BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//fwd-cloudsec-2026//speaker//FU8HYJ
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-fwd-cloudsec-2026-X9RE3X@pretalx.com
DTSTART;TZID=PST:20260601T133000
DTEND;TZID=PST:20260601T135000
DESCRIPTION:Pull up Cloud Audit Logs for any interesting event in your GCP 
 environment. Look at the principalEmail field. Increasingly\, it's not a p
 erson. It's a service account attached to a CI/CD pipeline\, a workload id
 entity assumed by an orchestrator\, or a token obtained by an AI agent. Th
 e "who" is synthetic. The "why" is buried in automation logic no one can r
 econstruct.\n\nEvery layer of cloud security was built assuming a human is
  ultimately accountable. That assumption is breaking. When a shared servic
 e account is compromised\, the audit log tells you what credential did it\
 , not which of 40+ pipelines triggered it or why. Your access reviews are 
 rubber-stamped because no one can explain what machine identities they did
 n't create are supposed to do. And it's getting worse: agentic workflows w
 hose required permissions change with every prompt make least privilege a 
 moving target and access review a formality.\n\nThis talk covers how non-h
 uman identity sprawl erodes accountability and what to build in its place:
  structured metadata that makes every machine identity traceable to its or
 igin\, owner\, and purpose\, and an intent logging layer that captures *wh
 y* an action was taken\, not just what happened and who did it. The talk c
 loses with the hardest question for the room: when a single agent can init
 iate\, approve\, and execute a change\, what does separation of duties eve
 n mean?
DTSTAMP:20260502T113340Z
LOCATION:Room 2
SUMMARY:Who Did This? Identity and Accountability When Your Cloud Actors Ar
 en't Human - Jie Wu\, Pulkit Garg
URL:https://pretalx.com/fwd-cloudsec-2026/talk/X9RE3X/
END:VEVENT
END:VCALENDAR