2025 marks the 28th year of Black Hat and—although it remains on the edgier side of corporate-focused cybersecurity conferences—it sometimes feels like the event is considering completely ditching its hoodie in favor of a collared shirt. While even a cursory glance at the Briefings agenda will confirm that offensive security is still the conference’s heart and soul, the general sprawl—the enormous sponsor presence both in and outside the conference, an investor summit, and even the bafflingly large merch booth—has the effect of creating a vibe that’s much more in line with other security conferences. There were also other common threads with recent industry events, as well as some surprises.

AI was the belle of the ball (again)

AI agents and agentic (or more specifically “agentish”) messaging dominated the event and virtually every vendor booth. Just as AI agents and agentic are nascent technologies, so too is the accompanying messaging and functionality. What we saw in the Business Hall was both a continuation of the broader themes from RSAC and some new issues.

  • Agents still primarily automate tasks, not entire workflows. Despite at least a half-dozen booths—some of them very large—proclaiming the “first AI-powered SOC”, current agent capabilities only alleviate some steps from a given process or workflow, but they do not complete those processes or workflows (yet). For security leaders, this results in two warnings to heed:
    1. The removal of tactical steps is a boon but the decisions expected by people receiving the information is more consequential, not less.
    2. The extent to which a program is automated is a good proxy for how useful these agents will be. Security programs with low rates of integration and automation will get very little benefit from agents. High integration and automation programs will.
  • Buyers are focusing on more than the improvements AI promises. In multiple conversations, people expressed concerns about how to work with vendors that have adopted AI-first strategies, especially around the potential impact of AI features on pricing and billing.
  • Vendors are hoping AI will paper over their self-inflicted wounds. More than one vendor bragged about launching an “agent to summarize alerts” (the alerts that vendor’s solution creates). These are alerts that the vendor could just improve. Asking why an agent was necessary when the vendor could just improve the alerts resulted in circular reasoning not unlike the hilarious, “Couldn’t you just make ten louder? But this goes to eleven…” scene from Spinal Tap.
  • Vendors are barely beginning to think about securing intent. In our AEGIS framework, we describe securing intent as an important new domain for cybersecurity due to the nondeterministic nature of AI agents and the dynamic paths they may use to complete their objectives. There was at least one vendor demonstrating an “intent classifier.” While it doesn’t yet distinguish between benign and malicious intent, it represents an important first step in leveraging intent as a detection surface.  
  • AppSec is also caught in the AI paradox. There are simultaneous warnings of the risks of AI generated code, LLMs, and MCP servers and tools. While integrating the same technology to help solutions like SAST overcome slow scans, high false positive rates and complicated security jargon make these inaccessible to most developers.

Cybersecurity staffing shortage? What cybersecurity staffing shortage?

There’s another lurking change brought about by AI that may not get much attention…but it should. In recent years, vendors (and governments) used both RSAC and Black Hat as opportunities to recruit. This year, that was entirely missing. It’s a tacit acknowledgement that the cybersecurity job market is much, much softer than certification bodies and institutions of higher education would have you believe—something that deserves more attention than it will receive.

Efficiency was a recurring theme in vendor messaging (again)

In some cases, it was hard to distinguish whether the marketing gimmicks were intended to pitch a local attraction or something cybersecurity related. Is HyperX a new detection and response tool or an event venue? Is “disrupting your reality” a tagline for a new deepfake detection company in Startup City or The Blue Man Group? Is Grave Digger here to promote an upcoming monster truck rally or to crush legacy security automation platforms? Is “ingest anything” something one does at Vegas’s famous buffets or the flagship capability in a data pipeline product? Is the “thing” standing by the wall one of CrowdStrike’s new threat actor statues, a hired cosplayer taking a break, or just a prop for the hotel bar?

