Agentic AI Summit Series: Program Design and Operations Framework

Research Note | 2026-03-27 | Status: draft

Agentic AI Summit Series: Program Design and Operations Framework

Key Takeaways

  • The CSAI Agentic AI Summit Series fills a structural gap in the enterprise security event landscape: existing conferences treat agentic AI as one topic among many, while the summit series treats it as the organizing discipline, enabling depth and community cohesion that cross-domain events cannot provide.
  • Five tracks — Threat Landscape, Controls and Standards, Technology Deep Dives, Enterprise Adoption, and Future Forward — map directly to CSAI research deliverables and serve distinct practitioner audiences from red team researchers to executive risk officers.
  • Attendance at summit sessions earns TAISE Continuing Education Units (CEUs) at a rate of one CEU per 50 minutes of qualifying instruction, aligned with the CPE credit models used by ISACA, ISC2, and the RSA Conference.
  • CSAI will evaluate summit impact against four categories of metrics: research dissemination, practitioner competency advancement, community growth, and framework adoption, with results reported annually to the CSAI Foundation board.

Background

The Gap Between Research and Practitioner Adoption

The Cloud Security Alliance AI Safety Initiative entered 2026 with a research portfolio of substantial depth. Within the first quarter of the year, CSAI had published the AI Integration Controls Matrix (AICM), the MAESTRO threat modeling framework, a multi-agent security architecture guide, a TAISE certification scheme for AI systems, the STAR AI Transparency Registry specification, risk rubric methodology for agentic deployments, and a suite of technical standards covering MCP security, secure development lifecycle practices, and the agent identity governance framework. By any measure of research productivity, the initiative had established itself as a primary intellectual resource for the enterprise AI security community [1].

Research publication, however, is a necessary but not sufficient condition for raising the security posture of the industry. The gap between the release of a framework and the moment a security architect or engineering team actually incorporates it into their practice is wide, and it is populated by barriers that publication alone cannot address: unfamiliarity with the framework’s conceptual vocabulary, uncertainty about how to apply its guidance to a specific organizational context, lack of peer community to share implementation experience with, and no structured occasion to encounter the researchers who produced the work and ask the questions that documentation cannot anticipate. These barriers are familiar to any standards body that has attempted to drive adoption at scale, and they are not unique to CSAI [2].

The existing professional security conference landscape offers partial remedies but not comprehensive ones. RSA Conference 2025 drew 44,000 attendees and featured 435 sessions organized across a broad thematic program that included agentic AI as a major theme — but precisely because RSAC must serve the entire cybersecurity profession, agentic AI security received a share of the program proportionate to its current market penetration rather than its current risk urgency [3]. Black Hat USA 2025 features an AI, ML and Data Science track that allows submissions covering attacks on and defenses of AI systems, and DEF CON 33’s village structure enables hands-on experimentation in specialized domains [4]. These are valuable venues, and CSAI researchers should participate in them actively. They are not substitutes for a dedicated program that has the latitude to run five parallel tracks, a full call-for-papers process oriented to the specific research questions CSAI has defined, and continuing education integration calibrated to TAISE recertification requirements.

What the Summit Series Is Designed to Achieve

The CSAI Agentic AI Summit Series is designed as the initiative’s primary interface between its research program and the practitioner community it serves. It serves four interconnected purposes. First, it provides a structured venue for communicating CSAI research findings to the audiences best positioned to act on them — security architects, compliance officers, red team engineers, AI platform operators, and executive risk leaders — with the depth and specificity that broad-audience events cannot provide. Second, it creates a professional community with shared vocabulary, shared case studies, and recurring occasions to compare notes on implementation experience, which is the substrate on which adoption norms form. Third, it generates a feedback signal back to CSAI research teams about where published guidance is unclear, incomplete, or misaligned with the practical realities that organizations encounter when deploying agentic systems. Fourth, it serves as the primary venue for TAISE continuing education, ensuring that certified practitioners maintain current knowledge of an evolving threat landscape.

