This session will present a high-level yet technically grounded exploration of how Critical Intelligence can dramatically enhance detection capabilities and reduce false positives within Security Operations. We will cover:1. Understanding Cybersecurity Threat Intelligence2. The Intelligence Challenge: Drowning in Data What Really Matters3. Solution – Setting Priorities to Lead Cyber Defense4. General Intelligence vs. Critical Intelligence5. Final Impact & Statistics

Offensive security plays a crucial role in cybersecurity by identifying and exploiting system vulnerabilities. However, current practices often contain gaps that diminish the effectiveness of these assessments. This presentation will examine these gaps and provide strategies to optimize offensive security efforts.

Explore how banks and fintechs are evolving their security architecture to counter increasingly complex cyber threats.

A look at how geopolitical tensions fuel cyber conflict, blur attribution, and reshape enterprise risk maps.

This session breaks down what truly earns investor confidence in the cybersecurity space - from refining your pitch and proving product-market fit to demonstrating traction, credibility, and long-term vision. Learn what investors look for, what turns them away, and how founders can turn early conversations into lasting partnerships.

Enterprises are racing to deploy LLM-powered applications, often bolting on security with familiar tools like WAF, regex filters and instruction-based guardrails. While these defenses block unsophisticated attacks, they create a dangerous illusion of security. This briefing will demonstrate that even a "hardened" enterprise AI can be turned into a data exfiltration tool.We will deconstruct a live, multi-stage attack against a common enterprise scenario: an internal HR chatbot. Attendees will witness how to systematically bypass conventional defenses, from simple character-evasion tricks that fool regex, to sophisticated prompt engineering that turns the model's own system instructions against itself.The final and most critical stage of the attack will showcase a patient, inference-based exfiltration. We will prove that when sensitive data, such as a credit card number, is fragmented across multiple training documents, it can be methodically reconstructed and leaked by an attacker through iterative querying—bypassing even advanced NLP-based security controls. This talk exposes the AI's training data as the ultimate Trojan horse, demonstrating a critical supply chain vulnerability that most organizations are unprepared for. Attendees will leave with an actionable offensive understanding of LLM vulnerabilities and a defensive playbook that moves beyond application-level fixes to address the core issue: the importance of the training data itself.

With AI becoming more deeply embedded in critical infrastructure, cyber operations, and geopolitical conflicts, we set out to answer a simple question - how likely are AI security incidents? After a year of investigation - in partnership with the Australian National University, University of New South Wales and generously funded by Foresight - by combing through AI incident databases, enriching the 91 AI security incidents recorded, and applying different statistical modelling techniques we don’t just come away with a number of insights into the AI security threat landscape today but we also have a hot take: cyber security will soon be a subset of AI security and not the other way round. In this talk, we defend this stance and present for the first time our research findings from this project. We apply a national security lens to this work to discuss key trends, such as how threat actors are operationalizing adversarial ML techniques in novel ways - for example, evading malware classifiers with poisoned data, embedding malicious payloads in open-source AI models, and more. We will also explore why current cybersecurity frameworks are insufficient for AI threats, how AI security requires new risk models, and the impending national security impacts of AI security. We argue that AI security—not AI safety—should be the primary concern for security professionals.

Cybersecurity is never a straight path, it’s a mix of chaos and clarity, challenges that test your limits, and opportunities that can transform your entire career. In this session, Arwa Alhamad reveals the pivotal moments, failures, mentors, and mindsets that shaped her path to becoming a cybersecurity leader.Designed for students and early-career professionals, this talk uncovers the lessons that textbooks don’t teach: how to build credibility early, navigate complex environments, turn setbacks into opportunities, and grow into a trusted voice in the field.

The world is moving fast towards widespread adoption of AI model training across industries, transforming how businesses and governments operate. Yet, as AI systems become a significant part of our critical decisions, their security hinges on one fragile point: the integrity of the data that fuels them.In May 2025, the NSA’s Artificial Intelligence Security Center, together with CISA, FBI, Australia’s ACSC, the UK’s NCSC, and New Zealand’s NCSC, released AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems. This first-of-its-kind joint guidance tackles the weakest link in AI deployments — the integrity of the data powering them.This session will break down the three primary risks — data supply chain compromises, maliciously poisoned data, and data drift — and show how these can be exploited by adversaries to subvert AI models. Attendees will learn practical, field-tested measures for securing AI data lifecycles, from provenance tracking and digital signatures to continuous validation pipelines. We’ll examine real-world threat scenarios, explore the implications for AI-enabled SOCs, and outline a blueprint for operationalizing these recommendations. By the end, you’ll know how to harden AI systems before attackers can turn your data into their backdoor.

The panel dives into the evolution of ransomware-as-a-service from underground coding groups to full-fledged criminal enterprises.

Modern software delivery moves fast — and so do attackers. In the race to release features, security often gets left behind, creating vulnerabilities that surface only after code reaches production. “Shifting left” brings security into the earliest stages of the Software Development Life Cycle (SDLC), ensuring threats are identified and mitigated before they become costly incidents.This session takes a deep dive into building a fully integrated DevSecOps pipeline that embeds security without slowing delivery. We’ll explore practical techniques for integrating SAST, DAST, container image scanning, dependency checks, and Infrastructure-as-Code validation directly into CI/CD workflows. Real-world examples will showcase how these controls can be implemented in On-premises setups, AWS CodePipeline, Kubernetes environments, and hybrid cloud setups.Attendees will see live demonstrations of security gates catching vulnerabilities in real time, automated secret detection blocking insecure commits, and policy-as-code enforcing compliance before deployment. We’ll address common challenges — such as developer resistance, false positives, and pipeline performance — and share proven strategies for overcoming them.

