Black Hat 2025: Why your AI tools are becoming the next insider threat

8 2 minutes read

The cybersecurity landscape is rapidly evolving, with cloud intrusions increasing by 136% in the past six months. North Korean operatives have infiltrated 320 companies using AI-generated identities, showcasing the sophisticated nature of modern cyber threats. However, the recent Black Hat 2025 conference highlighted a promising solution: agentic AI.

CrowdStrike’s discovery of 28 North Korean operatives embedded as remote IT workers underscores the practical application of agentic AI in threat detection. The event showcased a shift towards operational readiness and tangible results, as opposed to mere promises or theoretical claims.

Security industry leaders at Black Hat 2025 emphasized the importance of agentic AI as a tool to enhance security operations. CISOs reported increased efficiency in processing alerts and investigating threats, leading to improved threat detection rates and resource utilization. The focus has shifted from AI’s potential to its measurable impact on cybersecurity.

The agentic AI arms race was a central theme at the conference, with vendors showcasing new applications and services. Microsoft Security and Palo Alto Networks introduced autonomous investigation capabilities, while Cisco unveiled Foundation-sec-8B-Instruct, a conversational AI model for cybersecurity. SentinelOne highlighted Purple AI’s predictive capabilities, demonstrating the evolution of AI-powered defenses.

The North Korean threat, particularly from FAMOUS CHOLLIMA operatives, has significantly impacted enterprise security. These operatives leverage AI throughout their operations, from creating synthetic identities to performing malicious activities within organizations. The scale and sophistication of these attacks highlight the urgent need for robust cybersecurity measures.

Despite the advancements in AI-driven security solutions, human analysts remain essential in the cybersecurity ecosystem. Vendors emphasized the importance of human-machine collaboration, with agentic AI serving as a force multiplier for analysts. The industry has shifted from competing on AI features to focusing on operational excellence and tangible outcomes.

Looking ahead, AI is poised to become the next insider threat, as organizations increasingly rely on AI for critical tasks. Standardization and governance measures are essential to secure AI agents and mitigate potential risks. The cybersecurity industry must adapt quickly to the evolving threat landscape and collaborate on AI security standards.

In conclusion, Black Hat 2025 highlighted the growing importance of agentic AI in cybersecurity defense. Organizations must prioritize AI-driven security solutions to combat sophisticated threats and protect critical assets. By embracing AI technologies and fostering human-machine collaboration, businesses can stay ahead of evolving cyber threats and safeguard their operations.