Agenda

Presentations already confirmed include:


►Conformity Will Not Save You: AI Risk Beyond the EU AI Act

Geoffrey Taylor, Information Security Officer, Nordea Asset Management

Your assessment said Low Risk. Is it really?

  • The EU AI Act requires organisations to classify their AI systems and demonstrate conformity. Conformity is similar to compliance — it is binary, a yes or a no at a point in time. It cannot calibrate impact when the unexpected occurs.
  • On 24 April 2026, an AI agent deleted an entire company's production database in nine seconds. It was running the best model available, configured with explicit safety rules. When asked to explain itself, it produced a written confession: "I violated every principle I was given."
  • This session applies the Assume. Design. Test. framework to AI governance — shifting the question from "are we compliant?" to "how could we be impacted?" — and gives attendees a practical lens for assessing where their governance ends and their exposure begins.

►Actions Speak Louder Than Tokens: Treating Frontier AI Agents as Insider Threats

Matt Adams, Generative AI & Emerging Technology Security, Citi

  • The alignment paradox: today's frontier models score well on macro-alignment — they reliably refuse explicit harmful requests — yet show poor micro-alignment, autonomously selecting dangerous methods in pursuit of legitimate goals.
  • A first formal framework adapting CERT's insider-threat dimensions to non-human actors — mapping motivation, opportunity, and capability onto optimisation objectives, tool access, and model capabilities — with a five-category STRIDE-derived taxonomy of agent threats
  • Real-world validation from the March 2026 ROME incident, where a safety-trained agent autonomously mined cryptocurrency, opened SSH tunnels, and probed internal networks during RL training
  • A structural playbook for financial services CISOs: stop assessing intent, monitor action-level telemetry, enforce least-privilege tool binding and ephemeral credentials, and fold AI agents into the insider-threat programs FSIs already run

►Securing Cloud Platforms at Scale

Laura Good, Cloud Security Architect, Lloyds Banking Group

  • Challenging legacy security ways of working that don’t scale with rapid cloud adoption.
  • Creating security approaches that scale across hundreds of internal teams.
  • What it actually takes to move security from a blocker to an enabler in practice.

►Panel Discussion: Customer Data & AI: Control, Exposure, and Proof

Simon Brady, Event Chairman
Sam Hubery, BISO, Fidelity International
Jai Ferguson, AI Regional Lead - Europe, HSBC
Dr Narayan Shiva, CTO and Enterprise Architect, iBANK

  • As organisations adopt AI, where are you seeing customer data most commonly interact with this tool and how are you improving visibility over time?
  • What controls or approaches are proving most effective in practice for preventing customer data being exposed to AI tools — and where are you still seeing challenges?
  • Are you allowing any use of third-party or public AI tools (like ChatGPT) with customer data and what specific safeguards make that acceptable?
  • Can you demonstrate that customer data is properly controlled within AI systems?

►Rise of Autonomous Attacks (Live Mythos-Style Hack)

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

  • See how autonomous AI agents are now running the recon and exploitation phases of real-world attacks. and what that means for boards, CISOs, and red teams in 2026.
  • A first-hand look at how agentic offensive AI works in practice, driven by intent, not step-by-step instruction.
  • See AI agent run reconnaissance against a controlled target, identify exploitable assets, and demonstrate the early stages of a kill chain in real time.
  • A walk through real-world findings from recent engagements including critical vulnerabilities discovered by AI agents that automated scanners (Tenable, Qualys, Nessus) had missed for over 18 years.
  • What defenders need to know: why traditional, control-based security models are structurally insufficient against goal-driven autonomous attackers, and the three specific actions every CISO should be taking before this becomes the default attacker model.

►Quantum Is Coming. Financial Services Can’t Afford to Wait

Will Collinson, Technical Director - Cryptography, HSBC

  • Discover why the quantum threat to today’s cryptography is closer and more disruptive than many realise
  • Hear what’s at stake for financial services as quantum computing reshapes the cybersecurity landscape
  • Join the call for industry-wide collaboration to tackle one of cybersecurity’s biggest ever challenges before the clock runs out
  • Learn what you can do today (or already should be doing) to reduce your risk

►Trust, Then Autonomy: Evaluating Agentic AI in Financial Services Institutions

Chris Vaughan, Solution Engineer, Sublime Security

  • The financial sector faces unique risks from AI security tools that can't be explained or audited, with regulations like DORA, FCA resilience requirements, and SR 11-7 making ungovernable AI a compliance liability, not just an operational one.
  • Correctly measuring and categorising AI autonomy is critical; a practical framework built around transparency, explainability, and auditability is needed to evaluate agentic AI against both security and regulatory standards.
  •  Security and risk teams should leave equipped with the right questions to cut through vendor hype, understand model risk management in practice, and distinguish genuine autonomous AI capability from buzzword-driven marketing.

►The Evidence Game: Proving cyber resilience without slowing the business

Alan Simpson, UK and Ireland Field CISO, Rapid7

  • Financial services organisations have invested heavily in cyber visibility, yet many still rely on screenshots, spreadsheets and manual evidence gathering when scrutiny arrives. 
  • This session explores how existing security, identity, vulnerability, and service management data can be turned into trusted evidence for audits, regulators, boards and risk committees. 
  • Using practical examples, it will show how cyber teams can prove resilience, reduce disruption for IT, and respond with confidence when pressure increases.

Education seminars


The Identity Gap: Closing what AI opened in financial services


Mario Platt, Vice President, CISO, LastPass

This thought-provoking session will challenge assumptions around existing security strategies, revealing how the rapid rise of AI tools, agents, and non-human identities is outpacing traditional controls like MFA and IAM. Through compelling data, real-world case studies, and practical guidance, attendees will gain fresh insight into managing credential sprawl, securing AI-driven environments, and meeting evolving regulatory expectations, equipping them to move beyond the illusion of security and build truly resilient, identity-first protection.

Attendees will learn:

  • How to manage credential sprawl
  • Secure AI-driven environments
  • Meet evolving regulatory expectations
  • How to move beyond the illusions of security and build truly resilient, identity-first protection

Securing the Invisible - AD NHI Discovery and Protection


Kev Smith, EMEA Principal Engineer, Silverfort

Service accounts are one of the most overlooked areas in identity security. They operate continuously in the background, connecting applications and running automated processes across your environment - often with elevated privileges and no human owner actively managing them. This is even more prevalent with frontier models like Mythos leveraging such identities.

That's exactly the problem Silverfort was built to solve. Full discovery, behavioural baselining, and real-time enforcement - across your entire environment.

Attendees will learn:

  • Discovery and runtime access protection for service accounts is a critical capability for any IAM team operating at scale.
  • Know what you have - discover and prioritise your highest risk service accounts before they become a problem.
  • Get to control fast - no agents, no schema changes, no lengthy deployment; protection that fits around your environment, not the other way round.

Third party compromise - attacks through the suppliers, code and pipelines you already trust


Oliver Livesy, Red team specialist, WorkNest

Organisations increasingly face threat actors who bypass perimeter defences entirely by targeting the third-party suppliers, software libraries, and CI/CD pipelines that already hold trusted access to their environments. This presentation explores how attackers exploit these relationships to achieve high-impact compromises, examining why financial entities are prime targets, the methods adversaries use, and the defensive considerations organisations should be aware of, including how red team engagements can be leveraged as a practical tool for identifying and stress-testing supply chain exposure before a real attacker does.

Attendees will learn:

  • How attackers exploit these relationships to achieve high-impact compromises
  • Why financial entities are prime targets and the methods adversaries use
  • The defensive considerations organisations should be aware of, including how red team engagements can be leveraged as a practical tool