The summit series takes design cues from adjacent models. ISACA’s North America Conference demonstrates how a certification body can anchor a conference program to its credentialing framework while maintaining broad appeal; ISACA conferences routinely offer up to 32 CPE credits and serve both pre-credential candidates and experienced certification holders [5]. ISC2’s Security Congress illustrates how a community-oriented event with 80 or more breakout sessions across multiple focus areas can sustain practitioner engagement across career stages, offering up to 40 CPE credits to attending ISC2 members [6]. Within the AI security space, the OWASP GenAI Security Project’s Agentic AI Summit, scheduled adjacent to Black Hat Europe in December 2025, demonstrates appetite for focused one-day events dedicated exclusively to the governance of agentic systems [7]. The Berkeley Center for Responsible, Decentralized Intelligence’s Agentic AI Summit 2026, anticipating five thousand or more in-person attendees, confirms that the agentic AI community is large enough to sustain major event programming [8]. The CSAI Summit Series sits at the intersection of these models: professionally credentialed like ISACA, community-oriented like ISC2 Congress, and focused on agentic security like the OWASP and Berkeley initiatives.

Five Conference Tracks

The five tracks of the CSAI Agentic AI Summit Series each correspond to a distinct zone of the agentic security problem space and serve a distinct primary audience. Tracks run in parallel at the flagship annual event and in rotation at quarterly virtual events. Each track combines multiple session formats — keynote addresses, panel discussions, technical workshops, live demonstrations, and submitted paper presentations — to serve both passive learners and active participants.

Track 1: Threat Landscape

The Threat Landscape track exists because agentic AI systems are being deployed into production faster than the threat intelligence community can characterize the attacks against them. Unlike conventional application security, where a decade of accumulated incident data provides a reasonably stable taxonomy of attack patterns, the agentic threat surface is still being mapped in real time. Practitioners in this track need a venue where incident data, red team findings, and adversarial research findings can be shared candidly and analyzed with the benefit of collective expertise.

The track’s primary audience is security operations professionals, threat intelligence analysts, red team engineers, and incident responders who work directly with or against agentic systems. A secondary audience consists of AI security researchers and academic contributors who produce the foundational analysis that practitioners translate into detection and response practice. Session formats in this track skew toward technical depth: paper presentations of original research, detailed incident case studies with timeline reconstruction, and red team disclosure reports that walk through complete attack chains against real or representative agentic architectures.

Representative topic areas for this track include: agentic system incident case studies drawn from the enterprise breach record since 2025, with analysis of how agentic-specific attack patterns such as prompt injection, tool-chain poisoning, and orchestrator hijacking manifested in real deployments; red team findings against multi-agent orchestration platforms, with emphasis on novel attack techniques not yet represented in MITRE ATLAS v5.x; threat actor profiling for AI-enabled attack tooling, including the use of autonomous agents as offensive instruments in adversarial campaigns; updated analysis of the OWASP Top 10 for Agentic Applications, including emerging candidates for future editions; and findings from the CSAI MAESTRO threat modeling framework applied to production enterprise deployments. Speakers in this track should be active practitioners — red team engineers from major cloud and AI platform vendors, security researchers affiliated with academic institutions with active AI security programs, and incident responders from organizations that have investigated agentic system compromises.

Track 2: Controls and Standards

The Controls and Standards track addresses the need for a shared, authoritative framework that organizations can use to assess their agentic AI security posture, design controls programs, and demonstrate compliance to auditors and regulators. This is the track most directly tied to CSAI’s publication program: AICM, the MAESTRO control mappings, the STAR AI registry specification, and the TAISE certification requirements all belong to the canon of material this track is designed to explain, critique, and extend.

The primary audience for this track is security architects, GRC professionals, compliance officers, and internal audit practitioners who are responsible for governance of AI systems within their organizations. This audience typically engages with standards bodies as implementers rather than researchers — they need to understand what the frameworks require, how to apply them to their specific organizational contexts, and how to demonstrate compliance in a form that satisfies internal and external reviewers. Session formats should therefore emphasize practical guidance: workshops that walk through AICM control application for specific use cases, panel discussions comparing how different organizations have interpreted framework requirements, and case studies of TAISE certification assessments carried out against real enterprise deployments.

