InfoSec Europe 2026

June 2nd - June 4th, 2026
London, UK

Infosecurity Europe 2026 brought together 13,000+ cybersecurity professionals and 350+ exhibitors at ExCeL London for three days of keynotes, technical sessions, and networking. Here's a recap of the highlights, and how the conversation ties back to what we do at Echo on container image security.

InfoSec Europe 2026

Infosecurity Europe 2026: what happened

Now in its fourth decade, Infosecurity Europe returned to ExCeL London from June 2–4 with a keynote line-up that stretched well beyond the usual product-led security talks. Speakers ranged from cybersecurity founder and investor Shlomo Kramer, to former FBI Cyber Division Deputy Assistant Director Cynthia Kaiser, to former Special Boat Service Sergeant Jason Fox — a deliberate mix of technical, geopolitical, and leadership perspectives.

A few themes ran through the week:

  • Agentic AI and governance — how autonomous AI systems are changing both the pace of attacks and the scale of the attack surface security teams need to defend.
  • Post-quantum cryptography — Forescout's Rik Ferguson made the case that "quantum is still far off" is no longer a safe assumption, urging teams to start addressing crypto-fragile components now.
  • Cloud security under AI pressure — Wiz researcher Ron Leizrowice's keynote examined how AI is compressing the window between cloud misconfiguration and exploitation.
  • Leadership and resilience — with skills shortages and burnout still front of mind for many security teams, sessions on decision-making under pressure and building high-performing cultures got equal billing with the technical program.
  • New for 2026, a dedicated OWASP GenAI Security Summit ran as a half-day forum focused specifically on securing generative AI and agentic systems — alongside a new Cyber Startup Programme spotlighting early-stage vendors.

Where container security fits into the conversation

A recurring thread across the AI and cloud security sessions was how much faster the gap between "vulnerable" and "exploited" is closing. When Leizrowice described AI compressing the time between cloud misconfiguration and exploitation, it's the same underlying pressure that's been pushing more security teams toward eliminating vulnerabilities before they ship, rather than racing to patch them after a scanner flags them.

That's the model Echo builds around. Every Echo image ships CVE-free, is FIPS-validated using a CMVP-validated cryptographic module, and comes pre-hardened against DISA STIG requirements from the start — so there's no exploitation window to compress in the first place. Full SBOM transparency in SPDX and CycloneDX formats, plus signed provenance via cosign and sigstore, gives security teams the same intelligence-driven visibility that Infosecurity Europe's own programming pointed toward this year.

Teams looking to close that gap in a regulated environment can see it in practice through Varonis's FedRAMP authorization using Echo — zero vulnerabilities at audit, in a process their Deputy CTO described as "just a smooth ride."

AI security was everywhere, and it's not slowing down

The addition of a dedicated OWASP GenAI Security Summit alongside the main conference is a strong signal of where the industry's attention is heading. If your team is thinking through what "AI-ready" actually means for your infrastructure, our piece on the rise of AI-ready hardened container images digs into exactly that — and pairs well with the agentic AI governance conversations that dominated the keynote stage in London this year.

Thanks for a great Infosecurity Europe 2026

It was great connecting with the security community at ExCeL London this year. If your team is rethinking how vulnerability management fits into an intelligence-driven security strategy, get in touch — we're happy to show you exactly how Echo's CVE-free, FIPS-validated images change the picture for your scan dashboards and compliance reporting.