This session explores the rapidly evolving intersection of artificial intelligence and cybersecurity, focusing on how AI is reshaping both attack and defense strategies. We will examine critical information security risks, including AI-powered exploit generation, Shadow AI data leaks, and adversarial manipulation of machine learning models. The talk will highlight emerging threats such as AI-enhanced phishing, federated learning vulnerabilities, and deepfake-driven misinformation campaigns. Attendees will gain insights into cutting-edge defensive innovations—from explainable AI and federated threat intelligence to quantum-resilient security architectures—that are redefining the cybersecurity landscape.

SAIST (Static AI-powered Scanning Tool) is an open-source project that scans codebases for vulnerabilities using AI.It supports multiple LLMs, and can scan full codebases, diffs between commits, or even GitHub PRs automatically.The common use cases are:- Scan an entire application's code base with your favourite LLM (OpenAI, Deepseek etc) and get a PDF report- Scan a code change and comment on a pull requestSAIST allows you to control which LLM is used, such as AWS bedrock or Azure OpenAI. This provides you with greater control of your own data sovereignty, whilst giving you industry-leading capabilities.

Tenable Co-CEO Mark Thurmond will address the cybersecurity imperative required to protect ambitious national transformations like Saudi Arabia's Vision 2030. Attendees will hear about the three converging forces creating pressure on today’s security teams, including the weaponization of AI.Thurmond will highlight why organizations are struggling with "managed chaos”, using too many siloed tools and burning out their security teams. He will cover why a fragmented defense is easily exploited by AI-powered adversaries who can automate attacks, making them faster and more sophisticated.Mark will then explain the necessary paradigm shift to preemptive cybersecurity, and why defenses need to transform from fragmented to unified, from static to predictive, and from manual to autonomous.

AI agents are different from regular LLM apps — they plan steps, call tools, and chase goals across multiple interactions. This added complexity introduces new kinds of security risks that aren’t widely understood yet.In this talk, I’ll walk through demos of vulnerabilities from the OWASP Agentic AI Threats. These include goal hijacking, alignment faking, orchestration misuse, and time-based attacks that exploit how agents behave over multiple steps or sessions. I’ll show how attackers can trick agents into following the wrong goals, leaking data, or using tools in unsafe ways — all through practical examples.Here's the flow:Intro to Agentic AI Systems- What are agentic AI systems?- How do they differ from regular AI tools?- Use cases / Popular frameworks: LangChain, AutoGen, BAML.Vulnerabilities:#1: Agent Goal and Instruction Manipulation- Exploiting how attackers can manipulate AI agent goals and instructions to make them act against their intended purposes.#2: Agent Temporal Manipulation and Time based attacks- Exploiting time-dependent behaviors in AI agents to manipulate scheduling, timestamps, and decision-making, leading to desynchronization and timing attacks.#3: Agent Orchestration and Multi-Agent Exploitation- Exploiting vulnerabilities in how multiple AI agents interact, coordinate, and communicate, compromising entire agent networks.#4: Checker-out-of-the-Loop Vulnerability- Showing how agents can operate outside system limits without alerting human operators or oversight systems.#5: Agent Covert Channel Exploitation- Demonstrating how agents can exploit covert channels to leak data or escalate privileges without detection.#6: Agent Alignment Faking- Demonstrating how agents can fake adherence to rules during monitored phases but deviate when unmonitored.

Introduction: Overview of Threat Informed Defense (TiD) concept and a brief discussion on the Lockheed Martin kill chain paper which originally defined the kill chain and behavioral indicators. TiD Adoption Current State: Highlights on the primary adoption of TiD which includes SIEM / EDR Providers, SOC Teams and to a limited extent by Red Teams. Opportunities for TiD adoption beyond detection and emulation space. Limitations of VAPT: Vulnerabilities (which are not CVE-based) that contribute to attack techniques are only identified through pentests. Pentests by nature are not exhaustive vulnerability identification mechanism. An external consultant being able to compromise the same organization year after year showcases this gap of not being able to address the broader problem.TiD approach for vulnerability management: Att&ck matrix, incident analysis reports, pentest/red teamer checklists to be reviewed to obtain attack techniques that are abused by adversaries and red teamers. Filter out attack techniques that cannot be prevented by remediating the vulnerability. By focusing on vulnerabilities which are not CVEs and has a potential to reoccur and is directly contributing to an attack technique, we are adopting a TiD approach for vulnerability remediation. Practical case study of prior execution to be presented.Security Architect’s TiD: Demonstrate the framework which unites various aspects of cybersecurity to enable streamlined measurement and improvement against know techniques. Discuss the implementation technique of linking attack technique to vulnerability identification, remediation, logs, attack detection, proactive vulnerability detection and threat hunting. Present the practical case study of developing and operationalizing this framework.

