ORLANDO, Fla. — The 2026 Zero Trust World conference kicked off here Wednesday (March 4) with a particularly optimistic keynote by futurist and TV host Jason Silva and also featured a last-minute addition in the form of a talk by former White House CIO Theresa Payton.
But it was the smaller sessions, including a dark-web primer and a live Security Now! podcast broadcast featuring cybersecurity veterans Steve Gibson and Leo LaPorte, that stole the show during the first day of ThreatLocker's annual user conference.
Waiting for the singularity
Unusually for a security conference, Silva's keynote address was all sunshine, rainbows and transhumanism. He predicted that exponential advances in technology, especially
artificial intelligence, biohacking and nanotechnology, would usher in a golden age of human possibility and possibly even the end of death.
"The impossible becomes possible," Silva said. "The very rules of what it means to be human are up for grabs."
Interspersed in his talk were several inspirational short films that Silva has posted on
his YouTube channel, all of them relentlessly enthusiastic about the coming melding of humans and technology.
Unlike some AI experts, Silva thinks the "Singularity" — the long-anticipated moment when artificial intelligence learns to improve itself and escape human control — can only be a good thing.
"The world will have turned itself inside out," Silva said, earlier paraphrasing a quotation often attributed to Marshall McLuhan: "We build the tools, and then the tools build us."
Taking the blame for AI
Payton was less rosy about AI and technological progress, saying that all machines, no matter how intelligent, need to be "owned" by human managers who can take responsibility for their actions.
"You can't outsource accountability to an algorithm that you cannot see or influence," Payton said.
Many organizations, she said, have not updated their resiliency playbooks to include AI behavior and mistakes, and many have no clear assumption of risk for the actions of AI agents.
"When an AI decision goes terribly wrong, who takes the blame?" she asked the audience of IT and cybersecurity staffers. "You do."
Payton also predicted that when corporate executives begin to use holographic projections of themselves to attend far-away business meetings, attackers will inject
deepfakes to subvert financial transactions.
Peering into the internet's dark spaces
Ever had trouble convincing a loved one or a co-worker to implement
MFA, to not click on browser pop-ups or to use more than a single password?
ThreatLocker Senior Solutions Engineer Collin Ellis feels your pain. And he's got a solution: The simplest way to get people to shape up their cybersecurity, he said, is to show them how easy they're making it for criminals.
"The principle of default-deny" — ThreatLocker's preferred term for
zero trust — "is really hard to communicate to people outside the security community," Ellis said. "We're going to give you a better way to explain the why."
You can start by checking out
Ransomware.live, a safe-to-visit website on the open internet that tracks
ransomware attacks around the world in real-time. It tells you who the latest victims are, and two new organizations were added to the leaderboard during Ellis' talk. It also lets you drill down into ransom-amount negotiation chats, view ransom notes, and break down statistics of ransomware attacks.
Moving into the dark web, Ellis showed how easy it is to find and hire hackers to do anything from taking remote control of a specific smartphone ($700), hijack a specific Twitter or Facebook account ($500), or even "destroy someone's life" for $1,700 by disrupting financial accounts or planting child pornography on their devices.
The Clop ransomware group lists its hundreds of victim organizations on its dark-web site, along with details of data that was stolen.
Ellis, who went to college in South Florida, opened up the Clop archive of a hack of the University of Miami website and found documents listing hundreds of individuals' personal details, including Social Security numbers, dates of birth and places of employment — a gold mine for attackers who can correlate job histories on LinkedIn to launch social-engineering or ransomware attacks.
All this should scare your colleagues and family members into taking better security precautions, Ellis hoped.
"The culture of security at your job, at your home, with your family, is really important and it has to change," he said.
Trust no one
The day ended with a conversation between longtime technology broadcaster Leo LaPorte and his Security Now! podcast colleague Steve Gibson, who emphasized the importance of the zero-trust model.
"Assume that authentication doesn't work. We see example after example after example," said Gibson. "Assume that threat actors can get onto your VPN."
Gibson, creator of the early firewall checker Shields Up and many other free and paid tools (all available on his
incredibly old-school website), recounted how he got his first Silicon Valley job in Stanford's artificial-intelligence lab in 1970 at the age of 15.
Later, he worked at Atari and at Texas Instruments developing the Speak 'n' Spell educational toy during the late 1970s.
But despite his age, Gibson has been pushing the concept of zero trust for many years — except that, as LaPorte pointed out, he used to call it "trust no one."
"Well, I got that from Mulder on the 'X-Files,'" Gibson admitted.
"The reason is a personal computer is so much fun is that we can do anything we want with it," Gibson added. "That model doesn't work inside the enterprise."
"But your employees want that freedom," LaPorte said.
"Yeah, but they can't be trusted with it," Gibson replied. "You cannot rely on your employees not making mistakes. … It's necessary, unfortunately, to reconceptualize the internal networking architecture."
Moving on to other topics, LaPorte asked Gibson if he thought
passkeys were an improvement on authentication.
"I think we're going to end up with pervasive biometrics throughout the enterprise," Gibson said, envisioning thumbprint readers everywhere.
Taking it back to Gibson's first job, LaPorte asked what he thought about the future of AI.
"We're so early in AI that I don't think we can guess what's going to happen," Gibson said. "We're at the 1% point."
But, he added, one useful application for AI would be to warn or prevent users from falling victim to social engineering or other attacks.
"Keep an eye out," Gibson said, "for agents that keep your employees from making mistakes."
