber operations. Adversaries are using AI to accelerate reconnaissance, automate intrusion paths, and exploit weaknesses faster than traditional defenses can respond. In this session, CrowdStrike shares frontline insight into how this shift is unfolding across the global threat landscape. We examine how threat actors are applying AI today and what effective, AI-native defence looks like in practice. The discussion focuses on practical decision-making, resilience, and how organisations can apply AI with discipline to stay ahead as adversaries continue to evolve.

Attendees will learn:

• How AI is being operationalised by modern adversaries
• Where AI delivers real advantage in detection and response
• What defines an effective AI-native security approach
• How to combine machine intelligence and human expertise to reduce risk

BeyondTrust Anatomy of a Crisis: Dissecting the 2025 UK Retail Attacks Through a Zero Trust Lens

Chris Butchart, Senior Solutions Engineer, BeyondTrust

In Spring 2025, Scattered Spider brought three of the UK's largest retailers to their knees in just ten days. M&S lost £300m in profit impact, Co-op exposed 6.5 million customer records. Yet the attack chain relied on techniques we've known about for years: helpdesk social engineering, SIM swapping, and abuse of legitimate remote access tools. This seminar dissects the attacks stage by stage. We will examine what went wrong, what Co-op did right to limit damage, and how the same framework applies as much to securing the AI agents as it does people.

Attendees will learn:

• How Scattered Spider's attack chain exploited identity weaknesses at every stage, from initial access to ransomware deployment
• How the NSA mandates PAM as a Phase One foundational control, not an advanced capability in their Zero Trust Implementation Guideline
• Real-life examples of how early detection, rapid containment, and identity centric controls can dramatically reduce recovery time and business impact — and why delays in spotting credential based attacks lead to exponentially greater disruption

Rethinking Access, Securing the Tools and Devices You Don’t Control

Andy Mayle, Senior Manager, Solutions Engineer, 1Password

How do you offboard someone from an app you didn’t know they used? Or secure a device you don’t manage? In a world of AI agents, shadow IT, and hybrid work, traditional access tools fall short. This session explores how access security must evolve, so you can govern AI, protect unmanaged tools and devices, and empower work without holding teams back.

Attendees will learn:

• Where access security fails in the age of AI agents, shadow IT, and hybrid work
• How to regain visibility and control over apps, tools, and devices you don’t own or manage
• Practical approaches to securing access without slowing teams or blocking innovation

From Hype to Advantage: Operationalizing AI in the Modern SOC

Carlo Minassian, Founder & CEO, LMNTRIX

AI in cybersecurity is everywhere right now. Copilots, assistants, auto-everything. But here’s the thing. Most of it is still surface-level automation dressed up as intelligence. This session cuts through the hype and shows what real, operational AI looks like inside a modern SOC. Carlo Minassian, Founder and CEO of LMNTRIX, shares how an agentic AI approach is being used in production to investigate alerts, reason across telemetry, and execute response actions with humans in the loop. Instead of adding another dashboard or chatbot, LMNTRIX built AI directly into the detection and response workflow.

Attendees will see a live demonstration of Artemis, an autonomous investigation engine that correlates signals across endpoint, identity, cloud, and network, and LISA, a conversational security assistant that explains incidents, recommends actions, and collaborates with analysts in real time via chat and console. The talk walks through what AI is genuinely good at today, where expectations are unrealistic, and how CISOs can apply AI safely and pragmatically to reduce noise, speed investigations, and improve resilience without losing control or transparency. If you care about measurable outcomes like faster investigations, fewer false positives, and less analyst burnout, this session shows what works and what to ignore.

No theory. No slideware. Just real-world AI for cyber defence, demonstrated live.

