InCyber Forum Europe 2026

Now in its 18th year, InCyber Forum Europe has established itself as one of the defining events in the European cybersecurity calendar. This year’s conference ran from March 31 to April 2 at the Lille Grand Palais, drawing more than 20,000 participants, over 800 speakers, and representation from more than 100 countries. The forum brings together a deliberately broad cross-section of the field: end customers, solution providers, government agencies, law enforcement, universities, and independent practitioners. Few events assemble such a complete picture of the cyber ecosystem in one place.

This year's theme, "Mastering our digital dependencies," gave the program a clear orientation. In the words of the forum’s founder, General Marc Watin Augouard, and forum General Director, Guillaume Tissier, organizations and governments should not underestimate the importance of how our complex systems are interdependent: “We must better manage our critical resources, secure our activities, and build resilient and sustainable strategic autonomy. […] Who decides? Who protects? Who innovates? In this new digital order, cybersecurity can no longer be seen as a mere cost center. It is a strategic pillar, a driver of competitiveness, and a vector of stability. It places humans back at the heart of the discussion.”

Eight associated events ran within the main program, covering areas including digital identity, incident response, OSINT, and investment in innovation. Among them, Secure AI stood out as an industry focal point. The dedicated conference addressed AI as an emerging attack surface, with sessions covering threats to large language models, shadow AI in enterprise environments, and the requirements of the EU AI Act. The MLOps market, which encompasses the management and deployment of AI models, is projected to reach $37.4 billion by 2032, and the forum's decision to dedicate a full associated event to this space reflects the scale of what is at stake.

SANS at InCyber Forum

The SANS team exhibited at booth D8, connecting with the community and displaying the SANS Training Roadmap and upcoming cybersecurity summits. AI drove the pulse of discussions with attendees, with nearly every conversation focusing on the question of how organizations move from early experimentation toward secure, governed deployment.

After three days of generative exchanges and networking, members of the team reflected on the value of direct, peer-to-peer exchange that events like InCyber Forum make possible. Individuals and teams were ready to corroborate and learn from one another’s challenges, trade detailed insights, and share ideas that can immediately be put into practice.

Session Highlight: AI in Offensive Ops

On day 2 of the forum, SANS Associate Instructor and Founder of Qboid Labs Michiel Lemmens presented a 30-minute session titled "AI in Offensive Ops: Tool. Target. Taking Your Job?"

Michiel addressed AI as an accelerant for offensive security work. LLMs introduce the ability to move across the full attack workflow with greater speed, from tool coordination to building techniques designed to evade defenses. For practitioners in offensive operations, this represents a meaningful shift in what is achievable and at what speed.

On the other side of the coin, when the safeguards built into generative AI systems fail, those systems become part of the attack surface rather than part of the solution. The session covered container escapes and prompt injection as concrete examples of what that exposure looks like in practice. This portion of the talk connected directly to the broader theme running through InCyber Forum's Secure AI programming: securing AI infrastructure requires the same rigor and deliberate investment as securing any other critical system.

The session title’s question is a third dimension of risk relevant not just to offensive ops but to all practitioners concerned with AI and job security. But as Lemmens asks, “How much is hype?” Discover for yourself by watching his recorded presentation.

Looking Ahead

Industrial and technological trends will shift from year to year, which makes the most important constant a community that strengthens and reinforces itself, ready to learn and to act together. For those looking to continue the conversations that InCyber Forum 2026 put into motion, three upcoming events will offer further opportunities to meet the SANS team and engage with the wider cybersecurity community. Ready For IT from 2-4 June will bring together IT and cybersecurity decision makers to discuss digital transformation, innovation, and evolving security challenges. Eurosatory from 15-19 June will provide an international platform focused on defense, resilience, protection, and strategic capabilities. And from 22-27 June, SANS Paris will offer hands-on technical training and further opportunities to connect with the cyber community through a curriculum shaped by the industry’s most current challenges.