BSides Vancouver 2026

AI is entering enterprises through side doors, not front gates. Long before legal reviews, vendor assessments, or security sign-off, employees are spinning up local coding assistants, connecting to external model servers, and assembling multi-agent workflows that operate entirely outside formal governance.

This session explores practical agentic fingerprinting, and how security teams can uncover AI systems based on what they are, not what they’re called. By identifying the shared metadata, configuration artifacts, and behavioral signals that define an AI agent, organizations can discover unapproved AI activity across cloud APIs, internal code repositories, and endpoints—without relying on brittle network choke points.

Attendees will leave with a practical framework for mapping their true AI footprint, understanding where governance assumptions break down, and regaining visibility into the digital workforce that is already operating inside their organization—approved or not.