FIRST Concludes FIRSTCON26 Amid Record Surge in Cyber Vulnerabilities

The Forum of Incident Response and Security Teams (FIRST) concluded its 38th annual conference in Denver, highlighting a record surge in cyber vulnerabilities driven by AI-assisted discovery, with 2026 on track to reach 66,000 CVEs. The event featured keynotes from CISA and former US National Cyber Director Chris Inglis, and announced expanded global capacity-building initiatives including renewed funding from Fortinet and new support from the Internet Society.

FIRST Concludes FIRSTCON26 Amid Record Surge in Cyber Vulnerabilities Five-day summit highlights AI-driven CVE spikes, breakthrough incident response frameworks, and a major expansion of global capacity-building initiatives DENVER, CO - JUNE 19, 2026 - Today, the Forum of Incident Response and Security Teams FIRST has successfully concluded the 38th Annual FIRST Conference https://www.first.org/conference/2026/ FIRSTCON26 , bringing together the world’s cybersecurity professionals from across government, critical infrastructure, and the private sector in Denver, Colorado. The event served as a global gathering point for incident response teams, CERTs, government agencies, and enterprise security leaders to collaborate, share intelligence, and develop strategies they can bring back to strengthen their programs and the broader security ecosystem. Speaking against the backdrop of the FIFA World Cup taking place, Chris Butera https://www.linkedin.com/in/christopherbutera/ , Acting Executive Assistant Director for CISA's Cybersecurity Division, opened the event by drawing a pointed parallel between the sport and the work happening at FIRSTCON26: “In soccer, the best teams move the ball quickly, creating opportunities and helping teammates respond to changing conditions. Cybersecurity works the same way,” said Butera. “This is such a unique gathering to have security researchers, the national CERTs, and the major product vendors all gathered in one place, building the trust and operational partnerships needed to solve the world's hardest cybersecurity problems." A Historic High: AI Fuels CVEs to Hit 66,000 in 2026 FIRST kicked off the conference by releasing its mid-year 2026 vulnerability forecast https://www.first.org/blog/20260615-vulnerability-forecast-update . Fueled in large part by AI-assisted vulnerability discovery, 2026 is now on track to reach approximately 66,000 CVEs —a 46.3% overage against the initial annual forecast, representing roughly 6,420 vulnerabilities ahead of pace. During his keynote, former US National Cyber Director, Chris Inglis emphasized that as adversaries leverage rapid AI adoption to scale unpredictable attacks, defenders can no longer rely on rigid textbooks. True defense requires built-in redundancies, human-in-the-loop operational control, and a shared "coalition defense" model bridging the private sector, infrastructure providers, and global governments. “The most fundamental anchor for resilience is in the components and in the composition. You have to know your architecture better than they do. When you get off course, you want to know exactly where you want to navigate back,” said Inglis. FIRST CORE Marks a Year of Growth with Renewed Funding and Global Expansion Following its launch at the 2025 Annual Conference in Copenhagen, FIRST CORE part of FIRST's Community and Capacity Building https://www.first.org/community program enters its next phase of global growth backed by new critical investments. Founding supporter Fortinet https://www.first.org/newsroom/releases/20250623 renewed its commitment to the program, sustaining sponsorship for regional liaisons, mentors, innovative incident response training, and the Suguru Yamaguchi Fellowship Program for underrepresented regions. This follows recent support from the Internet Society and Internet Society Foundation https://www.first.org/newsroom/releases/202603-9 , who joined in 2026 as sponsors via the Common Good Cyber Fund CGCF to address the persistent underfunding of essential cybersecurity capabilities. Additionally, FIRST launched a new capacity and trust building initiative in the Framework of the G7-ECOWAS Platform for Advancing Cybersecurity. Together with the German Federal Foreign the Economic Community of West African States ECOWAS and with Deutsche Gesellschaft für Internationale Zusammenarbeit GIZ GmbH as implementing partner, FIRST will support regional cyber Confidence-Building Measures CBMs . Organizations interested in supporting global incident response capacity can learn more and join the CORE supporters community at first.org/global/core https://www.first.org/global/core . Special Interest Groups SIGs News and Developments FIRST’s Exploit Prediction Scoring System EPSS SIG deployed its live v2026.06.15 refresh, delivering updated exploitation probability scores for every public CVE. The daily model retraining serves as a vital tool for dynamic threat prioritization amidst an accelerating risk landscape. Latest scores are available at first.org/epss https://www.first.org/epss/ . FIRST DNS Abuse SIG discussed the recently released DNS Abuse Techniques Matrix v1.3 https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix v1.3.pdf , continuing its work to catalog and classify DNS-based threats to support the global incident response community. FIRST Cybersecurity Communications SIG is developing a comprehensive assessment to help Incident Response teams benchmark their current capabilities and identify areas for improvement. FIRST Metrics SIG has completed the Metrics for the CSIRT Services Framework v1.1 https://www.first.org/global/sigs/metrics/metrics csirt services framework v1-1 in collaboration with the FIRST CSIRT Framework Development SIG . FIRST Cyber Threat Intelligence SIG is preparing to release version 5 of its CTI curriculum incorporating community feedback gathered on-site. The SIG continues its efforts to unify terminology across the CTI space and provides onboarding resources, including business and technical-stakeholder slide decks, to help new teams establish CTI programs. Technical Breakthroughs & Additional Announcements New and critical security frameworks, tools, Special Interest Groups SIGs , and research insights aimed at automating defense and managing AI risk were showcased during the event: Apura Cyber: Showcased BTTneo https://content.apura.io/bttneo , a next-generation cyber threat intelligence platform combining agentic AI with human-in-the-loop analysis. Vishal Thakur & Atlassian: Showcased PR3TACK https://pr3tack.org/ , a preemptive threat intelligence framework that catalogues technically feasible but not-yet-observed adversary techniques. Flare: Unveiled StealerLens https://www.youtube.com/watch?v=Kcj 2axf2hI&feature=youtu.be , a free LLM-powered tool that compresses hours of infostealer log forensics into minutes. Modat: Introduced native Passive DNS intelligence https://www.modat.io/post/modat-passive-dns to its Magnify platform, enabling investigators to pivot across infrastructure data in a single graph. Jumpmind: Unveiled CIRCUIT https://www.jumpmind.com/blog/company-news/eric-zielinski-open-source-ai-interpretability-framework/ , an open-source framework providing an auditable view of how AI systems make security decisions. Spamhaus: Announced significant enhancements https://www.spamhaus.org/resource-hub/undefined/spamhaus-cert-insight-portal-enhanced-botnet-c-and-c-intelligence/ enriched-data-botnet-c-amp-c-activity-in-your-region to its CERT Insight Portal, delivering enriched botnet data to over 100 government-funded CERTs. TeamT5: Debuted its ThreatVision Cybercrime Intelligence offering https://teamt5.org/en/posts/teamt5-shares-cybercrime-intelligence-cases-at-firstcon-urges-continued-attention-to-emerging-attack-techniques/ alongside original research on APAC-based short-video and crypto cybercrime campaigns. FIRST also welcomed its newly elected Board of Directors https://www.first.org/about/organization/directors for the 2026–2027 term https://www.first.org/about/organization/directors y2026 , appointing Logan Wilkins https://www.linkedin.com/in/loganw3/ Cisco, US and welcoming back returning board member Mona Elisabeth Østvang https://www.linkedin.com/in/mona-elisabeth-%C3%B8stvang-3b9bb61/ mnemonic, NO . Olivier Caleff https://www.linkedin.com/in/caleff/ was also re-elected as Chair of the Board of Directors, beginning his second term in the role. "FIRSTCON26 covered the full spectrum of what keeps CISOs and defenders up at night," said Chris Gibson, CEO of FIRST. "The innovations and partnerships forged here this week are exactly how the security community stays ahead." The 38th Annual FIRST Conference is supported by https://www.first.org/conference/2026/sponsorship-team a global lineup of industry leaders and innovators, including Gold sponsors, Dream and VMRay; Silver sponsors, Group-IB and Tidal Cyber; Bronze sponsors, Apura, Censys, Command Zero, CTM360, Daylight, Modat, NRD Cyber Security, Spamhaus & abuse.ch, TeamT5, and Volexity; Social Sponsors, Adobe and Cisco; Exhibitors, Analyst1, Arcanna, Bureau Veritas Cybersecurity, Flare, Nore Security, SOCRadar, Spacewalk, and Stairwell; Capture the Flag Supporters, CERT.br and ZeroFox; and Supporting sponsors, Hitachi, CIRCL, and Adobe. Also available in PDF FIRST-Press-Release-20260619.pdf Issued on behalf of FIRST. For further information please contact pr@first.org mailto:pr@first.org . About FIRST FIRST aspires to bring together incident response and security teams from every country across the world to ensure a safe internet for all. Founded in 1990, the Forum of Incident Response and Security Teams FIRST consists of internet emergency response teams from more than 860 member teams, 205 liaisons, and 4 associates spanning corporations, government bodies, universities and other institutions across 118 countries in the Americas, Asia, Europe, Africa, and Oceania. For more information and to see the full calendar of events, visit: FIRST.Org. Connect with FIRST on social media via Bluesky https://bsky.app/profile/first.org , GitHub https://github.com/FIRSTdotorg , LinkedIn https://www.linkedin.com/company/firstdotorg , Mastodon https://infosec.exchange/@firstdotorg , Meta https://www.facebook.com/FIRSTdotorg , X https://x.com/FIRSTdotOrg and YouTube https://www.youtube.com/c/FIRSTdotorg . Fri, 19 Jun 2026 19:00:00 +0000