Topics for this track include: a comprehensive overview of AICM v1.0 and its eighteen control domains, with worked examples of control implementation for multi-agent deployments; the relationship between AICM and established frameworks including NIST AI RMF, ISO 42001, and the EU AI Act, with particular attention to how AICM extends rather than duplicates existing standards; compliance preparation for the TAISE Level 1 and Level 2 certification assessments, including evidence collection strategies and common assessment failure modes; practical application of the STAR AI transparency registry for organizations deploying both proprietary and third-party agentic systems; and regulatory update sessions covering jurisdictional AI governance requirements as they apply to autonomous decision-making systems in financial services, healthcare, and critical infrastructure sectors. Speakers should include CSAI research contributors, practitioners who have led TAISE certification assessments, and regulatory and legal experts with direct experience advising clients on AI governance compliance.

Track 3: Technology Deep Dives

The Technology Deep Dives track provides the technical depth that security engineers and platform architects need to implement the controls and countermeasures described in CSAI guidance. Where Track 1 focuses on what attackers are doing and Track 2 focuses on what frameworks require, Track 3 focuses on how to build and operate systems that are resistant to the attacks Track 1 describes and compliant with the controls Track 2 specifies. This is the most technically demanding track in the program, and its sessions assume that attendees have working knowledge of AI platform architectures, software engineering, and security engineering fundamentals.

The primary audience is AI platform engineers, security engineers specializing in AI systems, DevSecOps practitioners integrating security into agentic development pipelines, and cloud architects designing the infrastructure on which agentic systems operate. Session formats should emphasize hands-on engagement: live demonstrations of attack techniques and their mitigations, workshop-style code review sessions, and deep technical paper presentations that include architecture diagrams, protocol specifications, and implementation guidance.

Representative topics include: the security architecture of the Model Context Protocol — covering the trust boundaries between MCP clients and servers, the authentication and authorization model, and the attack surface created by malicious or misconfigured MCP servers; runtime hardening for agentic systems, including sandboxing strategies, resource constraint enforcement, output validation architectures, and monitoring instrumentation for behavioral anomaly detection; identity and access management for agent principals, covering the CSAI agent identity governance framework, delegation chain design, and practical implementations of cryptographic attestation for agent identity; secure software supply chain practices for agentic components, including SBOM requirements for AI models and tool integrations, integrity verification for model weights, and MCP server provenance tracking; and memory security for stateful agents, covering the risks of cross-session memory persistence, memory poisoning as an attack vector, and isolation architectures for memory stores in multi-tenant deployments. Speakers should be security engineers with production implementation experience, platform architects from major AI infrastructure providers, and researchers who have published in peer-reviewed venues on applied AI security topics.

Track 4: Enterprise Adoption

The Enterprise Adoption track recognizes that the majority of CSAI’s ultimate audience — the organizations that will bear the risk of agentic AI deployments — will be represented at the summit not by researchers or security engineers but by security leaders, enterprise architects, and the business stakeholders who own the decisions about whether and how to deploy agentic AI systems. For these audiences, the relevant questions are not “how does MCP authentication work?” but “how do we govern the deployment of agentic systems responsibly at scale?” and “how do we demonstrate to our board and our regulators that we are managing this risk competently?”

The primary audience for this track is CISOs, security directors, enterprise risk officers, AI program leads, and senior enterprise architects. Session formats should include fireside conversations with practitioners who have navigated major agentic deployments, panel discussions among practitioners at comparable stages of the governance maturity curve, and structured workshops that help attendees position their organizations on the CSAI Agentic AI Governance Maturity Model and identify priority improvement areas.

