Here’s What I’m Tracking for Black Hat 2025
The trends, sessions and meetups you won’t want to miss
- At Black Hat, look for signs that show how AI has moved from hype to help—we’ll walk you through them in this blog.
- GenAI is awesome, but it can also expose sensitive info, so look for solutions that help you keep your data locked down tighter than a Vegas poker face.
- Request your backstage pass to see Threat Tracer map the blast radius of attacks, while Black Hat and DEF CON villages serve up everything from orbital hacks to policy beats.
- Hit me up in Booth 5045, and don’t miss my BSidesLV Skytalk for the true-life tale of how my team of threat hunters helped ward off a nuclear catastrophe.
Black Hat is happening Aug. 2-7 at the Mandalay Bay in Las Vegas. Surrounding it, as always, is a constellation of related cybersecurity conferences for InfoSec professionals and hackers alike.
These events present all kinds of opportunities to learn, connect and, well, just have fun. It’s an amazing week many of us call Hacker Summer Camp because it’s so stuffed with everything a self-respecting cybersecurity geek can get excited about.
So faced with all that goodness and only 24 hours in a day, how do you choose what to focus on? Stick with me, friend. I’ve got recs.
Track these trends
For every attendee, the week of Black Hat is a big investment of time, money and energy, so you may as well make the most of it. From this weeklong grab bag of cool things to do and see, be sure you snatch the right things.
Let’s start with industry trends. Here are three I’m watching, and you should be too.
AI is maturing, and it’s actually helpful now.
For the past few years, AI has mostly been an effective marketing tool—more helpful to solution peddlers than actual practitioners. This has changed and, like all things AI, will continue to change. For instance, everyone reading this blog knows all too well the debilitating effect of alert fatigue; 83% of SOC analysts say they’re overwhelmed by alert volumes and false positives. Now, existing tools are starting to incorporate AI-powered features that help SOC analysts determine what’s worth tracking down.
If you visit Booth 5045 at Black Hat, you can get a quick demo of Incident Prediction, a remarkable new capability from Symantec that helps security teams stop bad actors by predicting an attacker’s next four or five moves with up to 100% confidence (with high-confidence predictions in 80% of real-world incidents). For this, Symantec married its acclaimed Adaptive Protection feature with AI (talk about a power couple) to create a tool that identifies an attacker’s likely path through your environment, automatically enforces protective policies before damage occurs and then reverts back to baseline once the threat is neutralized.
Vendors are focused on AI as a threat—even when the call’s coming from inside the house.
AI is a helpful accelerator of insight and processes, but it’s also becoming a tool of choice for threat actors as well as defenders. (You’ll likely hear a lot of folks talking about nefarious uses or variants of OpenAI’s Operator agent, which could beget the Next Big Headache.) Here’s the thing, though: Just using AI within your environment can leave your data vulnerable. Without the right controls in place, sensitive data can slide into whatever GenAI platform you’ve deployed (or employees and partners are using on their own) and end up in results shared with individuals and systems that aren’t authorized to see it.
Expect to see a focus on solutions that ensure your data stays safe not just against AI-powered threats, but also from your own AI platforms. Because without the right controls, you could find yourself in career-threatening “Whoops! How did that get there?” moments.
Insight and visibility are more important than ever.
As threats grow more sophisticated, seeing and stopping them becomes harder. But your best defense hasn’t changed—making sure you have a firm grasp on what’s happening in your environment. A new feature from Carbon Black is focused on just that.
Threat Tracer arms analysts investigating an attack with the ability to visually map the broader web of relationships between entities—like devices, users, processes and files—related to that attack. This goes way beyond what traditional process trees uncover, and helps identify possible avenues for lateral movement. Threat Tracer also reveals avenues for strategic remediation that avoids tipping off adversaries. If you want to visualize the potential blast radius of a particular attack, this is the feature for you.
Black Hat 2025 marks the world debut of Threat Tracer, and my fellow security nerds in Booth 5045 will be happy to pop open the hood for you.
Where the cool kids are
Amid the abundance that is Hacker Summer Camp, building your itinerary requires making choices. Allow me to recommend some choice options. (Black Hat pro tip: Download the Hacker Tracker app and you can add events and sessions to your schedule as you go.)
- Black Hat’s Arsenal: Check out this display of new tooling from individuals and small vendors that showcase cybersecurity innovations that may not yet be readily in use. Very cool new tools, often open-source, will be shown here. It’s a great way to glimpse the future.
- BlackHat vendor area: No other con has a swag game like Black Hat. I have long been pretty over stuffing my backpack, but if you want some spiffs for the team back home, or want a new set of t-shirts for the next year, it’s a good place to get a wardrobe refresh.
- BSidesLV/Skytalks: BSidesLV is a great event for practitioners, a true “how-to” experience. Skytalks at BSides are the real deal, with no recording devices allowed, so speakers can share freely without fear of leaking to unintended channels (side-eye emoji). This is where you hear the good stuff. For instance, yours truly will be throwing down at 5 pm Tuesday with my own Skytalk: Stopping the Nuclear Apocalypse with Threat Intel (Token 11). I’ll share the true story of how my team and I uncovered an attack targeted at backdooring or incapacitating nuclear reactor control systems. Yeah…that kind of apocalypse.
- DEF CON Aerospace Village: This village is dedicated to the research and exploits that can work against all manner of aviation and spacecraft. It’s home to the Hack-A-Sat Capture the Flag competition in which teams work on hacking an actual orbiting satellite. If you thought hacking was hard on an earthbound system, imaging relaying to an endpoint orbiting at 1,000 miles per hour.
- DEF CON Crypto and Privacy Village: Crypto in this case means privacy. This village is dedicated to making the internet and communications in general safer and more private. A lot of very cool projects are presented here.
- DEF CON Policy Village: If you are a policy writer or government risk or compliance officer, land here to see where many of the modern policies and even laws regarding InfoSec and connected communications got their start. It’s a great place to hear how the brightest minds in this space are shaping our future.
Hit the jackpot at Black Hat
Build your best agenda, and do your best to stick with it. If you are interested in how a dedicated, knowledgeable team, with access to quality threat intel and armed with excellent visibility into a targeted environment, can respond promptly to a threat with potentially catastrophic implications, I’d love to see you at my BSidesLV Skytalk. It’s a great story and a perfect illustration of why we all do what we do.
Done well, your Hacker Summer Camp agenda will act like a giant cybersecurity slot machine that pays off in a big, glittering pile of opportunities to learn, see fantastic new stuff, soak up the culture, make new friends and return home with a heroic amount of desirable swag.
But if you only do one thing, look me up in Black Hat Booth 5045 at the Mandalay. I’ll even steer you over to the Symantec and Carbon Black Legends Never Die AI photobooth that helps you live out your rock idol dreams by placing you on the cover of one of several legendary albums. Now that’s swag worth bragging about.