Two Major Updates from The Elephant in AppSec Conference: Agenda Is Live & Partnership with InfoSecMap

Two exciting updates in the Elephant in AppSec corner!

1. The Elephant in AppSec Conference 2026 Agenda Is Now Live

The agenda for the 2026 edition of The Elephant in AppSec Conference is officially published. This year’s program brings together a lineup of speakers who aren’t afraid to challenge assumptions and share strong, sometimes controversial perspectives on the state of application security.

From DevSecOps and security culture shifts to the rising influence of Agentic AI across all areas of cybersecurity, the conference will offer a mix of thought-provoking talks designed to push the industry forward.

Keynote: Crushed by the Backlog — The DevSecOps Problem No One Wants to Admit

Speaker: Tanya Janca

We’re thrilled to welcome Tanya Janca, also known as SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Application Security' and 'Alice and Bob Learn Secure Coding',  as the keynote speaker for this year’s conference. Known for her clarity and deep industry experience, Tanya brings a much-needed perspective on what’s really happening inside DevSecOps programs today.

Keynote overview:

We were promised that DevSecOps and “shifting left” would help us catch security issues early, fix them faster, and reduce risk at scale. But what we got instead was... backlog overload.

Teams are drowning in security findings—tens of thousands of alerts, many of them meaningless. Tools have multiplied, context has disappeared, and developers have started ignoring the warnings altogether. We're automating vulnerability detection faster than we can address even 1% of it.

In this talk, we’ll examine what went wrong: why DevSecOps created more noise than clarity, how “security at scale” turned into “overwhelm at scale,” and why prioritizing based on raw CVSS or tool output is setting us up to fail. Then we’ll look at several ways to do better.

You'll learn how to:
- Reduce your backlog to vulnerabilities that actually matter
- Align security signals with real business risk
- Avoid the DevSecOps trap of "more automation = more security"
- Evaluate which tools deserve to stay—and which need to go
- Design a smarter, smaller, risk-based AppSec pipeline
Because a nation-state doesn’t care about your t-shirt company’s TLS version—and neither should you.

Highlighted Talks & Panels

Panel Discussion
Enrique Larios Vargas, Alina Yakubenko, Alekh Gadekar
Beyond the “Champions”: Is Security Culture the New Must-Have for Organizations?
A conversation on the limits of AppSec champion programs and what it takes to build a sustainable, organization-wide security culture.

Antoine Carossio
Will 2026 Be the End of Manual Pentesting? Time to Find Out
An exploration of how automation, AI, and modern tooling are changing the role—and future—of traditional pentesting.

Sana Talwar
Why Third-Party Reviews Are Broken (and How to Fix Them)
A candid look at the shortcomings of today’s vendor and third-party security assessments, along with practical ways to improve them.

Izar Tarandach
What Is Old Is New Again: Are AI Threats Really That Novel?
A perspective on AI security risks through the lens of decades-old threat models and patterns—what’s genuinely new, and what’s simply being repackaged.

The full schedule can be found here.

Partnership with InfoSecMap

We’re thrilled to share that The Elephant in AppSec Conference is officially partnering with InfoSecMap for 2026.

If you haven’t explored it yet, InfoSecMap is the go-to global directory for cybersecurity events and communities. Whether you’re hunting for:

• conferences
• CTFs
• meetups
• CFPs
• trainers
• sponsors
• volunteers

…InfoSecMap’s powerful search tools help you find exactly what you need — all manually curated and completely free.

This partnership strengthens our shared mission: to make application security knowledge accessible to everyone.

Whether you’re an industry veteran or stepping into AppSec for the first time, The Elephant in AppSec Conference is the place to challenge the status quo, learn something uncomfortable, and grow with a community that loves honest conversations.

So, join this January!

We can't wait to see you there and to stir up some meaningful, maybe even uncomfortable, conversations together.

More events from Escape and the Elephant in AppSec:

• The Elephant in AppSec 2024 Talks Highlight: Shifting Left Doesn't Mean Anything Anymore
• Podcast: Can We Make AI Agents Smarter Than Security Teams? with Anshuman Bhartiya
• [Escape Webinar] From Business Logic Vulnerabilities to Actionable Insights: AI-powered Pentesting + ASM in Action