Cyburgh 2026: Panel Discussions Explore Cybersecurity Trends and Issues

Cybersecurity no longer lives in a locked room marked “IT.” At Cyburgh 2026, the panel discussions made it clear that today’s risk surface is wider, faster and far more entangled with everyday business decisions.

Across conversations on AI security, identity, third-party risk and ransomware resilience, a common theme emerged: the newest threats often exploit the oldest gaps. Shadow AI is racing ahead of governance. Attackers are borrowing credentials instead of breaking down doors. Vendors and SaaS tools are expanding risk beyond the walls of the enterprise. Ransomware recovery depends less on panic buttons and more on practiced fundamentals.

The panels cut through buzzwords to deliver a grounded message for leaders: know what is running, know who has access, know which partners matter most, and know how your organization will respond when pressure hits. From AI agents and synthetic workers to stolen session tokens and fragile backup plans, Cyburgh’s discussions showed that cyber resilience is now an operating discipline, not just a technical function. The fundamentals still matter, but in 2026, they have to move at the speed of the business.

Panel: AI Security in Production

The “AI Security in Production” panel focused on a core reality for today’s enterprises: AI is already inside the business, often ahead of formal governance, inventory, and security controls. The discussion moved quickly from policy to practice, with panelists emphasizing that the biggest risks are not always exotic new AI threats, but familiar security gaps amplified by AI: weak asset management, shadow technology, third-party exposure, poor data classification, unclear ownership, and lack of monitoring. 

Panelists repeatedly returned to the idea that AI security is not a brand-new discipline. Instead, it is an expansion of existing security fundamentals into a faster, messier, more democratized environment where employees, citizen developers, agents, vendors, and large language models are all part of the risk surface. The practical message: start with what you already have, tighten the basics, classify your data, know what is running, train users, and make sure someone has authority to slow down or shut down risky AI use when needed.  

5 Key Takeaways 

• Shadow AI is already here. Employees are using tools like ChatGPT, Copilot, Claude, Perplexity, and other AI platforms whether organizations formally approve them or not. The first challenge is visibility: knowing what AI is being used, by whom, and for what purpose.  

• AI amplifies old security problems. The panelists stressed that AI does not erase the need for basic cyber hygiene. Inventory, data classification, endpoint detection, secure coding, least privilege, third-party risk management, and identity controls still matter, but the consequences of weak controls can scale faster with AI.  

• Agents should be treated like a new class of insider. Agentic AI introduces systems that can act on behalf of users, touch data, execute workflows, and potentially make mistakes at machine speed. Panelists suggested applying insider threat thinking, least privilege, identity monitoring, and clear shutdown procedures to AI agents.  

• Security needs to enable, not simply block. Several panelists warned that saying “no” to AI will only drive use underground. Security teams should bring “healthy friction” by helping design safe pathways, approved tools, guardrails, and practical controls that let the business move forward without flying blind.  

• Training and governance must reach beyond IT. AI is now in the hands of sales, finance, HR, developers, and everyday users. That means education has to include critical thinking, responsible prompting, secure use of coding tools, awareness of third-party risks, and understanding the difference between convenience and exposure. 

Panel: Practical Security that Works

The “Practical Security that Works” panel cut through identity-security buzzwords and focused on the gritty reality of modern defense: attackers are not always breaking through the front door anymore, they are borrowing someone’s badge. Panelists discussed how stolen credentials, session token theft, over-permissioned accounts, unmanaged service identities, third-party compromise, deepfakes, and synthetic workers are forcing organizations to rethink identity as the true perimeter. 

The conversation made clear that MFA is now table stakes, not a complete strategy. Panelists pointed to phishing-resistant authentication, conditional access, device posture checks, behavioral analytics, role-based access, human verification, service-account ownership, and better identity lifecycle management as practical ways to reduce risk. The core message was refreshingly grounded: you cannot drive risk to zero, but you can measure it, manage it, layer controls, and make sure the right business leaders are accountable for risk decisions.  

5 Key Takeaways 

• MFA is necessary, but no longer enough. Panelists emphasized that MFA has become a baseline control rather than a backbone. Adversary-in-the-middle attacks can steal session tokens, giving attackers persistent access even after MFA is completed. Phishing-resistant methods like passkeys and FIDO2-style authentication are becoming more important.  

• Identity is the new perimeter. The panel repeatedly returned to the idea that organizations must continuously validate users, devices, sessions, and context. Conditional access, device posture checks, behavioral analytics, tokenization, and adaptive security controls are all part of a more layered approach.  

• Least privilege is still hard, but essential. Panelists noted that users often accumulate access over time as they move between roles, creating hidden risk. Strong identity lifecycle management, role-based access, access reviews, and business-owner accountability are critical to making least privilege more than a policy poster.  