Attendees will learn:

• How agentic AI can autonomously triage, investigate, and respond to threats across multiple security layers
• A live walkthrough of Artemis and LISA handling real alerts end to end
• Practical guidance on where GenAI adds value in the SOC and where it doesn’t
• How to reduce Tier-1 workload, cut noise, and materially improve MTTD and MTTR without adding more tools

The 2026 Attackers playbook: Hacking Trust

Tom Rossdale, Sales Engineer Director, Varonis

Attackers are no longer just hacking systems. They are hacking trust - exploiting human relationships and digital identities to gain access and move undetected. In this 2026 planning session, Tom Rossdale will walk you through the entire attack journey, from the first phishing email to the final payload. He’ll share real-world examples of the attack techniques we encounter every day, and show you how to stay one step ahead.

Attendees will learn:

• How phishing and social engineering open the door for attackers 
• How AI is powering smarter, faster, more personalized attacks
• A detailed walkthrough of the full attack chain
• What’s changed since the last Attacker’s Playbook and what to expect in

The Impact of AI on Application Risk: From Prevention to Control

John Wood, EMEA Sales Director, Contrast Security

AI is accelerating software development beyond the pace traditional security models were designed for. AI-assisted coding increases speed and productivity, but it also changes how vulnerabilities enter applications. Code is generated and modified at scale, often without deep review of every dependency or execution path. The development system has changed - security models built for slower cycles are under strain. Attackers are evolving just as quickly. AI enables faster discovery of weaknesses, quicker adaptation of exploits and lowers the skill required to launch effective attacks. The window between vulnerability introduction and exploitation is shrinking. Relying solely on pre-production controls is no longer realistic.

Vulnerabilities in production are not exceptions - they are inevitable. The strategic question is not how to eliminate every flaw before release, but how to manage risk once software is live. That requires a shift from prevention as the primary control to visibility, containment and response in production. SAST, DAST and secure coding remain essential. But they must be complemented by production-aware controls that distinguish theoretical risk from real, reachable and exploited behaviour. In an AI-accelerated world, resilience depends on understanding what is happening inside running applications - and acting accordingly.

Attendees will learn:

• AI accelerates both delivery and vulnerability discovery
• Pre-production security is necessary but insufficient on its own
• Vulnerabilities in production should be assumed
• Effective risk management requires visibility and control inside live applications

Harnessing the OODA Loop: Elevating Cyber Defence with AI

Andrew Yeates, Senior Sales Engineer, Illumio

Threat actors are more focused than ever on exploiting artificial intelligence to speed up their attacks and improve their effectiveness, fundamentally altering the dynamics of cyber defence. In this context, the principles of Colonel John Boyd’s OODA Loop Observe, Orient, Decide, Act are more relevant than ever, particularly when AI is applied to outpace adversaries operating at machine speed. This discussion explores how Illumio uses AI driven analytics to operationalise the OODA Loop, enabling organisations to detect, understand, and respond to threats faster than human led processes alone can achieve.

Attendees will learn:

• The new risks of pervasive AI in todays world
• Considerations for an effective AI enabled defence-in-depth strategy
• How to use AI to stay ahead of AI driven adversaries

On the Front Lines of AI Powered Email Attacks: Stories from Security Leaders

Mick Leach, Field CISO, AbnormalAI

Security teams are seeing a rise in highly tailored phishing and business email compromise attacks that look and feel like genuine business communication. In this session, you will hear directly from security leaders on the front lines—the tactics attackers are using, where traditional tools and manual reviews are falling short, and what ultimately forced them to rethink their approach to email security. They will share the actions they have taken, from securing executive and board buy-in to rolling out defensive AI, tuning policies, and measuring impact. You will walk away with clear, real-world examples of what “good” looks like and practical steps you can take to defend your organisation against AI-powered email threats.

