1:00 pm

Registration

1:30 pm

Welcome & short introduction from SIGS

1:30 pm

Markus Luchsinger, Senior Risk Manager

Setting the Stage: The Shift from Chatbots to Action-Oriented AI
This introductory session will provide a short update on the newest AI trends: what has truly advanced and where expectations still exceed reality. We will then explore the transition from chat-focused tools to agents that use tools and perform tasks, and why shifting from “answers” to “actions” alters the security and risk landscape.

Finally, I will give a glimpse how to translate regulatory expectations into effective AI governance, ensuring that agentic AI becomes a business advantage instead of an unmanaged, uncontrolled risk.

2:00 pm

Dr. Rehana Harasgama, Partner at Kellerhals Carrard Zürich KlG
(details will follow - lawyers update)

2:30 pm

Keynote from CrowdStrike

3:00 pm

Coffee break

3:45 pm

Keynote from Descope

Securing AI Agents and MCP Servers for the Enterprise
As organizations deploy agentic AI and MCP projects, they face unique identity management hurdles that introduce security risk and prevent production-readiness. In this session, attendees will learn why AI agents break traditional IAM systems and how to overcome identity hurdles with scope-based access control, short-lived AI agent credentials, and policy-based governance.

4:15 pm

George Necola, Chief Information Security Officer at Alpiq

AI Assisted Reconnaissance in Offensive Cybersecurity
Reconnaissance is the foundation of every cyber operation. Before exploitation occurs, attackers and security teams gather intelligence about a target environment.

Artificial intelligence is transforming this phase by automating data collection, correlating large datasets, and identifying patterns that are difficult to detect at scale.

This talk explains how AI enhances reconnaissance, where it is used in offensive security and red teaming, and what risks and ethical considerations arise. A practical case study shows how to map an external attack surface without exploitation.

4:45 pm

Daniel von Büren, Swiss Security Officer at Microsoft 

Secure AI End-to-End: From Shadow AI to Controlled Agents
Securing AI is about everything around them: prompts and responses, orchestration, plugins/tools, training and RAG data, and the identities and permissions that agents use to act.

In this session, we’ll break down the most common GenAI concerns organizations face today - data leakage/theft, jailbreak and indirect prompt injection, model vulnerabilities, hallucinations, and the operational headache of agent sprawl / shadow AI - and show how you can approach them end-to-end.

5:15 pm

Short break

5:30 pm

Lukas Weichselbaum, Senior Staff Information Security Engineer at Google

From Prompt Injections to Rogue Actions: Securing AI Agents in Practice
As AI evolves into autonomous agents that can reason about natural language requests and take actions on behalf of users, a completely new frontier of security vulnerabilities has emerged. Because agents are inherently non-deterministic and must process untrusted inputs from the real world, they are uniquely susceptible to manipulations like prompt injection. Left unprotected, these vulnerabilities can lead to severe consequences, such as sensitive data exfiltration or rogue agent actions—demonstrated by real-world exploits like using poisoned calendar invites to hijack smart home controls.

This technical session cuts through the hype to explore Google's approach to agent security, detailing the mechanics of these novel attacks and the controls required to stop them. We will dive into Google's hybrid "defense-in-depth" strategy, illustrating how combining deterministic runtime policy engines, dynamic contextual policies, and secure agent frameworks can ensure agents operate with strict human oversight, limited powers, and observable actions in practice.

Jannis Kirschner, Security Engineer at Niantic, Inc.

Poisoning the Well: How Adversaries Corrupt Your AI's Data Sources
Most organizations deploying AI invest heavily in protecting model inputs from prompt injection. But what happens when attackers target the data your AI trusts instead?

Retrieval Augmented Generation (RAG) is rapidly becoming a foundational technique powering everything from customer-facing chatbots to internal knowledge assistants. By manipulating the underlying data sources, adversaries can make these systems produce confidently false, harmful, or manipulated outputs - without ever touching the prompt.

In this talk, we trace the complete attack chain from document injection to downstream impact, and explore practical detection and mitigation strategies. The goal: helping security teams think beyond prompt-level threats and protect the full AI pipeline.

6:45 pm

Dinner & Networking till open end

Dr. Rehana Harasgama
Partner at Kellerhals Carrard Zürich KlG.

Jannis Kirschner
Security Engineer at Niantic, Inc.

George Necola
Chief Information Security Officer at Alpiq