• Non-human identities need human accountability. Service accounts, bots, agents, and other non-human identities can quietly become over-permissioned or forgotten. The panel recommended assigning human owners, auditing usage, tying changes to change-control processes, and challenging requests for excessive access.  

• AI and deepfakes are supercharging identity fraud. From synthetic job candidates and fake remote workers to business email compromise and AI-assisted fraud, panelists warned that organizations need stronger out-of-band verification, better hiring/interview diligence, and more skepticism around digital interactions. Trust has to be verified, not assumed. 

Panel: Third Party Risk: Securing What You Don’t Know

The “Third Party Risk: Securing What You Don’t Know” panel tackled one of cybersecurity’s most stubborn friction points: organizations are more dependent than ever on vendors, SaaS platforms, managed service providers, cloud tools, AI-enabled products, and outside partners, but many third-party risk programs are still stuck in questionnaire purgatory. 

Panelists agreed that traditional third-party risk management often creates too much paperwork and not enough actual visibility. The discussion emphasized moving beyond static questionnaires and annual reviews toward more practical risk tiering, continuous monitoring, stronger contractual language, better vendor inventories, clearer escalation paths, and deeper relationships with the most critical suppliers. The heart of the conversation was this: third-party risk cannot be managed as a checkbox exercise. It has to become a shared operating model with the vendors that truly matter to the business.  

5 Key Takeaways 

• Questionnaires are overused and underpowered. Panelists repeatedly pushed back on the endless cycle of “you fill out my questionnaire, I’ll fill out yours.” They said questionnaires still have value as a baseline, but they often consume too much time compared to the actual risk reduction they provide.  

• Risk tiering beats over-engineered scoring. Rather than building overly complex formulas to decide whether a vendor scores a 97 or 98, panelists recommended simpler tiering models. The most scrutiny should go to vendors with access to sensitive data, operational technology, critical systems, or key business functions.  

• Continuous visibility matters more than periodic reviews. The panel highlighted the value of continuous validation and monitoring tools, along with practical internal checks such as comparing identity logs, SSO logs, finance invoices, and purchasing data to uncover “shadow vendors” that never made it into the official risk register.  

• The best vendor relationships are operational partnerships. For critical suppliers, the relationship should not be transactional. Panelists recommended regular conversations with security and technical teams, clear escalation paths, tabletop exercises with key vendors, and shared expectations around incident response and transparency.  

• Contract language needs real teeth. Several panelists emphasized the importance of strong cybersecurity addendums, including breach notification timelines, right-to-audit language, and clear expectations for collaboration during incidents. When a vendor is compromised, transparency and speed can determine whether the relationship holds or breaks. 

Panel: Ransomware Reality Check

The “Ransomware Reality Check” panel moved beyond fear-based ransomware talk and focused on what actually changes outcomes when an organization is under pressure. The panelists emphasized that ransomware response is not just a technical exercise. It is an operational test of preparation, decision-making, containment, recovery, communication, vendor awareness, and executive readiness. 

Across government, healthcare, manufacturing, transportation, and operational technology environments, the message was remarkably consistent: organizations recover faster when they know their environments, practice their playbooks, validate backups under real conditions, control identity and administrative access, segment networks effectively, and make major business decisions before an incident occurs. The panel closed with a strong reminder that while AI and advanced threats are changing the speed and scale of attacks, ransomware resilience still depends on getting the basics right and practicing them until they hold up under stress.  

5 Key Takeaways 

• Speed matters, but only if you have practiced. Panelists pointed to fast decision-making, early detection, containment, and preparation as the biggest factors that change ransomware outcomes. The Commonwealth of Pennsylvania example showed how practiced playbooks, endpoint alerts, identity containment, and a rapid incident bridge can help teams move quickly when something looks like an active attack.  

• You cannot protect what you cannot see. Knowing your assets, systems, data, network behavior, and external-facing infrastructure is foundational. Panelists stressed that baselining normal activity helps teams separate real threats from noise and reduce alert fatigue.  

• Recovery must be tested under real-world conditions. Backups are not enough unless organizations know they can actually restore systems in the right order, validate applications, account for dependencies, and meet business priorities. Disaster recovery tests and realistic exercises often reveal gaps that would otherwise surface during a crisis.  

• Tabletops need to change behavior, not just check a box. The strongest exercises involve the right audience, clear decision-makers, realistic scenarios, technical and executive tracks when needed, and follow-through on action items. Panelists warned that repeating the same tabletop issues year after year without fixing them adds little value.  

• The basics are still the backbone of ransomware resilience. Network segmentation, endpoint protection, MFA that is properly configured, administrative access controls, just-in-time access, identity monitoring, vendor awareness, and asset inventory remain critical. As one panelist framed it, the game has gotten faster and the consequences bigger, but the fundamentals still decide who recovers and who spirals.