Autonomous Validation in Practice

Theory is one thing. Production is another. In this closing session of the Autonomous Exposure Validation Summit 2026, two of the sharpest security minds in the industry get brutally honest about what autonomous validation actually looks like inside real enterprise environments. Johnny Christmas, Global Head of Offensive Security at Kraft Heinz, and Marius Pocus, Global VP of Cybersecurity and CISO at Globe Financial Services, bring together the offensive and defensive perspective to show what is working, what is not, and how to finally speak the language of the boardroom. 00:00 Introduction and Speaker Welcome 01:15 The Current State of AI Adoption in Enterprises 04:00 Why AI Gives CISOs a Seat at the Table 06:40 AI Risk vs AI Opportunity 09:20 Is AI Creating More Threats or More Security? 12:40 AI Governance, Ethics, and the EU AI Act 16:10 How Offensive Security Teams Are Using AI 20:30 AI Prompting, Safety, and Security Risks 24:40 Agentic Workflows and SOC Automation 28:00 Reducing Analyst Burnout with AI 30:20 The Evolution of Breach and Attack Simulation 33:15 Vulnerability Prioritization and Risk Validation 36:00 Compliance vs Real Security 38:20 Why Annual Pentests Are No Longer Enough 40:15 Continuous Validation and Final Takeaways