Date & Time:
Tuesday, June 16, 2026
08:30 - 17:00

Venue:
The Row Hotel at Assembly Row, Autograph Collection
360 Foley St.
Somerville, MA 02145

A Different Kind of Security Event

The Infosec Anti-Summit challenges the status quo by creating a space for CISOs and security leaders to engage, collaborate, and share real-world experience.

Through a series of hands-on workshops, tabletop exercises, mock scenarios, and peer-led discussions, the Anti-Summit encourages maximum exchange of ideas in a setting built for trust, candor, and community.

This is not about watching from the sidelines, it is about being part of the conversation. It's not about people on stage talking at the audience, it's about getting people around the table talking with each other.

Identify the challenges. Understand how others are solving them. Develop a strategy to safeguard.

Welcome to the Anti-Summit.

What to Expect at the
Anti-Summit

CISO-Led Agenda

Step into the action with a collaborative TTX simulation designed to test response, resilience, and teamwork. Continue your day with hands-on sessions built around real-world challenges, led by peers who’ve been in the hot seat.

The Cyber Arcade

A live, interactive space where emerging founders, security innovators, and practitioners collide. Test-drive new ideas, swap feedback, and see what’s next without the sales pitch.

Connection Over Convention

Honest, peer-drive discussions about what’s working and what’s not in today’s security landscape. From hallway chats to post-session conversations, it’s all about the people at the InfoSec Anti-Summit.

Agenda

Registration & Breakfast

08:30 - 09:30

Opening Remarks

09:30 - 09:40

Tabletop Exercise

09:40 - 10:40

Ghost in the Machine: AI Threat Response
This interactive tabletop exercise challenges participants to respond to a sophisticated, multi-vector incident that targets their AI infrastructure through unexpected attack surfaces. Your customers look to you to lead in times of disruption and crisis. This exercise will challenge traditional thinking and disrupt the approach to incident and crisis management.

Workshops (Choose Your Adventure)

10:50 - 11:20

Workshop #1: Offensive Security: Red Team as a Strategy in the Age of Weaponized AI
Point-in-time testing was built for a slower threat landscape. Today's adversaries don't wait for your annual engagement window - AI has given them speed, scale, and automation that most red team programs weren't designed to match. This workshop challenges security leaders to stop treating offensive security as a calendar event and start running it as a continuous strategic function. We'll work through how AI is changing the attack surface, where traditional red team models are leaving you exposed, and what it takes to build a program that finds every exploitable path before someone else does. Come ready to rethink the model — and leave with a clear view of what relentless, cross-domain offensive security actually looks like in practice.

Workshop #2: The New Perimeter: Securing Your Brand on the Agentic Internet
Internal security is mature. The external perimeter, where your brand actually lives across social, messaging, and the open web, isn't. In this 30-minute workshop, we walk the room through a coordinated agentic attack on a single brand and ask you to honestly assess whether your program can detect, prioritize, and dismantle it before customers are harmed. You'll leave with the Digital Trust Kill Chain, a framework for mapping adversarial operations across the agentic internet, and a short self-assessment you can take back to your team.

Anti-Roundtable

11:35 - 12:20

When the Network Becomes the Security Model: Rethinking How Teams Control the Edge
Legacy security architectures were built for a world where traffic flowed through predictable paths. AI workloads, shadow SaaS, and distributed teams are rapidly breaking those assumptions. In this roundtable, we'll work through real uses such as discovering when controls are blind to a category of AI-generated data movement. Where are the gaps most organizations aren't measuring? And what does a realistic modernization path look like, given the budget, staffing, and political constraints most CISOs are navigating right now? Come ready to work through the problem with your peers.

CISO-Led Workshops (Choose Your Adventure)

12:30 - 13:00

Workshop #1: Managing Up: Securing Executive Buy-In for AI Governance
Led By: Kayla Williams, CISO
The hardest part of AI governance isn't building the controls. The biggest challenge is getting the rest of the organization to care. Security leaders today must navigate board expectations, executive priorities, and line-of-business pressure, all while keeping AI risk in check. This workshop is designed specifically for security leaders who need to move beyond technical governance and into strategic influence. We'll explore how to frame AI risk for non-technical audiences, align governance with business goals, and manage expectations across the C-suite and board. Saying yes, carefully, is the new security leadership imperative.

Workshop #2: Non-Human Workers, Real Consequences and Accountability
Led By: Tomas Persson, CISO
We've always known how to assign responsibility to people. But now we're assigning it to machines, and the rulebook hasn't caught up. In this hands-on 30-minute workshop, participants will work through scenarios where AI agent accountability collides with real world consequences and risks. The goal isn't to slow down AI adoption, but to make it stick: by the end, each participant will have identified at least one concrete solution to a real accountability gap in their context.

Lunch

13:00 - 14:00

Anti-Roundtable

14:05 - 14:50

The Week-Old Pen Test: Are We Exposed?
Your penetration test wrapped one week ago. No critical findings. Then a critical CVE drops in a third-party component sitting in your environment, and suddenly that clean report means nothing. This roundtable puts participants across security, engineering, risk, and communications in the hot seat. Visibility gaps, incomplete coverage, post-assessment config changes — the scenario gets messier as the clock runs out and external pressure builds. Decisions have to be made before the answers are in. The lesson isn't about the vulnerability. It's about the dangerous comfort of a recent assessment. Participants leave with a sharper understanding of where point-in-time testing creates false confidence — and what a more defensible validation posture actually looks like.

Workshops (Choose Your Adventure)

15:00 - 15:30

Workshop #1: What’s Actually Running Your Code? Governing Open Source AI at Scale
Open source AI moves fast. Faster than most teams can inventory, govern, or fully understand once they’re in production. The reality for many organizations is dependency sprawl, partial visibility, and governance models that weren’t designed for how software is built today. The focus here is on how security leaders are navigating that gap in live environments, where open source and AI are already embedded and business pressure to move quicky remains high.
The discussion centers on practical questions: how teams are gaining meaningful visibility into what’s running, where governance tends to break down, and how guardrails can exist without becoming friction. Expect candid perspectives, shared lessons, and an honest look at what it takes to govern open source and AI at scale without slowing innovation.

Workshop #1: Identity Security in Practice: Moving Beyond Visibility to Control
Many organizations have strong visibility into identity and access, but far less confidence in their ability to actually control it. This workshop will focus on how security teams are managing access in practice across SaaS, non-human identities, and constantly changing environments. We will compare what is working, where traditional approaches fall short, and how teams are evolving beyond static roles and periodic reviews to achieve more reliable control over access.

CISO-Led Workshops

15:40 - 16:30

Workshop #1: From the Wild West to Yes, If: Building an AI Security & Governance Program
Led by: Alexander Sayre
Every organization is adopting AI. Few are doing it with security and compliance at the table. At Cengage — one of the largest educational publishers in the world — AI initiatives were spinning up faster than any governance process could track, with student data, author IP, and proprietary curriculum all in the balance. We’ll walk through how we built an AI security and governance program from scratch: how we assessed 67 AI vendors for employees and internal team use in 15 months, how we stopped being the Department of No, and how we red-teamed our own AI integrations with real findings. You’ll leave with a practical framework you can take back on day one.