In those more extreme cases it was ambiguous but, for the most part, other messages were more clear-cut:

  • XDR vendors are leaning into SIEM. Vendors like CrowdStrike, Palo Alto Networks, and Sentinel One, which have historically put XDR front-and-center, were all leading with SIEM messaging at the event, among their other focus areas. Given how competitive the XDR market is, combined with how rife for opportunities the SIEM market is, this adjustment makes sense. The market is definitely transitioning to consider XDR vendors bigger players in Security Analytics, as shown in the latest Forrester Wave on Security Analytics Platforms.
  • Exposure Management and continuous security testing were prevalent. There’s a certain irony in pitching tools that automate precisely the things that attendees come to Black Hat to learn, but the reality is that the scale and complexity of most IT environments demands both automation and a tighter feedback loop. The taxonomy of these solutions was all over the place, with varied names like “autonomous red teaming” and “automated pentesting.” We didn’t see Breach and Attack Simulation (BAS) mentioned, with BAS vendors now favoring messaging towards Proactive Security and Cyber Threat Exposure Management (CTEM, which is just a long way to say Proactive Security). Remember the use case for continuous security testing tools is ultimately validation of exposures—proving that detected vulnerabilities are exposed and exploitable. These types of tools represent an important step forward in influencing prioritization strategies, but organizations still need to do something with prioritized lists. Unified Vulnerability Management (UVM) can help aggregate findings and enrich and deduplicate them into response actions.

It’s two steps forward, one step back for endpoint security

With all the hype around AI, one might expect that some of cybersecurity’s more pedestrian concerns would have been entirely crowded out. The reality, however, is more of a mixed bag.

  • IoT and OT continue to receive increased focus. As Mikko Hypponen said during the opening keynote, “If it’s smart, it’s vulnerable.” Whether it was the dedicated ICS summit, the breakout sessions (including one on EV security), or the vendor signage, protecting IoT and OT infrastructure was a popular topic this year. That didn’t surprise us at all as Forrester data has shown that IoT devices are consistently a top target of external attacks and breaches in OT networks continue to rise. Organizations are taking notice too: government initiatives around the world are aimed at improving the security posture of critical infrastructure just as CISO’s are taking more responsibility for protecting their business’s OT. As if to reinforce the importance of this work, DEF CON Franklin announced plans to expand its free, volunteer-powered cybersecurity project immediately following Black Hat. The program pairs volunteers who offer their security knowledge and time with water facilities to assist in protecting their infrastructure. Organizations are pushing to implement security within OT, but many are doing it with people who only understand IT security and not the nuances of OT networks. Having security practitioners who know how to implement the proper controls and collaborate with their IT peers is imperative.
  • Browser security bolsters other endpoint security solutions. There were a number of vendors offering security solutions that focus on the place where more and more users are working: web browsers. From browser extensions like Seraphic to browser isolation like Menlo to fully managed (or dedicated) browsers like Island, these solutions give organizations an additional tool to protect their data, especially since so many people use browsers to interact with AI, be they public models like ChatGPT or Perplexity or industry targeted ones like PathAI for healthcare or ABB’s Ability in the energy sector. As more applications transition from thick clients on an endpoint to web-based interfaces, browser security helps organizations incorporate controls to keep their sensitive data and sensitive applications safe.
  • Mobile security was conspicuous by its absence. Although both Lookout and Zimperium had a presence in the Business Hall, there was an overall dearth of vendors and Briefings focused on the endpoints everyone has in a pocket or bag right next to them all day. Many organizations implement UEM and figure they’ve got mobile security Once upon a time, travelling to Black Hat meant bringing a burner phone and only using corporate-issued hotspots to avoid rogue Wi-Fi access points. It seems most attendees no longer take those precautions, but neither have they implemented any alternative protection. Mobile apps, like everything else, are increasingly incorporating AI which could mean corporate data is being exfiltrated through channels that aren’t monitored. AI is also helping malicious actors create new forms of phishing attacks targeting mobile devices, including “vishing”—which leverages the oft-ignored fact that most mobile devices are still phones that we actually talk on—to compromise businesses. Traditional UEM offers no protection for these attack vectors.

AppSec combines the old and the new

Last year at Black Hat, Application Security Posture Management (ASPM) was a hot topic, but the term was quickly overshadowed by runtime security.  Even so, ASPM has popped back up as important feature of security platforms just as new methods of building software—which will desperately need more security—are coming to the fore. We observed that:

