The second day was more intense than the first. While day one focused on understanding the problem, day two concentrated on practical actions and, in some instances, recognizing what cannot be ignored anymore.

Guest Keynote: Creativity and Innovation for a Better Tomorrow – José Andrés

Andrés opened by noting the obvious.

“ I realized the world has to be in a very bad shape when you bring a cook to a cybersecurity conference.”

The room laughed. Then he made them think.

The difference between a cook and a chef wasn’t incidental. Andrés sees a chef as someone who manages a kitchen, while a cook simply does the work. Choosing to be called a ‘cook’ emphasizes hands-on involvement with the fire, ingredients, and practical challenges. It’s a subtle critique of obsessing over titles, expressed through word choice. This likely resonated loudly with senior security leaders present in the room.

His father’s lesson about fire was central to the talk: prioritize learning to control the fire above all else. It’s not about the recipe or presentation, but the fire itself. Fundamentals must come first, a core principle that often applies painfully to organizations that adopt AI tools before understanding what they need to safeguard.

World Central Kitchen’s disaster response efforts added significance to the talk. The organization acts quickly without waiting for flawless logistics or government approval. It mobilizes swiftly, relies on local resources, and trusts local people to identify their community needs. This approach presents a clear question for security teams, not just an abstract idea.

“The big lesson: we must listen to the people… we were able to feed everyone; they were happy, they were thankful.”

Speed and listening are challenging in a field where process and hierarchy often take precedence, making it a more complex issue than it appears.

Future of AI in Cybersecurity: AI Predictions and Roadmap Challenges for 2026–2029 – Jeremy D’Hoinne

D’Hoinne opened by mourning the state of the conversation. AI discussions, he said, have collapsed down the Graham Pyramid of Disagreement to its worst levels, name-calling, dismissal, accusations of not “getting it.” The actual arguments go unaddressed. His point was that teams can’t make good decisions about AI if they can’t disagree about it productively first.

The four personality types he mapped onto teams were skeptic, native, gambler, and tinkerer. The skeptic questions whether AI delivers real value. The native wants it everywhere, immediately. The gambler is a true believer but is resource-constrained and must choose carefully which project to bet on. The tinkerer runs every pilot, scales nothing, and measures less.

“There’s no wrong personality about AI. What’s important is to avoid the destructive behavior.”

The destructive versions of all four are obvious in hindsight: the skeptic who blocks progress, the native who deploys without guardrails, the gambler who bets on the wrong thing and sinks funding, the tinkerer who generates activity with no output. D’Hoinne’s argument was that the composition is fine; the behaviors are what need to be managed.

His 2027 prediction was specific: organizations will hit significant scaling, security, and measurement problems with LLM-based agents. Not a forecast of doom, but a signal to prepare now rather than discover the limitations in production. The shorter roadmaps argument follows naturally: long plans written today will be wrong before they’re approved, let alone executed. Measurable near-term objectives beat multi-year visions that nobody will fund anyway.

The maturity model ran from Consumer (off-the-shelf tools) through Integrator (embedding AI into workflows) to Developer (custom solutions) and Engineer (bespoke architectures). Most organizations are still in the first two tiers. The honest implication: most “AI strategies” are actually just vendor procurement decisions.

The line that stuck was the simplest.

“AI is an activity, not an objective.”

Organizations that set “AI” as a goal tend to buy things. Organizations that define what they’re trying to accomplish in security and then use AI to get there tend to build things that work.

How to Secure AI That Enterprises Build and Employees Use – Bart Willemsen

Willemsen dropped the number without much ceremony.

One hundred percent. His claim was that every organization is struggling with employees using AI, including those with the most confident blocking policies. The ones who think they’ve solved it are, by his accounting, simply unaware of the scope of what’s slipping through.

“If there’s anybody here who thinks, ‘No, we blocked everything. Our people are not using AI.’ Sorry, they are.”

The BYOA (Bring Your Own Agent) approach follows naturally from the BYOD era, which security teams have long managed reactively. The pattern remains the same: employees use unapproved tools that ease their work, outside any formal risk assessment. The shadow AI issue is already present and not something for 2027.

The difference between goal-driven and task-driven AI influences how teams should approach AI risk. Task-driven AI performs a specific, clearly defined task; it can be assessed, tested, and tends to behave predictably. Goal-driven AI, on the other hand, aims for a broad objective and determines its own methods to achieve it. This unpredictability isn’t just theoretical; it is the root of many security surprises organizations are already facing with agentic tools.