Attendees will learn:

• What can you learn from how AI-powered attacks are hitting peers today? Hear customers walk through real phishing, BEC, and vendor fraud attempts that slipped past legacy tools and looked like everyday business email
• How do you know it’s time to change your email security strategy? Learn what inflection points pushed our customers to act, and how they built the business case, aligned executives and the board, and shifted from manual review to AI-driven detection and response
• What would a practical roadmap to defensive AI look like in your organisation? Leave with a clear, customer-tested blueprint—from first steps and quick wins to tuning policies, measuring success, and strengthening resilience while reducing analyst workload

Your Perimeter is on the Front Lines: Attack Surface Reduction as a Primary Defence

Dan Andrew, Head of Security, Intruder

This education seminar will provide a deep-dive into core concepts and practical recommendations for Attack Surface Management (ASM) and Asset Discovery. Your perimeter is on the front line, and good patch management alone is not enough to protect it. You should leave this session with a better idea of how to blend ASM and Asset Discovery with Patch Management for a robust exposure management process. We will run through examples of attack surface risks, real-world vulnerabilities affecting internet exposed tech, and why implementing an ASM process is critical alongside patch management. It may be tempting to fall back on just patching your biggest *known* threats, but some of the biggest risks are vulnerabilities that are not yet publicly known. These threats do not have a CVSS score, and attack surface management is your primary defence. Learn how to future-proof your perimeter.

Asset Discovery is also an essential part of managing your attack surface. Keeping track of your internet exposed IPs and domains is far from trivial, and cloud environments in particular make this challenge harder. Losing track of some of your assets is no longer an embarrassing mistake - it's an unavoidable reality. We will show some examples of how this happens, and give a practical approach to asset discovery which helps you keep track, and avoid systems slipping outside of your exposure management process entirely.

Attendees will learn:

• Integrating Attack Surface Management into your Patch Management process - defining ASM as a Primary Defence that's proactive, not reactive
• Prioritisation considerations and why Informational risks are Criticals waiting to happen. Why not all 'Criticals' are equal, and why CVSS is not king
• The importance of Asset Discovery to find Shadow IT and build a realistic view of your Attack Surface. Practical recommendations on how to approach this

Building Cyber Resilience for the AI Era

Commvault

The cyber-attack surface is evolving exponentially. AI-powered threats are exploiting vulnerabilities faster than ever, while cloud-first architectures have created new exposure points demanding fresh protection strategies. The question isn't if your organisation will face an attack—it's when. Will your data be protected? Can your business recover? Join Commvault as we explore the modern threat landscape and demonstrate why an optimised cyber resilience strategy is imperative.

Attendees will learn:

• How AI is transforming attack velocity and sophistication
• Why cloud-first enterprises must rethink security and recovery
• Practical frameworks for ensuring business continuity when threats become reality
• Real-world lessons from the front lines of enterprise cyber resilience

From Background Noise to Actionable Intel: Harnessing Mass Scanning and Deception for Defence

Dan Strivens, EMEA SE, GreyNoise Intelligence 

This workshop will give participants a fresh perspective and a technical understanding of mass scanning and internet noise, how attackers use those as tools, and how defenders can enhance their perimeter security using data from large scale deception technology, and alongside localised sensor deployments.  Given the scale of attacker infrastructure and the speed at which they can deploy exploits against new vulnerabilities, increasing visibility of potential attacks, and distinguishing between what is generic and what is targeted, is of the utmost importance.

Attendees will learn:

• How to use GreyNoise to filter out background noise and hunt for bad actors
• How trends in vulnerability exploitation can help prioritise mitigation and fixes, as well as early warning signals to new vulnerability disclosures
• The place of deception technology in cyber security

From Awareness Training to Risk Reduction Outcomes: The future of Human Risk Management

James Beary, Global Sales Director, CybSafe

The industry is at a turning point in how it understands and manages human cyber risk. Leading teams are moving beyond awareness training and phishing simulations toward measurable behaviour and real risk outcomes.

Attendees will learn:

• This session explores the forces driving the shift, including the rise of AI, the availability of rich behavioural datasets, the growing importance of scientific evidence and the pressure to automate human risk reduction
• It also challenges a common belief: Many security leaders see themselves as progressive, yet remain anchored in outdated methods that no longer match the threats or the evidence
• This talk provides a roadmap for the future of human-risk management and the steps necessary to lead that change

Shadow AI isn’t (Just) What you Think: How to get Visibility into all AI Usage in the Organisation

David Segev, VP Sales Global Strategic Accounts & International Markets, Layer X

When we say ‘AI,’ most people think ChatGPT. And while ChatGPT remains the world’s most popular AI tool, AI today comes in a variety of forms, including sanctioned and unsanctioned AI assistants, native SaaS apps with built-in AI chatbots, AI browsers, extensions, desktop applications, and more. This session dives deep into the world of ‘shadow’ AI and details its various aspects, including unknown apps, hidden identities, unmonitored data channels, and more, and provides a roadmap on how organisations can gain visibility into AI usage in their organisation and how to eliminate shadow AI.

