Black Hat is one of the world’s largest cybersecurity conferences, a place where the latest research, practitioner insights, and global trends converge. In 2025, it stood out even more as discussions gravitated toward the role of artificial intelligence in both defense and offense.
We analyzed the sessions, expert commentaries, and industry reactions to distill the most compelling takeaways - from the practical rise of agentic automation and AI-driven attack surfaces to real-world examples of international collaboration in countering cyber aggression against Ukraine.
A Brunch with Substance
Away from the chaos of expo halls and crowded lobbies, Foundation Capital and Forgepoint Capital hosted their 8th annual Executive Security Brunch. With 35 Global 2000 CISOs, 20 early-stage founders, and a handful of channel partners in the room, the discussions cut straight to the heart of today’s security landscape.
Three big themes emerged:
1. Agentic automation is crossing from hype into practice. CISOs shared real-world examples of new startup tools automating workflows across SOC operations, threat intel, red teaming, and even identity. For the first time, AI in security feels tangible. Prime Security’s win at the Black Hat Startup Spotlight only underscored the shift.
2. AI is opening new attack surfaces. From autonomous malware to hyper-personalized phishing, deepfakes, and vulnerabilities in AI-driven apps - the creativity of attackers is evolving at the same pace as defenders.
Organizations are no longer just defending networks - they must contend with systems that can think and act autonomously.
3. Cyber M&A is hotter than ever. The year has already seen two megadeals - Google acquiring Wiz for $32B and Palo Alto Networks snapping up CyberArk for $25B. At the same time, smaller acquisitions like Protect AI, SafeBase, and Prompt Security are reshaping the market.
Demand for mergers and acquisitions in cybersecurity remains extremely high, with the consolidation wave showing no signs of slowing down.
AI: Offense Gains the Edge
The most urgent discussions centered on the darker side of AI. The honeymoon is over. AI is beginning to automate nearly the entire attack chain, giving an advantage to those who use it offensively if defenders fail to adapt quickly. Ransomware gangs are already leveraging AI to scale initial access, hunt critical assets, and even manage ransom negotiations with chilling psychological precision.
Meanwhile, LLMs are failing at secure code generation - Veracode research shows only 55% of tasks result in secure code, a failing grade that isn’t improving even as models grow larger. The risk is clear: we’re building mission-critical systems atop unpredictable models that can be manipulated or poisoned at scale.
The warning echoed Ken Thompson’s classic 1983 words: “You can never trust code you didn’t write yourself”. Today, we’re delegating trust to machines whose inner workings even their creators don’t fully understand.
Courage as the Catalyst
But the message at Black Hat wasn’t one of despair - it was one of urgency and courage. As Joe Marshall reminded the room: “We’re not in the cybersecurity business; we’re in the saving civilization business”.
In one discussion, it was emphasized that joint actions by people and institutions have helped counter cyberthreats directed at Ukraine. Joe Marshall’s work, along with efforts from other organizations, was cited as an example of support provided to Ukraine during waves of attacks. It reinforced the point that cybersecurity is not only about business, but truly about safeguarding civilization - with the collaborative defense of Ukraine serving as a powerful illustration.
The heroes of past battles - Dan Kaminsky, Marcus Hutchins, Jen Easterly, Chris Krebs - were invoked as proof that courage, not technology, is what bends history.
The takeaway?
Speed is the enemy of security.
Guardrails must be built. Secure-by-Design has to be more than a slogan. And red-teaming AI must become as common as patching systems.
The window to act is still open, but it’s closing fast.