As volatility rises, outages carry national and financial consequences. Leaders will map the top attack paths, concentration risks across vendors and cloud, and the governance, drills, and metrics that keep essential services running under pressure.

The rapid advancement of generative AI has created a sophisticated and evolving threat landscape, demanding immediate attention from leadership. Threat actors are leveraging these powerful tools to pioneer advanced techniques in social engineering, AI-powered malware, and automated intrusion, creating unprecedented risks for every organization. This presentation reveals critical vulnerabilities—from prompt injection to data poisoning—and outlines the essential, multi-layered controls needed to secure your environment, turning the tide on this escalating threat before it compromises your entire digital landscape.

A relaxed, behind-the-scenes conversation with Dan Meacham, recorded live at The Back Room. Expect stories from the entertainment world, candid moments, and a few surprises along the way.

The gaming industry is a prime target for cyber threats, with millions of users and billions in revenue at stake. This session dives into the critical security strategies protecting today's digital playgrounds. We will explore the latest methods for safeguarding player identities, securing financial transactions, and deploying AI to proactively detect and neutralize threats in real-time. Learn how leading security teams are moving beyond traditional firewalls to shape a safer, more resilient gaming experience for everyone.

When nation-state adversaries move at machine speed, standing still means losing. In this candid fireside chat, two former senior CIA leaders - one the Agency’s former Chief Information Security Officer Rich Baich, the other, its former Deputy Director for Digital Innovation Jennifer Ewbank - share how they transformed one of the world’s most targeted organizations. From defending against the most sophisticated threats to integrating cyber offense, defense, and data science, they’ll reveal hard-earned lessons on leading high stakes change, building elite cyber teams, and outpacing the most formidable adversaries in the digital domain.

Jorge has a strong background in cybersecurity with more than 15 years of wide experience in cybersecurity and assuming the role of Security Leader at DEKRA. In addition, Jorge is an appointed expert from ENISA for different topics related to ICT certification including ICT products, cloud, and AI. He participates in different security working groups (CSA Matter, Cloud Security Alliance, Linux Foundation and others) and standardization activities.

This presentation explores how AI reshapes SOC performance and response design. Ahmed Tayar explains failures caused by alert overload, weak correlations, and missing ownership in incident workflows. The talk covers high-signal detection methods, real-time automation guardrails, evidence-persistent investigations, and SOC design fixes that reduce noise and improve response accuracy.

Blackbird is an open-source OSINT tool for reverse account lookup by username and email across a wide range of online platforms. Integrated with the WhatsMyName project, it covers more than 600 sites and delivers verifiable evidence for digital investigations and online footprint mapping. Alongside its robust search and export features, Blackbird includes a *built-in AI analysis tool with a free daily quota*, allowing investigators to quickly interpret results and uncover patterns with zero extra setup.

A serverless command & control (C2) framework that leverages Google Calendar APIs, as a covert communication channel between operators and a compromised system.

This panel dives into the full AI tech stack from the data centers fueling computation, to the energy demands driving sustainability conversations, and the security layers protecting it all

Interactive Conversation with Dr. Rumman Chowdhury, recorded live at The Back Room. Expect thoughtful reflections, personal stories, and candid perspectives on navigating a world shaped by intelligent systems.