Attendees will learn:

• AI Sprawl Beyond ChatGPT: The explosion of embedded and native AI across SaaS, browsers, and productivity tools.
• The Hidden Identity Problem: Personal accounts, unmanaged tenants, and AI tools operating outside corporate authentication.
• Invisible Data Flows: Sensitive data exposure through AI prompts, uploads, browser-based usage, and shadow integrations.
• Why Traditional Controls Fail: CASB, SWG, and DLP limitations in identifying AI activity.
• Innovation vs. Governance: How to enable AI adoption while maintaining security oversight.
• Gaining Real Visibility: What “full AI visibility” actually means — across apps, identities, and sessions.
• Executive Accountability & Risk Ownership: How CISOs and security leaders should frame AI risk at the board level.

AI is Watching… but Who’s Watching your Data?

Marc Homden, Principal Sales Engineer, Proofpoint
Alex Turner, Senior Sales Engineer, Proofpoint

As AI and agentic AI are embedded across the enterprise, governing how these systems access and interact with your data becomes critical. Join Proofpoint for a live demonstration exploring three core AI data governance challenges. 

Attendees will learn:

• Identifying what AI tools are being used across the business
• Securing and preparing your data for sanctioned AI deployment
• Monitoring AI prompts and interactions to detect data leakage and malicious intent

The Journey to Passwordless: Security, Credentials, and Lifecycle Management

John Gilbert, Director Red Lodge Consulting, OneSpan

As organisations move into 2026, identity continues to sit at the centre of the cyber threat landscape. Despite years of investment in security controls, passwords remain one of the most consistently exploited weaknesses, underpinning phishing attacks, credential theft, and account compromise across sectors. Passwordless authentication has emerged as a central theme in modern identity and access management strategies. Driven by evolving threat patterns, regulatory pressure, and the limitations of traditional authentication methods, many organisations are now rethinking how users and systems are authenticated, and what “strong authentication” should look like in practice.

This session will examine how the transition from password to passwordless plays out within real organisational environments. Attention will be given to the practical and operational considerations involved in introducing passwordless approaches, including integration with existing identity systems, organisational readiness, and the impact on both users and administrators. A key area of discussion will be the lifecycle management of authentication credentials. This includes how credentials are provisioned, distributed, recovered, revoked, and replaced over time, and why these processes become increasingly important as organisations adopt phishing resistant authentication methods, including hardware based credentials. The discussion will also consider environments where passwordless adoption can be more complex, such as shared device use, regulated access models, and high staff turnover workforces. Real world considerations will be used throughout to illustrate how organisations can move incrementally toward passwordless without introducing new security or operational risk. Attendees will leave with a clearer understanding of where passwordless fits within a modern identity strategy, and how to approach the journey from passwords to passwordless in a structured and sustainable way.

Attendees will learn:

• Gain practical insight into transitioning from passwords to passwordless
• Understand how to manage credential lifecycles securely and efficiently
• Learn how to address challenges in complex organisational environments
• Discover how to integrate passwordless into your existing identity strategy
• Leave with a structured, low-risk roadmap for sustainable adoption

The Kill Chain Disruptor: Integrating Human Insights with SOC Tradecraft

Robert FitzSimons, Sales Engineer Manager, Huntress

Most hackers don't break in—they log in, and they’re betting on the fact that you’re too buried in 'alert fatigue' to notice them bypassing your MFA in real-time. Learn how to rise above the noise with round the clock peace of mind.

