It was a quick trip to Vegas for Black Hat. After 20 years of walking these halls—and 25+ years in cybersecurity—I keep coming back for one simple reason: this is where you hear what’s really happening in the trenches, not just what vendors want you to believe.
This year was both more of the same and a ‘little’ different. Tons of vendors, people everywhere, late nights, early mornings—a blend of fun, seeing colleagues, and serious business, as usual. What’s a little different is the focus. Exposure management was trending, but as many would expect, it was all ‘AI’…as it should be. This technology is changing the world – NOW. I’m blessed to have experienced the introduction of the ‘World Wide Web/Internet’ and now what is becoming an even bigger human transformation through Artificial Intelligence. But through all this – the more things change, the more they stay the same.
What Actually Mattered This Year
The AI security topic dominated conversations and trade show demos. But unlike last year, 2025 was about real implementation – from both the hacker side and the defense side.
The research quality was solid. Researchers weren’t just theorizing about AI threats; they were demonstrating concrete exploits against real systems. More importantly, they were showing how these attacks leverage the same fundamental weakness we’ve been dealing with forever: organizations don’t know what they have (limited asset visibility), what they are missing (security gaps or exposures), or simply outdated or under patched.
The vendor conversations were more mature too—more exposure management versus vulnerability management. And less “revolutionary AI-powered everything” and more “here’s how we solve this specific operational problem.” Progress.
The Same Old Problems in New Packaging
The Business Hall is like a theater. Too many booths with flashy demos that showcase perfect-world scenarios that don’t exist in real enterprises. After talking to hundreds of security leaders, I can tell you they’re tired of being sold solutions to problems they don’t actually have or don’t actually work, while their real problems go unaddressed. As a CMO for most of the now big names in cybersecurity (TippingPoint/HP, Sourcefire/Cisco, Fortinet, Cylance/Blackberry/ArcticWolf, Javelin Networks/Symantec, JASK/SumoLogic and now Sevco Security) I was part of the marketing problem too. It’s a fight for eyeballs and attention, but challenges the real purpose of this event – solving hard problems, simply.
The networking felt more corporate and less authentic than in previous years. The best conversations still happen in the hallways and over dinner, not in the structured events that feel increasingly like sales pitches. We had intimate conversations in our Suite, sitting on stools at the House of Blues, and grabbing coffee.
Unfortunately we’re still struggling with the same company funding/size diversity issues that have plagued this conference for years. The perspective remains heavily skewed toward large enterprise environments, with limited practical guidance for the mid-market organizations that make up the majority of the economy.
Three Things That Will Actually Help You
Based on what I saw and heard—both on stage and in those crucial hallway conversations—here are the takeaways that matter:
- First: Asset visibility isn’t just important anymore, it’s existential. Every attack scenario discussed last week started with the same premise: attackers exploiting assets that organizations didn’t know they had or couldn’t manage effectively. Whether it’s shadow AI tools, forgotten IoT devices, or legacy systems that should have been decommissioned years ago, the pattern is consistent. You can’t protect what you don’t know about. This isn’t new, but the scale and speed at which new assets are being deployed makes traditional approaches obsolete.
- Second: AI defense requires understanding AI offense. The most valuable sessions showed how attackers are using AI to automate reconnaissance, generate convincing phishing campaigns, and adapt their tactics in real-time. Defensive strategies that don’t account for AI-augmented adversaries are already behind the curve. But here’s the key insight: the fundamentals of good security—knowing what you have, keeping it updated, and taking a more holistic exposure management approach—become even more critical when facing AI-powered attacks.
- Third: Automation isn’t optional anymore. Every mature security organization at this conference had invested heavily in automated detection and response capabilities. The volume and velocity of threats have reached a point where manual processes simply can’t keep pace. But successful automation isn’t about replacing humans—it’s about enabling them to focus on the decisions that actually require human judgment while machines handle the repetitive data collection and correlation work. And all of these AI efforts require QUALITY data. As we say at Sevco – bad data, bad decisions. AI only exacerbates this. Hence hallucinations and simply bad or misleading (yet highly convincing) responses by AI native tools can make the matter worse.
The cybersecurity industry has a bad habit of getting distracted by shiny new technologies while ignoring fundamental problems. Black Hat 2025 showed that the organizations getting ahead of threats are the ones focusing on the basics: comprehensive asset visibility, automated data collection, and human expertise applied in conjunction with AI.
The attackers already understand your network better than you do. The question is: what are you doing about it?