By Karen Burke and Chris Palm
With Black Hat USA 2025 now officially over, it’s time to reflect on what we saw and heard. With Black Hat reporting fewer in-person attendees than last year, attendance did appear lighter at both the sessions and on the exhibit floor. As predicted, AI was everywhere, including a stand-alone AI Summit and AI Pavilion. While the short-term impact of AI on the enterprise is clear, long-term impact on business and its users is still murky. AI adoption is happening fast – and not everyone is ready to reap its benefits or use it securely.
Here are a few quick takeaways from our trip to Las Vegas.
Summit-time
In our recent interview with Black Hat Vice President and General Manager Steve Wylie, he said this year’s conference “will be the largest content program we have ever produced. In addition to its traditional briefings, Black Hat expanded a few of its existing summits and added new ones, including a Financial Services Summit that took place a day before the event officially kicked off. For the third year in a row, we attended the Omdia Analyst Summit – it was the best one yet. This summit, which was largely focused on AI, sparked a number of interesting discussions around ROI for AI cybersecurity tools (it’s too early), the difference between AI-native and AI-enhanced cybersecurity tools (AI-native tools have the edge) and why a large share of companies end up deploying AI because it’s trendy, it feels like that’s what they should be doing, but without a clear strategy or business case.
Notable Keynotes
Nicole Perlroth, Jennifer Granick and Mikko Hyppönen were among the notable keynotes this year. Perlroth talked about her past 10 years covering cybersecurity for the New York Times, citing the Stuxnet, Sony, the DNC, and Colonial Pipeline attacks, among others. Hyppönen discussed how adversaries have evolved their attack techniques over the last 30 years, from viral computer viruses to ransomware, which “almost never replicates further. Today, if you want to make money, you don’t want to create outbreaks of malware, which could get out of control and end up infecting millions of computers,” said Hyppönen. Granick warned about “bulk” surveillance, from automatic license plate readers and drones to facial recognition and AI analyst tools, and urged the security audience to play “superhero” by protecting bystanders and their data from “suspicionless” surveillance. “We don’t know when our information has been acquired and don’t have any way of challenging it. We could have this information used against us at some point later on.”
Breakthrough Research
One of the highlights of Black Hat is attending the many threat research talks. While we attended a number of excellent presentations, we particularly enjoyed the research presented by Flare security researchers Estelle Ruellen and Olivier Bilodeau. They used LLM to analyze millions of screenshots of information stealer malware, from over 11 different malware families, executed on victim desktops.The analysis provided valuable intelligence on Indicators of Compromise (IoCs), malware activity and broader campaign patterns. WIth this analysis, the researchers were able to learn primary tactics threat actors used to lure their victims such as cracked software.
Community and Resilience
Black Hat Founder Jeff Moss opened the conference’s keynote sessions with the halting perspective that the cybersecurity field is entering “chaotic” times, of which we are just at the beginning rather than the middle or the end. He pointed to the turbulent intersection of the aforementioned disruptive AI technologies, but also to all too human dynamics such as seemingly irrational nation state rivalries driven by pride, trade frictions and dueling regulatory regimes—this, he noted, for an industry that long convinced itself it existed above and beyond politics.
But Moss optimistically asserted that this special community of technologists can adapt to this global turbulence and thrive through the power of the human community. He recounted an assignment he had with FEMA two decades ago that researched the resiliency of communities hit by hurricanes and other natural disasters. The project found that communities tied together by strong connections are always more resilient than those lacking them.
And human connections, he concluded, forged at conferences such as Black Hat can provide the resiliency cybersecurity needs to overcome whatever chaos and crises we might face in the future.
While Black Hat USA might be over, RSAC 2026 Call-for-Papers is in full swing, Billington is in a few weeks and SecTor and Black Hat Europe are just a few of the remaining cybersecurity conferences that will round out this year’s events. As you begin to play your activities for these shows, let’s stay in touch – we can help you maximize your investments and sharpen your storytelling.
