Yesterday, we brought Security Chat back to Zurich for its sixth edition and it was everything I had hoped for: brilliant talks, a packed room, and the joy of reconnecting with friends old and new. What started back in 2012 as an informal gathering of security enthusiasts has grown into a tradition where community and ideas come together.
This year we had five lightning talks. Each one very different in style, but all equally thought-provoking:
Candid cut through the hype around “AI-driven malware.” He explained the difference between AI-generated malware (just code produced by LLMs) and AI-powered malware (where AI runs inside the malicious code). While there are proof-of-concepts in the wild, protection stacks still hold up. Behavior-based detection and layered defenses remain effective. His takeaway: AI will eventually give attackers new tools, but defenders are not out of the game.
Josh gave us an inside look at the booming phishing-as-a-service industry. For as little as $50 a month, criminals can buy turnkey kits that bypass MFA, come with 24/7 “support,” and scale to tens of thousands of victims. His case study on Storm-1167 (“FluorStorm”) showed just how industrialized this has become, with thousands of domains, Telegram bots for real-time stolen credentials, and devastating impact on nonprofits. His message: MFA is necessary but not sufficient; phishing-resistant authentication and faster takedowns are critical.
Barbara brought cryptography to life with a visual storytelling approach. Mapping concepts like one-time pads, pseudo-random generators, and RSA to vivid imagery from the natural world (snakes, owls, octopuses, and more). It was a refreshing, creative reminder that explaining security to non-experts requires more than equations. It sometimes requires narratives that people can connect to.
Advije, a PhD student in Liechtenstein, showed how machine learning systems that drive algorithmic trading can be tricked with subtle, temporary data manipulations. A single manipulated data point can cause wrong trades, eroding portfolio performance over time. Her research raises a sobering question: in high-stakes financial markets, how do we know whether losses are due to bad luck, bad models… or deliberate attacks?
Elliott closed the night with a deep dive into cookie tossing, a little-known but powerful web attack. By controlling a subdomain, an attacker can “toss” malicious cookies that hijack authentication flows or manipulate transactions on the parent domain. He walked us through real-world cases and defenses and highlighting how a small misconfiguration can open the door to session hijacking and data theft.
What I loved most about Security Chat 6.0 wasn’t just the talks, but the variety of voices and the energy in the room. We had people flying in from London, driving hours through traffic, and carving out time to share ideas. We had job seekers and companies hiring. We had old friends, new connections, and plenty of wine and bagel bites to keep conversations flowing.
A big thank you to our sponsor 1Password for supporting the evening, to the speakers for sharing their insights, and to everyone who showed up to make this community vibrant.
As I said on stage: cybersecurity has given me so much over the years. Events like this are my way of giving back by fostering connection, sparking ideas, and reminding us all that innovation doesn’t happen in isolation.
See you at the next Security Chat – whenever and wherever it may be.
The post Security Chat 6.0: A Night of Ideas, Innovation, and Community in Zurich first appeared on Future of Tech and Security: Strategy & Innovation with Raffy.
Click to Open Code Editor