Vulnerability Management is Broken — Here's How AI Can Fix It

30,000 CVEs published per year. NIST stepping back from enrichment. Analysts drowning in noise. Vulnerability management hasn't kept pace with the modern threat landscape — and it's time for a new approach. In this session, SEC501 co-author Dave Shackleford lays out the state of vulnerability management in 2026 and makes the case for why AI is no longer optional. You'll learn: Why vulnerability management has lagged behind other areas of cybersecurity — and the root causes The staggering 263% increase in CVEs published between 2020 and 2025 What NIST's decision to stop enriching most CVEs means for your organization How AI can help you move from endless triage to actually fixing things faster A practical framework for prioritizing vulnerabilities beyond static CVSS scores The onus is increasingly on security teams to figure this out themselves. This talk will help you get ahead of it. 🛡️ Learn more: SANS SEC501: Advanced Security Essentials - Enterprise Defender — https://go.sans.org/mR9BkC

Join Today
Agentic AI Explained: How It Really Works, When It Fails, and What to Watch For
▶︎

Agentic AI Explained: How It Really Works, When It Fails, and What to Watch For

The Augmented Analyst: How AI Is Changing the Speed of Security Operations
▶︎

The Augmented Analyst: How AI Is Changing the Speed of Security Operations

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

Encrypted Doesn't Mean Hidden: How to Spot Malware in HTTPS Traffic
▶︎

Encrypted Doesn't Mean Hidden: How to Spot Malware in HTTPS Traffic

Transforming Vulnerability Management A Practical Guide to CTEM
▶︎

Transforming Vulnerability Management A Practical Guide to CTEM

From Overwhelmed to Indispensable: How Security Professionals Learn to See the Whole Board
▶︎

From Overwhelmed to Indispensable: How Security Professionals Learn to See the Whole Board

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
▶︎

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro

Social Engineering – Evaluating Your Organization’s Risk
▶︎

Social Engineering – Evaluating Your Organization’s Risk

The Replicant Problem: Zero Trust in the Age of Autonomous AI Agents
▶︎

The Replicant Problem: Zero Trust in the Age of Autonomous AI Agents

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed
▶︎

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

Trust Issues: How MCP Servers Hijack Your AI Agent — and How to Stop Them
▶︎

Trust Issues: How MCP Servers Hijack Your AI Agent — and How to Stop Them

Deep Dive into LLMs like ChatGPT
▶︎

Deep Dive into LLMs like ChatGPT

Detection Coverage: Measuring What You Can Actually Detect
▶︎

Detection Coverage: Measuring What You Can Actually Detect

AI Agents Are Breaking Things: A Practical Model for Controlling Autonomy
▶︎

AI Agents Are Breaking Things: A Practical Model for Controlling Autonomy

Watch this if everything feels too much (gentle comfort for tired women)
▶︎

Watch this if everything feels too much (gentle comfort for tired women)

5 Cybersecurity Certificates You Should Avoid (Do THIS Instead)
▶︎

5 Cybersecurity Certificates You Should Avoid (Do THIS Instead)

Cybersecurity Zero Trust Architecture : Explained For Beginners
▶︎

Cybersecurity Zero Trust Architecture : Explained For Beginners

Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan
▶︎

Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan

Zero to CTI: A Novice’s Journey into Threat Intelligence
▶︎

Zero to CTI: A Novice’s Journey into Threat Intelligence

Stay Ahead of Attackers: Build a Powerful Detection Lab
▶︎

Stay Ahead of Attackers: Build a Powerful Detection Lab