Agenda

Registration & Breakfast Networking 

Chair's Welcome 

►Conformity Will Not Save You: AI Risk Beyond the EU AI Act

Geoffrey Taylor, Information Security Officer, Nordea Asset Management

Your assessment said Low Risk. Is it really?

• The EU AI Act requires organisations to classify their AI systems and demonstrate conformity. Conformity is similar to compliance — it is binary, a yes or a no at a point in time. It cannot calibrate impact when the unexpected occurs.
• On 24 April 2026, an AI agent deleted an entire company's production database in nine seconds. It was running the best model available, configured with explicit safety rules. When asked to explain itself, it produced a written confession: "I violated every principle I was given."
• This session applies the Assume. Design. Test. framework to AI governance — shifting the question from "are we compliant?" to "how could we be impacted?" — and gives attendees a practical lens for assessing where their governance ends and their exposure begins.

►Agentic AI and the New Resilience Challenge

Richard Cassidy, Field CISO, Rubrik

• As Agentic AI enters live enterprise environments with limited oversight, the conversation shifts from capability to risk.
• Operating at machine speed, autonomous agents can trigger transactions and influence supply chains, outpacing traditional controls. 
  Weak data governance and misconfigured logic create fresh attack surfaces, making accountability and recovery highly complex.
• This session examines how organisations approach governance, visibility, and resilience as autonomy becomes embedded in core operations.
• Real-World Failures: What "going rogue" looks like in production.
• Vulnerable Pipelines: Why data governance is the weakest link.
• Ecosystem Risk: How autonomy impacts third-party supply chains.
• Machine-Speed Response: Detecting, containing, and assigning accountability.

►Presentation to be Confirmed

JupiterOne

►Actions Speak Louder Than Tokens: Treating Frontier AI Agents as Insider Threats

Matt Adams, Generative AI & Emerging Technology Security, Citi

• The alignment paradox: today's frontier models score well on macro-alignment — they reliably refuse explicit harmful requests — yet show poor micro-alignment, autonomously selecting dangerous methods in pursuit of legitimate goals.
• A first formal framework adapting CERT's insider-threat dimensions to non-human actors — mapping motivation, opportunity, and capability onto optimisation objectives, tool access, and model capabilities — with a five-category STRIDE-derived taxonomy of agent threats
• Real-world validation from the March 2026 ROME incident, where a safety-trained agent autonomously mined cryptocurrency, opened SSH tunnels, and probed internal networks during RL training
• A structural playbook for financial services CISOs: stop assessing intent, monitor action-level telemetry, enforce least-privilege tool binding and ephemeral credentials, and fold AI agents into the insider-threat programs FSIs already run

► Education Seminars 1

Delegates will be able to choose from the following topics:

• The Identity Gap: Closing what AI opened in financial services, Mario Platt, Vice President, CISO, LastPass
• Beyond the Checkbox: When Third-Party Risk Becomes Client Disruption, Haydn Brooks, CEO, Risk Ledger and Mark Walmsley, CISO, Freshfields
• Securing the Invisible - AD NHI Discovery and Protection, Kev Smith, EMEA Principal Engineer, Silverfort

Networking Break

►Securing Cloud Platforms at Scale

Laura Good, Cloud Security Architect, Lloyds Banking Group

• Challenging legacy security ways of working that don’t scale with rapid cloud adoption.
• Creating security approaches that scale across hundreds of internal teams.
• What it actually takes to move security from a blocker to an enabler in practice.

►The Evidence Game: Proving cyber resilience without slowing the business

Alan Simpson, UK and Ireland Field CISO, Rapid7

• Financial services organisations have invested heavily in cyber visibility, yet many still rely on screenshots, spreadsheets and manual evidence gathering when scrutiny arrives. 
• This session explores how existing security, identity, vulnerability, and service management data can be turned into trusted evidence for audits, regulators, boards and risk committees. 
• Using practical examples, it will show how cyber teams can prove resilience, reduce disruption for IT, and respond with confidence when pressure increases.

► This Was Never a Drill: The Case for Autonomous IT

Dan Jones, Senior Security Advisor, Tanium

• Cyber threats have crossed a critical threshold. Attackers now identify weaknesses, move laterally, and exploit vulnerabilities faster than traditional security operations were built to handle.
• The problem is structural. Most security teams still rely on reactive, manual, ticket-driven workflows — while managing sprawling estates across cloud, endpoint, identity, and hybrid infrastructure. The result: a widening gap between threat speed and response capability.
  This raises a fundamental question: can human-led operations alone defend modern digital environments, or is a more autonomous model now required?
• This session explores what a shift toward autonomous IT looks like in practice — from real-time decision-making to self-healing infrastructure — and how organisations can introduce autonomy without sacrificing accountability or control.
  • How are AI-driven attacks changing the speed and scale of required response?
  • What does a maturity path toward autonomous, self-healing operations look like?
  • Which decisions should remain human-led — and which can be delegated to machines?
  • If autonomous systems make the wrong call, how quickly can you recover?

