Supply Chain Security Summit

Third-party risk management is reaching a breaking point. Vendor ecosystems are expanding faster than risk teams can keep up, risk signals are fragmented, and traditional approaches struggle to deliver the speed, coverage, and defensibility organizations now require. In this session, we introduce Hyper TPRM — a modern approach to third-party risk management built for scale. Hyper TPRM moves beyond questionnaire-driven processes by combining data-first intelligence, workflow, community-powered exchange models, and AI acceleration, with human confirmation where it matters most. Join us to learn how organizations are evolving their TPRM programs to: 

• Prioritize vendors using dynamic, explainable risk insights 
• Leverage shared, validated assessment data to reduce friction for vendors and internal teams 
• Apply AI to accelerate assessments, validate evidence, and expand portfolio coverage 
• Shift from point-in-time reviews to continuous, risk-based monitoring 

If you’re looking to modernize your TPRM program without compromising rigor, this session will show how Hyper TPRM enables faster decisions, broader coverage, and greater confidence across the entire third-party lifecycle.

In today's digital landscape, a seamless customer experience isn’t just a luxury—it’s a revenue driver. Join Nathan Langton, Director of Product Management at Ping Identity, for an insightful exploration into how identity orchestration can transform complex, multi-brand environments into unified, high-performing journeys. Whether you’re managing a diverse portfolio of sub-brands or navigating intricate B2B and B2C transactions, orchestration provides the flexibility to protect and delight users simultaneously. Discover how to move beyond rigid IT limitations and embrace a "whiteboard-to-web" reality with no-code solutions like PingOne DaVinci. Key Takeaways:

• Maximize Revenue: Learn why companies excelling in personalization generate 40% more revenue.
• Reduce Friction: Explore strategies to prevent user drop-off through tailored, secure authentication.
• Accelerate Time-to-Value: See how to deploy complex experiences in hours rather than months using visual drag-and-drop tools.
• Real-World Success: Dive into case studies of global organizations managing thousands of unique brands through a single, unified orchestration flow.

Please visit our sponsors in the Exhibit Hall. View resources and chat with their experts.

When the 2025 update from OWASP elevated Software Supply Chain Failures to a top-three risk — with the strongest consensus in the project’s history — it signaled a structural shift in how applications are built, delivered, and exploited. Modern applications are no longer built. They are composed — from open-source components, CI/CD pipelines, SaaS integrations, third-party scripts, marketing pixels, and increasingly AI-driven services. Many of these components execute not on your servers, but directly in your users’ browsers — where sensitive data is created and immediately exposed. 

In this session, Gareth Bowker, Head of Security Research at Jscrambler, will examine what OWASP’s shift means for CISOs and application security leaders. Drawing on newly released third-party script research, Gareth will reveal not only the security risks of client-side dependencies, but also the data governance implications — including how third-party scripts gain real-time access to user inputs, behavioral signals, and sensitive session data. While organizations have invested heavily in SBOMs, dependency scanning, and build pipeline integrity, runtime client-side exposure remains largely unmonitored. As PCI DSS introduced mandatory controls for payment pages, OWASP has now reinforced that supply chain risk extends across the entire application surface. Attendees will leave with a clear framework for extending supply chain security beyond the edge — to the browser layer where data is born — and for turning OWASP’s signal into operational action.

Security agents perform tasks that humans used to do manually. They investigate alerts, correlate events across systems, and document findings. They need credentials to access those systems, which means they're identities that need to be managed. However, most enterprises treat agents like another API integration instead of privileged accounts, and that creates predictable gaps in access control and accountability.

This talk maps agent architectures to familiar Appsec and IAM risks. I'll show how typical implementations lead to overprivileged access, unintended data exposure, and accountability gaps. Then I'll cover practical mitigations that apply existing security principles to this new type of identity. Attendees will walk away reimagining agent integrations as an access control risk and understanding how they can leverage existing security practices for agent security.

Third-party risk management has evolved from static questionnaire-based assessments to continuous monitoring requirements, yet many organizations still rely on hardwired decision trees and predefined compliance checklists, leaving substantial risk optimization value unrealized. This presentation introduces a comprehensive framework for autonomous, AI-driven vendor risk orchestration that transcends traditional rules-based vendor management by integrating advanced technological capabilities for real-time third-party monitoring.

The proposed framework rests on four core technological pillars. 

1. First, reinforcement learning algorithms enable dynamic vendor scoring that continuously learns from historical vendor behavior patterns, incident data, and emerging risk signals, adapting automatically to evolving threat landscapes. 
2. Second, predictive risk modeling leverages advanced time-series architectures to anticipate supply chain disruptions and vendor financial viability across multiple temporal horizons, from daily operational monitoring to quarterly strategic vendor reviews. 
3. Third, adaptive threat detection systems respond in real-time to market conditions, geopolitical shifts, and counterparty profile changes, integrating dynamic vulnerability tracking, third-party breach monitoring, and comprehensive risk quantification methodologies. 
4. Fourth, explainable AI mechanisms ensure regulatory compliance and auditability through comprehensive decision audit trails and model transparency for stakeholder confidence.

The multi-agent system design enables specialized agents for threat prediction, vendor optimization, risk execution, and continuous monitoring to collaborate toward unified organizational objectives. Each agent operates within a stratified decision-making hierarchy encompassing strategic decisions involving long-term vendor selection policies, tactical decisions concerning medium-term vendor engagement strategies, and operational decisions executing daily vendor monitoring and incident response.

Implementation guidance addresses practical challenges of integrating autonomous vendor risk systems with existing enterprise resource planning platforms, vendor management systems, and incident response workflows. The framework incorporates robust governance controls and human oversight mechanisms to maintain stakeholder confidence while capturing benefits of intelligent automation. This presentation demonstrates how organizations can transition from reactive, static vendor assessment to predictive, self-optimizing third-party risk orchestration.

We hope your virtual experience at SecurityWeek's 2026 Supply Chain & Third-Party Risk Security Summit has been informative and productive. If you missed any sessions, you may watch them now on-demand in the Auditorium. We would like to take this opportunity to thank our sponsors: ProcessUnity, Wiz, Ping Identity, and Jscrambler. Stop by their booths and chat with their experts before you leave!