Five-day summit highlights AI-driven CVE spikes, breakthrough incident response frameworks, and a major expansion of global capacity-building initiatives
DENVER, CO - JUNE 19, 2026 - Today, the Forum of Incident Response and Security Teams (FIRST) has successfully concluded the 38th Annual FIRST Conference (FIRSTCON26), bringing together the world’s cybersecurity professionals from across government, critical infrastructure, and the private sector in Denver, Colorado.
The event served as a global gathering point for incident response teams, CERTs, government agencies, and enterprise security leaders to collaborate, share intelligence, and develop strategies they can bring back to strengthen their programs and the broader security ecosystem.
Speaking against the backdrop of the FIFA World Cup taking place, Chris Butera, Acting Executive Assistant Director for CISA's Cybersecurity Division, opened the event by drawing a pointed parallel between the sport and the work happening at FIRSTCON26:
“In soccer, the best teams move the ball quickly, creating opportunities and helping teammates respond to changing conditions. Cybersecurity works the same way,” said Butera. “This is such a unique gathering to have security researchers, the national CERTs, and the major product vendors all gathered in one place, building the trust and operational partnerships needed to solve the world's hardest cybersecurity problems."
A Historic High: AI Fuels CVEs to Hit 66,000 in 2026
FIRST kicked off the conference by releasing its mid-year 2026 vulnerability forecast. Fueled in large part by AI-assisted vulnerability discovery, 2026 is now on track to reach approximately 66,000 CVEs—a 46.3% overage against the initial annual forecast, representing roughly 6,420 vulnerabilities ahead of pace.
During his keynote, former US National Cyber Director, Chris Inglis emphasized that as adversaries leverage rapid AI adoption to scale unpredictable attacks, defenders can no longer rely on rigid textbooks. True defense requires built-in redundancies, human-in-the-loop operational control, and a shared "coalition defense" model bridging the private sector, infrastructure providers, and global governments.
“The most fundamental anchor for resilience is in the components and in the composition. You have to know your architecture better than they do. When you get off course, you want to know exactly where you want to navigate back,” said Inglis.
FIRST CORE Marks a Year of Growth with Renewed Funding and Global Expansion
Following its launch at the 2025 Annual Conference in Copenhagen, FIRST CORE (part of FIRST's Community and Capacity Building program) enters its next phase of global growth backed by new critical investments.
Founding supporter Fortinet renewed its commitment to the program, sustaining sponsorship for regional liaisons, mentors, innovative incident response training, and the Suguru Yamaguchi Fellowship Program for underrepresented regions.
This follows recent support from the Internet Society and Internet Society Foundation, who joined in 2026 as sponsors via the Common Good Cyber Fund (CGCF) to address the persistent underfunding of essential cybersecurity capabilities.
Additionally, FIRST launched a new capacity and trust building initiative in the Framework of the G7-ECOWAS Platform for Advancing Cybersecurity. Together with the German Federal Foreign the Economic Community of West African States (ECOWAS) and with Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH as implementing partner, FIRST will support regional cyber Confidence-Building Measures (CBMs).
Organizations interested in supporting global incident response capacity can learn more and join the CORE supporters community at first.org/global/core.
Special Interest Groups (SIGs) News and Developments
FIRST’s Exploit Prediction Scoring System (EPSS) SIG deployed its live v2026.06.15 refresh, delivering updated exploitation probability scores for every public CVE. The daily model retraining serves as a vital tool for dynamic threat prioritization amidst an accelerating risk landscape. Latest scores are available at first.org/epss.
FIRST DNS Abuse SIG discussed the recently released DNS Abuse Techniques Matrix v1.3, continuing its work to catalog and classify DNS-based threats to support the global incident response community.
FIRST Cybersecurity Communications SIG is developing a comprehensive assessment to help Incident Response teams benchmark their current capabilities and identify areas for improvement.
FIRST Metrics SIG has completed the Metrics for the CSIRT Services Framework v1.1 in collaboration with the FIRST CSIRT Framework Development SIG.
FIRST Cyber Threat Intelligence SIG is preparing to release version 5 of its CTI curriculum incorporating community feedback gathered on-site. The SIG continues its efforts to unify terminology across the CTI space and provides onboarding resources, including business and technical-stakeholder slide decks, to help new teams establish CTI programs.
Technical Breakthroughs & Additional Announcements
New and critical security frameworks, tools, Special Interest Groups (SIGs), and research insights aimed at automating defense and managing AI risk were showcased during the event: Apura Cyber: ShowcasedBTTneo, a next-generation cyber threat intelligence platform combining agentic AI with human-in-the-loop analysis.Vishal Thakur & Atlassian: ShowcasedPR3TACK, a preemptive threat intelligence framework that catalogues technically feasible but not-yet-observed adversary techniques.Flare: UnveiledStealerLens, a free LLM-powered tool that compresses hours of infostealer log forensics into minutes.Modat:Introduced native Passive DNS intelligenceto its Magnify platform, enabling investigators to pivot across infrastructure data in a single graph.Jumpmind:Unveiled CIRCUIT, an open-source framework providing an auditable view of how AI systems make security decisions.Spamhaus:Announced significant enhancementsto its CERT Insight Portal, delivering enriched botnet data to over 100 government-funded CERTs.TeamT5:Debuted its ThreatVision Cybercrime Intelligence offeringalongside original research on APAC-based short-video and crypto cybercrime campaigns.
FIRST also welcomed its newly elected Board of Directors for the 2026–2027 term, appointing Logan Wilkins (Cisco, US) and welcoming back returning board member Mona Elisabeth Østvang (mnemonic, NO). Olivier Caleff was also re-elected as Chair of the Board of Directors, beginning his second term in the role.
"FIRSTCON26 covered the full spectrum of what keeps CISOs and defenders up at night," said Chris Gibson, CEO of FIRST. "The innovations and partnerships forged here this week are exactly how the security community stays ahead."
The 38th Annual FIRST Conference is supported by a global lineup of industry leaders and innovators, including Gold sponsors, Dream and VMRay; Silver sponsors, Group-IB and Tidal Cyber; Bronze sponsors, Apura, Censys, Command Zero, CTM360, Daylight, Modat, NRD Cyber Security, Spamhaus & abuse.ch, TeamT5, and Volexity; Social Sponsors, Adobe and Cisco; Exhibitors, Analyst1, Arcanna, Bureau Veritas Cybersecurity, Flare, Nore Security, SOCRadar, Spacewalk, and Stairwell; Capture the Flag Supporters, CERT.br and ZeroFox; and Supporting sponsors, Hitachi, CIRCL, and Adobe.
Also available in PDF Issued on behalf of FIRST. For further information please contact pr@first.org.
About FIRST
FIRST aspires to bring together incident response and security teams from every country across the world to ensure a safe internet for all. Founded in 1990, the Forum of Incident Response and Security Teams (FIRST) consists of internet emergency response teams from more than 860 member teams, 205 liaisons, and 4 associates spanning corporations, government bodies, universities and other institutions across 118 countries in the Americas, Asia, Europe, Africa, and Oceania. For more information and to see the full calendar of events, visit: FIRST.Org.
Connect with FIRST on social media via Bluesky, GitHub, LinkedIn, Mastodon, Meta, X and YouTube.
Fri, 19 Jun 2026 19:00:00 +0000