Nine Live Labs: The Secure AI Revolution, A Practical Blueprint

ISC2 East Bay Chapter: Nine Live Labs on Friday, the 13th of March, 2026

Venue: Los Positas College, Livermore, CA

Topic: Application Security and Development in the Age of AI

Primary Conference Theme: The Secure AI Revolution: A Practical Blueprint for Developers and Auditors to Master the New AI Development Lifecycle.

Goal: Examine the necessary shift in workforce education, re-emphasize critical SDLC guardrails often overlooked amidst the excitement of novel AI capabilities (such as VIBE Coding), and address new skills and security concerns through practical, hands-on learning.

This conference will examine the transformative impact of resource-conscious AI development, including RAG and low-cost fine-tuning, on application security. Our focus is on providing hands-on training to secure every stage of the AI development lifecycle, from preventing Data Poisoning and Prompt Injection to auditing AI-assisted code against the OWASP LLM Top 10 framework.

The Nine Live Labs format is designed to maximize practical engagement, offering attendees hands-on, in-depth exploration of the platforms and solutions provided by nine of our key sponsors. Attendees will participate in three separate lab sessions and have dedicated time to interact with a full gallery of exhibitors and subject matter experts.

• HiddenLayer | RAG Rampage: Hands-On Prompt Injection and Defense
• BigID | AI-Powered Data Discovery, Classification, and Privacy
• Black Duck | AI and Application Security (SCA/IAST)
• Intezer | Automated Code Analysis and Incident Triage
• VeriaLabs | Find Your API Exploits Before They Do – VeriaLabs
• Snyk | Developer Security, SCA, and Supply Chain Risk
• Stellar Cyber | Open XDR for AI Applications: Detection and Response
• TBD| Data Security Posture Management (DSPM)
• CoreLight | Network Forensics for AI Exfiltration and Model Theft

Keynote Speaker Bios

Neil Daswani, Ph.D. - CISO-In-Residence, Firebolt Ventures; Co-Director, Stanford Advanced Cybersecurity Certification Program

Bio: Neil Daswani, PhD, is a Co-Director of the Stanford Advanced Cybersecurity Certification Program. He is also the President of the startup advisor/investment firm Daswani Enterprises, and a former CISO and CISO-in-Residence at private equity firms. Previously, Neil was a CISO at the companies Symantec and LifeLock, and a security executive at Twitter, Salesforce, and Google. He is the author of Foundations of Security: What Every Programmer Needs to Know and co-author of Big Data Analytics: From Strategic Planning to Operationalizing. Neil holds a PhD and a Master's in Computer Science from Stanford University.

Malcolm Harkins - Chief Security and Trust Officer, HiddenLayer

Bio: Malcolm Harkins is the Chief Security and Trust Officer at HiddenLayer, where he focuses on securing AI models and data. He previously held the role of Chief Security and Trust Officer at Cylance. Prior to that, he was the VP and Chief Security and Privacy Officer (CSPO) at Intel, leading the company's security, privacy, and trust efforts. Malcolm is a respected voice on risk-based security and governance, promoting a balanced approach to managing risk, cost, and trust. He is an award-winning leader in the field of information security.

Key Learning Tracks and Content Focus

The conference is structured around two essential Keynote Plenary Sessions and three distinct hands-on learning tracks, each covering a crucial phase of the AI Development Lifecycle (AIDLC).

• Keynote Plenary Sessions (Governance & Trust): Expert-led sessions covering the foundations of security and governance for AI, establishing risk policies, and building trust in models (Neil Daswani and Malcolm Harkins).
• Track 1: Pre-Deployment Security (Labs 1, 2, 3): Focus on securing the model's source and code integrity. This track includes hands-on defense against Prompt Injection (OWASP LLM01), preventing Training Data Poisoning and Sensitive Data Leakage (OWASP LLM03/LLM06), and auditing AI-generated code to combat Overreliance (OWASP LLM09).
• Track 2: Deployment & API Security (Labs 4, 5, 6): Focus on the application and delivery layer. Sessions cover practical API Hacking and defense against Insecure Output Handling (OWASP LLM02), addressing Supply Chain Vulnerabilities (OWASP LLM05) in third-party components, and rapid triage of suspicious code.
• Track 3: Runtime & Post-Exploitation Forensics (Labs 7, 8, 9): Focus on monitoring, response, and incident handling. This track covers controls for Excessive Agency (OWASP LLM08) using DSPM, detecting Model Denial of Service (OWASP LLM04), and leveraging network forensics to uncover Model Theft (OWASP LLM10) and exfiltration attempts.

