{"slug": "first-concludes-firstcon26-amid-record-surge-in-cyber-vulnerabilities", "title": "FIRST Concludes FIRSTCON26 Amid Record Surge in Cyber Vulnerabilities", "summary": "The Forum of Incident Response and Security Teams (FIRST) concluded its 38th annual conference in Denver, highlighting a record surge in cyber vulnerabilities driven by AI-assisted discovery, with 2026 on track to reach 66,000 CVEs. The event featured keynotes from CISA and former US National Cyber Director Chris Inglis, and announced expanded global capacity-building initiatives including renewed funding from Fortinet and new support from the Internet Society.", "body_md": "# FIRST Concludes FIRSTCON26 Amid Record Surge in Cyber Vulnerabilities\n\nFive-day summit highlights AI-driven CVE spikes, breakthrough incident response frameworks, and a major expansion of global capacity-building initiatives\n\n**DENVER, CO - JUNE 19, 2026** - Today, the Forum of Incident Response and Security Teams (FIRST) has successfully concluded the [38th Annual FIRST Conference](https://www.first.org/conference/2026/) (FIRSTCON26), bringing together the world’s cybersecurity professionals from across government, critical infrastructure, and the private sector in Denver, Colorado.\n\nThe event served as a global gathering point for incident response teams, CERTs, government agencies, and enterprise security leaders to collaborate, share intelligence, and develop strategies they can bring back to strengthen their programs and the broader security ecosystem.\n\nSpeaking against the backdrop of the FIFA World Cup taking place, [Chris Butera](https://www.linkedin.com/in/christopherbutera/), Acting Executive Assistant Director for CISA's Cybersecurity Division, opened the event by drawing a pointed parallel between the sport and the work happening at FIRSTCON26:\n\n*“In soccer, the best teams move the ball quickly, creating opportunities and helping teammates respond to changing conditions. Cybersecurity works the same way,”* said Butera. *“This is such a unique gathering to have security researchers, the national CERTs, and the major product vendors all gathered in one place, building the trust and operational partnerships needed to solve the world's hardest cybersecurity problems.\"*\n\n### A Historic High: AI Fuels CVEs to Hit 66,000 in 2026\n\nFIRST kicked off the conference by releasing its [mid-year 2026 vulnerability forecast](https://www.first.org/blog/20260615-vulnerability-forecast-update). Fueled in large part by AI-assisted vulnerability discovery, 2026 is now on track to reach approximately **66,000 CVEs**—a 46.3% overage against the initial annual forecast, representing roughly 6,420 vulnerabilities ahead of pace.\n\nDuring his keynote, former US National Cyber Director, Chris Inglis emphasized that as adversaries leverage rapid AI adoption to scale unpredictable attacks, defenders can no longer rely on rigid textbooks. True defense requires built-in redundancies, human-in-the-loop operational control, and a shared \"coalition defense\" model bridging the private sector, infrastructure providers, and global governments.\n\n*“The most fundamental anchor for resilience is in the components and in the composition. You have to know your architecture better than they do. When you get off course, you want to know exactly where you want to navigate back,”* said Inglis.\n\n### FIRST CORE Marks a Year of Growth with Renewed Funding and Global Expansion\n\nFollowing its launch at the 2025 Annual Conference in Copenhagen, FIRST CORE (part of FIRST's [Community and Capacity Building](https://www.first.org/community) program) enters its next phase of global growth backed by new critical investments.\n\n[Founding supporter Fortinet](https://www.first.org/newsroom/releases/20250623) renewed its commitment to the program, sustaining sponsorship for regional liaisons, mentors, innovative incident response training, and the Suguru Yamaguchi Fellowship Program for underrepresented regions.