Get in early avoid the queue hot coffee and fresh made barista coffee.

AI has shifted from assistants that make suggestions to autonomous agents that can read files, execute commands, call APIs, and modify systems on their own. That change expands the attack surface from prompt injection to full system compromise, lateral movement between agents, and persistent access through memory and tooling.

‍

This session explores how autonomous agents are reshaping the threat model, what early adopters are discovering in practice, and the questions AppSec teams must confront as AI systems gain more autonomy and more potential for harm.

‍

The speaker will cover:

• New risks from code-executing prompt injection to agent-to-agent lateral movement
• How teams are designing permissions, audit trails, sandboxing, and monitoring agent behavior
• Examples of agents being manipulated to exfiltrate data or modify configurations
• The security shifts required to safely deploy autonomous agents in the next year

Modern applications run on layered platforms, third-party extensions, and AI assisted development and tooling, each introducing dependencies that traditional supply chain controls struggle to track. Even with SBOMs and automated scanning, teams are seeing supply chain risk surface in production through transitive packages, platform abstractions, and components that weren’t visible at build time.

‍

This panel explores how supply chain risks are actually surfacing in real environments and what effective control looks like when dependency sprawl is structural, not accidental.

‍

We'll Cover

• Where SBOMs help in practice and where they still fall short
• How layered platforms, third-party extensions, and AI era tooling introduce new blind spots
• What transitive dependencies, dormant packages, and platform abstractions mean for real-world risk
• Practical approaches for regaining control without killing development velocity

In this innovative session, attendees will be faced with a series of scenarios that they may face in their roles. Attendees will discuss the possible courses of action with their peers to consider the ramifications of each option before logging their own course of action.

‍

Results will be tallied and analysed by our session facilitator and results will impact the way the group moves through the activity.

‍

Will we collectively choose the right course of action?

Modern engineering teams move fast, and AppSec teams are constantly negotiating when to block, when to slow down, and when to accept risk to keep delivery on track. As exceptions, waivers, and temporary approvals become part of everyday workflows, many organizations struggle to understand what risks they’ve accepted, why they accepted them, and whether those decisions are still defensible months later.

‍

This panel explores how high-performing teams balance speed with security, how they document and monitor accepted risk, and the frameworks that keep fast-moving environments accountable.

‍

The panel will cover:

• How teams decide when risk acceptance is justified and when it isn’t
• Practical approaches to tracking exceptions, waivers, and approvals over time
• Techniques for documenting context so decisions remain defensible later
• How AppSec and engineering collaborate to keep velocity without losing control

Put your knowledge to the test in this fast-paced quiz covering real-world trivia, key concepts, and emerging trends. Compete for bragging rights - and a travel voucher - as the top scorer takes the crown.

‍

AI initiatives succeed or fail on the quality of their data. This session explores how organisations are preparing their data environments to support enterprise-scale AI  ensuring information is trustworthy, accessible, and structured for learning. You’ll hear practical strategies for transforming fragmented data pipelines into reliable, high-performance foundations that turn AI experiments into operational success.

‍

We'll cover:

• Assess Readiness: Learn how to evaluate whether your data is fit for AI adoption.
• Build Trust: Discover governance, quality, and accessibility practices that scale.
• Deliver Value: See how mature data foundations accelerate measurable AI outcomes.

AI is beginning to influence how teams operate, how work is coordinated, and how roles evolve across the enterprise. But there’s still little agreement on what this means in practice, from where AI assistants fit into daily workflows, to how management layers, team structures, and training approaches may change.

‍

This interactive session puts these questions directly to the audience. Participants vote live on a series of real-world scenarios, explore the results together, and vote again as perspectives shift through the discussion.

‍

We'll Cover:

• How AI assistants are starting to support individual roles
• How team structures and management practices may evolve
• Which skills and training pathways become more critical
• Early lessons from organisations experimenting with AI in daily work