As Saudi Arabia accelerates toward Vision 2030’s digital ambitions, AI stands at the heart of both opportunity and responsibility. This session explores how organizations across the Kingdom can harness the power of artificial intelligence to strengthen cyber resilience—without compromising compliance, governance, or operational integrity. We’ll discuss how AI-driven analytics are transforming security operations from reactive monitoring to proactive defense, helping enterprises achieve measurable ROI through smarter detection, faster response, and reduced analyst fatigue. The session will also outline best practices for integrating AI responsibly to support national cyber maturity and digital trust.

Phishing remains the leading cause of data breaches and Business Email Compromise losses. Yet, despite advances in email security, protection remains uneven and provider-dependent with legacy systems, SMEs, and unsupported domains still highly vulnerable.This talk presents a novel AI-powered framework for real-time inbox protection that is platform-agnostic and capable of scanning, analyzing, and classifying emails across providers in real time. By leveraging a combination of NLP-based content analysis, anomaly detection, and adversarial AI resistance, the system proactively flags malicious content before user engagement.We will detail the research methodology, pilot findings, and adversarial testing performed against common phishing tactics. The session also introduces the concept of AI-agnostic email guardianship, demonstrating how organizations can secure inboxes without waiting for provider-native solutions.Attendees will leave with both a conceptual roadmap and technical insights into deploying cross-provider, AI-driven phishing defense systems as well as an awareness of the new security challenges such systems must address.

Even the best cybersecurity programs lose direction without effective governance and alignment. In this keynote, discover how Governance, Policy, and Strategy work together like a GPS — providing direction, guardrails, and course correction to keep your organization secure and resilient. Learn how to connect strategic intent with real-world execution, align cyber priorities with business outcomes, and build a system that continuously adapts to change. Because in cybersecurity, it’s not about speed — it’s about direction.

Quantum computing is no longer a distant theory—it is on an accelerating trajectory that directly threatens the foundations of RSA and elliptic curve cryptography. This session begins with a grounded analysis of the current state of quantum computer manufacturing, its key bottlenecks, and what these mean for the realistic timeline to break RSA in practice. We will show how the “quantum countdown” is shifting from scientific feasibility to engineering scale, and why this transition makes the post-quantum migration window urgent today. Cloud providers, including Tencent Cloud, have begun building post-quantum safe services. However, achieving quantum safety for customers’ businesses requires migrating not only their own applications but also the complex ecosystems of software dependencies they rely on. The high degree of fragmentation across this software supply chain makes unified migration difficult. We argue that community co-building is essential: migration cannot be solved in isolation, and requires shared visibility, shared knowledge, and shared tooling. To support this, we present our open-source solutions: - Cryptographic Asset Identification Tool – systematic source-based discovery of cryptographic usage to build precise migration inventories.- Post-Quantum InfoHub – a continuously updated knowledge hub tracking standards, regulations, and best practices.- Ecosystem PQC Capability Matrix – version-level dependency readiness insights for accurate migration planning.- Proxy/Tunneling-Based Migration Tool – enabling PQC-secure network communications with minimal application modifications. By combining a realistic quantum timeline with practical migration solutions, this session provides both urgency and actionable pathways for the community.

In this keynote, former CIA Deputy Director for Digital Innovation Jennifer Ewbank takes the audience inside the adversary’s playbook—where darkweb marketplaces sell synthetic identities and deepfakes are the ultimate forgery. Drawing on exclusive insights from advising dark web monitoring and deepfake detection companies, she reveals how modern deception mirrors Cold War spycraft, now weaponized at machine speed and scale. Attendees will leave with a field-tested framework to detect, disrupt, and discredit synthetic attacks before they erode the most critical infrastructure of all: trust.

This session explains the shift from traditional vulnerability management to full exposure management. Mahmoud Salman outlines why focusing only on CVEs misses real organisational risk, and how expanded visibility across identities, assets, misconfigurations, and attack paths changes prioritisation. The talk highlights practical methods to measure exposure, reduce active attack surface, and strengthen remediation decisions across modern environments.

Recruiting, retaining, and empowering cyber teams to tackle current and emerging risks requires leaders who can motivate and align their workforce with organisational goals. Rich Baich, a five-time Chief Information Security Officer, shares battle-tested techniques to modernise your organisation’s cyber capabilities while addressing how artificial intelligence will shape your current and future workforce.

This session explains the common mistakes organisations make when building an OT SOC. Nasser Aldossary outlines gaps in monitoring, asset visibility, incident response, and role design. The talk covers practical corrections that improve detection quality, reduce noise, and strengthen coordination between IT and OT teams.

Ransomware is no longer just a threat - it’s a global business model, run with affiliate networks, customer service portals, and payout pipelines. In 2024, over 4,500 attacks were reported publicly, and ransom demands topped $75 million. Meanwhile, attackers are leveraging AI to scale phishing, craft polymorphic malware, and automate reconnaissance with no ethical constraints.This session examines how ransomware operators function as intelligent criminal enterprises and why defenders must adapt. We’ll walk through recent global incidents, dissect how ransomware groups prioritize industries based on ROI, and show how AI is reshaping every stage of the kill chain, from initial access to negotiation.Security leaders will leave with actionable strategies for early detection, program-level resilience, and crisis simulations that expose blind spots. If your detection strategy starts at encryption, you’re already too late.

