fwd:cloudsec 2025: Conference Talks Summarized
This week at fwd:cloudsec 2025 in Denver was fantastic! I had the opportunity to connect with cloud security folks I hadn’t met in person and attended several insightful presentations that reinforced why this conference continues to be the best event for cloud security.
Like many conference attendees, I faced the classic dilemma: there’s never enough time to attend every talk you want to see, especially when you’re busy networking and catching up with friends. To solve this problem for myself and others, I created a comprehensive summary tool that captures the essence of each presentation.
What I Built
I’ve compiled detailed summaries of 43 conference talks that include:
- High-level overviews for quick understanding
- Key takeaways and actionable insights
- Technical implementation details with concrete examples
- Full transcripts for deep dives
- Direct links to original YouTube presentations
Access the complete summary collection here
Conference Talk Breakdown
The talks span six areas of cloud security:
AI/ML Security (7 talks)
The intersection of AI and security dominated many conversations, with talks covering:
- Breaking AI Agents: Exploiting Managed Prompt Templates to Take Over Amazon Bedrock Agents
- Bypassing AI Security Controls with Prompt Formatting
- Challenges Around AI as a Service Logging
- Double Agents: Exposing Hidden Threats in AI Agent Platforms
- Farewell False Positives: Building Trustworthy AI for IaC Analysis
- Inside Microsoft’s Battle Against Cloud-Enabled Deepfake Threats
- Taming LLMs to Detect Anomalies in Cloud Audit Logs
Identity & Access Management (15 talks)
IAM remains the most difficult part of cloud security, which was reflected with the largest number of presentations:
- ECS-cape: Hijacking IAM Privileges in Amazon ECS
- Happy Little Clouds: Painting Pictures with Microsoft Cloud and Identity Data
- I SPy: Rethinking Entra ID Research for New Paths to Global Admin
- IAM Roles Anywhere, Now for Everyone with Let’s Encrypt
- No IP, No Problem: Exfiltrating Data Behind IAP
- Not So Secret: The Hidden Risks of GitHub Actions Secrets
- Putting Workload Identity to Work: Taking SPIFFE Past Day 0
- Rebuilding ROADRecon for the Modern Entra Environment
- Securing Remote MCP Servers
- Staying Sneaky in the Office 365
- The Duplicitous Nature of AWS Identity and Access Management (IAM)
- The False Sense of Security: Defense Becoming a Vulnerability
- Trust Issues: What Do All These JSON Files Actually Mean?
- What Would You Ask a Crystal Ball for AWS IAM?
- When Your Partner Betrays You: Trusted Relationship Compromise in the Cloud
Threat Hunting & Detection (3 talks)
Focused sessions on finding and identifying threats:
- Detecting the Undetectable: Threat Hunting in Appliance Environments
- Patience Brings Prey: Lessons Learned from a Year of Threat Hunting in the Cloud
- What Do You Mean Resource Not Found? Demystifying GCP Error Codes for IR and Detections
Attack Techniques & Vulnerabilities (3 talks)
Understanding the adversary perspective:
- Defenders Hate It: Compromise Vulnerable SaaS Applications with This One Weird Trick
- The Good, the Bad, and the Ugly: Hacking 3 CSPs with 1 Vulnerability
- whoAMI: Discovering and Exploiting a Large-Scale AMI Name Confusion Attack
Cloud Infrastructure & Architecture (13 talks)
Practical implementation and architecture guidance:
- Beyond the Big Three: Mastering Oracle Cloud Security in a Multi-Cloud World
- Challenges Implementing Egress Controls in a Large AWS Environment
- Data Perimeter Implementation Strategies: Lessons Learned Rolling Out SCPs & RCPs
- I Didn’t Register for This: What’s Really in Google’s Artifact Registry
- Introducing GRC Engineering: A New Era of AWS Compliance
- Inviter Threat: Managing Security in a New Cloud Deployment Model
- Keeping Your Cloud Environments Secure During a Merger or Acquisition
- Logs Don’t Mean a Thing: Unraveling IaC Managed Identity Ownership
- Securing Organizations’ ML and LLMOps Deployments: A Platform Architect’s Journey Onboarding LLMs
- Shared GPU Security: Learnings from Fly.io
- The Good, The Bad, and The Vulnerable: Breaking Down GCP Tenant Projects
- This Wasn’t in the Job Description: Building a Production-Ready AWS Environment from Scratch
- You Are Not Netflix: How to Learn from Conference Talks
Opening & Closing (2 talks)
Conference bookends providing context and a behind the scenes look at the operations required to make this event happen. Loved the transparency here.
Why This Matters
Conference talks contain incredible value, but that knowledge often gets lost in the shuffle because it can be difficult to dedicate 20+ minutes to a talk when you don’t even know whether it covers the knowledge you need or not. By creating these detailed summaries, I hope it helps you pick out which ones are worth watching. If it does, do me a favor and help share it with others so they can also benefit!
Explore the full collection of talk summaries here
What was your favorite talk from fwd:cloudsec 2025? Let me know in the comments below!
Responses