AiSecCon 2026

Enjoy our seamless checkin process and grab your information for the day. We have a fresh selection of breakfast selections available to you right after.

Join us as we begin with our land acknowledgements and opening comments from dignitaries and special guests.

AI isn’t replacing defenders - it’s redefining them. This session explores how human intuition and machine intelligence can work together to build stronger, faster, and more adaptive defense teams. Attendees will gain a realistic view of what “human + AI” collaboration looks like in the SOCs and war rooms of the future.

What happens when machines fight machines? This session takes you inside experiments where AI-driven attackers and defenders learn and adapt against each other. We’ll discuss what these simulations teach us about future cyber conflicts - and how human oversight will remain the ultimate safeguard.

Refuel with a fresh cup of coffee and light snacks

Most businesses treat security cameras like a "black box"—you hope they’re recording, but you pray you never have to actually find anything. If you've ever spent three hours scrubbing through graining footage just to find a missing package or a door left propped open, you know the "legacy tax."
Join us for an interactive session with Verkada to see how Agentic AI moves you away from passive recording and into a world where you can simply "ask" your building what happened.

What You’ll Experience

Natural Language Search: See how anyone on your team—not just IT—can conduct "Google-style" searches across all your sites simultaneously.
Proactive Deterrence: Move beyond recording crime to preventing it. Learn how AI can identify loitering or unauthorized access and trigger real-time audio warnings before an incident occurs.
The "Speed Search" Challenge: We’ll put the AI to the test live. We'll ask the system to find a "needle in a haystack" event across thousands of hours of footage to show you exactly how much time your team is currently wasting.

Actionable Takeaways

Slash Investigation Time by 90%: Learn how to replace manual scrubbing with instant AI indexing.
Remote Management: See how to manage 1 or 1,000 cameras from a single phone app without needing on-site servers or VPNs.
Operational ROI: Discover how to use security data to spot warehouse bottlenecks, track delivery arrivals, and audit safety compliance automatically.

Stop recording history. Start understanding it.

A thought-provoking session that explores the emerging crisis of trust in the age of AI deepfakes and synthetic identity. Through live demonstrations of voice cloning and AI-generated imagery, Robert Falzon reveals how convincingly reality can now be fabricated. Not to alarm, but to illuminate a profound shift in enterprise and personal risk.

AI is opening up amazing new possibilities, and staying secure at every step is crucial. Join us to explore how the Wiz AI Security Platform provides complete protection for your AI applications, from code all the way to runtime. We’ll show you how to gain full-stack AI visibility, proactively manage risks with our graph-based context, and detect threats across your AI pipelines. Empower your teams to adopt and expand into AI workloads confidently with comprehensive AI Security Posture Management, Runtime Protection, and Code Scanning.

Stretch your legs and take a deep breath!

As AI agents take on autonomous roles across enterprise systems, identity governance must evolve beyond human and machine identities to address a new class of actors with dynamic privileges and decision-making capabilities. This session explores how organizations can establish robust identity frameworks for AI agents—covering provisioning, authentication, authorization, and lifecycle management in environments where agents operate, collaborate, and adapt in real time. We will examine emerging risks such as privilege escalation, identity sprawl, and accountability gaps, and outline strategies to enforce least privilege, maintain auditability, and align with existing governance models—ensuring AI agents remain controlled, trusted participants in the enterprise ecosystem.

The human response to AI adoption can cause significant risk to organizations. Unclear policies, limited transparency, and fear of job displacement are shaping how employees engage with AI tools and organizations that fail to address these dynamics risk eroding trust and amplifying the use of shadow AI. This fireside chat will explore how leaders can address workforce anxiety while responsibly integrating AI into their organizations.

A forward‑looking look at how security teams can harness AI agents at machine speed while keeping humans firmly in control — redefining SOC operations for the Agentic Enterprise.

Stretch your legs and take a deep breath!

The cybersecurity narrative in 2026 has converged on a single theme: the AI arms race. Adversaries are leveraging generative AI to automate attacks, increase the sophistication of phishing and discover vulnerabilities at machine speed. The window for defenders has collapsed from 8 hours in 2022 to 22 seconds in 2025. The industry response, almost uniformly, has been to argue for faster, smarter, more autonomous defence.

In my opinion, that’s the right answer to the wrong question.

