Conference · BSides Luxembourg 2026 · Sessions I Attended

BSides Luxembourg 2026 — Sessions I Attended

Seven sessions across three days — selling security to the business, AI-generated exploits, third-party risk management, dark web intelligence, social engineering at scale, agentic AI attacks, and a cloud security CTF. One article per session.

7 Sessions· 3 Days· Luxembourg, May 2026· Parul Sharma
01 Workshop
From Zero Trust to Trusted Adviser
What BSides Luxembourg Taught Me About Selling Security
Glen Sorenson & Daniela Parker
Four hours on the one thing nobody trains you for in cybersecurity — how to get people to act. Stakeholder mapping, cognitive bias, pitching frameworks, and why FUD always backfires.
Read session notes
02 Session
Building a Mythos-Ready Security Program
What BSides Luxembourg Made Very Clear About AI and the Vulnerability Equilibrium
Catalin Tiganila · CSA Luxembourg Chapter
On April 8 2026, Anthropic announced Claude Mythos Preview — a frontier model that autonomously discovered and wrote working exploits for thousands of zero-days. The equilibrium between attackers and defenders has broken. Here is what your security programme needs to do about it.
Read session notes
03 Session
Third Party Risk Management
Building a Resilient TPRM Programme
Jyoti Upadhyay
A practical, direct session on TPRM maturity, vendor risk tiering, and the six pitfalls that quietly kill most programmes before they are ever functional. Relevant for DORA compliance and beyond.
Read session notes
04 Session
Why I Go to the Dark Web Every Day
What Alex Holden Taught Me About Knowing Your Adversary
Alex Holden
Alex Holden's company has cultivated an active presence on the dark web — not monitoring from a distance, but understanding communities, learning culture, and developing intelligence that lets you anticipate what threat actors will do before they do it.
Read session notes
05 Session
The High Performance Fuel for Social Engineering
Now in AI Flavours
Glen Sorenson
Privacy, as most people understand it, is largely a myth. The same personal data that GDPR was supposed to protect is still out there — and AI has now made it trivially easy to weaponise at industrial scale.
Read session notes
06 Session
The Agent Had a Plan — So Did I
Top Attacks on OWASP Agentic AI Systems
Parth Shukla & Nagarjun Rallapalli
Live demos of AI agent attacks — Python code running on screen, working exploits, and a very specific point of view about why agentic AI security is still widely misunderstood. OWASP's six attack categories explained.
Read session notes
07 Workshop
Cloud & AI Security CTF
What a Two-Hour Treasure Hunt Taught Me About Attack Chains
Cloud & AI Security CTF · WIZ
A two-hour Capture the Flag on a real cloud AI attack chain — from compromised front end to S3 exfiltration. Reconstructed step by step using WIZ's security graph. Better than any theory-only session.
Read session notes

Follow on LinkedIn

New upskilling articles and conference takeaways every week. Follow Parul Sharma to get notified the moment new content goes live.

Follow Parul Sharma

This site uses analytics cookies. Privacy Policy