Join us for an evening of fun at this month’s hack::soho taking place 26 March, 6pm – 9pm GMT, set up to be a loose networking environment where cyber security professionals can chat, get some complimentary food & drink, and discuss rising global trends.
This month’s hack::soho features a talk from Viola Lykova, Senior Software Engineer. The abstract of the talk, ‘Auth Under Attack, Designing AI-Ready Login Flows That Don’t Collapse in the Real World,’ is below!
hack::soho is a monthly event hosted at our London, UK office for the cybersecurity and hacking community to discuss all things security over food and refreshments. We welcome you to invite others in your circle to extend our collective network.
Spots are limited, so please use real contact details to confirm your registration. We will not sell, distribute, or use your contact information outside of sending you details about upcoming hack::soho meetups.
We hope you can join us!
Not able to make it to this hack::soho in person? No worries, we will livestream the presentation portion kicking off around 7pm GMT on 26 March. Join the livestream and bookmark the page here.
ABSTRACT
Authentication isn’t “a login page” anymore. It’s an adversarial system under constant pressure from credential stuffing, MFA fatigue, token theft, session hijacking, OAuth edge cases, and social engineering. In this talk, I’ll walk through how modern auth fails in production, how attackers chain small weaknesses into account takeover, and what “good” looks like in 2026, including passkeys/WebAuthn, safer session and token lifecycles, risk-based step-up controls, bot defenses, and detection that actually catches abuse. I’ll also cover the AI angle and explain how automation and agentic tooling scale phishing, reconnaissance, and support-workflow abuse, and what teams can do to stay resilient.
PRESENTER’S BIO:
I’m a Senior Software Engineer in London with an SRE mindset, building and operating secure, high-traffic distributed systems in fintech and ecommerce. I focus on authentication, reliability, and incident-driven engineering, hardening critical auth flows against real abuse and improving resilience in production. I’ve delivered two public talks in 2025 (links below) and was invited with full sponsorship to speak internationally through Ministry of Testing.