The Sched app lets you build your schedule, but it is not a substitute for event registration. You must be registered for Open Source in Finance Forum Toronto 2026 to participate in the sessions. If you have not registered but would like to join us, please visit the event registration page to purchase a ticket.
Sign up or log in to add sessions to your schedule and sync them to your phone or calendar.
The cybersecurity community has long theorized about a "vulnerability apocalypse" — a moment when the sheer volume of discoverable security flaws outpaces humanity's ability to respond. That moment has arrived. First articulated by Gadi Evron, Heather Atkins, and Bruce Schneier, the V apocalypse hypothesis has been validated in rapid succession: from January's OpenSSL findings demonstrating AI's power to uncover vulnerabilities, to Anthropic's disclosure of 500 previously unknown flaws, to the recent Mythos revelations. AI doesn't just assist in finding vulnerabilities — it has fundamentally transformed the threat landscape. The race is no longer about discovery. It's about remediation. Attackers are learning to weaponize the same AI models that defenders use to find weaknesses, and the window to act is narrowing. This talk explores the urgent challenge of enabling defenders to remediate vulnerabilities at scale — before that window closes. Drawing on the design principles behind Aisle and the "zero is everything" framework, this session will argue that eliminating the existing vulnerability backlog, keeping pace with new AI-driven discoveries, and closing off emerging vulnerability sources must become the baseline standard for any security operation. It will also make the case that this effort must extend beyond application security into network and data security, in anticipation of the regulatory frameworks now taking shape in direct response to AI's growing role in cyber offense. The message is simple: to survive what AI makes possible, defenders must embrace what AI makes possible.
In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.
Ira Winkler, CISSP is the Field CISO for Aisle, former Chief Security Architect at Walmart, and author of You Can Stop Stupid, Security Awareness for Dummies, and Advanced Persistent Security. He is considered one of the world’s most influential security professionals, and has... Read More →