Platinum Sponsors

• Intezer: Leverages proprietary AI and genetic analysis to automate and streamline core Security Operations Center (SOC) tasks. Its platform automatically triages and investigates security alerts, accurately identifies malicious code by comparing it to known code families, and automates initial response actions. Intezer helps security teams reduce alert fatigue, enhance threat detection accuracy, and accelerate incident response by enabling human analysts to focus their expertise on the most critical and complex threats, improving overall SOC efficiency and effectiveness.
• HiddenLayer: Provides an AI security platform and services that proactively protect machine learning models from emerging threats like prompt injection, data leakage, and model theft. Founded by experts in cybersecurity and machine learning, its platform safeguards AI applications without requiring access to raw data or algorithms and without adding unnecessary model complexity. HiddenLayer helps organizations secure their AI supply chain, enforce runtime defense, and manage security posture across their most critical AI applications.
• StellarCyber: Pioneers an Open XDR platform that unifies security operations across the entire attack surface, including networks, endpoints, cloud, and applications. Leveraging advanced AI and machine learning capabilities, their platform automatically detects sophisticated threats, significantly enhances security operations, and improves analyst efficiency by providing comprehensive, correlated visibility and accelerating incident response workflows from a single, integrated pane of glass.
• Astrix Security: Specializes in securing non-human identities and SaaS-to-SaaS connectivity, addressing a critical and often overlooked attack surface in today's digital landscape. Their platform provides comprehensive visibility into all non-human access, enabling organizations to enforce granular, adaptive policies and proactively prevent data breaches by meticulously managing access for API keys, service accounts, and critical cloud integrations, ensuring robust security for automated processes.

Gold Sponsors

• Black Duck: Leads the evolution of application security with a next-generation platform designed to secure both the traditional software supply chain and the emerging AI-driven development lifecycle. By integrating AI-specific risk management with industry-leading Software Composition Analysis (SCA) and Interactive Application Security Testing (IAST), Black Duck provides the deep visibility and automated guardrails necessary to identify vulnerabilities in open-source components and AI-generated code alike, ensuring enterprise trust in the age of the Secure AI Revolution.
• RevolutionCyber: A boutique cybersecurity and resilience consulting firm that blends strategic advisory, cultural transformation, and technology enablement to redefine how organizations approach security. They focus on aligning security with core business outcomes, such as resilience, trust, and revenue generation, rather than treating it as a standalone technical function, offering services that enhance security culture and prepare for rapid incident response.
• CoreLight: CoreLight is the creator of Open Network Detection and Response (NDR), providing deep visibility into network traffic for advanced threat detection and accelerated incident response. Their platform extracts comprehensive network evidence (like rich logs and metadata) from raw traffic, enabling security teams to quickly hunt threats, perform forensic analysis, and gain complete situational awareness across complex, distributed environments. This dramatically reduces the time needed to detect and neutralize sophisticated attacks and model theft.
• Exiger: Provides an AI-powered supply chain and third-party risk management platform that helps organizations illuminate, analyze, and mitigate complex risks across their extended enterprise. Their solutions offer deep insights into vendor vulnerabilities, geopolitical supply chain disruptions, and financial health, enabling proactive risk management and enhanced resilience in an AI-driven world.
• Sepio: Offers a Hardware Access Control (HAC) and asset visibility platform that provides actionable visibility to continuously manage the risk of all known and shadow assets. Utilizing innovative multi-disciplinary SaaS solutions that combine practical physics, machine learning, and big data, Sepio delivers unified hardware device risk management, helping secure IT, OT, and IoT environments and providing defense against "invisible threat layers."
• Snyk: An enterprise-grade developer security platform that provides organizations with deep visibility and governance over their entire software supply chain. Snyk’s AI-powered orchestration engine enables security leaders to implement global risk policies while empowering development teams to remediate vulnerabilities in code, open-source dependencies, containers, and cloud infrastructure. By bridging the gap between security and engineering, Snyk provides the scalability and auditability required for large-scale digital transformations and secure AI adoption.
• Summit 7: Specializes in DIB cybersecurity compliance, with a core focus on CMMC (Cybersecurity Maturity Model Certification) and robust Microsoft 365 security solutions. They assist defense industrial base (DIB) companies in achieving and maintaining compliance with stringent federal regulations like CMMC, DFARS, and NIST, ensuring secure operations within the Microsoft ecosystem.