Topics in this track include: governance maturity assessments using the CSAI framework, including how organizations at different maturity levels should sequence their control investments; deployment playbooks for common agentic use case patterns — customer service automation, internal knowledge management, code generation and review, and financial transaction processing — with case studies of successful implementations and the governance structures they relied on; organizational design for AI security, covering how CISOs are structuring teams, reporting relationships, and cross-functional accountability for agentic AI risk; vendor risk management for third-party agentic services, including how to evaluate vendor TAISE certification status, interpret STAR AI transparency registry disclosures, and structure contractual security requirements; and quantitative ROI analysis for agentic AI security investments, including frameworks for estimating the cost of insecure deployment and the financial value of security controls in reducing incident probability and impact. Speakers should be CISOs and senior security leaders from organizations with active agentic AI programs, enterprise architects who have designed governance frameworks for large-scale deployments, and consultants with deep advisory experience in AI security governance.

Track 5: Future Forward

The Future Forward track is the summit’s dedicated venue for confronting the harder, longer-horizon questions that the current research agenda cannot yet answer — and for ensuring that the community’s collective attention is directed toward those questions while there is still time to shape the outcome. The agentic AI threat landscape is evolving at a pace that makes today’s best-practice guidance obsolete on a two-to-three-year horizon, and the practitioners in this track are the people who will be designing the frameworks that replace today’s guidance when it becomes insufficient.

The primary audience is a deliberate mix of researchers, policymakers, executive leaders, and advanced practitioners who are willing to engage with speculative but consequential questions about the future of agentic AI security. Session formats should favor moderated debate, structured scenario analysis, and research paper presentations that explicitly explore the frontier rather than report on the established. The track should include at least one provocateur session per event — a presentation designed to challenge the community’s prevailing assumptions and surface the blind spots in current thinking.

Topics in this track include: the security implications of autonomous agent-to-agent negotiation at scale, including the governance questions raised by agent ecosystems that operate faster than human oversight can follow; catastrophic risk scenarios from agentic AI deployment, including adversarial exploitation of interconnected agent systems in critical infrastructure, financial markets, and healthcare logistics; the long-term architecture of the TAISE certification scheme as agent capabilities advance — specifically, how certification requirements will need to evolve when agents can modify their own configurations, select their own tools, and generate their own sub-goals; the geopolitical dimensions of agentic AI security, including how national AI strategies affect the threat landscape and how internationally recognized standards can or cannot be expected to fill governance gaps; and horizon scanning for new attack surfaces created by next-generation agent architectures, including embodied AI systems, multi-modal agents, and agents with persistent long-term memory across organizational boundaries. Speakers should include AI safety researchers, academic experts in complex systems risk, technologists with visibility into near-term platform roadmaps, and policy practitioners working on AI governance at national and international levels.

Call for Papers Structure

The CSAI Summit Series maintains an open call for papers (CFP) that provides the community with a formal pathway to contribute original research, case studies, and technical presentations to the program. The CFP is the mechanism by which the summit remains a community event rather than an internal CSAI publication channel — it ensures that the program reflects the full range of practitioner experience rather than only the perspectives of the CSAI research staff.

Submissions are accepted in four formats. Full research papers present original empirical findings, framework proposals, or systematic analyses at a length of 6,000 to 10,000 words, are subject to double-blind peer review, and are published in the summit proceedings. Short papers and technical reports present focused findings, implementation case studies, or position arguments at 2,000 to 4,000 words, undergo single-blind review, and are published with the full paper proceedings. Presentation proposals without an accompanying written paper describe a 45-minute session topic with a 500-word abstract, a speaker biography, and a statement of the practical value the session would provide to summit attendees; these are reviewed by the program committee for fit, originality, and practitioner relevance. Workshop proposals describe a 90-minute or three-hour interactive session, specifying learning objectives, participant prerequisites, session structure, and the hands-on materials to be provided.