On April 7th, 2026, Anthropic announced Claude Mythos - a frontier AI model that identified thousands of zero-day vulnerabilities, many of them critical, in every major OS and web browser, including flaws that survived decades of human review and millions of automated security tests (Anthropic.com). Two weeks earlier, Armis Labs published the Trusted Vibing Benchmark, finding a 100% failure rate across 18 leading generative AI models in producing secure code. Both developments arrived in the same quarter and together they reshaped what enterprise security must do in 2026.

The attacker side of this equation has been well covered. What’s gone underdiscussed in executive conversations is the defender’s operational reality: an AI-driven flood of discoveries hitting organizations whose vulnerability management programs were built for a world that no longer exists. Most enterprises still cannot reliably answer where a vulnerable component is running, what business process depends on it, or whether the AI-generated code their own developers shipped last week is part of the exposure surface.

Agentic AI is accelerating how systems reason, decide, and act, but the real risk isn’t any single attack. It’s the architecture. Prompt injection and context poisoning aren’t edge cases. They are emergent properties of how modern AI operates, where models assemble context from user input, retrieval, memory, and tools, yet treat it all as equally trustworthy.
The core issue is that the model has no concept of trust. Everything flows into the same context window, where malicious instructions can quietly override intent and drive outcomes.
Understand where trust breaks across agentic systems and how to redesign those boundaries with a control-centric blueprint for building AI that can move fast and act autonomously while remaining resilient, governable, and secure by design.

Anthropic's Claude Mythos released in April, didn't just raise the bar for vulnerability discovery, it rewrote the economics of enterprise security entirely. Mythos-class capabilities will soon become available to every adversary, every defender, and every enterprise development team. Vulnerability backlogs won't grow incrementally, they'll grow by orders of magnitude.

In this session, ArmorCode Principal Security Advisor Joe Nicastro lays out a candid, vendor-agnostic view of what the post-Mythos landscape actually demands from CISOs, boards, and policymakers. He will address the following topics:

The implications of Mythos and other frontier models for exposure management
How discovery has become roughly 10% of the security operations problem and why the remaining 90% will consist of business context, prioritization, routing, SLA tracking, verification, and governance of the AI agents themselves

Why traditional strategies such as periodic scans, CVSS-based triage, ticket-driven remediation will be challenged in this new world
What the next decade of enterprise risk reduction will look like
Attendees will leave with a clear-eyed assessment of the four operating shifts that separate organizations prepared for the tsunami from those still standing on the beach, a framework for governing autonomous AI security agents inside the enterprise, and a 90-day action plan ready for the next board conversation.

Take a break, enjoy a satisfying lunch, and continue the conversation with peers while building new connections across the cybersecurity community.

AI-generated voices, videos, and personas are erasing the line between real and fake. This talk explores how deepfakes and synthetic identities are reshaping fraud, espionage, and disinformation. Attendees will learn the latest detection methods - and why digital authenticity is now the new frontier of security.

AI isn’t just helping defenders - it’s empowering criminals. This session explores how threat actors use AI to create realistic scams, generate malware, and automate attacks. We’ll unpack real examples of AI-driven cybercrime and discuss what this means for everyday security teams. Learn how defenders can anticipate and counter the rise of intelligent, adaptive adversaries.

Refuel with a fresh cup of coffee and light snacks

As autonomous AI systems become more prevalent, organizations face a new set of operational challenges. These challenges are not about the models alone. AI vulnerabilities like prompt injections and context manipulation combine with unpredictable human behaviors to amplify risk.
To bridge this gap, organizations must shift from reactive risk management to Trust Engineering. This discipline focuses on building trust through human centered design and trust infrastructure. Trust infrastructure includes guardrails, observability, monitors, and recovery mechanisms to ensure systems are reliable and secure.
This session explores the intersection of human centered design with trust infrastructure to:
Reduce your surface risk of attack prior to going live.
Detect and intervene when exceptions occur.
Deploy recovery mechanisms to ensure resilience.

In 2024, TrendAI published a four-part series on Rogue AI — artificial intelligence systems acting against the interests of their owners, users, or humanity. The framework defined three causal categories — Malicious, Accidental, and Subverted. The implicit assumption was that AI inference happened on someone else's GPU, behind someone else's API, and crossed a network we could instrument.

