BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//fwd-cloudsec-2026//speaker//DQA9P3
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-fwd-cloudsec-2026-XEMZWB@pretalx.com
DTSTART;TZID=PST:20260601T140000
DTEND;TZID=PST:20260601T144000
DESCRIPTION:Web Application Firewalls have a reputation problem. Security t
 eams know WAF is one of the few controls that can buy critical hours durin
 g a zero-day\; a virtual patch deployed in minutes while engineering queue
 s up a weeks-long rollout across a sprawling estate. Log4Shell made believ
 ers out of skeptics overnight.\nBut the promise collapses under its own we
 ight at scale. Fine-tuning WAF rules across hundreds of distinct technolog
 y stacks\, application owners\, and risk profiles is a domain-expertise pr
 oblem that doesn't scale with headcount. The result is a familiar compromi
 se: rules so broad they're useless\, or so tight they become a reliability
  incident waiting to happen. Teams end up choosing between security theate
 r and engineering pain.\nThis talk shares lessons from operating WAF at en
 terprise scale — and what changes when you introduce agentic AI into tha
 t loop. We'll walk through how AI-assisted rule generation\, context-aware
  tuning\, and autonomous remediation workflows can compress the cycle from
  "vulnerability disclosed" to "fleet protected" from days to minutes\, wit
 hout requiring a WAF expert embedded in every product team. We'll cover wh
 ere the AI gets it wrong\, what guardrails matter\, and what it looks like
  when a virtual patch is the difference between a contained incident and a
  headline.\nAttendees will leave with a framework for thinking about AI-au
 gmented defensive controls not as magic\, but as a new kind of teammate\, 
 one that needs supervision\, clear trust boundaries\, and a very good memo
 ry for what "normal" looks like.
DTSTAMP:20260502T113340Z
LOCATION:Room 2
SUMMARY:The Tireless Guardian: Agentic AI and the Art of WAF at Scale - Amm
 ar Alim
URL:https://pretalx.com/fwd-cloudsec-2026/talk/XEMZWB/
END:VEVENT
END:VCALENDAR