Beat the rush and join us early for complimentary barista-made coffee and breakfast.

Non-human identities now play a central role across cloud platforms, CI/CD pipelines, APIs, and AI-driven workflows. As these identities scale, many teams are finding that practices designed for human access need to be adapted to support automation, autonomy, and rapid change.

This keynote explores how non-human identity usage is evolving in real environments, where traditional IAM approaches need refinement, and how organisations are adjusting ownership and lifecycle models to maintain visibility and control while supporting innovation.

We’ll cover:

• How service accounts, APIs, and AI agents are typically introduced and managed across modern platforms
• Where teams are encountering challenges with ownership, lifecycle management, and visibility as these identities grow
• Practical approaches organisations are using today to improve governance of non-human identities without slowing delivery

Regulators are no longer treating identity as a background control. Across financial services and regulated industries, access decisions, identity logs, and privileged activity are now being examined directly during investigations, audits, and post-incident reviews.

This panel brings together security, identity, and risk leaders to unpack how US regulatory expectations around identity have shifted, what scrutiny actually looks like in practice, and how teams are preparing for enforcement without turning IAM into a compliance-only function.

We’ll discuss:

• How identity controls are being examined under NYDFS cybersecurity rules, SEC cyber disclosure requirements, and evolving state privacy laws
• What regulators look for after an incident including access logs, privileged activity, review evidence, and decision traceability
• Why baseline controls like MFA are now assumed, and what “defensible access decisions” really mean in regulatory conversations

Static identity policies couldn’t keep up with changing user behaviour, device contexts, and threat patterns. Risk-based decisions promised a better balance between security and experience by adapting access in real time but handing decisions to systems introduced new challenges the team hadn’t fully anticipated.

In this session, we’ll walk through how risk-based identity controls were introduced, what assumptions didn’t hold once they hit production, and how the approach evolved when false positives, edge cases, and accountability questions started to surface.

We’ll cover:

• What pushed the team to move beyond static identity policies in the first place
• Where risk signals conflicted with user expectations and business workflows
• How false positives and edge cases began to erode trust in automated decisions
• What governance, oversight, and escalation models had to change once humans were no longer approving every access request

Identity and security decisions increasingly influence how users experience products, platforms, and internal tools. Step-up authentication, session expiry, device trust, and risk-based access now sit inside critical journeys, often requiring trade-offs between protection, usability, and performance.

This panel brings together identity, security, and product leaders to discuss how these trade-offs show up in practice, how teams identify unintended impacts over time, and how ownership is evolving as identity becomes more closely tied to user experience and business outcomes.

We’ll explore:

• How authentication and access decisions affect conversion, engagement, and productivity over time
• Where well-intentioned security changes created unexpected friction for users
• How teams collaborate across security, identity, and product to manage trade-offs

Delegates will chose from a list of pertinent peer-to-peer discussion topics focussing on evolving and emerging trends, techniques and technologies.

Put your knowledge to the test in this fast-paced quiz covering real-world identity trivia, key concepts, and emerging trends. Compete for bragging rights—and a travel voucher—as the top scorer takes the crown.

AI systems are starting to act autonomously on behalf of users, calling other services, triggering actions, and making decisions across multiple systems. As this happens, many organisations are discovering that identity context, ownership, and accountability are difficult to maintain once requests move beyond a single application or model.This session explores how identity and access control change when actions are taken by chains of AI agents rather than humans. Drawing on real-world experience, it examines where existing IAM approaches fall short and how teams are adapting authentication, delegation, and auditing models to retain control as autonomy increases.We’ll cover:

• How user intent and accountability can be preserved as actions pass through multiple AI agents
• Why static credentials and traditional service accounts struggle in agent-driven workflows
• How teams are reducing the risk of unintended or unauthorised actions in autonomous systems

‍

Identity systems are designed to provide control, accountability, and traceability. But when long-standing service accounts, APIs, or machine identities begin behaving in unexpected ways, those assumptions can be tested quickly. Ownership becomes unclear, privilege boundaries blur, and incident response and compliance timelines start to collide.

This interactive Think Tank puts the room into a realistic identity incident. Participants vote live on a series of real-world decisions, explore the implications together, and revisit their choices as new information emerges and trade-offs become clearer.

We’ll Cover:

• How teams respond in the first moments of an identity incident involving privileged non-human access
• The decision trade-offs between containment, investigation, and business disruption
• Where identity lifecycle and governance gaps typically surface under pressure