  • Vendors are capitalizing on the vibes. Vibe coding, introduced by Andrej Karpathy in February, aspires to revolutionize programming by enabling users to write code using natural language prompts instead of traditional methods. Over the past six months, AI-powered coding assistants and editors—often referred to as “Turing Bots” — have significantly advanced, empowering “citizen” developers and hobbyists to create and deploy applications with ease. The term has gained widespread attention in the media and professional developers are increasingly leveraging these tools to streamline various stages of the software development lifecycle (SDLC) using platforms like Cursor, Windsurf, and Claude Code. However, while large language models (LLMs) show promise, they are far from producing flawless code—at least for now. Recognizing the risks associated with vibe coding, multiple security vendors have stepped forward to offering solutions to mitigate the risks of vibe coding. AI agents that secure code in AI native IDEs was the latest offering from established application security vendors to startups.
  • ASPM is being subsumed into the security fabric. Over the past two years, ASPM emerged as a key acronym in application security, resonating strongly with senior leaders. Its promise lay in aggregating and correlating results from various scan types to deliver better context, enabling smarter prioritization, reducing triage workloads for security teams, and boosting developer productivity by focusing on the most critical risks to the business. A wave of new (or rebranded) startups championed these capabilities hoping to carve out a new market category. However, ASPM increasingly appears to be more of a feature within larger security platforms or UVM solutions rather than a standalone solution. Leading application security testing providers have either built or acquired these capabilities, delivering application risk management as a key outcome. Meanwhile, vulnerability management vendors see ASPM as a way to expand their offerings and Cloud Native Application Protection Platforms (CNAPP) as a strategic way to “shift left” in development workflows.
  • Securing the AI software supply chain was a pervasive theme. Vendors emphasized the importance of inventorying and discovering AI models, MCP servers, and leveraging generative AI coding tools to reduce the usage of non-compliant AI components. They also highlighted the ability to create AI/ML-SBOMs (Software Bill of Materials) to track datasets, models, and configurations. However, while SBOMs have had more time to mature, their quality and reliability remain inconsistent—a key discussion point during the ‘Birds of a Feather: A Candid Conversation on Software Supply Chain Security’ session. The effectiveness of AI-BOMs in providing meaningful data will depend on several factors, including the willingness of model providers to disclose important information. Additionally, there was an increase in solutions designed to deliver zero-to low-vulnerability container images, virtual machines, and software packages. These tools aim to mitigate the risks associated with open-source software.

Not every beat was a repeat

Despite the similarities and recurring themes we’ve already highlighted, Black Hat provided an opportunity to explore some of the changing dynamics in the industry too. Notable changes include:

  • There was more candor about volatility. A lot has happened since May. Both attendees and vendors expressed concerns about “What the future holds.” During RSAC, many vendors were guarded about the impact of macroeconomic conditions, but multiple vendors we spoke with at Black Hat mentioned softening demand and lengthening sales cycles. Even seemingly positive earnings results reported during the conference had an undertone of uncertainty. Even so, it wasn’t all doom and gloom: although one vendor we spoke with said that event organizers had warned them that overall attendance was down this year, they reported that the quality of conversations more than made up for the lower quantity.
  • The US government has all but disappeared from the Business Hall. The recruiting booths for federal law enforcement and national security that had become fixtures of cybersecurity conferences were mostly gone. Rewards for Justice—a State Department program run by the Bureau of Diplomatic Security—appeared to be the last vestige of government participation and underscored both reduced staffing and changing cybersecurity priorities within the US government.
  • Concerns about cybersecurity skills shortages persist… but they’re changing. Opening remarks from Black Hat Founder Jeff Moss and various breakout sessions at The AI Summit and main conference raised more questions than answers related while driving the point home that AI will ultimately compound the cybersecurity skills and experience shortage. If, as some data suggests, AI is impacting younger workers in the tech sector at higher rates then we won’t have junior people who can grow into senior people. And if we rely on AI instead of cultivating domain expertise and experience, then our senior people won’t know what they’re doing. The risk is not just to the pipeline of new recruits, but to the skills and knowledge base of the cybersecurity workforce itself. And yet, these risks may be rendered moot as new roles emerge requiring entirely different backgrounds and training on which no certification body or higher education institution is currently prepared to capitalize. Home-growing talent and developing internal mobility to meet the unique needs of the organization and its use of AI is essential to keeping pace with change.

Exit through the gift shop: Join us for Forrester Security & Risk Summit

Despite the very tight timeline—the Briefings and Business Hall are only two of the five days—there is almost too much to unpack in a single blog post. As always, Forrester clients can schedule an Inquiry Guidance Session to discuss any of the topics mentioned above.

There is also another opportunity to connect with Forrester Analysts (and your peers) in person: the Forrester Security & Risk Summit. It’s packed with visionary keynotes, informative breakout sessions, interactive workshops, insightful roundtables, and other special programs to help you master risk and conquer chaos. Join us November 5–7 in Austin, Texas—we can’t wait to see you there!