I spent July 1st at Wiz Club Amsterdam, an invite-only gathering for senior security leaders held on the water in Amsterdam. The format is deliberately different from a typical vendor conference: fewer product pitches, more open conversation between people who are actually running cloud security programs at scale.

Winning AI with AI: The Opening Keynote
The day opened with Jan Verhagen (Regional Director, Northern Europe, Wiz), Joep Gerrits (Regional Director, Benelux, Wiz), Joost Smits (Country Lead BeNeLux, Google), and Vitaliy Siciliano (Solutions Engineering Manager, Wiz) on the theme “Winning AI with AI: The Journey to Machine-Speed Cloud Defense.”
The core argument: attackers are already using AI to find and exploit misconfigurations faster than manual review cycles can keep up with. Defending against a machine-speed threat with human-speed processes is a losing position regardless of how good the humans are. The response has to be structural — AI-assisted detection, automated prioritization, and reduced time between a vulnerability appearing and it being remediated.
Customer Spotlights: Booking and Mews
Two customer talks grounded the keynote theme in production reality.
Georgia Bekiaridou (Senior Technical Product Manager, Booking) presented “New Threats, Old Vulnerabilities, Same Visibility Challenge” — a reminder that most cloud incidents still trace back to fundamentals: assets nobody tracked, permissions nobody reviewed, exposure nobody noticed. AI changes the speed of attack, not the nature of the underlying gaps.
Terry Brown (Head of Platform Engineering Security, Mews) spoke on “Securing AI-Accelerated Development at Scale” — the platform engineering side of the same problem. As AI coding tools accelerate how fast engineering teams ship, the security function has to scale its own throughput to match, or it becomes the bottleneck everyone routes around.
Threat Research: Preparing for AI-Driven Threats

Rami McCarthy (Cloud Risk Research Lead, Wiz) closed out the technical sessions with “Mythos and Beyond: Preparing for AI Threats.” The practical takeaways translate directly into a working checklist for any security team:
- Reduce your attack surface. Systems that do not need to be exposed should not be. Isolate what does not need external connectivity.
- Accelerate patching processes. AI is compressing the time between vulnerability disclosure and exploitation — delayed patching, especially on operational systems with long update cycles, is now a strategic liability, not just technical debt.
- Address legacy systems. Unsupported systems are the easiest targets in the environment, precisely because nobody is watching them closely.
- Review and strengthen identity and access controls. Limit who can reach critical systems, enforce strong authentication, and review permissions on a real cadence rather than once a year.
- Prepare for incidents before they happen. Test response plans, train the team, and plan on the assumption that a breach will occur — the differentiator is fast containment and recovery, not prevention alone.
None of these five are new ideas. What has changed is the urgency: AI has shortened the window in which each one matters.
Stories From the Field: The Customer Panel

The closing panel, “Stories From the Field,” brought together Harish Haridasan (Director of Enterprise Security, Booking), Nir Chervoni (Head of Security Products, Nebius), and Jeroen Mol (Director, Domain Lead Secure Foundation, Philips) for an unusually candid discussion of what cloud security maturity actually looks like across very different environments — a travel platform, a cloud/AI infrastructure provider, and a global industrial and healthcare technology company.
The common thread across all three: maturity is less about the tooling stack and more about whether the organization has agreed on ownership. Who owns a finding. Who owns the remediation deadline. Who gets escalated to when that deadline slips. The technology differences between Booking, Nebius, and Philips are large; the accountability model each of them has had to build is strikingly similar.
Thank You to the Partners

Wiz closed the formal program by recognizing the partners who supported the event: AWS, Google Cloud, Microsoft, Accenture, Deloitte, UPRIGHT, and Cribl. The mix says something about where cloud security actually gets built in practice — the hyperscalers whose platforms hold the workloads, and the systems integrators and specialist vendors who help enterprises operationalize the controls on top of them.
Why This Format Works
What made Wiz Club Amsterdam worth the day was not any single talk — it was the density of practitioners in one room. Between the networking lunch, the evening BBQ, and the closing cocktail hour, there was more time built into the agenda for unstructured conversation than for scripted content. For senior security leaders comparing notes on cloud security maturity, that ratio is exactly right.
Related Reading
- AI Security Engineers Community Amsterdam: Multi-Tenant
- AI Governance in Practice: Findings Remediation and Agent Identity
- Cloud Security Posture Management (CSPM) for the Enterprise
- OWASP Top 10 for LLM Applications
About the Author
I am Luca Berton, AI and Cloud Advisor. I work at the intersection of cloud security, platform engineering, and enterprise AI deployments. Book a consultation.