CTI Summit Solutions Track - CTI in the AI Arms Race: Building Resilient, Adaptive Intelligence Platforms for 2026: Day 1

Mon, Jan 26, 2026
12:00PM - 5:00PM EST
English
Ismael Valenzuela
Solutions Forum

Thank You To Our Sponsors

As adversaries harness AI to deploy polymorphic malware, agentic automation, and high-speed deception, defenders must respond with intelligent, explainable, and resilient threat intelligence systems. The CTI market—projected to grow from $14.1 billion in 2025 to $29.5 billion by 2029—is rapidly transitioning toward consolidated, cloud-native XDR platforms and autonomous detection pipelines. Simultaneously, ethical AI, regulatory compliance, and post-compromise resilience elevate the stakes.

Join Ismael Valenzuela, SANS Author and Senior Instructor, as he chairs this year’s CTI Solutions Track, bringing together innovators and practitioners to explore how CTI can evolve from static reporting to autonomous, actionable intelligence. Together, we’ll examine how to design LLM-assisted pipelines, integrate threat intelligence into incident response automation, ensure transparency and AI ethics, and adapt to regulatory mandates.

Through vendor showcases, demo panels, and hands-on sessions, participants will gain the tools and strategies needed to architect CTI systems that are not only smart, but resilient, responsible, and future-proof.

Schedule

Showing 10 of 10

Filter by:

Select day:

Event Kickoff and Introduction

12:00PM - 12:15PM EST

Presented by

Ismael Valenzuela

Senior Instructor

Virtual

AI-Orchestrated Attacks and Deception-Driven Detection

The rise of AI-driven attacks —like the recent Anthropic-generated multi-stage attack—shows AI-orchestrated attacks at every stage. Bad actors are now using AI to execute recon, gain lateral movement, and achieve privilege escalation at machine speed using massive parallelism. This reality forces a new approach to threat hunting, challenging CTI assumptions as AI agents adapt rapidly and bypass traditional controls. This session will demonstrate how deception technology delivers high-fidelity, intent-based signals to disrupt AI-driven kill chains. We will detail the Anthropic attack case study and demonstrate how deception-based detection provides CTI teams with repeatable, high-context intelligence on AI-enabled threats.

You will learn how to:

Detect AI-generated attack paths using deception signals that expose real attacker intent
Integrate decoys and breadcrumbs into threat hunting, IR, and red-team workflows
Enrich CTI with adversary behavior patterns derived from deception telemetry

*Sponsored by Zscaler

12:15PM - 12:45PM EST

Presented by

Amir Moin

Staff Product Manager - Deception

Virtual

A Tour of the Cybercrime Underground: How Cybercrime Forums and Dark Web Marketplaces Really Work

Join Eric Clay, CMO and Research Team Co-Lead at Flare, for a straightforward walkthrough of the cybercrime underground. This session breaks down the structure of dark web forums, marketplaces, and closed communities, explaining what they are, how they function, and why they matter to defenders. The session will conclude with a live demo of Flare, illustrating how organizations can monitor these underground spaces to identify threats and exposures earlier.

*Sponsored by Flare Systems

12:45PM - 01:15PM EST

Presented by

Eric Clay

CMO and Research Team Co-Lead

Adrian Cheek

Senior CyberCrime Researcher

Virtual

5 Agentic AI Use Cases to Transform Your SOC Operations Today

CTI based Agentic AI is changing the face of the SOC operations. This talk will dive into a case study of how a Managed Security Services Provider is leveraging Agentic AI for scaling out analyst’s operations and dramatically improving mean-time-to-detection (MTTD). The following Agentic AI driven SOC use cases will be discussed: Alert Triage True / False Positive Validation True Positive Alert Prioritization IOC Harvesting and AI Driven Detection Engineering Participants will learn about the target use cases, the impacts on real world operations, the training data used, and key requirements for success.

*Sponsored by ReversingLabs

01:15PM - undefined EST

Presented by

Richard Robitaille-Muffler

Director, Product Management

Virtual

Break

01:45PM - 02:00PM EST

Virtual

Session Four

02:00PM - 02:30PM EST

Virtual

Session Five

02:30PM - 03:00PM EST

Virtual

Session Six

03:00PM - 03:30PM EST

Virtual

Session Seven

03:30PM - 04:00PM EST

Virtual

Event Recap and Closing Remarks

04:00PM - 04:15PM EST

Presented by

Ismael Valenzuela

Senior Instructor

Virtual

Meet Your Speaker

Ismael Valenzuela

Vice President Threat Research & Intelligence

Ismael is a Senior SANS Instructor and Arctic Wolf VP. Author of SEC530 and a prestigious GSE-certified expert, he blends decades of SOC, threat research, and community contributions to equip defenders with resilient, adversary-aware strategies.

Related events

View all events

SANS Cyber Threat Intelligence Summit & Training 2026

Obtain hands-on, practical skills from the world's best instructors by taking a SANS course at SANS Cyber Threat Intelligence Summit & Training 2026.

Mon, Jan 26 - Mon, Feb 2, 2026 • ET
Rosslyn, VA, US & Virtual (ET)
11 Courses

View event details Register

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

CTI Summit Solutions Track - CTI in the AI Arms Race: Building Resilient, Adaptive Intelligence Platforms for 2026: Day 1

Share

Thank You To Our Sponsors