\n\nThis follows [recent support from the Internet Society and Internet Society Foundation](https://www.first.org/newsroom/releases/202603-9), who joined in 2026 as sponsors via the Common Good Cyber Fund (CGCF) to address the persistent underfunding of essential cybersecurity capabilities.\n\nAdditionally, FIRST launched a new capacity and trust building initiative in the Framework of the G7-ECOWAS Platform for Advancing Cybersecurity. Together with the German Federal Foreign the Economic Community of West African States (ECOWAS) and with Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH as implementing partner, FIRST will support regional cyber Confidence-Building Measures (CBMs).\n\nOrganizations interested in supporting global incident response capacity can learn more and join the CORE supporters community at [first.org/global/core](https://www.first.org/global/core).\n\n### Special Interest Groups (SIGs) News and Developments\n\n**FIRST’s Exploit Prediction Scoring System (EPSS) SIG** deployed its live **v2026.06.15** refresh, delivering updated exploitation probability scores for every public CVE. The daily model retraining serves as a vital tool for dynamic threat prioritization amidst an accelerating risk landscape. Latest scores are available at [first.org/epss](https://www.first.org/epss/).\n\n**FIRST DNS Abuse SIG** discussed the recently released [DNS Abuse Techniques Matrix v1.3](https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.3.pdf), continuing its work to catalog and classify DNS-based threats to support the global incident response community.\n\n**FIRST Cybersecurity Communications SIG** is developing a comprehensive assessment to help Incident Response teams benchmark their current capabilities and identify areas for improvement.\n\n**FIRST Metrics SIG** has completed the [Metrics for the CSIRT Services Framework v1.1](https://www.first.org/global/sigs/metrics/metrics_csirt_services_framework_v1-1) in collaboration with the **FIRST CSIRT Framework Development SIG**.\n\n**FIRST Cyber Threat Intelligence SIG** is preparing to release version 5 of its CTI curriculum incorporating community feedback gathered on-site. The SIG continues its efforts to unify terminology across the CTI space and provides onboarding resources, including business and technical-stakeholder slide decks, to help new teams establish CTI programs.\n\n### Technical Breakthroughs & Additional Announcements\n\nNew and critical security frameworks, tools, Special Interest Groups (SIGs), and research insights aimed at automating defense and managing AI risk were showcased during the event:\n\n**Apura Cyber:** Showcased[BTTneo](https://content.apura.io/bttneo), a next-generation cyber threat intelligence platform combining agentic AI with human-in-the-loop analysis.**Vishal Thakur & Atlassian:** Showcased[PR3TACK](https://pr3tack.org/), a preemptive threat intelligence framework that catalogues technically feasible but not-yet-observed adversary techniques.**Flare:** Unveiled[StealerLens](https://www.youtube.com/watch?v=Kcj_2axf2hI&feature=youtu.be), a free LLM-powered tool that compresses hours of infostealer log forensics into minutes.**Modat:**[Introduced native Passive DNS intelligence](https://www.modat.io/post/modat-passive-dns)to its Magnify platform, enabling investigators to pivot across infrastructure data in a single graph.**Jumpmind:**[Unveiled CIRCUIT](https://www.jumpmind.com/blog/company-news/eric-zielinski-open-source-ai-interpretability-framework/), an open-source framework providing an auditable view of how AI systems make security decisions.**Spamhaus:**[Announced significant enhancements](https://www.spamhaus.org/resource-hub/undefined/spamhaus-cert-insight-portal-enhanced-botnet-c-and-c-intelligence/#enriched-data-botnet-c-amp-c-activity-in-your-region)to its CERT Insight Portal, delivering enriched botnet data to over 100 government-funded CERTs.