How AI Adversaries Are Reshaping Cybersecurity
David delivered ten recommendations for the CISO community, starting with a direct challenge: admit you have a knowledge gap. He broke down why AI has compressed weaponization to minutes, why every asset is now part of the attack surface, and why the only question that matters is no longer "are we patched" but "is this exploitable." His core argument: if attackers weaponize in three minutes, three days to respond is too slow.
The Frost Radar™ View on Autonomous Validation
Drawing on research covering 2,000+ executives across nine countries, Ying Ting mapped how AI is rewriting attacker economics. Attackers now chain low-severity weaknesses into viable attack paths, run multi-agent operations across the kill chain, and exploit exposures within minutes. Her conclusion: the market is moving from reactive vulnerability management to exploitability-first prioritization, and ASV is converging into unified platforms.
Autonomous Validation for Post-Mythos Readiness
Volkan walked through the two pillars of validation: defensive (agentic BAS proving whether your controls detect and prevent) and offensive (autonomous pentesting proving what's exploitable). He showed how both converge in Picus Swarm, with a live walkthrough of the full agentic workflow moving from a CISA alert to validated defense in three minutes. Includes the crawl-walk-run maturity model for teams adopting autonomous validation at their own pace.
Putting Autonomous Exposure Validation into Practice
Two practitioners. No script. Johnny shared how Picus SCV uncovered an entire unused WAF and missing SIEM log sources nobody knew about, and why he believes network pentesting is dead as a standalone practice. Marius described how agentic workflows replaced tier-one SOC triage and why compliance validates the existence of controls, not whether they work. Both agreed: without validated evidence, vulnerability prioritization is guesswork.