I just returned from Black Hat in Las Vegas, and once again, AI dominated all conversations on both the attack and defend side.
Here is a sample of some of the bold headlines coming out of the Black Hat event this year:
Dark Reading: Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights – “Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence.”
eSecurity Planet: Former New York Times Cyber Reporter Issues Chilling Warning at Black Hat – “Cybersecurity is no longer just about code — it is about people, power, and the fight for truth.
“Speaking Thursday at Black Hat USA 2025, Nicole Perlroth, former New York Times reporter and founding partner of Silver Buckshot Ventures, warned that digital threats have outpaced traditional defenses. Malware has gone quiet and autonomous. Ransomware operates like a subscription service. Artificial intelligence has begun to distort reality itself.
“She explained that cyber threats have moved beyond networks, now targeting public discourse, critical systems, and democracy itself.
“’But now the threats are being automated by AI and deployed at scale,’ Perlroth explained. ‘The question is not whether we can stop them. It’s if we even have the courage to try.’”
SC Media: Observations from Black Hat 2025: The human toll behind the headlines – “After spending a few days walking around Mandalay Bay for Black Hat 2025, one theme stood out more than the others: the widening gap between the security industry’s innovations and the well-being of its people.
“Yes, this year’s conference was once again dominated by discussions about AI, threat intelligence, ransomware, cloud security, and identity. And yes, vendors are buzzing with new product announcements. But the conversations that stuck with me — the ones that felt urgent — were from the people talking about burnout, about broken job pipelines, and about the increasingly frustrating search for meaningful, stable employment in security.
“Every year, attendees show up looking for their next opportunity, but this year the tone has shifted. The stories feel heavier, the anxiety more palpable. People are openly wondering whether anyone ever sees the job applications they send, or if AI filters are kicking them out before a human ever has a chance to evaluate their experience. They’re describing a hiring process that feels cold, impersonal, and in many cases — entirely disconnected from the talent it claims to be seeking.”
Note: That article goes on to highlight themes like:
· Disruption fatigue and the AI impact
· Human resilience as the real differentiator
Cybersecurity Dive: US still prioritizing zero-trust migration to limit hacks’ damage – “The U.S. government is still pushing agencies to adopt zero-trust network designs, continuing a project that gained steam during the Biden administration, a senior cybersecurity policy official said on Wednesday.
“’It must continue to move forward, Michael Duffy, the acting federal chief information security officer, said during a panel at the Black Hat cybersecurity conference. “That architectural side of it is very important for us to get right as we integrate new technologies [like] artificial intelligence into the ways we operate.”
For some more specific vendor announcement details, see:
Securityweek.com: Black Hat USA 2025 – Summary of Vendor Announcements (Part 1) and Black Hat USA 2025 – Summary of Vendor Announcements (Part 2)
NOTE: There are four parts to this series, so you can see the later announcements by just changing the last number on the URL.
Opening keynote from Black Hat 2025:
COMPARING THE RSA AND BLACK HAT CONFERENCES
Getting a bit more personal in my analysis, there are two monster cybersecurity conferences that dominate the cyber industry each year in the USA: RSA and Black Hat. The show floors for both of these conferences are massive with hundreds of companies having booths and the largest companies have large displays with numerous presentations and swag giveaways like T-shirts, mugs, hats, etc.
The keynotes and breakout sessions are also huge with thousands of attendees, and it is impossible to attend all of the sessions. You can also see many of these sessions on YouTube after the conferences end.
I spoke this year at Black Hat as part of a public-sector breakout panel, which you can see here. (The panel session will be available on demand from Trend Micro soon.)
See these YouTube channels for recorded sessions: RSA Conference sessions and Black Hat conference.
Unlike the RSA Conference in San Francisco, which is held in the spring each year, Blackhat is held in Las Vegas in early August. Yes, it is always HOT outside at Black Hat, about 108-109 degrees each day.
Pro tip: Ask for help from locals or others at the conference on how to use the trams to get between the casinos and hotels where the events are often held and also to the Mandalay Bay Conference Center. I was able to attend more than seven events all over Las Vegas without needing an Uber ride by hopping between buildings and using the tram system.
Both conferences have numerous breakfast, lunch and dinner events for attendees, and getting invitations to these networking events is fairly easy, especially for CISOs and security leaders. I have spoken at both conferences and the application process can be a challenge, but it is worth it. Note: the RSAC 2026 Conference Call for Submissions is now open until Aug. 18.
At RSA, the events tend to be more spread out across San Francisco, so Ubers or a lot of walking is required. (Although I walked a ton at Black Hat this week as well, with over 15,000 steps each day.)
Both conferences offer great times to network with colleagues from across the country, but for some reason, I saw more friends (unplanned) this year at Black Hat than I have ever seen at any one RSA event (on chance encounters). For example, the picture below is with Paul Curylo, Inova Health System CISO, who I have not seen in several years.
M. Brown
FINAL THOUGHTS
Both the RSA and Black Hat conferences can be overwhelming, and you will get home exhausted. I won’t pick one over the other, as I like different things about both events. However, I have been to many more RSA conferences than Black Hat conferences.
My No. 1 tip is to pace yourself and be very intentional with how you want to use your time. Prioritize relationships over tech details and be sure to get some sleep — despite the urge to go to one more after-hours event.
And when you do see formal colleagues, friends, acquaintances and others on the show floor and running between buildings, stop and catch up. That’s what I also enjoy the most when I look back months later — the unexpected catch-up sessions with others in the cyber industry.
