AI is reshaping every part of the enterprise, from growth strategy and core business operations to product development and innovation. In this keynote, Anne Marie Zettlemoyer (AMZ) explores how security leaders can harness AI to modernize operations, partner effectively with engineering, and enable responsible high velocity innovation. This talk examines how to elevate security from a defensive function to a driver of trust, capability, and competitive advantage in the most transformative decade our field has ever seen.

SMS Blasters represent a critical, evolving threat that's rapidly bypassing traditional and modern mobile network defenses. These sophisticated devices, an evolution far beyond conventional IMSI catchers (Stingrays) and Fake BTS, mimic legitimate mobile towers to lure mobile phones into connecting. Their primary exploit lies in forcing devices to downgrade to less secure 2G/3G networks, allowing them to inject high volumes of unsolicited and malicious SMS messages directly onto devices, completely bypassing Mobile Operator's anti-spam and anti-fraud systems.This session will explore the evolution of this threat, tracing its journey from Asia Pacific to Europe and now to the Middle East. We'll then dissect the technical modus operandi of SMS Blasters, exploring how they weaponize rogue cellular towers for mass smishing, financial fraud, and even sophisticated social engineering campaigns. We will delve into the critical vulnerabilities they exploit in mobile network protocols, particularly the often-overlooked weaknesses in 2G/3G Networks, and discuss their increasing commercialization, which makes them accessible to low-skill attackers. Crucially, the profound impact of this threat on National Security, Mobile Network Operators (MNOs), and Mobile Users will be thoroughly examined.The Middle East has become a recent and significant target for this threat, with documented incidents across multiple countries. Attendees will gain a deep understanding of this emergent landscape, learning to identify the signs of SMS Blaster activity — both as a mobile operator and a mobile user — and discover potential mitigation strategies to protect their networks and mobile devices.

This session covers why many teams fail to turn threat intelligence feeds into real visibility. Alyaa Alsharif explains the gaps in collection, parsing, and operational use that prevent meaningful detection. The talk outlines practical fixes that improve correlation, context, and decision making inside security operations.

This session breaks down the attacker infrastructure linked to both the F5 breach and the Salesforce breach. Saeed Abu-Nimeh traces shared indicators, hosting patterns, and operational overlaps across the two incidents. The talk highlights how infrastructure-level analysis uncovers connections between campaigns, improves attribution, and strengthens early detection of coordinated activity.

In a threat landscape where attacks evolve faster than organisations can respond, reactive security is no longer enough. This session breaks down what it takes to become a relentless cyber leader—one who anticipates, adapts, and drives security at the speed of business. Learn the leadership shifts, decision frameworks, and operational tactics required to stay ahead in a high-velocity threat era, and discover how modern CISOs are transforming pressure into performance.

Blackbird is an open-source OSINT tool for reverse account lookup by username and email across a wide range of online platforms. Integrated with the WhatsMyName project, it covers more than 600 sites and delivers verifiable evidence for digital investigations and online footprint mapping. Alongside its robust search and export features, Blackbird includes a *built-in AI analysis tool with a free daily quota*, allowing investigators to quickly interpret results and uncover patterns with zero extra setup.

This presentation explores a multi-year research project leveraging Large Language Models (LLMs) to uncover hidden threats within the open-source software supply chain. What began in early 2024 as an experiment in automating changelog analysis evolved into one of the most effective techniques we've seen for discovering silent vulnerabilities and active malware. Our research even allowed us to spy on North Korean APT group Lazarus as they deployed malware to launch a supplychain attack.Our approach led to the discovery of over 900 security vulnerabilities in popular open-source packages, none of which had been assigned CVEs or disclosed publicly. Alarmingly, 25% of these we rated high or critical severity. They included widely used libraries like Axios and Apache’s eCharts. This practice, often referred to as silent patching, occurs when maintainers knowingly fix security issues without public notification, leaving users unknowingly exposed.In parallel, we deployed LLMs to analyze newly published packages on public registries like NPM. By training our models to detect human behavioral signals—such as suspicious descriptions, unexpected obfuscation, or unusual dependency patterns, alongside traditional scanning techniques. We discovered thousands of malicious packages being uploaded monthly, including packages from state-sponsored APTs, and even caught a potentially catastrophic supply chain attack on the official XRP SDK. This talk delivers a technical deep dive into the design of our LLM-based detection systems, our validation process, and the most impactful findings from our research. It also discusses the broader implications for vulnerability disclosure, software supply chain security, and the emerging role of LLMs in real-world threat hunting.

QuantumLint is an open source enhancement toolkit that extends existing Java static analysis utilities to assess quantum-vulnerability exposure in source code. It focuses on identifying the use of classical cryptographic algorithms such as RSA, ECC, and ECDH within Java projects. By leveraging standard parsing libraries, QuantumLint highlights code regions where quantum susceptible cryptography is referenced and categorizes findings by severity to inform migration planning.

