Agenda

Breakfast networking and registration 

Chair's Welcome 

►Will The Future Law Firm Be Indistinguishable From A Tech Company?

Philip Young, Co-founder and CEO, Garfield AI

• From people led to platform led delivery - how API integrations, automation, and 24/7 availability are reshaping client expectations, workflows, and scalability.
• Regulation meets technology – the implications of running a regulated legal service through a software platform, including accountability, auditability, and risk.
• New exposure, new responsibilities – how always-on, interconnected legal platforms change the firm’s risk profile, including data security, resilience, and third-party dependencies.

►Do I Need a ROC as Well as a SOC?

Ian Dalby, Global Head of GRC, A&O Shearman

• What if companies aren't optimizing for operational security or resilience, but rather for protection against liability?
• How to distinguish real security from compliance-driven assurance and assess whether your organisation is truly resilient
• How compliance can quietly become a source of risk amplification rather than genuine risk reduction ... enter AI
• How to turn compliance into operational value ... welcome to The ROC!

►Panel Discussion: The Future of Legal AI: Innovation with Accountability

Philip Young, Co-founder and CEO, Garfield AI
Amelia Hewitt, Director of Cyber Consulting, Principle Defence
Tom Sampson, Head of Information Security, Macfarlanes
Dale Hodgkinson, Former Head of Strategy and Architecture, Slaughter and May

• What does 'good AI governance' actually look like inside a modern law firm?
• Unlike the EU AI Act, the UK has a principles-based approach. What does accountability look like for UK law firms right now?
• AI risk often sits across multiple silos. How should firms address the overlap between cyber, privacy, and AI governance?
• How can firms innovate with AI while preserving trust and meeting client expectations?
• How do we prevent AI from becoming a single point of failure in financial decision-making?

► Education Seminar 1

Delegates will be able to choose from a range of topics:

• Social Engineering Attack Chains: Legal Exposure, Regulatory Accountability, and Organisational Resilience in the AI Era, Daniel Oxley, Senior Engineer, Doppel
• The AI‑Native Attacker: How offensive AI is rewriting the playbook for breaching law firms, Steve Velcev, Practice Lead for Offensive Security Engineering and Principal Red Team Consultant, FluidOne

Networking Break

►Actions Speak Louder Than Tokens: Treating Frontier AI Agents as Insider Threats

Matt Adams, Generative AI & Emerging Technology Security, Citi

• The alignment paradox: today's frontier models score well on macro-alignment — they reliably refuse explicit harmful requests — yet show poor micro-alignment, autonomously selecting dangerous methods in pursuit of legitimate goals.
• A first formal framework adapting CERT's insider-threat dimensions to non-human actors — mapping motivation, opportunity, and capability onto optimisation objectives, tool access, and model capabilities — with a five-category STRIDE-derived taxonomy of agent threats
• Real-world validation from the March 2026 ROME incident, where a safety-trained agent autonomously mined cryptocurrency, opened SSH tunnels, and probed internal networks during RL training
• A structural playbook for financial services CISOs: stop assessing intent, monitor action-level telemetry, enforce least-privilege tool binding and ephemeral credentials, and fold AI agents into the insider-threat programs FSIs already run

►Quantum Is Coming. We Can’t Afford to Wait

Will Collison, Technical Director - Cryptography, HSBC

• Discover why the quantum threat to today’s cryptography is closer and more disruptive than many realise
• Hear what’s at stake as quantum computing reshapes the cybersecurity landscape
• Join the call for industry-wide collaboration to tackle one of cybersecurity’s biggest ever challenges before the clock runs out
• Learn what you can do today (or already should be doing) to reduce your risk

►Zero Trust Controls at the Endpoint

Oscar Javier Hernandez Rodriguez, Account Executive, ThreatLocker

• Discover how ThreatLocker applies Zero Trust at the endpoint, eliminating implicit trust by continuously verifying every application, executable, and action before authorisation
• Learn how a deny-by-default, malware-proofing approach reduces ransomware risk, stopping unauthorised software and scripts even when other security layers are bypassed
• Understand how least-privilege enforcement limits attacker capability, ensuring applications and users can perform only explicitly approved actions on enterprise devices
• Explore how granular, policy-based endpoint control safeguards against modern threats, reducing enterprise exposure to ransomware and other advanced attacks

►The New Non-Human Insider: Governing the Agents You Can’t See

Kevin Carr, Senior Manager, Solutions Engineering, Drata

• Law firms are expected to protect client confidentiality, maintain operational resilience, and demonstrate sound governance every day, yet many still rely on point-in-time audits, static questionnaires, and fragmented tools. AI has widened that gap: clients now expect more current assurance, while firms are filling up with agents, APIs, copilots, and vendors that no one has fully classified as identities, each acting as a non-human insider with valid credentials and poorly understood access.
• This session argues that those agents should be treated as privileged actors, subject to the same scrutiny and control as human users. It explores why annual, manual approaches are no longer sufficient in a world shaped by client security requirements, professional duties around confidentiality and privilege, the EU AI Act, GDPR and UK GDPR, and the UK’s incoming Cyber Security and Resilience Bill. It then looks at what firms need instead: continuous discovery of every agent, clear policy over what each one is allowed to do, detection of drift in behaviour or permissions, and evidence that can stand up to client, regulator, or board-level scrutiny on any given day.
• We’ll also be candid about the limits firms face today: weak data quality, incomplete inventories, humans still on the critical path for approvals and exceptions, and open questions around how to govern the agents themselves. The session closes with a practical view of the next eighteen months—what is realistic, what remains experimental, and where law firms should invest now.

