2025 ICS Cybersecurity Conference Sessionize Event Upcoming

National Cyber Summit

Artificial Intelligence: A Crown Jewel or a Prime Target? Artificial Intelligence is transforming business, but its architecture makes it one of the most attractive and vulnerable targets in the modern enterprise. This presentation dissects AI as a dual-natured entity: a crown jewel of operational insight and productivity, and a high-value bullseye for cyber adversaries. We’ll begin by breaking down what makes AI so compelling—and so dangerous. AI systems are data-centric, drawing from vast volumes of unstructured, contextualized, and timely information. They’re compute-intensive, running on processors that are vulnerable to manipulation and attack. From there, we’ll map out attacker motives. AI represents a one-stop shop for sensitive data, behaves like the most knowledgeable insider in the organization, serves as a public-facing brand proxy, and acts as a trusted advisor to executives. Each role comes with corresponding risks—from lateral movement to output sabotage—and must be managed with care. As a knowledgeable insider, an AI can provide an adversary with the data they need without the need to navigate through multiple directories; as a public-facing proxy, an AI can provide disinformation or slander a brand; and, as a trusted advisor, AI can make or advise decisions based on tainted data that can sabotage the organization. We’ll argue that the multiple critical roles that AI plays in the modern enterprise, and their corresponding risks, mean that AI must be treated not just as software, but as a crown jewel system. Organizations should conduct AI-specific risk assessments, inventory and govern AI usage, and apply advanced technical controls. These include filtered, one-way data ingress using hardware-enforced diodes; bifurcated, deterministic privilege levels for users accessing AI environments; and the use of Insider Risk-style monitoring to catch toxic outputs or bias-related issues. Ultimately, we return to a simple but often overlooked truth: if AI is as valuable as we say it is, then it must be protected with the rigor we reserve for our most trusted systems.

RSAC 2025

A Year(ish) of Countering Malicious Actors' Use of AI: What Have We Learned? (Panel) Artificial Intelligence has changed the game when it comes to how cyber adversaries operate, and how defenders respond. This panel will explore lessons learned from the past year of countering malicious cyber actors’ use of AI, challenges and limitations of legal actions involving AI, and what roadblocks might appear going forward as AI, and the actors who use it, continues to evolve.