AI x Risk & Security
Summary
This event brings together leading practitioners at the front lines of AI security, cyber risk, and agentic systems to examine how autonomous AI is fundamentally reshaping the threat landscape. As AI agents gain the ability to reason, act, and interact with real-world systems with minimal human oversight, traditional security assumptions, metrics, and controls are rapidly becoming obsolete. Through concrete attack examples, risk-model critiques, and emerging approaches to agent identity and access control, these talks explore what breaks when autonomy scales — and how defenders must adapt. Attendees will gain a grounded, adversarial perspective on securing agentic AI in enterprise and critical environments before failures become systemic.
Talks
Talk 1: Inside the Minds of Autonomous AI Systems — A Red Teamer’s View from the Front Lines
Speaker: Alex Polyakov (CEO & Co-founder @ Adversa AI)
Abstract: Agentic AI is no longer experimental. Autonomous agents now plan, reason, use tools, delegate tasks, write code, access internal systems, and make decisions with minimal human oversight. This shift is transforming productivity — and silently creating the most dangerous security attack surface the industry has ever seen. Traditional AI security models were built for single-prompt, single-response systems. Agentic AI breaks that assumption completely. In this talk, Alex will take you inside real attacks observed while testing enterprise-grade agentic AI systems — showing how attackers exploit memory, reasoning chains, tools, context, and autonomy itself.
Bio: Alex Polyakov is an AI Security Pioneer and AI Red Teaming evangelist, co-founder of Adversa.AI, vice chair at IEEE AI Cybersecurity group, co-lead of Agentic AI Security at CosAI, and core member of OWASP AIVSS. He has 20 years of experience in applying AI for cybersecurity and cybersecurity for AI, from a practical red teaming expert to a C-level executive. He has found over 300 vulnerabilities, presented his research at over 100 conferences in 30+ countries, and published dozens of whitepapers, two books, and multiple trainings, including the world's first practical training on securing AI. His work is mentioned on such websites as WSJ, Bloomberg, Fortune, Forbes, TechCrunch, Wired, MIT, and others.
Talk 2: Why Most AI Security Metrics Are Already Obsolete
Speaker: Eddy Almand (CEO & Founder @ Almata)
Abstract: Modern cyber risk models are built on a dangerous assumption that the world is relatively stable. They assume threats evolve over time, attackers are human-paced, environments are predictable, and risk can be captured in periodic scores or compliance artifacts. Artificial intelligence breaks every one of these assumptions. So does geopolitics. So does adversary automation. This session argues for treating cyber risk as a dynamic, adversarial system, one that must be continuously modeled, simulated, and re-evaluated using agents, scenario analysis, and geopolitical context.
Bio: Eddy Almand is a cybersecurity and intelligence practitioner focused on where traditional security and risk models fail under real-world pressure. He is the CEO of Almata, a Japan-based cybersecurity firm. His work sits at the intersection of AI-enabled cyber operations, threat intelligence, geopolitical risk, and ISR capabilities, drawing on intelligence methodologies adapted for today’s rapidly changing environments. Eddy works with stakeholders to rethink how cyber risk is assessed when adversaries use AI, operational conditions shift quickly, and decision cycles are increasingly compressed. His focus is on automating risk mitigation and making cyber defense more accurate, scalable, and actionable.
Talk 3: Agent Identity and Data Security in Real-world Use Cases
Speaker: Jonathan Hope (CEO & Founder, Keychain)
Abstract: The true potential of AI will be realized when it is used to modify the world external to it directly. For example, an agent may be used to automatically purchase on behalf of a company. Scenarios like this present unique cybersecurity challenges. This session explores the security challenges related to two emerging business workflows (AI-native software development lifecycle and agentic payments) and emerging approaches to address them.
Bio: Jonathan Hope is Founder and CEO of Keychain and a digital trust technologist with 25 years of experience in financial market infrastructure, data security, and key management. He created Keychain Core, a distributed public-key infrastructure targeting AI agents and robotics, and Trustable AI, an AI orchestration harness that enables companies to increase the productivity of software teams 20X safely. He has deployed high-performance trading systems for several financial institutions, including Goldman Sachs, Bloomberg, and Deutsche Bank.
Talk 4: The Risk of an AI Agent Rogue in an Agentic System
Speaker: Mao Parr (CEO & Co-founder @ datagusto)
Abstract: As enterprises move from "Chat" to "Agentic" systems, we are handing AI the keys to our digital environment. But what happens when an agent, designed to be helpful, begins to act against its creator’s intent?
In this session, we go beyond basic prompt injection to explore the structural risks inherent in agentic workflows. We will break down the core components of an Agentic System, from planning modules to tool-use execution, and identify where the "autonomy gap" creates room for rogue behavior.
Key takeaways include:
The Anatomy of an Agent: Understanding how memory, planning, and tool-integration create new attack surfaces.
The "Rogue" Spectrum: Why agentic risk isn't just about "malice," but often stems from over-optimization, hallucinated tool-use, and goal misalignment.
The Guardrail Fallacy: A technical deep dive into why traditional static guardrails and system prompts fail to contain autonomous agents in dynamic environments.
Scenario Analysis: A real-world walkthrough of a "rogue" event, demonstrating why behavioral risks are uniquely difficult to detect and mitigate in real-time.
Whether you are a developer building your first autonomous loop or an enterprise leader weighing the risks of deployment, this talk will provide a framework for understanding and governing the unpredictable nature of agentic AI.
Bio: Mao Parr is the Founder of DataGusto and a specialist in AI governance and behavioral risk. She holds a Master's degree in Behavioral Science from Osaka University and brings over 15 years of experience in data science to her work. Previously, Mao served as a Data Scientist and AI Governance Consultant at PwC, where she led global projects focused on algorithmic accountability. She has also spearheaded AI pilot initiatives for major system integrators across the Asia-Pacific region. Mao's work centers on the intersection of human behavioral patterns and autonomous agent logic, helping ensure that enterprise AI systems remain safe and predictable.
Event Schedule
18:00 - 18:30: Doors open
18:30 - 20:00 Talks
20:00 - 21:00: Networking
21:00: Doors close
Supporters
Tokyo AI (TAI) is the biggest AI community in Japan, with 3,000+ members mainly based in Tokyo (engineers, researchers, investors, product managers, and corporate innovation managers).
Value Create is a management advisory and corporate value design firm offering services such as business consulting, education, corporate communications, and investment support to help companies and individuals unlock their full potential and drive sustainable growth.
DEEPCORE is a VC firm supporting AI Salon Tokyo. They operate a fund for seed and early-stage startups and KERNEL, a community supporting early entrepreneurs.
Privacy Policy
We will process your email address for the purposes of event-related communications and ongoing newsletter communications. You may unsubscribe from the newsletter at any time. Further details on how we process personal data are available in our Privacy Policy.