5 Sessions to Catch at Identiverse 2026 (Plus 2 on the Future of AI Identity)

By Bill Bradley, Product Marketing

Identiverse returns to Mandalay Bay June 15-18, and this year the agenda makes one thing clear: the industry is treating identity as a live signal. Authentication is no longer the finish line. The questions now are what happens after login, whose credentials are already circulating, and how fast you can act when an account is compromised.

That shift is exactly where identity-first threat intelligence lives. Below are five sessions worth attending, chosen because each one speaks to the reality that identity exposure and identity verification must be part of an overarching organizational strategy. Two bonus picks on AI agent identity round out the list.

If you’re at Identiverse, let’s talk! I’ll be in the Flare booth, #127. 

1. Actions, Not Access: The Shift to Runtime Identity

Andre Durand, CEO and Founder (Ping Identity)

Monday, June 15 | 5:00-5:30 PM | Oceanside

This opening-day keynote captures the mindset shift behind everything else on the list. For decades, identity meant verify at login, then trust the session. That assumption no longer holds. Attackers do not break in, they log in, using credentials and sessions that were valid at login, and only revoked or flagged after the fact. Durand reframes trust as something that must be continuously proven and enforced at the moment of action rather than granted once at the door. It is the strongest macro framing of why static authentication leaves a gap, and why visibility into identity exposure has to be continuous too. A sharp anchor for the rest of your week.

2. Inside Identity @ PlayStation: Strategies for Modern Consumer Threats

Cam Champeau, Senior Product Manager, and Grant Walthall, Staff Application Security Analyst (Sony Interactive Entertainment, PlayStation)

Tuesday, June 16 | 3:55-4:20 PM | Mandalay Bay F 

Few organizations face consumer account threats at PlayStation’s scale, as they serve ~130mm active users per month, including me. This session gets into how a major consumer platform defends this collection of customer accounts against takeover, credential stuffing, and session abuse. If you protect consumer accounts for a living, this is the practitioner’s view of the threats that fraud, trust, and safety teams contend with in their role. Listen for how the team thinks about stopping account compromise before it reaches the customer, and becomes a dissatisfied customer, or revenue impacting churn.

3. From IAM to ITDR: Building Identity Threat Detection and Response for Real-World Resilience

Stephen Hutchinson, Director of Security Architecture (MUFG)

Tuesday, June 16 | 4:30-4:55 PM | Mandalay Bay H

Identity Threat Detection and Response (ITDR) has moved from theoretical to operational priority, and this session traces that journey inside a global bank. Hutchinson walks through what it takes to detect credential and session compromise in practice, and where traditional IAM leaves gaps that detection has to fill. It is a case study in why knowing your identity exposure is the precondition for responding to it.

4. More Than Who You Are: The Role of Intent in Digital Identity

David Bailey, Senior Director of Fraud Prevention and Solutions (TIAA)

Tuesday, June 16 | 4:30-4:55 PM | Mandalay Bay K

A fraud-prevention leader from a financial institution is the clearest signal of where identity and fraud are converging. The premise here, that identity is about more than verifying who someone is, gets right to the problem identity-first threat intel solves. With stolen credentials and hijacked sessions, an attacker circumvents most, if not all, checks until their true, and malicious, intent surfaces. Worth attending for the fraud team’s framing of the problem in their own words.

You might need to tag team here or prioritize. This session and the ITDR session run concurrently. If you prioritize fraud, trust, and safety, attend this, if you’re focused on security architecture, the ITDR talk may be the better option.

5. Inside the Fight Against Scattered Spider: Securing Workforce Identity at Global Scale

Jay Heffernan, General Manager-IAM (Delta Air Lines), Liz Revelas, Product and Solutions Marketing Manager (Ping Identity), and Darrell Geusz, Director, Strategic Products (Ping Identity)

Wednesday, June 17 | 10:30-11:20 AM | Mandalay Bay H 

Scattered Spider has become shorthand for identity-driven intrusion, built on social engineering, credential theft, and session hijacking against large enterprises. This session details how one global organization defends its workforce identity against that playbook. The connection to threat intelligence is direct. The credentials, stealer logs, and session data that fuel these attacks surface on the dark web and in criminal channels well before the intrusion. Seeing that exposure early is the difference between getting ahead of the adversary and reading about it in the incident report.

Bonus: The AI Agent Identity Track

Two more sessions are worth your time if you are thinking about where the next wave of identity exposure comes from. Both wrestle with the same question, and the population of non-human identities they cover, such as the agents, service accounts, and machine credentials, is growing faster than anyone is governing it.

Let’s Argue About AI Agent Identities

Jonathan Sander, President (42 Notions)

Wednesday, June 17 | 3:55-4:20 PM | Mandalay Bay I

Ever had an argument with yourself? Did you win or lose? The speaker here will be debating himself about the agentic world. Should AI agents live in the same directory as humans? Can you grant them access without a unifying identity context? Should you? How do you handle identical agents that would all use the same identity? Sander works through the open questions drawn from conversations with organizations at the bleeding edge of deploying agents, and lands on the point that matters most for our story. AI agent identity is neither fully human nor fully non-human. That is exactly the gray zone where exposure hides. These identities hold credentials, tokens, and standing access, and they are multiplying faster than anyone is governing them.

MCP Hackathon: Master Your AI’s Identity

Nick Steele, Security Researcher (OpenAI), and Jonathan Sander, President (42 Notions)

Monday, June 15, 8:30 AM – 12:30 PM | Breakers L 

If the debate session frames the questions, this hands-on workshop gets you into the mechanics. The Model Context Protocol is becoming the way AI systems discover, negotiate, and use context across services, and that is precisely where identity signals, trust boundaries, and new exposure surfaces appear. Guided lab exercises walk through how agents request and apply context, where identity shows up in those interactions, and how trust shifts when context is assembled dynamically and reused. It is a paid pre-conference workshop, so it takes planning, but for anyone building or securing agentic systems it is the most concrete look at the problem on the agenda. The credentials and tokens these systems carry are the exposure of tomorrow, and this is where you learn how they move.

Getting Ahead of Identity Exposure

The theme throughout these sessions is that identity is now the primary attack surface, and the moment of compromise happens upstream of detection. Through a vast array of infostealer malware, credentials get stolen, session cookies get lifted, and access gets sold within minutes. This happens ahead of any alerting. To get ahead of this with proactive measures, organizations must see that exposure first.

That is what Flare is built for, and why we lead in identity-first threat intelligence. We monitor the places where identity exposure actually originates: the dark web, criminal Telegram channels, stealer log ecosystems, and breach repositories, and we surface compromised credentials, session data, API keys, and secrets at the account level. We enable your team to close the loop, driving automated remediation through native integration with Entra and Okta. Exposure becomes action, not just another notification that may or may not represent a material risk.

Identity-first threat intel is not only about employees. As the PlayStation session outlines, it protects customers from account takeover. It also gives partners and managed-service providers the visibility to defend their own end users. And it extends that same vigilance to non-human identities. Service accounts, API keys, and AI agents now outnumber people and carry exposure of their own. Across all four, the principle is the same, teams need to find the exposure before the adversary uses it.

If you are at Identiverse and these sessions resonate, that is the conversation we want to have. I’ll be in the Flare booth, #127, so stop by and let’s talk about why identity-first threat intel matters to your business.