Adversaries are getting better at covering their tracks. Anti-forensic techniques (AFTs) are now regular parts of post-exploitation toolkits. Their goal is simple: disrupt investigations, erase evidence, and delay detection. When successful, these techniques can leave defenders blind — especially when the right controls and detection mechanisms aren’t in place.In last year’s session, we explored how attackers use AFTs across each phase of the cyber kill chain and how forensic analysts can identify signs of tampering. This year, we’re turning the table. Instead of focusing on how attackers erase their footprints, we’re focusing on how defenders can prevent it from working in the first place.This talk introduces MITRE D3FEND as a powerful framework to harden forensic visibility and counter anti-forensic techniques. Through the lens of digital forensics, we’ll map AFTs to specific D3FEND countermeasures and discuss how these can be implemented in real environments. Using practical case studies, we’ll walk through how blue teams can detect artifact tampering, recover critical visibility, and make their systems more resilient to adversary manipulation.

This session shares a story from two sides: an experienced bug bounty hunter and a vulnerability manager. Bug reports often cause friction, with the hunter focused on the exploit and the manager overwhelmed with reports. To bring this collaborative theory to life, we will perform a live demonstration, enacting a model conversation between a researcher and a triager in real-time.We’ll look into the hunter's mindset and the process of an attack, showing how they use custom AI to find subtle bugs. We will demonstrate how small, seemingly small vulnerabilities can be escalated to impactful bugs, proving that the real skill is in chaining exploits together.Next, we'll switch to the vulnerability manager’s point of view to show the challenges they face. This includes handling too many reports, filtering out low-quality submissions, and deciding the true business risk of a bug a researcher calls "CRITICAL!". We'll provide a guide to finding the important reports, explaining why a CVSS score alone isn't enough and how to turn bug bounty submissions into useful security information for the whole team.Finally, we show how bug bounty hunters and vulnerability managers are not adversaries but allies in the fight for better security. We’ll show how a cooperative process can turn difficult reports into quick fixes and big security wins, providing practical tips to move away from a win-lose situation and build a strong, trusting relationship.

Penelope is a shell handler designed to be easy to use and intended to replace netcat when exploiting RCE vulnerabilities. It is compatible with Linux and macOS and requires Python 3.6 or higher. It is a standalone script that does not require any installation or external dependencies, and it is intended to remain this way.

AI is getting smarter - and nosier. In this fireside chat, we explore where the “helpful vs too personal” line is moving, what that means for your data, and how to stay on the right side of it.

The browser has quietly become one of the most important and most overlooked front lines in cybersecurity. It is no longer just how we access the internet; it is where nearly all of our work, data, and AI interactions happen. As browsers evolve into intelligent assistants that can read, write, and act for us, the risks are shifting quickly. In this keynote, Jerich Beason explains what is really happening behind the scenes, from familiar threats like malicious extensions and stolen sessions to new ones such as prompt injection, data leakage, and AI agents making decisions on our behalf. He explores how identity, AI, and the browser are colliding to create both huge opportunities and serious exposure, and what leaders can do to stay ahead. Jerich offers a clear path forward that includes treating the browser like the critical endpoint it has become, setting guardrails for AI browsing, and building a culture that embraces innovation while maintaining control. In the next phase of digital transformation, the browser is not just where we work; it is where the next big risks begin.

The proliferation of AI-driven attacks demands an equally autonomous defense. The traditional Security Operations Center (SOC) model—reliant on human triage and rule-based automation (SOAR)—is struggling to keep pace with machine-speed adversaries.This session explores the paradigm shift from automation to autonomy using Agentic AI within the Google Security Operations platform. We will demonstrate how a multi-agent architecture, leveraging Generative AI for reasoning and planning, can move beyond simple playbook execution to perform autonomous investigation, adaptive defense and human orchestration.

The demands of AI are causing organizations to approach firewalling more holistically across their data center, cloud, campus, and factory. Threats are more sophisticated, apps are growing increasingly complex, and management exceeds human scale. The session will highlight how we can go beyond traditional firewalling with a highly distributed security fabric optimized for zero trust segmentation and application protection in modern, cloud-native, legacy, and IoT environments.

This deep dive session unpacks the full attack lifecycle of CVE‐2025‐53770 nicknamed the ToolShell from vulnerability mechanics to real‐world RCE impact on on‐prem SharePoint farms.

Most incident response plans fail the moment something actually happens.Why? Because real incidents aren’t linear, calm, or predictable, they behave far more like military operations: long periods of quiet, followed by sudden chaos, incomplete information, friction between teams, and intense pressure.Drawing on operational military experience and real-world cyber incidents across telecoms, mining, OT, and pharma environments, this session introduces the Combat Estimate a seven-question decision-making framework used by the British military to create clarity under extreme pressure.You’ll learn how to apply the Combat Estimate to incident response and disaster recovery, how to prioritise crown jewels and minimum viable operations, how to recognise decisive points, and how to impose the right control measures to prevent chaos.This talk delivers a practical, battle-tested approach that will elevate how you lead cyber incidents, when it matters most.

As AI agents take on critical business tasks, they also open a new battleground for cyber threats, from manipulation and data poisoning to identity compromise. This session explores how AI reshapes the threat landscape and how OpenText Cybersecurity solutions across threat intelligence, identity security, and MDR, equip organizations to become secure against these emerging risks while innovating with confidence.

Understand the regulatory and strategic frameworks that underpin trust in a digital-first financial world.