In cybersecurity, there is a familiar pattern: a zero-day in one product is quickly weaponized into exploit kits that spread across many others. Large Language Models (LLMs) are no longer niche tools, they are becoming the foundation of everything from productivity apps to healthcare triage tools. This rapid adoption creates a systemic risk: jailbreak prompts often transfer across models, vendors, and architectures with little to no modification. An attacker who breaks one model may break many, at scale.This talk investigates jailbreak transferability as a vulnerability class with ecosystem-wide implications. Drawing on curated jailbreak datasets and cross-model experiments with open-source LLMs, we reveal preliminary empirical evidence of cross-model effectiveness and explain why some jailbreaks evaporate after updates while others persist like wormable exploits. The session introduces an early Jailbreak Transferability Matrix; a structured way of classifying jailbreaks by persistence, generalisation, and resilience to safety interventions, and frames how adversaries could weaponise these transferable attacks to scale harmful content generation or bypass safety controls simultaneously across platforms. Through offensive scenarios, we show how transferable jailbreaks on LLMs are vectors for mass exploitation, automating harmful content generation or bypassing safety filters across multiple platforms simultaneously. On the defense side, we outline how researchers, vendors, and policymakers can quantify transferability risk, prioritize testing, and contain cascading jailbreak failures before they spread. By understanding and quantifying jailbreak transferability, attendees can move from reactive patching to proactive ecosystem-level defenses, safeguarding the next generation of AI systems before attacks scale.

CISOs reverse-pitch their 2025 buying wishlist in an open-discussion format - the outcomes they’ll fund, the proof they trust, and what it takes to go from a cool demo to something deployed at scale. The setup allows for an engaging, interactive conversation with startups in the room and questions from the crowd driving a candid, practical exchange.

Many organizations rely on separate ILM, PAM, and IGA tools that operate in silos, creating blind spots, manual effort, and avoidable security gaps. Integrating these systems brings them into sync, giving teams a single, connected view of every identity from onboarding to off-boarding. With unified workflows and shared intelligence, access becomes easier to manage, risks become clearer, and compliance becomes far more straightforward — enabling security teams to work with true synergy instead of fragmented tools.

Know Thy Adversary but First and Foremost Know Thyself

In today’s dynamic digital landscape, organizations are tasked with delivering seamless, secure access to applications and data across a hybrid, multi-device world. The rise of remote work, IoT, and AI applications has made it increasingly challenging to implement least privilege access consistently. Cisco’s Universal ZTNA redefines secure access for the modern era – Looking forward to seeing you in our session.

Cybersecurity today is no longer just about firewalls and patches. Modern adversaries exploit not only code but also policies, compliance gaps, and even forensic blind spots. This session unveils the “6 Black Hat Laws of Cybersecurity” principles derived from real-world cybercrime cases and advanced threat investigations.The talk explores how attackers:Manipulate compliance frameworks as entry points.Exploit governance loopholes to bypass accountability.Abuse forensic traces to mislead investigators.Transform legal and organizational weaknesses into offensive strategies.By blending governance, compliance, and digital forensics with adversarial thinking, this session provides a new lens for anticipating threats beyond traditional defenses.Key takeaways for attendees include:A practical framework to understand how hackers think beyond code.Techniques to transform governance and compliance into proactive defense.Insights from real investigations on how to close systemic gaps before adversaries exploit them.This briefing is designed for CISOs, investigators, and cybersecurity professionals who want to move from reactive defense to proactive anticipation. By the end, participants will not only understand the hacker mindset but also gain actionable strategies to ensure that no compliance or regulatory gap becomes the weakest link in their defense.

Extended Berkeley Packet Filter (eBPF) has revolutionized Linux kernel observability and networking, but its powerful capabilities can be weaponized against security solutions. This talk explores how attackers can leverage eBPF primitives to identify, track, and terminate security processes, including antivirus solutions and EDR tools.We'll demonstrate how eBPF's kernel-level access can be exploited to create sophisticated process killing mechanisms that operate below traditional security controls. Through practical examples, we'll showcase techniques for process termination that bypass common protection mechanisms.Key topics include:Essential eBPF hooks for process manipulationQuick-win termination techniquesLive demo of security tool subversionCritical defensive considerationsThe presentation concludes with defensive considerations, detection methods, and mitigation strategies for security vendors and defenders. This research highlights the growing need for security solutions to adapt to kernel-level threats and implement stronger self-protection mechanisms.

It's not just hacking and writing policies. Learn about the dilemmas and decisions that CISOs spend their days deciding or crying over through real-world examples.