Submissions are evaluated against five criteria. Technical accuracy and rigor assesses whether claims are supported by evidence, whether methodologies are sound, and whether the work is positioned accurately relative to existing literature. Practical relevance assesses whether the submission addresses problems that real organizations face, whether its findings are actionable, and whether the proposed solutions are feasible for practitioners with realistic resource constraints. Originality assesses whether the work advances beyond what is already published in CSAI documents, adjacent standards bodies, and the broader research literature. Clarity assesses whether the submission communicates effectively to its intended audience, which varies by track. Alignment assesses whether the submission fits meaningfully within one of the five tracks and contributes to that track’s coherent program.

The CFP timeline for the annual flagship event follows a cycle keyed to a late-October summit date. The CFP opens on April 1, twelve months after the preceding annual summit and approximately seven months before the target event. Submissions close on June 30. The program committee completes first-round review by July 31 and notifies authors of acceptance, revision requests, or rejection by August 15. Camera-ready final versions of accepted papers are due September 15. The program is published on October 1, three weeks before the event. For quarterly virtual events, a lighter CFP process runs on a six-week cycle with a smaller program committee and a simplified single-blind review.

Summit Cadence

The CSAI Agentic AI Summit Series operates on a tiered event cadence designed to serve different community needs: the annual flagship event for deep engagement and major research dissemination, quarterly virtual events for continuous education and time-sensitive threat updates, and periodic regional summits for geographic community building.

The annual flagship summit is the flagship event of the series. Running for three days in late October at a major US metro venue — the October timing is deliberate, placing it after the summer security conference season and before the year-end planning cycle when security leaders are making budget and program commitments for the following year. The flagship hosts all five tracks in parallel, the full CFP-selected paper program, pre-conference workshops of one to two days in length, an exhibition hall for AI security vendors and CSAI program partners, and the annual TAISE certification ceremony recognizing newly certified systems and newly credentialed practitioners. The flagship event is the primary venue for the CSAI community’s year-in-review synthesis: the keynote program should provide an authoritative assessment of how the threat landscape, the framework landscape, and the regulatory landscape have evolved since the preceding event.

Quarterly virtual events serve a different purpose. The threat and regulatory landscapes in agentic AI are evolving too quickly for an annual flagship to serve as the sole touchpoint between CSAI and its practitioner community. Quarterly virtual summits — held in January, April, and July, with the flagship serving the October slot — provide three-to-four-hour focused programs on a single theme or a pressing emerging issue. Format options include a three-session mini-conference organized around a single track theme, a rapid research dissemination session presenting recently published CSAI deliverables, an incident response roundtable following a major agentic security event, or a regulatory update webinar when significant AI governance developments warrant community briefing. Virtual events earn CEUs at the same per-session rate as the flagship and are recorded for on-demand access, extending their reach to practitioners who cannot attend synchronously.

Regional summits are one-day events co-organized with CSA chapters and regional security organizations in non-US markets. EMEA and APAC regional summits are planned as annual occurrences once community and sponsor support reach sufficient scale. Regional events adapt the flagship track structure to local regulatory environments — EU AI Act compliance requirements receive greater emphasis in the EMEA program, for example, while APAC regional events will address the specific AI governance frameworks emerging from Singapore, Japan, and South Korea. Regional summits also serve as a talent development pipeline, providing practitioners in those markets with access to CSAI research and certification pathways without requiring international travel to the flagship.

TAISE Continuing Education Integration

The TAISE certification scheme, as specified in the CSAI STAR AI framework, requires certified practitioners to maintain current competency through continuing education as the agentic security field evolves. Continuing Education Units (CEUs) serve as the mechanism by which practitioners document their ongoing learning activity and satisfy recertification requirements on a three-year cycle. The summit series is designed as the primary but not exclusive pathway for TAISE CEU earning, in the same way that ISACA conferences offer up to 32 CPEs for full-week attendance and the RSA Conference offers ISC2 members up to 40 CPEs [5][9].

