Editor's Picks

Best Talks at fwd:cloudsec North America 2026

Hand-picked from in-depth reviewer verdicts — the top 12 talks from this conference. Skip the noise, find the signal.

← All talks at fwd:cloudsec North America 2026

  1. 1

    Sub:jugation - Hijacking Cloud Identities by Recycling Namespaces in Global OIDC Issuers

    Tal

    In a revealing presentation at fwd:cloudsec, Tal Verer, Head of Research at Asec Security, unveiled "Sub:jugation," a novel class of vulnerability impacting nearly all major CI/CD providers. What initially appeared to be a straightforward issue—the potential for reclaiming…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆
  2. 2

    Stop Building Custom Agent Identity

    Sarah Cecchetti

    The rapid proliferation of AI agents in enterprise environments presents a critical, yet often overlooked, security challenge: how do these autonomous entities establish and manage their identity in a secure, auditable, and scalable manner? This talk, "Stop Building Custom…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆
  3. 3

    Push-Pull-Pwn: Hacking the Cloud through Container Registry Poisoning

    Hillai, Nir

    This talk, "Push-Pull-Pwn: Hacking the Cloud through Container Registry Poisoning," delivered by Hillai and Nir from Wiz Research, uncovers a critical and often under-discussed security risk: the container registry. Positioned as the central hub of modern cloud environments…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  4. 4

    No Way Out? C2 Through AWS Data Perimeter via Bedrock-AgentCore

    Dan Gansel

    In this insightful talk from fwd:cloudsec, Dan Gansel, a security researcher at API Security, unveiled a sophisticated command and control (C2) channel that could bypass AWS's stringent Data Perimeter controls. The research, titled "No Way Out? C2 Through AWS Data Perimeter via…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  5. 5

    Zapocalypse: Compromising every Zapier user through a Lambda memory leak

    Yair Balilti

    This talk, titled "Zapocalypse: Compromising every Zapier user through a Lambda memory leak," details a critical vulnerability chain discovered in Zapier, a prominent AI-driven workflow automation platform. Presented by Yair Balilti, a Security Researcher at Token Security, the…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  6. 6

    OCInferno: An Offensive Security Toolkit for OCI

    Scott Weston

    In this fwd:cloudsec presentation, Scott Weston introduces **OCInferno**, a comprehensive offensive security toolkit designed specifically for Oracle Cloud Infrastructure (OCI). The talk delves into the intricacies of OCI's unique Identity and Access Management (IAM) model…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  7. 7

    What Building an AI Worm Taught Us About Stopping One

    Kinnaird McQuade

    Kinnaird McQuade, Chief Security Architect at Beyond Trust, presented a groundbreaking talk at fwd:cloudsec detailing his experience building an autonomous, AI-powered worm. The motivation behind this audacious project was rooted in **gain of function research**, akin to how…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  8. 8

    In git we trust: Defending Lovable projects from malicious code attacks at scale

    Marcus, Samuel

    This talk, "In git we trust: Defending Lovable projects from malicious code attacks at scale," delivered by Samuel, a Security Engineer, and Marcus from Lovable, delves into a sophisticated, large-scale malicious code injection campaign targeting users of the Lovable platform…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  9. 9

    Release the Kraken: Putting Tentacles on Your AI "Paved Road"

    Sakina Mithani

    In an era where Artificial Intelligence (AI) usage is rapidly becoming "non-negotiable" for developers, organizations face a critical challenge: how to enable powerful AI coding tools without exposing sensitive internal data to new and complex threats. Sakina Mithani, a Cloud…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  10. 10

    Data Perimeters: Beyond the Marketing

    Matt Luttrell

    In this insightful talk, Matt Luttrell, a Principal Security Engineer at AWS, delves into the often-complex world of **data perimeters** in cloud environments. Moving beyond the marketing hype, Luttrell provides a pragmatic and deeply technical examination of how data…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  11. 11

    One Architectural Sin, Two Clouds, and a Universal Attack Technique for Data Hijacking

    Yahav

    In this fwd:cloudsec talk, Yahav Fessinger, a Cloud Security Researcher at Palo Alto Networks, unveiled a simple yet profoundly impactful attack technique capable of hijacking critical cloud data. Titled "One Architectural Sin, Two Clouds, and a Universal Attack Technique for…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  12. 12

    Barbarians at the Gate: Visualizing and Blocking SDLC Infrastructure Threats with SITF

    S Berkovich

    In this compelling talk at fwd:cloudsec, Shay Berkovich from Google (formerly of the WH Threat Research Group) introduced the **SDLC Infrastructure Threat Framework (SITF)**, a novel approach to understanding, visualizing, and defending against the escalating wave of attacks…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆

View all talks at fwd:cloudsec North America 2026 →