Attendees will learn:

• Learn how SMBs can achieve a 24/7 SOC
• Understand how the Huntress solution can support organisations of any size
• Hear about real life war stories and how Huntress got involved

Turning the Tide on Ransomware: Preemptive Defence Strategies

Dave Osler, Head of Product, Searchlight Cyber

Ransomware defence is an achievable goal, though the methods required to maintain it have evolved. As the landscape grows more complex, the most effective strategies move beyond reacting to a breach and focus instead on identifying the activities that precede one. By prioritising visibility into the earlier stages of the attack lifecycle, organisations can address risks before they transition into active incidents. In this workshop, Dave Osler will show how ransomware attacks materialise in their earliest stages and how intelligence-led defence strategies can stop them before they begin. Through demonstrations and real-world case studies, attendees will see how threat actors operate and learn practical techniques to regain the upper hand.

By the end of this session, you'll understand how to maintain a continuous view of your attack surface, leverage dark web intelligence to identify threats in their earliest stages, and take decisive action to ensure your organisation isn't an eligible target.

Attendees will learn:

• Early-Stage Threat Detection: From Initial Access Broker posts and forum chatter to exposures in your attack surface
• Acting on Intelligence: Monitoring dark web activity, investigating warning signs, and taking action before an attack materialises
• Preemptive Defence Strategies: Building continuous monitoring workflows that provide real-time visibility into evolving threats

Trust Is Not a Control: Identifying Third-Party Risk with Threat Intelligence

James Allman-Talbot, Head of Threat Intelligence, Quorum Cyber

Your next breach is unlikely to start inside your organisation. It will start with a supplier.

Attackers choose the easiest route to access, and that route increasingly runs through trusted third parties. Yet many organisations still assess supplier risk through questionnaires and compliance scoring that reveal little about real-world threat activity. Security leaders cannot afford this gap.

This session shows how threat intelligence replaces assumption with evidence. By focusing on real attacker behaviour, external exposure, and active targeting, organisations can identify which suppliers genuinely increase risk and which do not. The result is sharper prioritisation, clearer executive conversations, and more defensible decisions. If you are responsible for managing cyber risk, this session will reshape how you approach third-party exposure.

Attendees will learn:

• Understand why third parties remain a leading route for compromise 
• Identify supplier risk using real threat activity rather than self-reported controls 
• Prioritise suppliers based on genuine exposure and attacker interest 
• Strengthen board, procurement, and incident response decisions with threat-led insight 
• Take practical steps to embed threat intelligence into third-party risk management 

The Quantification of Cyber Resilience

Paul Cragg, Chief Technology Officer, NormCyber

2026: The year cyber becomes governable at board level

Finance has ratios.
Operations have KPIs.
Customer performance has NPS.
Cyber has… dashboards.

Boards are increasingly expected to understand cyber risk with the same clarity as financial or operational performance. Yet traffic lights, maturity ratings and tool coverage rarely answer a simple business question: How resilient are we to a serious cyber attack, today? In many organisations that question is hard to answer with confidence. Not because capability is lacking, but because the industry has traditionally optimised for activity and assurance rather than measurable resilience. Meanwhile, risk evolves continuously. Vulnerabilities emerge. Suppliers connect and disconnect. Threat actors adapt. Resilience can drift between periodic assessments while reporting remains static. As regulatory scrutiny intensifies and insurers demand defensible evidence, cyber resilience must become more than a narrative. It requires management information that is trend-based, explainable, and aligned to recognised frameworks.

This session explores a practical question: What would it mean to treat cyber resilience as a board-governable metric? Through practical scenarios and open discussion we will examine. This is not about adding more tools. It is about treating cyber as a material business risk that deserves to be measured with rigour. Because what cannot be measured clearly cannot be governed confidently.

Attendees will learn:

• What a defensible, continuously updated resilience construct must include
• Where existing reporting models add value and where they fall short
• How resilience across people, process and technology can be expressed in a way that informs real decision-making

Beyond Patching: Validating True Cyber Exposure

Korhan Acar, Senior Solution Architect, Picus Security

Security teams deal with thousands of critical CVEs, but not all of them are truly exploitable in real environments. This session uses a real-world case study to demonstrate how exposure validation separates theoretical risk from actual attack paths. By continuously testing security control effectiveness and attacker reachability, organisations can focus on the vulnerabilities that genuinely matter and reduce unnecessary remediation efforts.

