9:00 AM PT

Claude Mythos: When AI Finds the Bug First

9:15 AM PT

The Myth of “You Can’t Patch Your Way Through Mythos”

Zero-day vulnerability discovery is no longer the hardest problem in cybersecurity; zero-day remediation holds that title. 

In a post-Mythos world, frontier artificial intelligence models can weaponize discovered flaws within hours of a patch release. In this session, President & CEO of Qualys, Sumedh Thakar will explore how AI rewrites the timeline from exploitation to remediation. He will discuss the importance of hyper-prioritization, exploit validation, and autonomous remediation in the age of AI, and how organizations can be more effective in their cyber risk management.

9:30 AM PT

Cybersecurity A.M. (After Mythos): How AI-Powered vulnerability discovery changes everything for security programs

We’ve been talking about AI changing cybersecurity for years. Mythos is when it actually happens. Anthropic’s vulnerability discovery system — and the wave of competitors right behind it, breaks the timing assumptions every security program is built on. Patch cycles, risk acceptance, even how we measure success start to crack when AI finds bugs at machine speed and scale. This session unpacks what Mythos and similar systems really do, how the attacker-defender asymmetry shifts in attackers’ favor, and what CISOs need to start doing this quarter. You’ll leave with three working concepts: VulnOps, Mythos-ready security programs, and minimum viable resilience, plus a practical roadmap for the transition from BM (Before Mythos) to AM (After Mythos).

10:00 AM PT

The Patching Capacity Paradox

In this Cyber Risk Series session, join Saeed Abbasi, head of the Qualys Threat Research Unit (TRU), for a discussion on new Qualys remediation benchmark research conducted in partnership with the Verizon DBIR team. Based on more than 1 billion anonymized remediation records across a period of four years, the research includes insights from Qualys’ CISA KEV survival analysis. The findings highlight a growing “Patching Capacity Paradox” – organizations remediating more vulnerabilities than ever, yet exposure continues to grow as vulnerability volume outpaces operational capacity.

10:30 AM PT

AI Vulnerability Ready Programs, A Blueprint for Machine Speed Defense

The cybersecurity landscape has fundamentally shifted. Frontier AI models can now autonomously discover and exploit vulnerabilities at machine speed, shrinking the time-to-exploit from months to mere hours 1-3. In this session, we will explore why traditional human-speed, patch-centric defenses are becoming outpaced and obsolete. Attendees will learn how to pivot to a “Day-Zero Normal” operating model focused on containment economics, blast-radius reduction, and aggressive attack surface hardening. Finally, we will introduce “Vulnerability Operations”, turning AI inward to automate defense—and provide an executive action plan to achieve machine-speed resilience.

11:00 AM PT

To be announced

11:30 AM PT

Modernizing Cyber Insurance for Risk Reduction In the Age of AI

Cyber insurance is a vital part of the risk management equation. Yet, most underwriters still rely on self-reported static questionnaires that are time-consuming, inconsistent across organizations, and disconnected from the reality of your security program. The result is premiums based on assumptions about security practices, not evidence. Qualys and Converge are aiming to change that with an offering to potentially lower cyber insurance premiums using evidence-based reporting around an organization’s real-time risk posture.

Join Ben Beeson of Symphony Risk and Howie Altman of Converge as they discuss the need for the cyber insurance market to modernize the cyber insurance intake process, the role of InsureTech in reducing cyber risk, and strengthening outcomes in today’s threat landscape. This session explores how data-driven insights, unified visibility, and autonomous remediation can help teams move faster and operate with greater confidence. 

12:00 PM PT

Stay Ahead of Threats with Qualys TruRisk Eliminate

As remediation demands increasingly exceed what traditional processes can sustain, Qualys’ Lavish Jhamb will examine how organizations can evolve from reactive patch management to autonomous, risk-based remediation. Learn how exploit validation, continuous re-validation, and intelligent prioritization help security teams focus on the small percentage of vulnerabilities that represent true exploitable business risk.