Our team shares key takeaways from Black Hat 2025, including why foundational security practices, AI governance, and insider threat management are more critical than ever for building resilience and aligning cybersecurity with business strategy.
This year’s Black Hat conference reminded us that while innovation continues to surge, especially around AI, the fundamentals of cybersecurity remain as critical as ever. From AI governance to insider threats, here are our top three takeaways from our team.
Despite the hype around emerging threats, speakers at Black Hat 2025 emphasized the ongoing relevance of traditional hacking methods. From overlooked regex errors to basic authentication flaws, this year’s sessions served as a powerful reminder that foundational security practices are important. Cybersecurity leaders must master core principles to reduce risk and build resilience against both legacy and emerging threats.
I governance also emerged as a critical theme, with vendors split between buzzword usage and meaningful implementation. The need for clear frameworks to guide responsible, ethical AI use was evident, especially as both attackers and defenders increasingly leverage AI.
A practical way to start your AI governance journey is by conducting an AI risk assessment to identify where AI is currently used across your organization. From there, establishing a cross-functional governance committee can help develop and enforce policies on ethical use, data privacy, and model transparency.
This approach aligns with the message in our latest blog, “Agentic AI & The Urgency Trap: Why Explainability and Governance Must Come First.” Often, in our rush to deploy agentic AI systems, we risk overlooking foundational safeguards like governance, explainability, and auditability. These elements are foundational for building systems that are safe, ethical, and accountable.
Another standout theme at Black Hat 2025 was the rising concern around insider threats. These risks are particularly damaging because they come from individuals who already have legitimate access to sensitive systems and data. A recent example is Tesla, where former employees leaked confidential information, resulting in serious reputational and operational consequences.
To address this challenge, organizations should implement a robust Privileged Access Management (PAM) strategy. A modern PAM solution enforces least-privilege access based on role and necessity, while integrating behavioral analytics and continuous monitoring to detect early signs of misuse. It brings together people, processes, and technology under a unified policy framework, enabling secure storage, management, and isolation of credentials for both human and non-human identities. PAM also supports session monitoring, automated access controls, and audit capabilities, helping organizations reduce risk at scale and maintain operational integrity.
Black Hat 2025 was a powerful reminder that cybersecurity isn’t just about chasing the next big thing; it’s about mastering the basics. As threats evolve, so must our commitment to foundational practices, cross-functional collaboration, and strategic alignment.
If you want to learn more about mastering the fundamentals for cybersecurity success,
check out our video blog.
Practical Guidance & Threat Intelligence
Stay a step ahead of the competition–and attackers–with fresh perspectives, practical guidance, and the latest threat intelligence.
To strengthen threat detection and accelerate compliance efforts, tool sprawl needs to be kept under control. Here are four steps to optimize your security tools and combat technology sprawl.
Learn how explainability, governance, and auditability in agentic AI systems help ensure safe, ethical, and accountable deployment while keeping innovation on track.
Joseph Karpenko, Field CISO, shares ways to master foundational security practices to dramatically reduce risk, enhance operational resilience, and empower you to stay ahead of evolving cyber threats.
To strengthen threat detection and accelerate compliance efforts, tool sprawl needs to be kept under control. Here are four steps to optimize your security tools and combat technology sprawl.
Learn how explainability, governance, and auditability in agentic AI systems help ensure safe, ethical, and accountable deployment while keeping innovation on track.
Joseph Karpenko, Field CISO, shares ways to master foundational security practices to dramatically reduce risk, enhance operational resilience, and empower you to stay ahead of evolving cyber threats.
