Kansas City Cybersecurity Conference

AI is evolving at an unprecedented pace, and while organizations are eager to embrace its possibilities, security, governance, and risk management are often overlooked. Drawing from real-world experiences as a vCISO, Sean Balzer will share how organizations are approaching AI adoption, the challenges they face, and the practical steps needed to implement AI securely and responsibly. Whether your organization is already leveraging AI or just getting started, this session will provide practical guidance for implementing AI securely, governing it effectively, and aligning it with business objectives.

AI agents are already in your environment. You probably don’t know how many, what they can access, or who authorized them.

This session breaks down why agents are fundamentally different from AI tools and why that distinction matters for governance. We cover the three paths agents use to enter your environment invisibly, the structural gap in platform APIs that leaves most agent inventories incomplete even with admin access, and four concrete controls to close it.

You’ll leave with a clear model for building an agent inventory from the credentials that actually matter—OAuth grants, API keys, and MCP server connections—and three actions you can take this week without new budget or tooling.

A good fake Rolex uses Swiss movement, sapphire crystal, 904L steel — every component genuine. Only the crown and the intent are fake. That’s phishing in 2026: real SendGrid accounts, real Cloudflare CAPTCHAs, real Google redirects. The only counterfeit is the intent. Josh Bass will break down what 5,000 real SEG-bypassing attacks reveal about why pattern-matching defenses fail silently and what security leaders need to evaluate differently.

Every organization has a layer in their security stack that nothing is watching: the running application. Until recently, the cost and complexity of exploiting it at scale provided accidental protection. Mythos ended that. This session uses Anthropic’s AI vulnerability research system as a lens to examine the application layer threat landscape, why the industry’s go-to controls were never designed to see these attacks, and what defense-in-depth actually has to look like now.

Ready or not, the agentic enterprise is already inside your business. AI is industrializing human risk as agents continuously access, generate, and move sensitive data at machine speed. Intent drives every human and agent action, and agent integrity is now critical. Learn how to take back control: govern human and AI data access, secure data across workflows, and stop agent manipulation before exposure scales.

Cyber teams are overwhelmed by alerts and false positives, and while AI promises relief, it also empowers attackers to generate overwhelming noise that obscures real threats. The challenge isn’t producing more detections but refining detection logic to preserve true signal amid AI‑amplified noise. Explore how AI can be both a solution and an attack vector, enabling new threat classes that exploit automated decision‑making and revealing real-world examples of its successes and failures.