The rise of Large Language Models has many organizations rushing to integrate AI-powered tools into existing products, but they introduce significant new risk. OWASP has recently introduced the LLM Top 10 to highlight these novel threat vectors, including prompt injection and data exfiltration. However, existing AppSec tools are not designed to detect and remediate these vulnerabilities. In particular, static analysis (SAST), one of the most common tools, cannot be used since there is no code: machine-learning models are effectively “black boxes." LLM red-teaming is emerging as a technique to minimize the vulnerabilities associated with LLM adoption, ensure data confidentiality, and verify that safety and ethical guardrails are being applied. It applies tactics associated with penetration testing and dynamic analysis (DAST) of traditional software to the new world of machine-learning models. Join Snyk, the leader in AI security, for an overview of LLM red-teaming principles, including: 

• What are some of the novel threat vectors associated with large language models, and how are these attacks carried out?
• Why are traditional vulnerability-detection tools (such as SAST and SCA) incapable of detecting the most serious risks in LLMs?
• How can the principles of traditional dynamic analysis be applied to machine learning models, and what types of new tools are needed?
• How should organizations begin to approach building an effective program for LLM red-teaming?

Security teams are overwhelmed by alert fatigue, skill shortages, and burnout. AI is well-positioned to address these challenges, yet security leaders are split on whether a truly autonomous SOC is achievable. The truth is: the future of the SOC isn’t fully autonomous - it’s intelligent. In this session, we’ll explore: 

• The evolution of workflows, from python and scripts, to agentic workflows, and everything in between
• Why flexible, intelligent workflows that combine deterministic logic, AI agents, and human insight are the future of the SOC
• How to apply these workflows to build and scale an AI SOC that’s faster and more resilient

The widespread adoption of generative AI has led to increased productivity for employees, but also for adversaries. Threat actors are using AI to craft email attacks that are polished, typo-free, hyper-personalized, and are doing so at scale. From convincing business email compromise (BEC) attacks to credential phishing and even deepfake videos that mimic executives, these machine-speed threats are breaching defenses faster than ever. So how do you stay ahead? Join this session to explore how generative AI is reshaping the threat landscape, what AI-powered attacks look like in the wild, and how autonomous, behavior-based defenses can help you fight back. Because in the age of AI, only good AI can stop bad AI—before it reaches your people.

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

Non-human identities (NHI)—including machine identities, service accounts, automation tools, API keys and tokens, and AI agents—power modern IT environments. The explosion of machine-to-machine interactions, automation, and AI-driven workflows has made NHIs the new identity security perimeter. Yet, most organizations remain unprepared. NHIs outnumber human identities 50:1, yet many organizations lack a formal NHI security program. Without clear ownership, real-time visibility, or automated security controls, NHIs can easily become a blind spot, making it difficult for organizations to detect, verify, and respond to security risks. During this event, attendees will learn: 

• How to gain visibility to undermanaged NHIs
• Strategies to bring access control policies to these types of unfederated NHIs
• And considerations for using the same security framework for NHIs as human identities

The Silent Shift from Threat Containment to Governance Proof Event Description: Over the past two years, cybersecurity and AI governance have evolved from technical disciplines into boardroom imperatives. Proxy advisors and institutional investors, BlackRock, ISS, Glass Lewis, are now evaluating companies on how effectively they govern data, privacy, and AI risk. For the first time, governance maturity directly impacts shareholder confidence and market value. In this session, veteran cyber governance leader Chris Hetner unpacks the new reality facing CISOs, incident response leads, and infrastructure security directors: 

• Governance is now part of your attack surface. What was once internal documentation is now subject to investor and regulatory review.
• AI is accelerating faster than oversight. Shadow automation and untracked AI models are creating ungoverned risk and new accountability challenges.
• Proof of control is the new metric. The SEC and global regulators increasingly expect organizations to demonstrate defensible decision-making and traceable risk management. 

You’ll leave this session with a clear understanding of how to operationalize defensibility building governance that stands up to board scrutiny, investor questions, and regulatory audits. 

Key Takeaways: 

• How to prepare your organization for investor-grade governance expectations
• The convergence of cyber, privacy, and AI risk under new SEC and proxy oversight
• Practical frameworks for evidence-based decision trails, escalation workflows, and explainable outcomes

Artificial intelligence is redefining productivity, profitability, and risk. As AI systems drive trillions in potential corporate gains, their vulnerabilities carry material financial consequences. This session examines the direct economic impact of securing AI, analyzing how model exploitation, data exposure, and control inefficiencies translate into measurable business losses. Malcolm Harkins, Chief Security & Trust Officer at HiddenLayer, presents a framework for assessing exposure, quantifying the cost of controls, and integrating AI risk into enterprise governance and financial disclosure. Attendees will gain a practical understanding of how to align security investment with business outcomes in an AI-driven economy.

AI is reshaping how businesses build and innovate, but it also introduces new risks: data exposure, Shadow AI, pipeline misconfigurations, and insecure model usage. Security teams are now tasked with protecting sensitive data across sprawling AI workloads while ensuring AI adoption stays safe and compliant. That’s where the combination of Data Security Posture Management (DSPM) and AI Security comes in. Together, they provide the visibility and control organizations need to protect data flowing into, through, and out of AI systems. DSPM ensures sensitive data is discovered, classified, and governed, while AI security removes attack paths, secures pipelines, and uncovers hidden AI usage. By uniting these approaches, companies can innovate with AI at speed, with security embedded at every step.

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

Generative AI has fundamentally changed the threat landscape, arming fraudsters with tools to create convincing deepfakes, voice clones, and sophisticated phishing campaigns at scale. In this session, identity security experts explore how AI is amplifying social engineering and digital deception, turning once-obvious scams into multimillion-dollar corporate heists. Join us as we dissect real-world attacks—including a $25 million deepfake CFO scam and live demonstrations of AI voice cloning—to understand why legacy, static identity defenses are no longer sufficient. We will map AI-based threats across the entire user journey, from registration to customer support, and provide actionable strategies to modernize your defenses. Key Takeaways 

• The Evolution of Deception: How attackers use GenAI to bypass traditional verification methods, including "grandparent scams," romance fraud, and executive impersonation.
• Why Legacy IAM Fails: Understanding the critical gaps in static security tools, such as the lack of real-time risk scoring, liveness detection, and cross-channel integration.
• Defending the User Journey: Specific strategies to stop fraud at critical touchpoints
• Real-World Defense: Case studies on how financial institutions are using dynamic authorization and AI-driven signals to save millions in potential fraud losses.

Claude Code illustrates how LLM-based coding tools expand the attack surface. Design choices around approvals, parsing, and error handling can turn into security flaws. We present specific findings Kodem uncovered in Claude Code. Both issues highlight how LLM-based coding tools introduce new misconfiguration and input-handling risks. This talk dissects the issues, their broader implications for AI developer tools, and practical mitigations.