Attendees will learn:

• Why CVSS and EPSS scores alone are not enough to prioritize risk
• How security control effectiveness changes real-world exploitability
• How to distinguish theoretical vulnerabilities from true attack paths
• How exposure validation provides an attacker’s-eye view of risk
• How a real case study helped reduce noise and focus remediation on what truly matters

Shadow AI: AppSe Strategies for Finsing and Securing LLM-Driven Apps

Liam D'Amato, Senior Solutions Engineer, Invicti

As organizations embed LLMs to accelerate digital innovation, security teams are often left unaware, creating “shadow AI” risks and new classes of vulnerabilities that traditional testing misses. For most organisations, the challenge isn’t building LLMs, it’s integrating these token-hungry instances securely. In this session, you will learn how to uncover hidden LLM usage and ensure secure development and testing practices that keep AI-enabled financial applications protected.

Attendees will learn:

• How to identify “shadow” LLMs and chatbots using advanced fingerprinting and discovery methods
• Enforce AI-integration hygiene through output sanitisation, prompt hardening, access controls, monitoring, and policy alignment
• Detect and prevent attacks that exploit exposed backend LLM tools, plugins, and integrations

AI Agents Vs GenAI Email Threats: A Practical Playbook

Chris Vaughan, Security Specialist, Sublime Security

With recent research showing 1 in 6 data breaches now involve AI-driven attacks, GenAI has accelerated email threats—making them more targeted, scalable, and fast. This new reality outpaces legacy controls, leaving teams waiting on vendor updates. In this session, we’ll show a modern approach that pairs an always-updated detection feed with controls adaptive to your organization, and you'll see our AI agents—the Autonomous Security Analyst (ASA) and Autonomous Detection Engineer (ADE)—working in tandem to clear user-reported queues and propose new detections from real attacks. With clear rationale behind every decision so your team can trust the automation and act immediately, you’ll steadily improve coverage without vendor support tickets. You’ll leave with a simple rollout checklist and exactly what to measure: catch-rate lift, MTTR/TTM, and noise reduction. 

Attendees will learn:

• How GenAI is reshaping email threats: Learn why AI-driven phishing is more targeted, scalable, and fast, and why legacy, one-size-fits-all controls struggle to keep up.
• How an agentic approach works in practice: Watch how an Autonomous Security Analyst and Autonomous Detection Engineer can triage user-reported emails, investigate real attacks, and generate new detections without vendor tickets.
• And be left with a practical rollout plan: Get a simple checklist and the key metrics to track, including catch-rate lift, MTTR or TTM improvements, and noise reduction across the abuse mailbox.

TPRM Is Broken. Let’s Fix It Together

Risk Ledger

Traditional third-party risk management was built for compliance, not real security outcomes. It relies on static questionnaires, fragmented processes and one-to-one supplier views that fail to reflect how modern supply chains actually operate. In this session, we explore why TPRM struggles to reduce risk in practice and how a collaborative, network-driven approach - connecting people, platforms and processes - helps organisations build trust with suppliers, uncover hidden systemic risks, and strengthen resilience across the entire supply chain.

Can you keep a secret? Do you control your exposed APIs? And why are they the base of automation?

Ketan Pyne, Pre-Sales Consultant for Data Protection, Thales

Every infrastructure automation and orchestration is built on APIs and secrets. Your infrastructure exposes thousands of APIs, that require to be continuously detected and protected to avoid data exposure. The access to the APIs is also secured using secrets. Everyone has secrets. You have passwords. Your applications have authentication tokens. Your AI agents use MCP server API keys. The obvious way to keep a secret is to never share it. But software doesn’t work that way. Come to discover the art of possible in securing your APIs and secrets, built for the future of automation, aligned with OWASP.