CyberQ 2026: Virtual Conference

In November 2025, Anthropic disclosed what it describes as the first documented cyber-espionage campaign orchestrated by an autonomous AI system. This presentation will unpack how advanced AI agents transformed reconnaissance, exploitation and exfiltration from human-driven processes into machine-driven operations, explore why conventional detection and governance frameworks are now inadequate, and map out practical strategies for designing assurance, telemetry and governance regimes aligned with this new paradigm. Attendees will gain insight into how trust, oversight and defence must evolve when adversaries deploy agentic AI systems—and what mission-assurance professionals, regulators and security operations teams need to consider to maintain resilience.

AI is impacting software development everywhere! It changed how we work on OWASP WrongSecrets as well. Want to find out what changed for us as an Open Source project? Come and join this talk! We will cover various subjects, such as copilot-based development, code-quality challenges, volunteering dependencies, LLM-based secret challenges, and much more! Want to play along during the talk? Make sure you have your computer with you and https://www.wrongsecrets.com/ at the ready!

When code meets (sub)consciousness, fireworks ignite.

In a world where algorithms never sleep, it’s the human mind that is curious, chaotic, and creative, which still sees between the lines of logic and magic. This talk is a journey through that intersection where neurons, neural networks and the heart collaborate, and where better thinking begins with better prompting.

Together, we’ll explore how to train both brain and bot through exercises that stretch perception, challenge assumptions, and transform how we question the world around us. We’ll learn to prompt with precision, analyse with empathy, and use AI not as a crutch, but as a catalyst for deeper security insight. Because the next generation of cybersecurity isn’t just artificial—it’s profoundly human.

Join this exploration of thought, technology, and intuition-based talk and discover how mind meets machine to unlock a smarter, more resilient way to defend, design, and dream.

In today's digital landscape, application security is crucial for safeguarding sensitive data and maintaining user trust. Without a robust AppSec program, or with one poorly implemented, chaos can ensue, leading to vulnerabilities and breaches. This talk explores our journey to establishing an AppSec program from the ground up. I will share the valuable lessons learned along the way, detailing the obstacles and cultural challenges that a company might need to overcome. Join me as I present real-world examples and best practices, offering practical guidance to help you navigate similar challenges and build a strong foundation for your AppSec program.

Leaving the doomer/boomer scenarios aside for a moment, we need to see AI for what it is now—how it is being used, misused, and manipulated. From a cybersecurity standpoint, Confidentiality, Integrity, and Availability are the core principles and the lens through which digital risk is looked at. With AI being a socio-technical system, more than just 1s and 0s, risks through the traditional cyber lens appear slightly different. Let's explore together how!

As generative AI systems become increasingly autonomous and adaptive, ensuring their trustworthiness poses new challenges. Traditional testing methods, such as static, scenario-based, and human-driven approaches, struggle to keep pace with models that continuously evolve and exhibit emergent behaviors. These systems face constant flux from model drift, tool drift, and shifting ground truths, creating a growing gap between what an AI system was verified to do and what it actually does in production.

Join Tariq King as he explores how generative AI itself can close this gap through the emergence of self-testing agents. Building on his early work in self-testing architectures and modern advances in agentic AI, King believes that the next frontier of trust will come from systems capable of autonomously generating, executing, and evaluating their own tests. By embedding continuous verification loops within their reasoning processes and applying risk-based principles to know when testing is sufficient, these agents offer a path toward trustworthy, adaptive, secure intelligence.

Husain Al-Mohssen, Founder of ChromeBird AI, will present "Shining Light on Your Systems' Weaknesses Via Deep Code Indexing," addressing the pervasive challenges of opaque and complex software systems. Traditional methods often fail to provide objective understanding and control, leading to significant financial waste, strategic paralysis, and developer frustration. Al-Mohssen will unveil ChromeBird AI's proprietary Deep Knowledge Indexing technology, which transcends surface-level metrics to achieve a full semantic and syntactic understanding of code. This technology constructs a persistent knowledge graph that captures architectural decisions, data flows, and business logic, enabling objective progress measurement, accurate effort estimation, and clear explanations of complex systems. Ultimately, ChromeBird AI empowers technical and non-technical stakeholders alike to gain unprecedented visibility, verify alignment between intent and code reality, and command their software with actionable intelligence.

As organizations rush to adopt AI-driven systems and agentic architectures, traditional application security paradigms are being challenged, and often outpaced, by new, AI-specific threats. In this talk, we’ll explore the emerging attack surface introduced by intelligent agents and generative AI applications, including prompt injection, embedding poisoning, data exfiltration through model outputs, and model manipulation through indirect prompt chaining.

You’ll learn how these attacks exploit the very mechanisms that make AI powerful, contextual reasoning, dynamic orchestration, and natural language interfaces, and why conventional security controls are no longer enough.

We’ll then shift from awareness to action, presenting proven mitigation patterns, architectural safeguards, and secure development practices for building resilient AI systems. Topics include the design of trust boundaries in multi-agent systems, prompt sanitization and isolation strategies, secure retrieval-augmented generation (RAG), and runtime threat detection for AI pipelines. By the end of this session, attendees will gain a deep understanding of how to secure the new AI application stack and the frameworks needed to confidently build safe, trustworthy agentic systems in the era of autonomous intelligence.

The age of Agentic AI is redefining how software is built, tested, and secured. As autonomous engineering agents and AI coding assistants shape the next wave of development, code is being created and increasingly secured by AI itself. Yet this transformation brings new risks: hallucinated dependencies, poisoned models, and vulnerabilities generated at machine speed. This session explores how Agentic AppSec AI, that not only finds but fixes and validates vulnerabilities, bridges the gap between software quality and cybersecurity. You’ll learn how teams are embedding AppSec Gen practices, integrating security validation directly into AI-driven workflows, and leveraging autonomous policy agents to enforce secure coding from design to deployment. The result: a new paradigm where AI becomes both the developer and the defender/preventer of modern software.

Traditional penetration testing methods, often resource-intensive and reliant on human expertise, are struggling to keep pace with the scale and speed of modern adversaries, many of whom are already utilizing AI/ML in their attack tooling. We propose that integrating AI technologies, such as machine learning (ML) for vulnerability detection, natural language processing (NLP) for threat intelligence analysis, and reinforcement learning (RL) for autonomous attack path discovery, will fundamentally revolutionize the efficacy and efficiency of penetration testing. This AI-augmented approach promises to enable continuous, adaptive, and scalable security assessments that can proactively identify novel vulnerabilities, simulate complex, multi-stage attacks with greater fidelity, and significantly reduce the time between detection and remediation. Ultimately, leveraging AI is not just about automation, but about building an intelligent, predictive, and resilient defense capability capable of meeting the challenges posed by the next generation of cyber warfare.