Silver Sponsors

• BigID: BigID is a leading data intelligence platform that utilizes advanced AI and machine learning to comprehensively discover, classify, and manage sensitive and regulated data across diverse and hybrid environments, including cloud, on-premise, and SaaS applications. It empowers organizations to ensure stringent data privacy compliance, precisely identify and remediate security risks associated with vulnerable data exposures, and automate critical data governance processes by providing unparalleled data intelligence and control, thereby significantly enhancing overall security posture and reducing data risk.
• Happiest Minds Technologies: A global IT services company that leverages cutting-edge technologies in digital transformation, cloud, cybersecurity, analytics, and Internet of Things (IoT) to drive enterprise success. They provide end-to-end services that help businesses achieve digital excellence, optimize operational efficiency, and foster continuous innovation with a strong emphasis on human-centric solutions, delivering comprehensive and integrated technology services that align with specific business objectives and industry standards.
• Horizon3.ai: Provides NodeZero, an autonomous penetration testing platform. It continuously assesses an organization's internal and external attack surface, automatically discovers exploitable weaknesses, and verifies vulnerabilities without human intervention. By rigorously emulating real-world attacker behaviors and techniques, NodeZero identifies critical attack pathways and provides clear, actionable remediation steps to proactively strengthen security posture and continuously validate an organization's defenses against evolving cyber threats, supporting a continuous security validation program.
• Illumio: Provides Zero Trust Segmentation to prevent the lateral movement of breaches across complex hybrid environments, including data centers, multi-cloud infrastructures, and endpoints. It meticulously visualizes application dependencies and communication flows, micro-segments networks down to individual workloads, and enforces granular, adaptive policies to contain attacks. This approach dramatically minimizes breach impact by reducing the attack surface and significantly enhancing an organization's overall cyber resilience and security posture.
• One Identity: Offers comprehensive identity and access management (IAM) solutions that provide a unified platform for managing identities, governing access, and securing privileged accounts across an organization's entire digital landscape. Their solutions include Identity Governance and Administration (IGA) for managing user access lifecycles, Privileged Access Management (PAM) for securing elevated accounts, and Access Management for secure authentication. This helps organizations streamline identity lifecycle management, enforce least privilege principles, and improve compliance posture across complex IT environments.
• Redblock’s Agentic AI (redblock.ai) automates identity and security workflows across disconnected apps — extending SailPoint and other identity systems for full coverage. It connects what Identity systems can’t, eliminates CSVs and IT tickets, and automates actions safely with policy guardrails. The result: a smaller identity attack surface in days, not months. Manual workflows become autonomous, auditable actions.
• StrongDM: Offers a unified platform for managing and auditing access to all critical infrastructure, including servers, databases, Kubernetes clusters, and internal applications. It connects users securely without the need for traditional VPNs, meticulously logs every session for comprehensive auditing and compliance, and enforces granular, least-privilege access policies in real-time. This centralizes control over all technical access, significantly enhancing security posture and streamlining compliance workflows while improving operational efficiency.
• VeriaLabs: Provides an AI-native offensive security platform designed for autonomous vulnerability discovery and exploitation. By integrating directly into Git repositories and CI/CD pipelines, VeriaLabs utilizes specialized AI agents to analyze codebases, generate real-world exploit PoCs to verify risk, and provide automated remediation. Their approach shifts offensive security left, enabling organizations to validate their security posture and secure critical vulnerabilities with high confidence and at machine speed.