Threat Detection and Incident Response Summit

Finding vulnerabilities is not the hard part. Knowing which matters and fixing them fast enough is. As AI-generated code enters enterprise codebases at scale and modern applications expose more attack surface through APIs, security teams are accumulating findings faster than they can prioritize them. The real value of combining static and dynamic testing is not coverage for its own sake; it is the runtime context that transforms a static finding from a theoretical risk into a confirmed, actionable one. Without that correlation, teams already overwhelmed by finding volume are spending limited time chasing vulnerabilities that may never translate to real exposure. In this session, Katie Norton, one of the industry's leading analysts covering the application security market, will present IDC market research on how AI-assisted development is reshaping application risk and make the case for an integrated SAST and DAST approach that helps security and development teams cut through the noise and remediate what matters, faster.

Learn how to leverage AI agents to work across the full detection and response cycle: from threat intelligence to hunting to investigation to response.

In 2025 alone, organizations reported over $3 billion in losses due to business email compromise (BEC) to the FBI. Instead of obvious malware or suspicious links, today’s AII-powered attacks exploit human behavior—impersonating executives and vendors, hijacking real conversations, and blending seamlessly into everyday business communications. 

Traditional secure email gateways weren't built to defend against these attacks. They scan for known flagged domains, unusual attachments, malicious payloads, without understanding identity, behavior, or communication context. Without a baseline for what "normal" looks like, they can't distinguish a legitimate email from a convincing impersonation.

This session breaks down why legacy detection is failing and how behavioral AI can close the gap. You'll walk away with:

• Why your current detection rules are blind to these attacks
• Why SEGs on their own can’t solve the problem
• How behavioral baselines enable the protection legacy tools can't deliver

Get the blueprint for automated defense. Legacy controls are broken. Attackers are bypassing traditional security controls, exploiting session hijacking and configuration gaps to move laterally and access critical assets. We’re stripping away the theory to give you a practical execution plan for continuous identity assurance. 

Most fraud programs measure success by cases resolved or losses prevented. But the organizations gaining an advantage today focus on something different: learning systematically from past fraud events. This session explores how IP forensics enables teams to analyze historical infrastructure behavior linked to confirmed fraud activity, revealing patterns that inform future fraud scenarios and risk models. Rather than another detection approach, this talk focuses on operationalizing forensic information— transforming individual fraud events into lasting institutional intelligence.

Cloud threat intelligence should simplify detection—but often creates noise instead. With vast TI data and automated attacks flooding alerts, many teams struggle to separate real threats from background noise. This session introduces the Zero Noise Approach—a methodology for ingesting and operationalizing Cloud TI through attacker-based baselines, continuous feedback loops, and a “no alert left behind” mindset. Learn how this approach turns TI from overwhelming to actionable, with real-world case studies showing how organizations achieved higher fidelity detections and clearer visibility into attacker TTPs.

This high-impact panel brings together Joe Sullivan (ex-Uber CSO) and James Beeson, former CISO at Cigna Group, to share firsthand lessons from the front lines of major cyber crises and how incident response is evolving from a technical function to a coordinated, enterprise-wide risk management process.

Moderated by Andy Lunsford, CEO of BreachRx, panelists will dissect responses to the most consequential breaches as lived by executives, investigators, and journalists on the front lines. Through this exploration, the panelists will move beyond theory to examine how real-world incident response unfolds and what it takes to coordinate decisions, actions, and stakeholders under pressure across today’s complex attack landscape.

The conversation will cover how organizations are shifting toward an incident command center model that aligns technical, legal, executive, and communications stakeholders around a single, authoritative view of the incident. Through personal war stories, each expert will offer unfiltered guidance on what worked, what failed, and what must change.

Key session takeaways:

• Attendees will receive specific recommendations for operationalizing enterprise-wide as a repeatable, governed process.
• Security practitioners will learn practical frameworks for cross-functional crisis collaboration and strategies to make faster, more consistent, and defensible decisions under pressure.
• Participants will leave with insights for building an incident response capability that is auditable, defensible, and aligned with enterprise risk.

Security teams are overwhelmed by data but still under pressure to detect meaningful threats faster. Traditional monitoring approaches often produce high alert volume, fragmented visibility, and slow investigation cycles, especially across cloud-native and distributed environments. The challenge is no longer just collecting more telemetry. It is turning the right signals into timely action.

This session explores how AI-driven observability can improve modern threat detection by helping teams correlate signals across logs, metrics, traces, events, and behavioral patterns to identify suspicious activity earlier and respond with greater precision. Rather than treating observability and security as separate disciplines, the session will show how they can work together to improve detection quality, reduce noise, accelerate triage, and strengthen incident response outcomes in complex enterprise environments.

Attendees will gain a practical view of where AI adds real value in threat detection, including anomaly identification, signal correlation, contextual prioritization, and investigation support. The session will also examine the limits of AI in security operations, the importance of governance and human oversight, and how organizations can adopt AI-driven observability in a way that improves both visibility and actionability without creating additional operational risk.

Generative AI is rapidly transforming enterprise operations, but it is also introducing a new and largely invisible attack surface: prompt fraud. Unlike traditional cyber threats, prompt fraud requires no system breach, malware, or stolen credentials. Instead, attackers manipulate inputs to large language models (LLMs) to generate highly convincing yet falsified outputs that can bypass both security controls and audit scrutiny.

This session reframes prompt fraud as a detection and incident response challenge, not just an audit concern. From fabricated financial narratives to AI-generated approval artifacts and misleading analytical summaries, these attacks operate entirely at the linguistic layer, making them difficult to detect with conventional security tools. As AI-driven deception accelerates and prompt injection ranks among OWASP’s top risks for LLM applications, organizations face a growing blind spot in their threat detection strategies.

Attendees will explore the anatomy of real-world prompt fraud scenarios, the systemic control gaps that enable them, including Shadow AI usage, lack of prompt observability, and insufficient workforce readiness, and why traditional monitoring approaches fail against AI-native threats.

The session introduces a four-pillar defensive framework spanning governance, AI-aware detection engineering, incident response playbooks, and continuous monitoring. It also highlights how advanced techniques such as fine-tuned detection models can dramatically improve identification accuracy, and what security teams must do to operationalize these capabilities.

Finally, the session examines the evolving regulatory landscape, including implications of the EU AI Act, and outlines actionable steps organizations can take today to integrate AI risk into their broader threat detection and incident response strategies.

As security operations teams modernize with AI and automation, they face a fundamental gap: a lack of real-time visibility into external Internet infrastructure. Without it, both analysts and automated systems are forced to make decisions without the context needed to accurately assess risk, leading to missed threats, wasted investigations, and inconsistent outcomes.

Learn how to close this gap by delivering real-time visibility into global Internet infrastructure, establishing a single, trusted source of Internet intelligence embedded directly within SOC workflows.