Hot Takes from Black Hat 2025

Twenty-five years ago, I attended my first big cyber convention—DEF CON 8 at the Alexis Park Hotel in Las Vegas. Over time, this old-school hacker playground coalesced with two other Vegas security gatherings (BSides Las Vegas and Black Hat USA) into a string of three consecutive events we affectionately call “Hacker Summer Camp.” 

This year’s Black Hat gathering reinforced several big issues that should be on every security leader’s radar. Here are a few of my top takeaways, along with some hot industry names to watch and some general observations.  

1. Don’t Sleep on Insider Threats

Right now, insider risk accounts for approximately 60% of breaches. This number will likely keep rising due to increasing layoffs and the tendency of AI tools to share absolutely anything they can get their hands on unless specifically set up not to.  

Insider threats are always challenging because they look like everyone else and use legitimate credentials. Traditional security tools have always had trouble getting the context needed to properly analyze this nuanced threat landscape. This remains the big challenge for tomorrow’s tools to tackle. 

• Gurucul is making waves with behavior-based insider threat detection that doesn’t rely on fixed rules and adapts to evolving baselines and user context. 
• Island is a managed enterprise browser offering far deeper visibility, control and protection at the browser-level compared to traditional consumer-focused options. 

2. Social Engineering is Running Wild 

Have you heard the hot new slogan in our industry? “Attackers aren’t breaking in, they’re logging in.” This line is popular for a reason.  

Bottom line: the bad guys are absolutely thriving on social engineering right now. Closing this gap will require much more than stronger MFA. It’s all about continuous authentication, stronger help-desk verification and step-up auth for privilege changes. 

Names to Know: 

• Grip Security is redefining how enterprises detect and manage identity risks across SaaS apps, helping organizations identify unmanaged accounts and shadow access before attackers do. 

• Okta remains a leader in access management, and their recent emphasis on identity threat detection and response shows a commitment to evolving even further. 

3. Data Governance Needs Major Work 

Modern AI tools like Microsoft CoPilot are surfacing all sorts of sensitive data employees “technically” have permission to see but probably shouldn’t. The old tag-and-label model fails big-time when you have AI stitching together information in real time. 

Right now, businesses are deploying these new tools faster than their data governance frameworks can keep up. Thankfully, there are some interesting tools emerging to close this gap. 

Names to Know: 

• Cyera brings real-time data visibility and context-aware classification to the AI era, helping orgs understand what data they have, where it lives and how it’s being accessed. 

• Varonis continues to lead in securing unstructured data by offering intelligent data mapping and least privilege enforcement to lock down overexposed information—especially important in AI-charged environments. 

4. The Bad Guys are Winning the AI Arms Race 

When it comes to AI-powered automation, cybercriminals are currently moving much faster than their cybersecurity adversaries.  

This is not unexpected, since the bad guys often have first-mover advantage during times of rapid advancement. Still, it’s up to the defenders to start stepping up our game. 

Names to Know: 

• Abnormal AI uses behavioral AI to detect socially engineered email attacks that bypass traditional filters. 

• Pentera brings AI to offensive security, using automated red teaming to simulate attacks and expose weak points before attackers find them. 

• Picus Security offers Breach and Attack simulation that integrates into your security solutions and recommends policy configuration for closing any gaps found during purple team exercises.  

5. The SOC of the Future? 

SOC modernization is absolutely critical for anyone in the cybersecurity space. It’s also stressful, expensive and potentially risky. No wonder some experts have started comparing it to “heart surgery on a moving train.”  

Most of us can see that AI will reshape the way SOCs operate. Very few of us can tell you exactly how. One thing is for sure: it’s going to be a challenge to determine exactly what data should go to humans and what should be turned over to AI without creating more short-term problems than you solve.  

Names to Know: 

• SentinelOne’s hyperautomation is incredibly powerful, connecting everything, accelerating the response and boosting efficiency.   

• Gurucul is helping teams evolve from reactive to proactive by integrating AI-driven threat prioritization and response recommendations right into the analyst workflow. 

Assorted Hot Takes: 

The Rise of the Vendor Hall 

Over the years the mix of attendees at Black Hat has made a complete 180. Back in the day, there were roughly 25% vendors and 75% practitioners. Today it’s more like 75/25.  

That’s not a bad thing. Today, the vendor hall has become the gravitational center of the event. If you want to see where the security industry is headed, the Black Hat vendor floor is the place to do it. It’s absolutely massive, featuring multi-million-dollar booths, senior leadership on site, engineers ready to demo roadmaps and a chance to talk with peers about what actually works. It’s one of the places where we were able to meet up with many of the names mentioned above. 

Avoid Fast Cars with Bad Brakes 

Throughout my time at Black Hat, one thing became crystal clear—AI is no longer part of the conversation; it is the conversation. Last year AI was often the “extra feature” in the sales pitch. This year it’s the engine powering nearly every solution.  

Unfortunately for some organizations, they seem to be dropping an F1 engine into a family sedan. But as I heard one attendee explain, real race cars need to be able to stop just as fast as they go. That’s why they always have giant brakes to match their scary speed.  

My takeaway from this extended metaphor? If you don’t have the governance and visibility to match the speed and power today’s AI is bringing to the table, you’re just an accident waiting to happen. 

Real Talk with the CISO Society:  

“Working in cybersecurity is like playing an endless game of Tetris. Your successes disappear instantly, but your failures keep stacking up.” -Overhead at Black Hat 2025 

This quote is such a perfect metaphor for cybersecurity, where the wins are mostly invisible, but the misses are on display for everyone to see.  

That’s why some of my favorite personal moments of the week came at an event hosted by The CISO Society. This wasn’t about vendor pitches or new threat vectors. This was a group of respected industry peers talking candidly about the challenges and opportunities we are all facing.  

I was especially happy to hear respected professionals speaking so openly about how challenges like staffing shortages and burnout have impacted their day-to-day wellbeing.  

For me, Black Hat is always a great reminder that this industry evolves so fast, but the fundamentals always matter. 

That’s one of the reasons I enjoy doing this work at Inversion6. We don’t believe in chasing shiny tools just to have them. We believe in right-sized, outcome-oriented cybersecurity investments.  

The work is never easy, but the goal is always simple—to help you decide where to invest, when to invest and how much to invest so your security posture grows with your business.