fwd:cloudsec North America 2026

June 1-2, 2026 · Bellevue, WA · 37 talks

A practitioner-driven cloud security conference featuring offensive research, defensive operations, and governance across AWS, Azure, GCP, and beyond.

→ See editor’s top picks at fwd:cloudsec North America 2026

• 2026 Introduction — Patrick Sanders

  Patrick Sanders' opening address at fwd:cloudsec North America 2026 served as a powerful thematic introduction to the conference, setting a critical tone for the year ahead in cloud security. Rather…

• Push-Pull-Pwn: Hacking the Cloud through Container Registry Poisoning — Hillai, Nir

  This talk, "Push-Pull-Pwn: Hacking the Cloud through Container Registry Poisoning," delivered by Hillai and Nir from Wiz Research, uncovers a critical and often under-discussed security risk: the…

• No Way Out? C2 Through AWS Data Perimeter via Bedrock-AgentCore — Dan Gansel

  In this insightful talk from fwd:cloudsec, Dan Gansel, a security researcher at API Security, unveiled a sophisticated command and control (C2) channel that could bypass AWS's stringent Data…

• Sub:jugation - Hijacking Cloud Identities by Recycling Namespaces in Global OIDC Issuers — Tal

  In a revealing presentation at fwd:cloudsec, Tal Verer, Head of Research at Asec Security, unveiled "Sub:jugation," a novel class of vulnerability impacting nearly all major CI/CD providers. What…

• Zapocalypse: Compromising every Zapier user through a Lambda memory leak — Yair Balilti

  This talk, titled "Zapocalypse: Compromising every Zapier user through a Lambda memory leak," details a critical vulnerability chain discovered in Zapier, a prominent AI-driven workflow automation…

• OCInferno: An Offensive Security Toolkit for OCI — Scott Weston

  In this fwd:cloudsec presentation, Scott Weston introduces **OCInferno**, a comprehensive offensive security toolkit designed specifically for Oracle Cloud Infrastructure (OCI). The talk delves into…

• What Building an AI Worm Taught Us About Stopping One — Kinnaird McQuade

  Kinnaird McQuade, Chief Security Architect at Beyond Trust, presented a groundbreaking talk at fwd:cloudsec detailing his experience building an autonomous, AI-powered worm. The motivation behind…

• Are We There Yet? Lessons from the 10 Year Cloud Security Ride — James Berthoty

  James Berthoty's talk, "Are We There Yet? Lessons from the 10 Year Cloud Security Ride," offers a critical retrospective and forward-looking analysis of the cloud security landscape over the past…

• In git we trust: Defending Lovable projects from malicious code attacks at scale — Marcus, Samuel

  This talk, "In git we trust: Defending Lovable projects from malicious code attacks at scale," delivered by Samuel, a Security Engineer, and Marcus from Lovable, delves into a sophisticated…

• Stop Training Engineers to Ignore You: Cloud Security Alerting at Scale — Paul Benoit

  In the dynamic and ever-expanding landscape of cloud infrastructure, effective security alerting at scale presents a formidable challenge for even the most sophisticated organizations. This talk…

• Stop Building Custom Agent Identity — Sarah Cecchetti

  The rapid proliferation of AI agents in enterprise environments presents a critical, yet often overlooked, security challenge: how do these autonomous entities establish and manage their identity in…

• Release the Kraken: Putting Tentacles on Your AI "Paved Road" — Sakina Mithani

  In an era where Artificial Intelligence (AI) usage is rapidly becoming "non-negotiable" for developers, organizations face a critical challenge: how to enable powerful AI coding tools without…

• Pattern matching and head scratching with our new friends The Neoclouds — Matthew Gladney

  In this insightful talk, Matthew Gladney addresses a growing challenge faced by cloud security professionals: the proliferation of **NeoClouds**. These are defined as **GPU-focused…

• The domain takeover challenge: Detecting and defeating it at scale — Ramesh, Eli F

  In an increasingly complex cloud landscape marked by rapid growth, numerous acquisitions, and accelerated development cycles, organizations face significant challenges in managing their digital…

• Least Privilege is a Conversation: Building an Agentic Role Engineering Pipeline — Alex Smolen

  In the intricate landscape of cloud security, establishing and maintaining **least privilege** in AWS Identity and Access Management (IAM) remains a formidable challenge, particularly for…

• Who Did This? Identity and Accountability When Your Cloud Actors Aren't Human — Jie Wu, Pulkit Garg

  In the rapidly expanding landscape of cloud infrastructure, non-human identities – primarily **service accounts** – have become ubiquitous, performing a vast array of automated tasks from running…

• The Tireless Guardian: Agentic AI and the Art of WAF at Scale — Ammar Alim

  In his fwd:cloudsec talk, "The Tireless Guardian: Agentic AI and the Art of WAF at Scale," Ammar Alim from Adobe presents a compelling case for leveraging **agentic AI** to revolutionize the…

• Agentic Paved Roads: Shifting Security Left to the Machine That Thinks — Prahathess Rengasamy

  In an era where artificial intelligence agents are increasingly writing, shipping, and deploying code to production infrastructure, traditional security paradigms are proving insufficient…

• Context-Aware Authorization for Agentic Tool Calls (Agent Memory Informed Authorization) — Robert

  In an era where artificial intelligence agents are increasingly integrated into daily workflows, both assisting human employees and operating autonomously, the challenge of securing their access to…