That assumption did not survive the first four months of 2026. Anthropic withheld Mythos on cybersecurity-risk grounds after it autonomously discovered zero-days in every major operating system tested. OpenClaw crossed 247,000 GitHub stars in four months, with roughly 12% of its skills marketplace later found malicious.

This session updates the Rogue AI taxonomy for the post-OpenClaw, post-Mythos landscape, walks through OWASP's expanded agentic attack surface (ASI01–ASI10), and gives executives a Visibility → Control → Governance playbook designed for agentic AI that no longer needs to call home.

Stretch your legs and take a deep breath!

As attackers have weaponized AI and automation to overwhelm defenders, SecOps leaders seek to level the battlefield. Join Fareed Cheema from Torq as we examine the role of agentic AI and automation as complementary, vital components of an AI SOC / agentic SecOps strategy that works alongside your staff to expand SOC capacity, accelerate throughput, and reduce risk.

Autonomous AI systems are now capable of finding software vulnerabilities—both in code and in running applications—and they’re already being used by both security teams and attackers. That shift is forcing a rethink of how software security actually works. In this session, we’ll cover how security professionals need to evolve to keep up with AI-driven threats, while their organizations are simultaneously shipping more software, faster, using AI. We’ll look at how these changes impact both application owners and security teams, why moving quickly matters, and what falling behind actually looks like.

This session explores the tension between rapid AI adoption and the 'Shadow AI' dependencies that now permeate the modern supply chain. We are past "blocking ChatGPT" as a security strategy, and need to quickly move to a culture of AI Governance, ensuring that when your team - and your partners - uses AI to drive productivity, they are not sacrificing your organization's security principles"

Stretch your legs and take a deep breath!

From energy grids to transportation systems, AI is being deployed closer to the edge - where downtime can mean disaster. This talk examines how edge AI enhances monitoring, prediction, and control in critical infrastructure. Learn how to secure systems that operate independently, under pressure, and often without internet access.

AI can now clone voices, faces, and writing styles so convincingly that identity itself is under threat. This session explores how generative models blur the line between real and synthetic personas - and what that means for authentication, privacy, and trust. Learn how to prepare for a future where anyone can be anyone.

The risk does not require a malicious actor. Your employees are doing their jobs, drafting reports, writing code, preparing client materials, using AI tools that your organization may or may not have approved, configured, or even know about. And in doing so, they may be steadily exposing proprietary research, trade secrets, source code, and confidential strategy to vendor training pipelines, third-party servers, and ultimately to competitors.

This is the AI IP exposure problem: not a breach, not a hack, but a quiet and continuous outflow that most organizations cannot detect, cannot reconstruct after the fact, and cannot easily assign liability for, because no one did anything wrong.

This closed-door session explores what happens after the exposure, when an organization discovers that sensitive IP has left the building through an AI tool. Participants will work through a realistic Canadian scenario and discuss what their own organizations are doing, failing to do, and uncertain about.

Technology is evolving faster than regulation can keep up. This session highlights the growing gap between AI innovation and policy readiness, offering strategies for proactive self-governance and ethical risk management. Attendees will leave with a clearer understanding of how to lead responsibly when the rules haven’t yet been written.

As quantum computing advances from theory to inevitability, Canada’s financial institutions and government systems face growing exposure to cryptographic disruption. This session examines what post-quantum readiness means in practice—identifying vulnerable assets, prioritizing cryptographic agility, and planning for large-scale migration without operational disruption. We will explore emerging standards, hybrid encryption approaches, and risk timelines, while addressing the “harvest now, decrypt later” threat. Attendees will gain a pragmatic roadmap to begin securing critical infrastructure today, ensuring resilience and trust in a post-quantum future.

Step into an exclusive evening where Canada’s top cybersecurity leaders gather in a relaxed, upscale setting. Enjoy an open bar, gourmet hors d’oeuvres, and engaging conversations with peers. It’s the perfect opportunity to unwind, connect, and end the day with effortless networking.

Grab a drink, network, and break the ice as you get ready for an evening of Unfiltered conversation!

Join us for the opening moment as we set the tone for the night: This is a space built for honesty, not performance.

A different kind of stage.

No slides. No scripts.
Just real conversations between people who are actively shaping the field.

The format is fluid, with space for the room to react, contribute, and influence where things go.

The structure steps back, the conversations don’t.

This is where connections deepen, perspectives shift, and the most valuable moments tend to happen.

No pressure. No formalities. Just the room, as it is.