This session outlines the core challenges of threat hunting in OT and ICS environments. Osamah Alssagg addresses the gaps that make industrial networks hard to analyse, including limited visibility, legacy devices, unsafe scanning constraints, flat architectures, weak segmentation, and incomplete telemetry. The talk explains how operational factors, vendor dependencies, and missing process context create detection blind spots. It also highlights practical focus areas that improve hunting effectiveness across visibility, architecture, data quality, and OT-specific intelligence.

The CISO role can drastically vary from company to company. This session breaks down the CISO Maturity Model into practical, real-world stages - showing what “maturity” actually looks like today. From strategy and governance to business influence and stakeholder management, you’ll learn how to assess where you are, identify what’s next, and accelerate your growth into a high-impact security leader.

This session examines the shift to modern governance, risk, and compliance. Aladdin Dandis explains the flaws in outdated GRC design, data silos, slow risk scoring, and failed integration with SOC evidence. It covers controls that improve visibility into risk decisions, automate compliance drift detection, and align governance with measurable security exposure.

The CISO Desk Reference Guide, Volume 1 (3rd Edition)

In the rapidly evolving digital age, organisations face significant risks from cyber-attacks, particularly those exploiting human vulnerabilities through social engineering. This paper explores the psychological dynamics in human factors that influence susceptibility to social engineering attacks, especially within the context of the increased digital transformation. By analysing existing cybersecurity frameworks, it identifies crucial gaps in current practices and introduces a novel, human-centric approach to cybersecurity. This framework incorporates behavioural science principles, human factor capability assessments, and adaptive training methodologies to enhance organisational resilience against social engineering threats. The research observation underscore the pressing need for psychological dynamics in human-centric strategies to mitigate the risks posed by social engineering attacks effectively.

During this session, we will explore how Resecurity’s Advanced Fraud Intelligence and Prevention ecosystem empowers organizations to proactively combat digital fraud using cutting-edge AI, real-time threat monitoring, and deep dark-web intelligence. We will discuss how Resecurity monitors over 34,000+ dark-web sources, analyzes behavioral patterns, and leverages device intelligence to detect fraud early, reducing response times by up to 10× and preventing financial loss before threats escalate. The presentation will highlight the multi-layered approach that includes proactive fraud detection, device fingerprinting, KYC enrichment, comprehensive fraud monitoring, and seamless integration through SDKs compatible with iOS, Android, and modern frameworks. We will also cover real case studies, global partnerships with financial leaders, and how collaboration with international law-enforcement strengthens fraud investigations, AML compliance, and asset recovery

A digital twin is an emerging technology used to replicate real-world environments. It supports two-way communication with network devices and infrastructure, enabling traffic monitoring and adjustment. This talk highlights their use by examining a recent patent on attack detection in IoT networks.

SAIST (Static AI-powered Scanning Tool) is an open-source project that scans codebases for vulnerabilities using AI.It supports multiple LLMs, and can scan full codebases, diffs between commits, or even GitHub PRs automatically.The common use cases are:- Scan an entire application's code base with your favourite LLM (OpenAI, Deepseek etc) and get a PDF report- Scan a code change and comment on a pull requestSAIST allows you to control which LLM is used, such as AWS bedrock or Azure OpenAI. This provides you with greater control of your own data sovereignty, whilst giving you industry-leading capabilities.

Join Ram Shankar and Jaya Baloo at The Back Room Live as they break down Day 2 of Black Hat MEA - the key highlights, unexpected moments, big themes, and everything that shaped the energy of the day. A fast, engaging recap capturing the pulse of the conference at 4:00 PM.

Today, security teams are overwhelmed by noisy alerts, false positives, and fragmented event streams often lacking clear, actionable insights. Responding effectively to real threats becomes increasingly complex in such environments.To address these challenges, we present a concept of the Universal SOC AI Plugin that integrates seamlessly with runtime threat detection tools. This solution tackles key pain points by:- Reducing noise and filtering out false positives- Prioritizing threats based on severity and context- Aggregating events to present a unified threat picture- Providing a flexible API interface for tailored integrations- Enabling webhooks for streamlined response via external systemsThis demo will showcase how the plugin enhances situational awareness, simplifies threat triage, and enables faster, more informed response actions across any SOC environment. As a team, we would love to hear your thoughts and feedback and collaborate further.

As defenders get better at blocking traditional phishing and malware, attackers are shifting tactics — focusing on trust exploitation, platform impersonation, and search engine abuse to gain initial access. In this talk, we'll focus on three emerging techniques that are being increasingly seen in the wild:ClickFix Attacks – where users are tricked into clicking fake “remediation” buttons sent via email, leading to credential theft or remote access tool drops.Email Bombing + Helpdesk/Teams Impersonation – attackers flood inboxes to hide legitimate alerts, then impersonate internal IT or helpdesk to trick users into giving access.SEO Poisoning – malicious actors poison Google/Bing results with fake software updates or cracked tools that deliver malware on download.For each of these techniques, we'll walk through:Real-world attack examples and payload delivery methodsHow adversaries exploit trust and urgencyTechnical attack flow (from delivery to execution)Threat hunting strategies using various log sourcesExample KQL and Sigma detection queriesActionable recommendations for prevention and detectionWhether you're part of a SOC, detection engineering team, or a CTI unit, this talk will equip you with practical insights to detect these modern access techniques before they escalate.

How to secure financial systems amid complex migrations to the cloud and microservices.