The CEU mapping for summit activities follows the industry-standard formula: one CEU is awarded for each 50 minutes of qualifying instructional or professional development activity, consistent with the ISACA CPE policy and the ISC2 CE credit calculation [5][6]. Qualifying activities at the flagship summit include all five-track sessions, paper presentations, panels, workshops, pre-conference workshops, and the keynote program. Activities that do not qualify for CEUs include the exhibition hall, networking receptions, and sponsor-hosted hospitality events. Workshop sessions, by virtue of their longer format and active learning structure, earn CEUs at the same per-minute rate as standard sessions, meaning a three-hour pre-conference workshop earns 3.6 CEUs. Attendees receive a digital CEU verification certificate from CSAI for each qualifying session attended, using the summit registration platform’s session check-in records as the attendance verification mechanism.

At the session level, CEU awards are mapped to the TAISE competency domains to enable targeted recertification activity. A practitioner who holds TAISE Level 1 certification in the AI Systems Risk Assessment competency domain and whose recertification cycle requires updating knowledge in control frameworks will find that Track 2 sessions carry explicit domain tags that match their recertification needs. This mapping is published in the session catalog before the event, allowing attendees to plan their summit schedule with recertification requirements in mind. A full-attendance pass at the flagship summit, assuming a practitioner attends sessions throughout all three days, generates approximately 18 to 24 CEUs depending on track and session mix.

On-demand access to recorded sessions extends the CEU earning window for practitioners who cannot attend in person. Consistent with the model used by ISC2 for Security Congress on-demand content, practitioners who complete recorded sessions through the CSAI learning portal earn CEUs at the same rate as in-person attendees, with a quiz or reflection exercise serving as the completion verification mechanism [6]. Quarterly virtual event recordings are available for on-demand CEU earning for 12 months following the live event. Annual flagship recordings are available for 24 months. This ensures that the summit’s educational value compounds over time rather than being consumed entirely in the week of the live event.

The recertification pathway for TAISE certification holders involves accumulating a defined number of CEUs from qualifying activities — CSAI summit sessions, approved third-party conferences, CSAI-authored courses, and structured professional development activities — over the three-year certification period. The summit series is expected to provide the majority of the CEUs most practitioners will need, but the framework is explicitly designed to accommodate hybrid portfolios that combine summit attendance with ISACA, ISC2, or other professional body activities. CEUs earned at ISACA or ISC2 conferences that cover agentic AI security topics are eligible for TAISE recertification credit at the discretion of the TAISE certification board, with a defined review process for practitioners submitting non-summit CEUs for recognition.

Community Engagement Metrics

Measuring the impact of a conference series on practitioner adoption of research frameworks is methodologically challenging. Attendance counts and session satisfaction scores are the most immediately available data, but they measure exposure rather than adoption, and exposure that does not translate into practice changes represents program activity without program impact. CSAI will therefore evaluate the summit series against a four-category measurement framework that spans the entire pathway from initial awareness through durable adoption.

The first category, research dissemination, measures the extent to which summit programming successfully communicates CSAI’s published research to new audiences. Key indicators include the number of unique practitioners who report first encountering a specific CSAI framework at the summit, the volume of downloads and reads of CSAI documents that occur in the 30-day window following each event (serving as a proxy for summit-driven interest), the number of citations of CSAI documents in submitted CFP papers (indicating that the research community has absorbed and is building on the work), and media coverage of CSAI research disseminated through the summit’s keynote and press program. Baseline data for the pre-summit period will be established from CSAI document repository analytics and will allow post-event measurement to isolate the summit’s contribution to awareness.

The second category, practitioner competency advancement, measures whether summit participation translates into improved ability to apply CSAI guidance. Post-session assessment scores for workshop-format sessions provide direct competency data, since workshops are designed around defined learning objectives that can be evaluated through exercises. TAISE pre-certification training sessions will track the pass rate of practitioners who attended summit training versus those who prepared through other pathways, allowing the summit’s value as a certification preparation pathway to be quantified. Annual surveys of TAISE certification holders will track whether respondents attribute competency development in specific domains to summit participation.

