Agentic Security Takes The Stage At Black Hat 2025

Posted by Tony Bradley, Senior Contributor | 4 hours ago | /cybersecurity, /enterprise-tech, /innovation, Cybersecurity, Enterprise Tech, Innovation, standard, technology | Views: 7


The cybersecurity community has descended once again on Mandalay Bay in Las Vegas for Black Hat USA 2025—and the mood feels different this year. It’s not just hype about AI anymore. It’s execution.

Vendors and experts aren’t just talking about artificial intelligence—they’re showing how they’re using it to solve real problems: shrinking response times, reducing alert fatigue and helping defenders reclaim control. Whether it’s in the SOC, across the hybrid cloud, or embedded in application security, agentic AI is front and center.

And that’s not just a guess—it’s coming straight from the folks driving the agenda.

“At Black Hat USA this year, I expect agentic AI to take center stage—particularly how autonomous systems can act as intelligent partners within the SOC,” said John Peterson, chief development officer at Sophos. “The conversation will shift from AI as a tool to AI as a teammate.”

That shift—from tool to teammate—is a theme echoed across the board.

From Concept to Capability

For years, AI was the shiny object at cybersecurity conferences. Now, we’re seeing signs of real maturity.

“AI is no longer treated as a trend,” said Jon France, CISO at ISC2. “It is becoming a core part of how security teams operate.” According to ISC2’s 2025 AI survey, 44% of cybersecurity professionals say their organizations are actively rethinking roles and skills to keep up.

That shift is visible in the agenda. Nearly 30 sessions are focused on AI, machine learning, or data science—including a full-day AI Summit aimed at helping practitioners integrate these technologies responsibly.

Black Hat has also become a launchpad for the operationalization of GenAI in detection, response and risk management.

“This feels like a defining moment,” said Anurag Gurtu, CEO of Airrived AI. “Agent-based automation is starting to reshape how teams approach everything from threat hunting to GRC.”

The Threat Landscape Evolves—So Do Defenders

Of course, it’s not just defenders who are evolving. Attackers are adapting fast—and Black Hat 2025 will spotlight the growing threat of AI-generated phishing, LLM prompt injection and social engineering powered by generative models.

That’s what excites Nic Adams, CEO of 0rcus.

“Events delving into the university model for scaling novel attacks on LLMs and the subsequent development of countermeasures has piqued my interest,” Adams said. “Conversations will be centered around the real-world impact of AI’s incorporation into the systems on which we all depend.”

Michael Mumcuoglu, CEO of CardinalOps, sees AI as a catalyst for proactive defense.

“Agentic AI workflows can autonomously analyze attack surfaces, understand adversarial behaviors and carry out remediation in real-time,” he said. “It’s a shift from reactive defense to anticipatory strengthening.”

Hardware Identity, Supply Chains and “Phantomization”

AI isn’t the only story this week.

Mike Malone, CEO of Smallstep, is looking at the growing importance of hardware-bound identity in Zero Trust models. “Verifying trusted hardware is increasingly essential,” he said, especially with AI systems initiating their own actions.

Meanwhile, Michael Montoya, COO at BlueVoyant, is tracking new threat vectors through supply chain vulnerabilities. “Third parties have become a new perimeter,” he warned. “Our data shows 81% of C-level executives were negatively impacted by a third-party breach.”

He’s also expecting increased calls for tool consolidation, or what some are calling “phantomization”—a strategy to unify disconnected security tools in a hybrid and multi-cloud world.

That hybrid complexity is front of mind for others, too. “AI is starting to be considered more and more as a risk, and as an opportunity,” said Gil Geron, CEO and co-founder of Orca Security. “Using it for protecting environments is becoming essential to meet the challenges presented by internal usage of AI in terms of scale and privacy.” Geron points to the need for runtime and static protections that span public cloud, private cloud and on-prem infrastructure—especially as AI adoption accelerates.

From AppSec to the Security Graph

Software supply chain security and application security remain hot topics too.

“AI is transforming cybersecurity faster than any tech since the internet itself,” said Jonathan Rende, chief product officer at Checkmarx. “We’re focused on autonomous prevention by empowering developers and securing software throughout the supply chain.”

And then there’s the growing interest in graph-based security models.

“Black Hat 2025 will be a proving ground for cyber resilience,” said Raghu Nandakumara, senior director of industry strategy at Illumio. “I’m especially interested in how vendors are leveraging the security graph to deliver deeper visibility and context.”

What’s Real and What’s Marketing?

As always, there’s a fine line between innovation and buzzword overload.

Joe Levy, CEO of Sophos, offered a helpful lens: “The next wave in cybersecurity isn’t just about AI—it’s about convergence. Cybersecurity is becoming scalable, integrated and within reach for organizations of all sizes and means.”

And Ira Winkler, CISO at CYE, had a pointed reminder: “AI is really just math.”

He also noted a growing trend—Black Hat is increasingly less about the formal event and more about the gravity it creates. “You can fill your time entirely at side events. Black Hat has become more of a watering hole than a destination.”

That may be true. But for now, the gravity remains strong. And if this week’s conversations are any indication, the field of cybersecurity may be on the verge of its most significant transformation yet.



Forbes

Leave a Reply

Your email address will not be published. Required fields are marked *