Black Hat 2025: How Agentic AI Is finally delivering real value

The agentic AI arms race shifts from promises to production

The conversation at Black Hat 2025 was dominated by agentic AI, with many of the sessions dedicated to how attackers have or can easily compromise agents. VentureBeat observed over 100 announcements promoting new agentic AI applications, platforms or services. Vendors are producing use cases and results. That’s a welcome change from the many promises made in prior years and at previous years. There’s an urgency to close hype gaps and deliver results.  

CrowdStrike’s Adam Meyers, head of counter adversary operations, articulated what’s driving this urgency in an interview with VentureBeat: “Agentic AI really becomes the platform that allows SOC operators to build those automations, whether they’re using MCP servers to get access to APIs. We’re starting to see more and more organizations leveraging our agentic AI to help them integrate with the Falcon and CrowdStrike systems.”

VentureBeat believes the scale of the threat demands this response. “When they’re moving at that speed, you can’t wait,” Meyers emphasized, referencing how some adversaries now deploy ransomware in under 24 hours. “You need to have human threat hunters in the loop that are making you know, as soon as the adversary gets access, or as soon as the adversary pops up, they’re there, and they’re doing hand-to-hand combat with those adversaries.”

“Last year, we looked at 60 billion hunting leads that result in about 13 million investigations, 27,000 customer escalations and 4000 emails that we started sending to customers,” Meyers revealed, emphasizing the scale at which these systems now operate. Microsoft Security unveiled significant enhancements to its Security Copilot, introducing autonomous investigation capabilities that can correlate threats across Microsoft Defender, Sentinel and third-party security tools without human intervention. Palo Alto Networks demonstrated Cortex XSOAR’s new agentic capabilities, showing how their platform can now autonomously triage alerts, conduct investigations and even execute remediation actions within defined guardrails.

Cisco made one of Black Hat’s most significant announcements, releasing Foundation-sec-8B-Instruct, the first conversational AI model built exclusively for cybersecurity. This eight-billion-parameter model outperforms much larger general-purpose models, including GPT-4o-mini, on security tasks while running on a single GPU.

What sets this release apart is its fully open-source architecture. Foundation-sec-8B-Instruct ships with completely open weights under a permissive license, enabling security teams to deploy it on-premises, in air-gapped environments or at the edge without vendor lock-in. The model is freely available on Hugging Face, accompanied by the Foundation AI Cookbook featuring deployment guides and implementation templates.

“Foundation-sec-8B-Instruct is live, open, and ready to defend. Download it, prompt it and help shape the future of AI-powered cybersecurity,” states Yaron Singer, VP of AI and Security at Foundation, emphasizing the collaborative potential of this open-source approach.

SentinelOne took a different approach, emphasizing their Purple AI’s ability not just to investigate but actually “think ahead” or predict adversary moves based on behavioral patterns and proactively adjusting defenses.

CrowdStrike’s threat intelligence reveals how adversaries like FAMOUS CHOLLIMA are weaponizing gen AI at every stage of insider threat operations, from creating synthetic identities to managing multiple simultaneous employment positions. Source: CrowdStrike 2025 Threat Hunting Report

How the North Korean threat changed everything fast

FAMOUS CHOLLIMA operatives infiltrated over 320 companies in the past year. That’s a 220% year-over-year increase, representing a fundamental shift in enterprise security threats.

“They’re using AI through the entire process,” Meyers told VentureBeat during an interview. “They’re using generative AI to create LinkedIn profiles, to create resumes and then they go into the interview, and they’re using deep fake technology to change their appearance. They’re using AI to answer questions during the interview process. They’re using AI, once they get hired, to build the code and do the work that they’re supposed to do.”

The infrastructure supporting these operations is sophisticated. One Arizona-based facilitator maintained 90 laptops to enable remote access. Operations have expanded beyond the U.S. to France, Canada and Japan as adversaries diversify their targeting.

CrowdStrike’s July data reveals the scope: 33 FAMOUS CHOLLIMA encounters, with 28 confirmed as malicious insiders who had successfully obtained employment. These are AI-enhanced operators working within organizations, using legitimate credentials, rather than relying on traditional malware attacks that security tools can detect.

Why the human element remains vital

Despite the technological advances, a consistent theme across all vendor presentations was that agentic AI augments rather than replaces human analysts. “Agentic AI, as good as it is, is not going to replace the humans that are in the loop. You need human threat hunters out there that are able to use their insight and their know-how and their intellect to come up with creative ways to try to find these adversaries,” Meyers emphasized.

Every major vendor echoed this human-machine collaboration model. Splunk’s announcement of Mission Control emphasized how its agentic AI serves as a “force multiplier” for analysts, handling routine tasks while escalating complex decisions to humans. Even the most ardent advocates of automation acknowledged that human oversight remains essential for high-stakes decisions and creative problem-solving.

Competition shifts from features to results

Despite fierce competition in the race ot deliver agentic AI solutions for the SOC, Black Hat 2025 ironically showed a more unified approach to cybersecurity than any previous event. Every major vendor emphasized three critical components: reasoning engines that can understand context and make nuanced decisions. These action frameworks enable autonomous response within defined boundaries and learning systems that continuously improve based on outcomes.

Google Cloud Security’s Chronicle SOAR exemplified this shift, introducing an agentic mode that automatically investigates alerts by querying multiple data sources, correlating findings and presenting analysts with complete investigation packages. Even traditionally conservative vendors have embraced the transformation, with IBM and others introducing autonomous investigation capabilities to their existing installations. The convergence was apparent: the industry has moved beyond competing on AI presence to competing on operational excellence.

The cybersecurity industry is witnessing adversaries leverage GenAI across three primary attack vectors, forcing defenders to adopt equally sophisticated AI-powered defenses. Source: CrowdStrike 2025 Threat Hunting Report

Many are predicting that AI will become the next insider threat

Looking forward, Black Hat 2025 also highlighted emerging challenges. Meyers delivered perhaps the most sobering prediction of the conference: “AI is going to be the next insider threat. Organizations trust those AIs implicitly. They are using it to do all of these tasks, and the more comfortable they become, the less they’re going to check the output.”

This concern sparked discussions about standardization and governance. The Cloud Security Alliance announced a working group focused on agentic AI security standards, while several vendors committed to collaborative efforts around AI agent interoperability. CrowdStrike’s expansion of Falcon Shield to include governance for OpenAI GPT-based agents, combined with Cisco’s AI supply chain security initiative with Hugging Face, signals the industry’s recognition that securing AI agents themselves is becoming as important as using them for security.

The velocity of change is accelerating. “Adversaries are moving incredibly fast,” Meyers warned. “Scattered spider hit retail back in April, they were hitting insurance companies in May, they were hitting aviation in June and July.” The ability to iterate and adapt at this speed means organizations can’t afford to wait for perfect solutions.

Bottom Line

This year’s Black Hat confirmed what many cybersecurity professionals saw coming. AI-driven attacks now threaten their organizations across a widening array of surfaces, many of them unexpected.

Human resources and hiring became the threat surface no one saw coming. FAMOUS CHOLLIMA operatives are penetrating every possible U.S. and Western technology company they can, grabbing immediate cash to fuel North Korea’s weapons programs while stealing invaluable intellectual property. This creates an entirely new dimension to attacks. Organizations and the security leaders guiding them would do well to remember what hangs in the balance of getting this right: your businesses’ core IP, national security, and the trust customers have in the organizations they do business with.

Daily insights on business use cases with VB Daily

If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.

Read our Privacy Policy

Thanks for subscribing. Check out more VB newsletters here.

An error occured.