ON-DEMAND WEBINAR
PAST EVENT
LIVE
July 14, 2026
11:30 AM EST

Hands On: Building AI Agents You Can Actually Trust

in collaboration with
Software Analyst Cybersecurity Research

Everyone’s talking about AI agents. Few are building ones that actually hold up under pressure.

This isn’t a keynote about what AI could do. It’s a hands-on workshop where we break down exactly how agents work, show the architecture decisions that determine whether they’re trustworthy, and run two complete security workflows live from trigger to resolution.

Walk in curious. Walk out with a playbook.

What You'll Learn

Agents vs. Prompts: what actually changes

A prompt gives you an answer. An agent takes action, perceiving, reasoning, acting, and observing in a continuous loop. We’ll make the distinction concrete and show why it rewrites the rules for security operations.  

The anatomy of a trustworthy agent

Three pillars every agent must have: Context (what it sees), Tools (what it can do), and a Harness (what keeps it in check). Get these wrong and your agent is either blind, powerless, or out of control. We’ll walk through each one with real security examples.  

Why most agent deployments fail

Isolated agents making decisions on stale data. No shared state. Inconsistent answers across your team. We’ll show exactly what breaks, why it breaks, and what unified real-time context looks like when it’s working.  

Two complete security workflows, running live

Workflow 1: Threat Intel Closed Loop

An agent ingests IOCs from threat intel feeds, hunts your environment for matches, investigates any evidence it finds, responds automatically when confidence is high enough, and writes detection rules to close the loop. No human required until it matters.

Step by step:

  1. Threat Intel Feed: ingest indicators of compromise from the wild
  2. Hunt Agent: search the environment for matches
  3. Investigate Agent: find evidence, map blast radius
  4. Auto-Response: contain automatically when threshold is met
  5. Detection Rule Agent: write and deploy a rule to prevent recurrence

Workflow 2: ServiceNow Entitlement Enforcement

Every anomalous activity gets checked against your entitlement data in ServiceNow. If the service isn’t authorized, it gets blocked immediately. Then a deep investigation runs, evidence is gathered, and cleanup happens automatically with a closed ticket at the end.  

Step by step:
  1. Anomaly detected: suspicious access activity surfaces
  2. Entitlement Agent: cross-references ServiceNow to verify authorization
  3. Block: automated and immediate if access is not entitled
  4. Investigate Agent: deep dive across who, what, when, and blast radius
  5. Cleanup Agent: revoke access, remediate, close the ticket

WHO THIS IS FOR

  • Security leaders who want to understand where agentic AI is heading and how to evaluate it for their organization
  • Security engineers and architects exploring agentic AI
  • SOC leaders evaluating automation for detection and response
  • Anyone who has run a single AI tool and wants to understand how multiple agents work together
  • Teams already experimenting with agents who want to go deeper

No prior experience with agentic AI required. Basic familiarity with cloud security concepts is helpful.

Register here

Register now

Watch the webinar

Speakers

Lawrence Pingree
Head of Data Security and AI Research at SACR
Stav Sitnikov
CPO

What's new