A forward-looking conversation on securing the connected world - from smart cities to smart skies and everything in bet

As Saudi Arabia advances its Vision 2030 digital transformation, the resilience of its Domain Name System (DNS) infrastructure is critical to national cybersecurity. This session presents the first longitudinal study assessing DNS robustness across Saudi domains, spanning three decades of data (1994–2024) and over 37 million domains and subdomains.Central to this research is DNSsifter, a custom-built, multithreaded bruteforcing tool developed to enhance domain enumeration and uncover hidden dependencies. The session will walk attendees through a novel evaluation framework combining active scanning, passive data collection, analytical modeling, and vulnerability assessment.We explore five key metrics—nameserver redundancy, parent-child consistency, anycast adoption, caching efficiency, and DNSSEC deployment—providing data-driven insight into systemic weaknesses. The findings uncover substantial infrastructure fragility: over 25% of domains rely on a single nameserver, DNSSEC adoption is below 5%, and critical sectors like government and healthcare exhibit widespread misconfigurations. Vulnerabilities such as AXFR zone transfers, cache poisoning, and subdomain takeovers remain prevalent.This talk will equip attendees with a deeper understanding of DNS security in the Middle East, highlight emerging risks in national DNS ecosystems, and discuss recommendations for strengthening DNS hygiene and resilience. The session will be particularly valuable for cybersecurity professionals, national CERTs, DNS operators, and researchers focused on infrastructure security and measurement.

This session shows how AI supports large-scale incident response. Reham Alyamani explains how automated analysis, correlation, and threat scoring reduce investigation time during complex attacks. The talk focuses on real operational workflows and the controls required to use AI securely in high-pressure environments.

This session introduces a deep learning-based forensic framework designed to analyze memory artifacts from Linux operating systems. The framework addresses the limitations of traditional manual memory forensics by automating the entire process — from memory collection to malware detection — using advanced techniques like memory deduplication, visual transformation of memory dumps into RGB images, and classification with ResNet-50 neural networks. A custom-built dataset of Linux memory dumps is also presented, supporting accurate malware detection with a 98.75% detection rate and 89% classification accuracy. The session also highlights critical considerations around data privacy, model interpretability, and future opportunities for real-time memory analysis.

As AI rapidly reshapes the cyber threat landscape, organizations must evolve their security strategies to stay resilient and competitive. This fireside chat will explore practical, future-focused approaches to protecting critical infrastructure by leveraging unified security frameworks that seamlessly integrate network, cloud, and user access controls.Join us as we discover how security can move beyond protection to become a strategic enabler of sustainable growth and innovation in the Kingdom and across the region in an interconnected, AI-powered world.

As AI systems permeate enterprises, security leaders are experiencing a sense of déjà vu — the same fragmented controls, unclear ownership, and reactive defenses that once defined early cybersecurity.This session draws parallels between the evolution of traditional cyber and the emerging AI security landscape, from data poisoning and model theft to prompt injection and agent compromise.Attendees will learn how to apply hard-won cybersecurity lessons to AI, building proactive, lifecycle-based defenses that secure models from development to deployment and beyond.Session Outline / Key Takeaways1. History Repeats Itself: How AI security today mirrors the early evolution of cybersecurity — from fragmented tools to emerging standards — and what that means for enterprises.2. The Modern Attack Surface: A technical walkthrough of current AI threats — data poisoning, model extraction, LLM jailbreaks, and agent manipulation — mapped to traditional cyber tactics.3. Applying Proven Principles: Translating established cyber practices (threat modeling, zero trust, AISecOps) into the AI lifecycle — train, develop, deploy, and monitor.4. The Road Ahead: What to expect as AI security matures — regulation, automation, red-teaming frameworks, and integration into enterprise SOC workflows. And the ideal Enterprise AI Security Stack.

In this session we will dive into a novel attack that utilizes machine learning explainability to target intrusion detection systems. The attack identifies the most effective features the ML-based intrusion detection system and find the specific values expected in normal traffic. Then, the attack proceeds to disguise the attack traffic to look like normal traffic to bypass detection.Our research and experiments proved that by changing one feature in attack traffic only, we can successfully bypass ML-based intrusion detection systems.

As enterprises rapidly integrate AI/ML into business operations, traditional pentesting fails to address emerging risks in model-driven systems. This talk presents a field-tested red team methodology tailored to modern ML pipelines, focusing on attack surfaces like LLM-based interfaces, embedding search, retrieval-augmented generation (RAG), model registries, and feature stores.Through real-world offensive engagements, I’ll walk attendees through how we discovered and exploited hidden vulnerabilities: prompt injections that pivoted into internal tools, data poisoning that silently corrupted fraud detection logic, and adversarial inputs that bypassed content moderation.The session dives deep into offensive TTPs adapted for AI targets, such as chaining insecure plugin calls, abusing misconfigured vector stores, and manipulating model training inputs. I’ll also cover responsible disclosure, testing safeguards, and aligning with MLOps and data governance teams.Attendees will leave with a red teaming playbook for AI systems, actionable checklists, and insight into how modern enterprises are building (and breaking) AI trust boundaries in production environments.

Over the past couple years, the cybersecurity landscape has undergone significant transformations, driven by the rapid evolution of technology, emerging threats, and a dynamic global threat environment. Who would have thought that ChatGPT and not blockchain would be the biggest pain. Join me in discussing major trends over the last couple years and how we have handled them as a community.

This session explains how SOC teams can move from static playbooks to autonomous security agents. Faiz Shuja breaks down design choices, guardrails, and operational risks. The talk covers practical methods to automate detection, response, and enrichment while keeping human oversight in place.

This session dives into how context-aware, adaptive strategies are redefining Zero Trust at scale, beyond the limitations of static frameworks.

End of Day 1