Start with discovery. Prior to implementing policies, controls, or vendor evaluations, identify where and how AI is used throughout the organization. Willemsen argued that managing risk without this visibility is merely superficial risk management. The mapping step, often overlooked by many teams, is crucial because it lays the foundation for all subsequent actions.

Role-based policies are the practical output of that discovery. Not one policy for all employees, but policies calibrated to how different roles interact with AI, what data they touch, and what risks they introduce. Generic policies get ignored. Specific ones get followed.

Modernize Your Cyber GRC Function for the AI Era – Deepti Gopal

Gopal began with documentation. It wasn’t the most exciting start, but the case she made from it was more convincing than the premise implied.

The governance policy tree is a visual map that links all documents within an organization’s governance framework, including charters, policies, standards, and procedures. It enables tracing the impact of new regulations throughout the entire stack. Updates are integrated comprehensively, avoiding isolated patches or contradictions between adjacent documents. This creates a single source of truth with clear lineage connecting every layer.

The importance of this now lies in policy-as-code. The trend in regulatory compliance is moving towards automated, machine-readable governance. Organizations that haven’t organized their documentation beforehand will struggle to make this shift. Garbage input results in automated garbage output.

Her four principles for operationalizing risk governance are designed to work together, not in isolation. Continuous evaluations replace the annual audit cycle. Automation reduces manual effort that causes errors and delays. Flexible governance means the structure itself adapts as threats and technology change, rather than requiring a governance redesign every two years. Risk evaluation is embedded in planning from the start, not appended as a checkpoint before launch.

The five-phase approach comprising metrics alignment, value chain scoping, dynamic inventory, workflow automation, and a unified risk taxonomy ultimately results in a single risk register. This register consolidates all risks, including those related to AI, to prevent fragmentation.

“Technology should automate signal collection and analysis to enable cyber risk decisions, not to automate decision-making processes.”

The distinction is the whole thing. Automation handles the data. Humans still own the judgment.

AI Cyber Stewardship: 6 Principles for Managing AI Cyber Risk – Josh Murphy

Murphy’s story began in the past. When BYOD was introduced, security teams hesitated, leading organizations to spend years addressing the issues. Later, with the emergence of cloud technology, security hesitated once more, resulting in additional years of catching up. This recurring pattern is both well-documented and somewhat embarrassing.

“If we don’t try to lead this from the front, if we don’t try to proactively manage this, we’re going to spend years cleaning up the mess.”

The statistics he presented clearly emphasize the urgency. Sixty-nine percent of organizations believe employees are using banned AI tools, while seventy-nine percent think approved AI is being misused. The higher figure for approved-model misuse is especially concerning, as it indicates that the issue isn’t limited to shadow AI, but also involves authorized AI being used in unintended ways.

The six principles of AI Cyber Stewardship are designed to systematically address key aspects. AI Literacy ensures security teams and end users understand what the tools do, recognize attack vectors, and grasp regulatory requirements. AI Lifecycle Governance fills the visibility gap from design to decommissioning, not just deployment. Interdisciplinary Collaboration involves bringing together technical teams, AI product managers, IT operations, GRC, legal, compliance, internal audit, executive leadership, and third-party risk management. Human Oversight ensures human judgment remains involved at every stage. Baseline Controls set the essential standards for model security, deployment security, compliance monitoring, and data security. AI TRiSM (Trust, Risk, and Security Management) adapts existing security infrastructure to suit AI needs, instead of building new systems from scratch.

Murphy’s recommended immediate actions are clear and actionable: prioritize identifying top AI use cases, prevent sensitive data from being accessed by public AI tools, designate a single person responsible for AI security, bring AI security into the risk leadership agenda, conduct AI threat modeling, and establish a formal AI security governance group within a year.

None of it is complex. The majority of it isn’t occurring.

Databee: From Checkbox to Continuous –  AI’s Role in Modern Cyber Risk Management – Tyler Alfriend and Nicole Bucala

Bucala started with a poll. She asked the audience to rate their current GRC reporting: remain seated if not effective at all, raise one arm for somewhat effective, raise both arms for pretty good, and stand up if everything is working well. Most participants raised one arm.

That one arm told the story of the entire session.

Alfriend has extensive experience working within GRC and internal audit functions at highly regulated companies such as JP Morgan, Nationwide, and Comcast. His assessment of the dashboard issue was precise and clinical: multiple dashboards generate conflicting data, stakeholders struggle to agree on which numbers to trust, and reporting cycles take weeks, leading to meetings where no decisions are made.

