Artificial intelligence is being plugged into production environments, vendor platforms and developer workflows faster than most security teams can track - and the governance frameworks to match that pace are still catching up. In this session, veteran CISO and cybersecurity educator Jesús Valverde Romero challenges the hype with candor, drawing on 15-plus years of frontline experience to examine what AI in cybersecurity actually looks like in practice - from shadow AI embedded in third-party tools to the EU AI Act obligations that many organizations are already failing without knowing it.

The session will cover:

• Why shadow AI is a bigger governance problem than shadow IT ever was;
• How the EU AI Act creates direct obligations for CISOs, deployers and integrators in 2026;
• Why AI in security operations works best as a copilot, not an autopilot.