Luigi Renna

AI dramatically expands the attack surface, yet the skills required to test these systems remain scarce. Enterprises are under pressure to build internal capability, but few understand what AI red teaming requires in practice. This debate challenges assumptions around in house readiness and exposes where maturing may be overestimated. Panellists will discuss the feasibility of building internal AI red teams, the tooling and expertise genuinely required, and where external specialists remain critical.

The rush to build AI-enabled applications has created a new software supply chain risk surface, with attackers increasingly targeting the open-source ecosystems powering modern AI development. Recent npm incidents in the AI space have exposed how quickly compromised tooling can spread through developer environments and production systems. In this session, Director of Security Architecture at Barclays explores what these attacks reveal about the intersection of application security and AI security, why existing security practices are struggling to keep pace, and how organisations can better anticipate, detect, and reduce emerging supply chain threats before they scale across the enterprise.