► Education Seminar 2

Delegates will be able to choose from a range of topics:

• AI is Breaking Data Security… And Fixing It: The New Reality of AI-Driven Risk and How to Stay Ahead, Stephen Green, Regional Vice President of EMEA, ConcentricAI
• Beyond the Checkbox: When Third-Party Risk Becomes Client Disruption, Haydn Brooks, CEO, Risk Ledger and Mark Walmsley, CISO, Freshfields

Lunch Networking Break

►Panel Discussion: Cyber Insurance for Law Firms: Protection, Pitfalls, and Practical Use

Ellie Ludlam, Partner, Pinsent Masons LLP (Moderator)
Samuel Scott, Cyber Risk and Advisory, Marsh 
Phil Gough, CISO, Pinsent Masons LLP 

• The case for cyber insurance: Exploring financial protection, specialist incident-response expertise, and the role insurance can play in strengthening governance and risk management.
• The limitations and challenges: Examining coverage gaps, rising premiums, policy exclusions, and the operational requirements that can affect claims and value.
• Making cyber insurance work: Practical guidance on whether, when, and how to integrate cyber insurance into a broader cyber resilience and risk management strategy.

►In the Age of AI, Is Security Even Possible?

Jonathan Freedman, Director of Technology & Security, Howard Kennedy

• What AI-powered offensive capability really means in practice — from autonomous vulnerability discovery to agentic attack automation — and where the hype ends
• Why foundational security controls remain the most effective defence against AI-enabled threats
• How organisations can shift from preventing every attack to slowing, detecting, and responding to machine-speed compromise attempts before damage occurs

►Panel Discussion: Business continuity in law firms: staying operational through cyber disruption

Jonathan Freedman, Director of Technology & Security, Howard Kennedy (Moderator)
Gayle Hedgecock, Business Continuity & Resilience Specialist, Clifford Chance
Stephen Beckett, Global Security and Business Continuity Director, Dentons
Rachel Dyges, Global Business Continuity Management Lead, A&O Shearman

• When a cyber incident hits, who actually makes the call — and is that genuinely clear in practice?
• How does information flow in the first hour, who needs to know what, and how do you avoid confusion or bottlenecks?
• Are we putting too much emphasis on backups and not enough on keeping the firm operational?
• How do you handle client confidentiality and regulatory pressure while the situation is still unfolding?
• When you’ve tested your plans, what’s actually broken — and what caught you off guard?
• And what are the headaches people don’t usually plan for?

►Conformity Will Not Save You: AI Risk Beyond the EU AI Act

Geoffrey Taylor, Information Security Officer, Nordea Asset Management

Your assessment said Low Risk. Is it really?

• The EU AI Act requires organisations to classify their AI systems and demonstrate conformity. Conformity is similar to compliance — it is binary, a yes or a no at a point in time. It cannot calibrate impact when the unexpected occurs.
• On 24 April 2026, an AI agent deleted an entire company's production database in nine seconds. It was running the best model available, configured with explicit safety rules. When asked to explain itself, it produced a written confession: "I violated every principle I was given."
• This session applies the Assume. Design. Test. framework to AI governance — shifting the question from "are we compliant?" to "how could we be impacted?" — and gives attendees a practical lens for assessing where their governance ends and their exposure begins.

Networking break

►Panel Discussion: Customer Data & AI: Control, Exposure, and Proof

Simon Brady, Event Chairman
Sam Hubery, BISO, Fidelity International
Jai Ferguson, AI Regional Lead - Europe, HSBC
Dr Narayan Shiva, CTO and Enterprise Architect, iBANK

• As organisations adopt AI, where are you seeing customer data most commonly interact with this tool and how are you improving visibility over time?
• What controls or approaches are proving most effective in practice for preventing customer data being exposed to AI tools — and where are you still seeing challenges?
• Are you allowing any use of third-party or public AI tools (like ChatGPT) with customer data and what specific safeguards make that acceptable?
• Can you demonstrate that customer data is properly controlled within AI systems?

►Rise of Autonomous Attacks (Live Mythos-Style Hack)

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

• See how autonomous AI agents are now running the recon and exploitation phases of real-world attacks. and what that means for boards, CISOs, and red teams in 2026.
• A first-hand look at how agentic offensive AI works in practice, driven by intent, not step-by-step instruction.
• See AI agent run reconnaissance against a controlled target, identify exploitable assets, and demonstrate the early stages of a kill chain in real time.
• A walk through real-world findings from recent engagements including critical vulnerabilities discovered by AI agents that automated scanners had missed for over 18 years.
• What defenders need to know: why traditional, control-based security models are structurally insufficient against goal-driven autonomous attackers, and the three specific actions every CISO should be taking before this becomes the default attacker model.

Chairman's Closing Remarks

Drinks Reception