Black Hat USA 2025 takes over Mandalay Bay, Las Vegas, bringing six days of advanced cybersecurity training, real-world hacking demos, and big-picture conversations about the future of security. This year’s conference, 02-07 August, blends technical deep dives, live exploits, and candid industry advice. From hijacking AI assistants to exposing critical infrastructure flaws, the event shows how quickly threats are evolving — and how fast defenders must adapt.
What’s Happening & Why This Matters
Cybersecurity Innovation on a Global Stage
This year’s conference delivers six days of training, briefings, and networking. The first four days are dedicated to specialized training programs led by industry veterans. These are followed by a packed Summit Day and two high-energy main conference days featuring over 100 Black Hat Briefings. These sessions attract the top minds in security research, covering threat intelligence, exploit development, AI security, and defensive strategies.
On the expo floor, companies like Armis, InfoBlox, Praetorian, and Claroty showcase their tools, platforms, and research. Attendees can engage directly with experts, witness live demonstrations, and explore open-source tools that address real-world threats.
Cybercriminal Networks Expand
InfoBlox presented new intelligence on VexTrio, a Russian-linked cybercrime operation that intercepts web traffic to push malicious browser notifications, fake dating apps, and counterfeit antivirus software. Dr. Renee Burton, head of threat intelligence at InfoBlox, stressed that the easiest protection comes from disabling browser notifications and vetting apps before installation. The campaign’s scale shows how organized cybercrime continues to profit from everyday internet use.
AI as Both Threat and Target
A research team from Israel demonstrated how they could manipulate Google Gemini into performing harmful actions through simple calendar invites and email messages. They forced the AI to delete messages, insult users, and even trigger Google Home devices to open physical windows. Although Google patched these vulnerabilities, the researchers warned that these “promptware” attacks — where AI models manipulated carefully designed prompts — will expand in complexity.
Another group presented findings on the coming rise of digital twins — AI-generated replicas of individuals created from publicly available content. They warned that these twins can be weaponized for scams or impersonation. Their advice is blunt: families should agree on a private “safe word” to verify identities in a world where cloned voices and personalities can deceive even close relatives.
AI-Powered Defense Against Malware
Flare.io researcher Estelle Ruellan unveiled a dual-AI detection system designed to counter infostealer malware. This platform can process millions of stolen data packages, cross-reference patterns, and detect active campaigns by analyzing screenshots and system data. By automating the review process, Flare.io’s system turns AI into a scalable defender, spotting threats before they spread further.
A Veteran’s Perspective on Malware
Cybersecurity pioneer Mikko Hyppönen offered historical context, tracing malware from early pranks on floppy disks to today’s billion-dollar cybercrime operations. He pushed for vendors — not end users — to take responsibility for securing products, urging the creation of software that is “secure by default.” Hyppönen also used Black Hat 2025 to announce his retirement from traditional cybersecurity work to focus on developing anti-drone technologies.
Covert Network Infiltration
Praetorian researcher Adam Crosser demonstrated how attackers can hide command-and-control traffic within the data streams of Zoom and Microsoft Teams. This technique allows malicious activity to blend into normal network usage, bypassing detection. Zoom has patched the flaw, but Microsoft has yet to issue a fix.
Security Cameras as Entry Points
Claroty’s Team82 revealed an exploit in Axis Communications security cameras that allowed attackers to gain full control over the devices. This vulnerability, tied to a remote management service, was quickly patched by Axis after disclosure. The exploit shows that even widely trusted security hardware can serve as an entry point for attackers if not maintained with rigorous patching.
Breaking Into the Cybersecurity Game
A panel of women leaders in cybersecurity shared advice for those entering the field. They encouraged persistence, continuous learning, and networking while also stressing the importance of mentorship. The discussion made clear that cybersecurity is as much about human connections as technical skills.
The Armis Centrix™ Approach
Armis made full use of its presence at Black Hat 2025 to promote its Centrix™ platform for cyber exposure management. The company’s sessions addressed the need for proactive defense across critical infrastructure, leveraging AI-driven detection and rapid response tools. Armis also ran a charitable initiative from its booth, raising funds for St. Jude Children’s Research Hospital, tying together cybersecurity awareness and community impact.
TF Summary: What’s Next
Black Hat 2025 shows that the line between offence and defence in cybersecurity is thinner than ever. AI can both empower attackers and give defenders unprecedented detection tools. Corporate responsibility remains a sticking point — security leaders argue that consumers can’t carry the burden alone. TF predicts vendors integrate more AI-driven safeguards directly into their products. Simultaneously, governments and enterprises brace for waves of AI-powered impersonations and perimeter attacks.
— Text-to-Speech (TTS) provided by gspeech