Infosecurity Europe 2026 opens at ExCeL London on 2 June and runs through 4 June, bringing together an estimated 19,500 security professionals for Europe’s most attended cybersecurity event of the year. The conference organisers have framed this year’s edition as taking place at a critical turning point, and the research they have published ahead of the event gives substance to that description: the threat landscape is being reshaped by agentic AI faster than most organisations have updated their defences.
Agentic AI is now the top concern for UK security leaders
Research released by Infosecurity Europe ahead of the conference found that 64% of UK cybersecurity leaders believe agentic AI will have the biggest impact on cybersecurity over the next three years. That is a significant concentration of concern around a single technology category, and it reflects a shift that has become visible in incident data over the past 12 months.
Agentic AI refers to AI systems that can plan and execute multi-step tasks autonomously, without continuous human supervision. On the defensive side, this enables automated threat detection, endpoint isolation, and incident response actions that happen faster than a human analyst could review them. On the offensive side, the same capabilities enable attackers to scale attacks, adapt tactics in real time, and sustain campaigns across a larger number of targets simultaneously.
The concern is not hypothetical. Security teams are already observing AI-assisted phishing campaigns that personalise content at scale, automated vulnerability scanning that identifies and prioritises exploitable flaws faster than patch cycles can respond, and AI-driven evasion techniques that adapt to detection signals.
Quantum on the horizon
The conference agenda pairs agentic AI with quantum computing as the two forces reshaping long-term security planning. While large-scale quantum computers capable of breaking current encryption standards remain a research-stage concern rather than an immediate operational threat, the timeline for when organisations need to have completed their transition to quantum-resistant cryptography is shorter than many assume.
Cryptographic agility – the ability to swap out encryption algorithms without rebuilding systems from scratch – is increasingly the standard recommended by European regulators and standards bodies. Organisations that have not yet inventoried which systems rely on RSA or elliptic curve cryptography, and have not identified a path to post-quantum alternatives, are behind where they should be given the planning horizons involved.
The ENISA and BSI have both issued post-quantum cryptography guidance in the past 12 months, and the EU Cyber Resilience Act includes provisions that will require manufacturers of connected products to demonstrate cryptographic agility as part of conformity assessments.
Keynote perspectives from law enforcement and intelligence
The keynote programme brings together speakers from law enforcement, intelligence, and private sector security leadership. Former FBI Deputy Assistant Director Cynthia Kaiser will present on the criminal economy that sustains ransomware operations, drawing on intelligence gathered from dark web monitoring and law enforcement operations. Her session is expected to address how intelligence from criminal forums can help organisations anticipate shifts in ransomware tactics before they appear in the wild.
Shlomo Kramer, whose career spans founding Check Point, Palo Alto Networks, Imperva, Cato Networks, and Sumo Logic, will speak on technology investment patterns and the innovation cycles that have shaped the security industry over the past three decades. His perspective on where venture investment is currently flowing in security is relevant for organisations evaluating emerging vendor categories.
The OWASP GenAI Security Summit
A new addition to this year’s programme is a half-day OWASP GenAI Security Summit on 4 June, focused specifically on securing generative AI and agentic systems. The summit brings together OWASP project leaders, practitioners, and regulatory experts to present research, frameworks, and field-tested approaches to the specific risks that come with deploying AI systems that can take autonomous actions.
The areas covered include the emerging attack surface created by AI agents that have tool access – the ability to browse the web, execute code, or interact with APIs – and how organisations should design guardrails around those capabilities. Prompt injection, where an attacker manipulates an AI agent through crafted input to cause it to take unintended actions, is one of the more practically immediate risks in this category.
What organisations should take from this
Infosecurity Europe is primarily a vendor and practitioner event, and the themes it emphasises reflect both genuine threat intelligence and the commercial interests of exhibitors. The agentic AI focus is real, however, and the research backing it is consistent with what incident response teams are seeing in the field.
For security teams using this week’s conference as an input to planning, the practical priority areas suggested by the agenda are:
AI-aware threat modelling. If your threat models and security architecture documentation were last updated before large language models became operationally relevant, they need revision. Attacker use of AI is not a future scenario – it is current practice.
Post-quantum cryptography inventory. The gap between awareness and action on post-quantum migration is still very wide across European organisations. A cryptographic inventory that identifies where RSA and elliptic curve are in use is the essential first step.
Agentic AI deployment governance. For organisations deploying AI systems with tool access or autonomous capabilities, the OWASP GenAI work provides a starting framework for thinking about prompt injection, access controls, and logging requirements.
If you want to assess your organisation’s readiness across any of these areas – whether that means reviewing your current security architecture against the agentic AI threat model, developing a post-quantum migration roadmap, or designing governance for AI systems you are deploying internally – contact Excello Digital. We help European organisations build security programmes that are designed for the threat landscape that actually exists, not the one from three years ago.