**TeamT5:**[Debuted its ThreatVision Cybercrime Intelligence offering](https://teamt5.org/en/posts/teamt5-shares-cybercrime-intelligence-cases-at-firstcon-urges-continued-attention-to-emerging-attack-techniques/)alongside original research on APAC-based short-video and crypto cybercrime campaigns.\n\nFIRST also welcomed its newly elected [Board of Directors](https://www.first.org/about/organization/directors) for the [2026–2027 term](https://www.first.org/about/organization/directors#y2026), appointing [Logan Wilkins](https://www.linkedin.com/in/loganw3/) (Cisco, US) and welcoming back returning board member [Mona Elisabeth Østvang](https://www.linkedin.com/in/mona-elisabeth-%C3%B8stvang-3b9bb61/) (mnemonic, NO). [Olivier Caleff](https://www.linkedin.com/in/caleff/) was also re-elected as Chair of the Board of Directors, beginning his second term in the role.\n\n*\"FIRSTCON26 covered the full spectrum of what keeps CISOs and defenders up at night,\"* said Chris Gibson, CEO of FIRST. *\"The innovations and partnerships forged here this week are exactly how the security community stays ahead.\"*\n\nThe 38th Annual FIRST Conference is [supported by](https://www.first.org/conference/2026/sponsorship-team) a global lineup of industry leaders and innovators, including Gold sponsors, Dream and VMRay; Silver sponsors, Group-IB and Tidal Cyber; Bronze sponsors, Apura, Censys, Command Zero, CTM360, Daylight, Modat, NRD Cyber Security, Spamhaus & abuse.ch, TeamT5, and Volexity; Social Sponsors, Adobe and Cisco; Exhibitors, Analyst1, Arcanna, Bureau Veritas Cybersecurity, Flare, Nore Security, SOCRadar, Spacewalk, and Stairwell; Capture the Flag Supporters, CERT.br and ZeroFox; and Supporting sponsors, Hitachi, CIRCL, and Adobe.\n\nAlso available in [PDF](FIRST-Press-Release-20260619.pdf)\n\nIssued on behalf of FIRST. For further information please contact [pr@first.org](mailto:pr@first.org).\n\n### About FIRST\n\nFIRST aspires to bring together incident response and security teams from every country across the world to ensure a safe internet for all. Founded in 1990, the Forum of Incident Response and Security Teams (FIRST) consists of internet emergency response teams from more than 860 member teams, 205 liaisons, and 4 associates spanning corporations, government bodies, universities and other institutions across 118 countries in the Americas, Asia, Europe, Africa, and Oceania. For more information and to see the full calendar of events, visit: FIRST.Org.\n\nConnect with FIRST on social media via [Bluesky](https://bsky.app/profile/first.org), [GitHub](https://github.com/FIRSTdotorg), [LinkedIn](https://www.linkedin.com/company/firstdotorg), [Mastodon](https://infosec.exchange/@firstdotorg), [Meta](https://www.facebook.com/FIRSTdotorg), [X](https://x.com/FIRSTdotOrg) and [YouTube](https://www.youtube.com/c/FIRSTdotorg).\n\nFri, 19 Jun 2026 19:00:00 +0000", "url": "https://wpnews.pro/news/first-concludes-firstcon26-amid-record-surge-in-cyber-vulnerabilities", "canonical_source": "https://www.first.org/newsroom/releases/20260619", "published_at": "2026-06-19 19:00:00+00:00", "updated_at": "2026-06-19 19:44:08.235642+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "artificial-intelligence", "ai-ethics"], "entities": ["FIRST", "CISA", "Chris Butera", "Chris Inglis", "Fortinet", "Internet Society", "ECOWAS", "GIZ"], "alternates": {"html": "https://wpnews.pro/news/first-concludes-firstcon26-amid-record-surge-in-cyber-vulnerabilities", "markdown": "https://wpnews.pro/news/first-concludes-firstcon26-amid-record-surge-in-cyber-vulnerabilities.md", "text": "https://wpnews.pro/news/first-concludes-firstcon26-amid-record-surge-in-cyber-vulnerabilities.txt", "jsonld": "https://wpnews.pro/news/first-concludes-firstcon26-amid-record-surge-in-cyber-vulnerabilities.jsonld"}}