►Presentation to be Confirmed

ThreatLocker

► Education Seminar 3

Delegates will be able to choose from a range of topics:

• Third party compromise - attacks through the suppliers, code and pipelines you already trust, Oliver Livesy, Red team specialist, WorkNest
• Presentation to be Confirmed, Metomic
• The First Time You Test Crisis Decision Making Shouldn’t Be During a Crisis, Peter Lane, Consultancy Director, CyroCyber

Lunch and Networking 

►Quantum Is Coming. Financial Services Can’t Afford to Wait

Will Collinson, Technical Director - Cryptography, HSBC

• Discover why the quantum threat to today’s cryptography is closer and more disruptive than many realise
• Hear what’s at stake for financial services as quantum computing reshapes the cybersecurity landscape
• Join the call for industry-wide collaboration to tackle one of cybersecurity’s biggest ever challenges before the clock runs out
• Learn what you can do today (or already should be doing) to reduce your risk

►Trust, Then Autonomy: Evaluating Agentic AI in Financial Services Institutions

Chris Vaughan, Solution Engineer, Sublime Security

• The financial sector faces unique risks from AI security tools that can't be explained or audited, with regulations like DORA, FCA resilience requirements, and SR 11-7 making ungovernable AI a compliance liability, not just an operational one.
• Correctly measuring and categorising AI autonomy is critical; a practical framework built around transparency, explainability, and auditability is needed to evaluate agentic AI against both security and regulatory standards.
•  Security and risk teams should leave equipped with the right questions to cut through vendor hype, understand model risk management in practice, and distinguish genuine autonomous AI capability from buzzword-driven marketing.

►The New Non-Human Insider: Governing the Agents

Drata

• Financial institutions are expected to demonstrate security and operational resilience every day, but most still rely on point-in-time audits, static questionnaires, and fragmented tools. 
• AI has widened that gap: regulators now expect more current assurance, while the business fills up with agents, APIs, and vendors no one has classified as identities—each a non-human insider with valid credentials and unexamined scope.
• This session treats those agents as privileged actors that supervisors will increasingly hold to the same standard as humans. 
• It examines why annual, manual approaches break under DORA, the PRA and FCA’s operational resilience expectations, the EU AI Act, and the UK’s incoming Cyber Security and Resilience Bill—and what it takes instead to discover every agent, enforce policy on what it is allowed to do, detect drift in behaviour or permissions, and produce evidence that can stand up on any given day.
• We’ll also be candid about current limits: data quality, incomplete inventories, humans still on the critical path for approvals and exceptions, and the open questions around governing the agents themselves. 
• The session closes with a grounded view of the next eighteen months—what’s realistic, what’s still experimental, and where financial institutions should invest now.

► Education Seminar 3

Delegates will be able to choose from a range of topics:

• AI is Breaking Data Security… And Fixing It: The New Reality of AI-Driven Risk and How to Stay Ahead, Stephen Green, Regional Vice President of EMEA, ConcentricAI
• Disrupting Social Engineering in Financial Services: Protect Your Customers, People, Brand, and Revenue, Daniel Oxley, Senior Engineer, Doppel

Networking Break

►Panel Discussion: Customer Data & AI: Control, Exposure, and Proof

Simon Brady, Event Chairman
Sam Hubery, BISO, Fidelity International
Jai Ferguson, AI Regional Lead - Europe, HSBC
Dr Narayan Shiva, CTO and Enterprise Architect, iBANK

• As organisations adopt AI, where are you seeing customer data most commonly interact with this tool and how are you improving visibility over time?
• What controls or approaches are proving most effective in practice for preventing customer data being exposed to AI tools — and where are you still seeing challenges?
• Are you allowing any use of third-party or public AI tools (like ChatGPT) with customer data and what specific safeguards make that acceptable?
• Can you demonstrate that customer data is properly controlled within AI systems?

►Rise of Autonomous Attacks (Live Mythos-Style Hack)

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

• See how autonomous AI agents are now running the recon and exploitation phases of real-world attacks. and what that means for boards, CISOs, and red teams in 2026.
• A first-hand look at how agentic offensive AI works in practice, driven by intent, not step-by-step instruction.
• See AI agent run reconnaissance against a controlled target, identify exploitable assets, and demonstrate the early stages of a kill chain in real time.
• A walk through real-world findings from recent engagements including critical vulnerabilities discovered by AI agents that automated scanners (Tenable, Qualys, Nessus) had missed for over 18 years.
• What defenders need to know: why traditional, control-based security models are structurally insufficient against goal-driven autonomous attackers, and the three specific actions every CISO should be taking before this becomes the default attacker model.

Chairs Closing Remarks 

Drinks Reception & Networking