“Dashboards often lead to confusion and misalignment, detracting from actionable insights. They should be used as tools for action rather than end goals.”

The issue wasn’t that dashboards are ineffective. Instead, they’ve shifted from being a tool to an end goal. Security teams report to leadership, who then requests improved dashboards. Teams respond by creating better dashboards, but the actual risk situation remains unchanged.

Most organizations often overlook the importance of data governance, which is essential before applying AI to reporting. While AI can generate well-formatted reports, if the foundational data is inconsistent, poorly managed, or lacks clear lineage, the results will be incorrect and faster. Establishing agreement on key metrics aligned with frameworks like NIST or CIS should be in place before developing any AI layer.

Bucala envisioned a future where instead of managing multiple dashboards, leaders interact directly with AI to get precise insights whenever needed. This isn’t about scheduled reports or weekly meetings, but about asking a question and receiving an instant, reliable answer based on well-organized data. Only organizations that lay the groundwork first will benefit from this; those rushing to AI without preparation may only face quicker confusion.

US AI Intelligent Computing: The Age of Self Evolution & Future of Human Leadership – David Nguyen and Macey Smith

Nguyen and Smith were functioning at a different level than the rest of the day. While most sessions focused on managing AI in the present moment, this one was about the actual direction in which it is headed.

The five-phase model progresses from a traditional method in which humans do all the work within their capacity, to co-pilot systems that use AI to boost human efforts, still with linear growth. It then advances to an age of agents, in which humans delegate specific tasks, valuing improvements while maintaining linear progress. The final stage, high autonomy, features agents managing entire layers of the technology stack, with humans responsible only for setting policies and priorities. Phase five is particularly transformative: it involves geometric value creation, where human intent directs a fully autonomous AI ecosystem, resulting in exponential outputs.

“We’re no longer focused on detection. We’re now shifting from detection to agentic cyber defense.”

The 10X enterprise framing emerged as the business outcome of these developments. Early adopters of the complete model, phases four and five, experience ten times the productivity and innovation compared to organizations still in phases one and two. This gap continues to widen.

The human intent layer served as a counterweight to the autonomy framing. Nguyen and Smith were not arguing for the replacement of human judgment. Their argument was the opposite: as systems become more autonomous, the quality of human intent, governance, and ethics embedded in them becomes the only meaningful variable. An autonomous system executing bad intent at scale is worse than a slow human making the same bad decision. The ethical layers built into AI aren’t optional features; they’re the mechanism through which organizational values propagate into automated decisions.

Job evolution was discussed without nostalgia. Routine, entry-level roles will fade away. New positions centered on guiding, managing, and collaborating with AI systems will arise. The real question isn’t if this transition occurs, but whether organizations are ready to prepare their people for it or just go through the change.

Gartner Keynote: The Future of Cyber 2030 – Peter Firstbrook

Peter Firstbrook started with a question that many CISOs secretly fear: What will the job look like in four years? He answered by focusing on three areas: how AI will transform IT by 2030, the implications for cybersecurity, and what leaders should be doing now.

On the IT side, Firstbrook identified four archetypes. Lean IT leverages AI to reduce staff while maintaining output. Amplified IT retains the same team but relies on AI to handle increasing demand. Democratized IT allows business units to manage their own tech delivery, filling the gaps left by central IT. The fourth, dual business/IT, is a hybrid that doesn’t fit neatly into any category. The key takeaway was the implication: cybersecurity teams will need to align with the organizational model chosen, rather than charting their own course.

His protection framework centered on four key areas: safeguarding employees from AI-related threats such as prompt injection, securing AI-powered business applications, safely harnessing the value of AI innovations, and defending against AI-generated, AI-scaled attacks. The order is important. Most organizations are still working on the first two and have yet to make comprehensive plans for the last.

The evolution of the CISO role was the most focused point. Firstbrook was blunt about the reputation of security as a cost center, arguing it must change. The shift is both cultural and structural. Distributed governance means security responsibility is transferred to the business units that own the technology, rather than remaining solely with the security team that reviews it. Anti-fragility now supersedes incident prevention as the main goal. Continuous planning has replaced fixed roadmaps. Despite the efficiency promises of AI, cybersecurity staffing levels are expected to increase, not decrease.

---

Eight sessions, all connected by a single clear thread.

Organizations that view AI management as reactive are already lagging. Those that prioritize governance, data quality, and human oversight as essential from the start before implementing AI are creating more sustainable solutions. Day two repeatedly emphasized that most technical issues are solvable. The tougher challenge is whether the commitment and willingness to do the necessary work are present.