The third category, community growth, measures the health and expansion of the agentic security community that the summit series is intended to sustain. Indicators include year-over-year event attendance growth by segment (researcher, practitioner, executive), geographic expansion of the attendee base, growth in the number of CFP submissions and the diversity of submitting organizations, CSAI chapter membership growth in markets where regional summits have been held, and online community activity on the CSAI forum and working group platforms in the weeks following each event.

The fourth category, framework adoption, is the most consequential and the most difficult to measure directly. CSAI will track adoption through an annual practitioner survey administered to a representative sample of the security community, asking specifically which CSAI frameworks are in active use, at what maturity level implementation has reached, and what barriers to adoption remain. Summit attendance and summit-sourced CEU activity will be correlated with adoption survey responses to test whether there is a measurable relationship between summit participation and adoption progress. Over a three-to-five-year horizon, the TAISE certification program provides an indirect measure: a growing number of certified practitioners and certified systems represents the most durable signal that the summit series’ educational mission is producing lasting impact in the industry.

CSAI will publish an annual Summit Impact Report presenting results across all four measurement categories. The report will be presented to the CSAI Foundation board, shared with summit sponsors and program partners, and made publicly available on the CSAI website. The transparent reporting commitment serves two purposes: it creates accountability for the program’s investment of community resources, and it contributes to the broader body of knowledge about what works in security research dissemination — a topic that every standards body working at the frontier of emerging technology has reason to understand better.

References

[1] Cloud Security Alliance AI Safety Initiative. “CSAI Research Portfolio Q1 2026.” CSAI Foundation, March 2026.

[2] National Institute of Standards and Technology. “NIST AI 100-1: Artificial Intelligence Risk Management Framework.” January 2023. https://airc.nist.gov/Home

[3] AWS Security. “Many voices, one community: Three themes from RSA Conference 2025.” AWS Security Blog, May 2025. https://aws.amazon.com/blogs/security/many-voices-one-community-three-themes-from-rsa-conference-2025/

[4] Black Hat. “AI, ML and Data Science Track.” Black Hat USA 2025 Call for Papers. https://blackhat.com/call-for-papers.html

[5] ISACA. “How to Earn CPE: Continuing Professional Education.” https://www.isaca.org/credentialing/how-to-earn-cpe

[6] ISC2. “ISC2 Security Congress 2025: Best Rated Sessions Provide Up to 12 CPE Credits.” February 2026. https://www.isc2.org/Insights/2026/02/ISC2-congress-2025-on-demand

[7] OWASP GenAI Security Project. “Agentic AI Summit, Europe.” December 2025. https://genai.owasp.org/event/genai-security-project-agentic-ai-summit-europe/

[8] Berkeley Center for Responsible, Decentralized Intelligence. “Agentic AI Summit 2026.” https://rdi.berkeley.edu/events/agentic-ai-summit-2026

[9] RSA Conference. “CE Credits and Partners.” https://www.rsaconference.com/rsac-programs/cpe-credits-partners

[10] Cloud Security Alliance. “Certificate of Cloud Security Knowledge (CCSK).” https://cloudsecurityalliance.org/education/ccsk

[11] ISC2. “ISC2 Security Congress 2025 Accepting Call for Presentations.” February 2025. https://www.isc2.org/Insights/2025/02/ISC2-Security-Congress-2025-Accepting-Call-for-Presentations

[12] ISACA. “Updated: 2025 January Continuing Professional Education (CPE) Policy.” https://www.isaca.org/credentialing/-/media/204a258e93f54cf4814460f6bf5ef85e.ashx

[13] Cloud Security Alliance. “CSAI AICM v1.0: AI Integration Controls Matrix.” CSAI Foundation, 2026.

[14] OWASP. “OWASP Top 10 for Agentic Applications.” December 2025. https://owasp.org/www-project-top-10-for-large-language-model-applications/

[15] SANS Institute. “CloudSecNext Summit Solutions Track 2025.” https://www.sans.org/webcasts/sans-cloudsecnext-summit-solutions-track-2025