• Who Are the Robots? Uncovering AI Agents Identities — Ron Popov, Clément Notin

  In an era where Artificial Intelligence (AI) agents are rapidly integrating into enterprise operations, the critical challenge of securing these autonomous entities remains largely unaddressed. Ron…

• Discovering New AWS Privilege Escalation Paths with an AI-Driven Workflow — Seth Art

  Seth Art's presentation at fwd:cloudsec dives into an innovative, **AI-driven workflow** designed to identify novel **privilege escalation** (PE) paths within Amazon Web Services (AWS) Identity and…

• Azure Networking Dark Arts: The Implicit Paths Your Diagrams Don't Show-Achia Rosenfeld & Kobi Rubin — Achia Rosenfeld, Kobi Rubin

  In this fwd:cloudsec presentation, "Azure Networking Dark Arts: The Implicit Paths Your Diagrams Don't Show," Achia Rosenfeld and Kobi Rubin from Act Security peel back the layers of Azure's often…

• Lessons From Building a Cloud Attack Simulation Program — Pavel Lineitsev

  In the dynamic landscape of cloud security, ensuring the efficacy of detection and response capabilities across heterogeneous cloud environments is a monumental challenge. Pavel Lineitsev, from…

• Observing Escalation Paths in Kubernetes — William Taylor

  In this insightful talk from fwd:cloudsec, William Taylor, a Security Consultant at Reverse, delves into the often-overlooked security implications of **observability tools** within **Kubernetes**…

• I made AI agents apply for my Security Team. Then I gave the agents access to AWS. — Cole Horsman

  In a compelling presentation at fwd:cloudsec, Cole Horsman, an AI security specialist at KKR, unveiled an innovative approach to tackling the pervasive challenge of **cloud identity and access…

• Paying More for Worse Security: An AWS Marketplace Horror Story — Corey Quinn

  In this eye-opening talk from fwd:cloudsec, Corey Quinn, author of the "Last Week in AWS" newsletter, exposes a pervasive and disturbing trend within the AWS Marketplace: a "horror story" where…

• Data Perimeters: Beyond the Marketing — Matt Luttrell

  In this insightful talk, Matt Luttrell, a Principal Security Engineer at AWS, delves into the often-complex world of **data perimeters** in cloud environments. Moving beyond the marketing hype…

• Beyond the Perimeter: Retrofitting VPC-SC at Enterprise Scale — Priya Puranik, Akshay Mahajan

  In the modern cloud landscape, traditional network firewalls are increasingly insufficient to prevent data exfiltration. While Identity and Access Management (IAM) controls dictate *who* can access…

• Artificial Intelligence 🤝 Natural Stupidity — Brandon Sherman

  In "Artificial Intelligence 🤝 Natural Stupidity," Brandon Sherman, a Staff or Senior Staff Engineer, presents a compelling argument that while artificial intelligence (AI) has the power to magnify…

• One Architectural Sin, Two Clouds, and a Universal Attack Technique for Data Hijacking — Yahav

  In this fwd:cloudsec talk, Yahav Fessinger, a Cloud Security Researcher at Palo Alto Networks, unveiled a simple yet profoundly impactful attack technique capable of hijacking critical cloud data…

• Do Apps Have Imposter Syndrome? Unmasking Token Theft Campaigns — Shahar Dorfman, Sapir Federovsky

  In an era where identity is the new perimeter, the security of applications and their interactions within cloud environments is paramount. This talk, "Do Apps Have Imposter Syndrome? Unmasking Token…

• Beyond the Checkbox: What Breaks When You Actually Stress-Test Cloud Incident Response — M Harvey

  In the realm of cloud security, the true test of an organization's incident response (IR) capabilities often comes not from theoretical discussions but from real-world chaos. Matthew Harvey, a…

• Schrödinger’s Detection: Finding the "Zombie" Rules in Your SIEM — Gowthamaraj

  In the dynamic landscape of cybersecurity, Security Information and Event Management (SIEM) systems are the bedrock of detection and response. However, the efficacy of these systems hinges entirely…

• A Hero’s Guide to Building a Cloud Security Program Without a 20-Person Guild — Steve Turner

  In his fwd:cloudsec talk, "Slaying the Sprawl: A Hero’s Guide to Building a Cloud Security Program Without a 20-Person Guild," Steve Turner, a Cloud Security Architect at Zealus, addresses one of…

• Transforming Security Incident Metadata to Security Outcomes — Cydney Stude, Steve de Vera

  In this insightful talk from fwd:cloudsec, Cydney Stude and Steve de Vera from AWS Security Incident Response unveil the **Threat Technique Catalog for AWS (TTC)**, a crucial initiative designed to…

• Barbarians at the Gate: Visualizing and Blocking SDLC Infrastructure Threats with SITF — S Berkovich

  In this compelling talk at fwd:cloudsec, Shay Berkovich from Google (formerly of the WH Threat Research Group) introduced the **SDLC Infrastructure Threat Framework (SITF)**, a novel approach to…

• When One Vulnerability Cascades Across Cloud Infrastructure — Albin Vattakattu, Ryan Nolette

  This talk, "When One Vulnerability Cascades Across Cloud Infrastructure," by Albin Vattakattu and Ryan Nolette from AWS, provides an unparalleled behind-the-scenes look into how a major cloud…