TL;DR: Threat intelligence is increasingly converging with identity, access, and machine-account governance, not just malware analysis, as CrowdStrike’s Day Zero summit on Aug. 30 to Sep. 1, 2026 will bring together threat researchers, reverse engineers, and intelligence leaders for original research on adversary tradecraft, vulnerability exploitation, fraud, and AI-era offensive techniques, according to CrowdStrike.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Day Zero will feature about 16 sessions and 25 presenters for 150 invited participants.
- Tickets are priced at $895 per person.
- Day Zero talks will run for 30 or 45 minutes depending on depth and scope.
Questions worth separating out
A: Teams should treat the research as a prioritisation signal, not a generic awareness event.
Q: Why do exposed systems matter so much to IAM and NHI programmes?
A: Exposed systems often reveal the identity layer before defenders realise it.
Practitioner guidance
- Map exposed infrastructure to identity artefacts Review externally visible systems for secrets, tokens, admin consoles, and machine credentials.
- Shorten response time for public exploit signals When a public talk, paper, or disclosure matches your stack, run a fast validation cycle across the relevant identity paths.
- Reassess approval workflows against AI-assisted tradecraft Test whether current approvals, logging, and revocation steps still hold when attacker decisions accelerate through AI-assisted reconnaissance or phishing.
What to expect at the briefing
CrowdStrike's full event page covers the operational detail this post intentionally leaves for the source:
- Full agenda timing across the opening reception, morning keynotes, and parallel afternoon tracks.
- Speaker list and topic pairings for each session, including the threat research and AI security talks.
- Attendance logistics, pricing, and invitation process for the closed-door summit.
- Information about the later Fal.Con access included with Day Zero tickets.
👉 Register for CrowdStrike's Day Zero 2026 summit on threat research and adversary tradecraft →
Day Zero 2026: what threat researchers are saying about identity risk?
Explore further
Day Zero is a threat-research event, but the real identity story is the collapse of the boundary between adversary tradecraft and access governance. Sessions on exposed infrastructure, social engineering, and AI-enabled offensive methods all point to the same problem: attackers increasingly look for identity primitives before they look for payloads. That means threat research and IAM can no longer be treated as separate conversations. Practitioners should read the agenda as proof that identity has become part of the intrusion path, not only part of the defence stack.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why exposed infrastructure becomes an identity discovery problem so quickly.
A question worth separating out:
Q: What should IAM teams learn from AI-assisted offensive tradecraft?
A: They should assume attacker decision loops can accelerate. That means review, approval, and revocation processes need to be fast enough to keep up with automation that iterates on reconnaissance or abuse in near real time, especially where service accounts and delegated access are involved.
👉 Read our full editorial: Day Zero 2026 signals threat research is becoming identity-relevant