Black Hat 2025: 10 takeaways you should know

💻 Latest Episode: https://youtu.be/NgbiFqGCae8?si=gbvNhxywUh5Fl8C3

Every year, Black Hat in Las Vegas sets the scene for the biggest moments in cyber security, where some of the sharpest minds come together to reveal tomorrow’s threats and cutting-edge defences. I wasn’t able to attend this time, but after catching up with a dozen insiders and digging deep into the latest research and insights from the event, I’m bringing you a clear, no-nonsense update packed with what really matters for security professionals, business leaders, and investors alike.

This isn’t just another event roundup. It’s a practical guide to the challenges and breakthroughs shaping the future of cyber security, from the promise and pitfalls of AI, through evolving attack methods, to the importance of diversity and community in building resilience. Whether you’re leading a security team or managing investments, these takeaways will help you stay one step ahead.

I’d love to hear your thoughts and experiences from Black Hat or other security events , please share your views in the comments below!

What is Black Hat and Why Does It Matter?

Black Hat is much more than a conference, it’s the global hub where top hackers, researchers, vendors, and security leaders gather to reveal emerging threats, share breakthrough research, and shape the future of cyber security. Think of it as the cyber risk “weather forecast,” providing early signals and strategic insights for what lies ahead.

Here’s why Black Hat stands out in a fast-moving industry:

• Spot emerging threats early: Gain insights into vulnerabilities and attack techniques before they hit mainstream awareness.

• Connect with key players: Build relationships with innovators, experts, and partners who drive cyber defence forward.

• Challenge your assumptions: Learn from both offensive and defensive perspectives to identify blind spots.

• Hands-on skill-building: Access practical workshops and demos to sharpen your team’s capabilities.

• Market intelligence for leaders: Understand tech trends and risks to inform smarter investments and strategic decisions.

Staying informed and connected isn’t optional,  it’s essential for survival and success.

Curious to learn which skills are in demand, career pathways and recruitment tips?

Top 10 Key Takeaways from Black Hat 2025

1. HTTP Request Smuggling Still Threatens Millions of Sites James Kettle from PortSwigger revealed that ambiguous HTTP/1.1 parsing continues to expose tens of millions of websites to smuggling attacks. True mitigation requires moving fully to HTTP/2 across all systems, not just at the edge.

2. AI Exploits Are the New Frontier AgentFlayer, a “zero-click” ChatGPT exploit, showed how attackers can silently steal data from cloud storage without user interaction. This signals a new era where AI integrations must be secured beyond traditional controls.

3. The SOC of the Future Is Complex and Evolving Rapidly Modernizing security operations centers (SOCs) is like “open-heart surgery on a moving train.” The future will be powered by AI and automation but will still require human responsibility and new architectural blueprints.

4. Human Risk Remains a Huge Gap Despite advances, CISOs expressed frustration with current solutions for managing human risk. This remains a critical and underserved area, presenting opportunities for innovation.

5. Compassion and Curiosity Are Vital in Cybersecurity Culture The DEFCON experience highlighted how empathy and open-mindedness are essential tools alongside technical skills in building a resilient community.

6. Blue Team, Physical Security, and Mental Health Got Spotlighted The growing recognition of mental health and physical security at DEFCON signals a broader, holistic view of cyber security.

7. Pen testers and MSSPs Must Embrace Infrastructure Testing It’s no longer enough to test app logic; teams must test how infrastructure handles requests to find hidden flaws in complex environments.

8. Black Hat Remains the Epicenter of Cutting-Edge Research From bleeding-edge attack methods to next-gen defence tools, the event continues to set the pace for cyber security innovation worldwide.

9. AI-Powered SOCs Are a Major Theme Nearly every vendor booth touted AI-driven security operations, underscoring how AI is transforming both offense and defence.

10. The Link Between Cyber Security, Law, and Geopolitics Is Strengthening As cyber threats become geopolitical weapons, understanding the legal and political context is critical for strategic planning.

Beyond the headlines: Top discussions and culture at Black Hat 2025

Among this year’s hot topics were info-stealers, HTTP request smuggling, and Threat Exposure Management (TEM) innovations. The community also focused on AI-driven defence, supply chain risks, ransomware evolution, and zero-trust adoption.

Sexism remains a real challenge, and Black Hat 2025 created space for honest conversations. The panel “Hacking the Status Quo: Tales from Leading Women in Cybersecurity,” featuring leaders from Cisco, Google, IBM, and Zatik Security, emphasized career transitions, continuous learning, mentorship, and confronting imposter syndrome and microaggressions. As Kymberlee Price noted, “It’s not 2003 anymore - I can walk around Black Hat without being mistaken for marketing or someone’s girlfriend.” These discussions underscore that building inclusive cultures is essential to cybersecurity’s future. Read more here.

Black Hat, DEF CON, and BSides Las Vegas form the “Hacker Summer Camp”- a dynamic ecosystem where ideas and collaboration thrive beyond formal sessions. Flare exemplified this by showcasing research on using Large Language Models to detect info-stealer infections at scale. Their Flare Academy offers free, up-to-date threat training, CPE credits, and a vibrant Discord community. highlighting how shared learning strengthens collective defence.

Learn more about the Flare Academy here.

Practical Advice for Leaders and Investors

• Engage with these events, even virtually. The insights gained are often months ahead of mainstream adoption and can shape strategic decisions.

• Invest in infrastructure modernization, especially transitioning off legacy protocols like HTTP/1.1.

• Prepare your SOC for AI integration but maintain clear accountability and governance.

• Don’t overlook the human factor. Invest in training and solutions to reduce insider risk and human error.

• Leverage community-driven resources like Flare Academy to keep your teams sharp and connected.

Black Hat 2025 confirms that cyber security’s future is both thrilling and challenging. The threat landscape is evolving, AI is a double-edged sword, and the need for collaboration has never been greater. By tapping into the insights and networks these events foster, business leaders and investors can better navigate risk and seize new opportunities.

Introducing Nick Ascoli 

We’re joined by Nick Ascoli, Director of Product Strategy at Flare and an experienced threat researcher specialising in data leaks, reconnaissance, and detection engineering. Nick has worked closely with Fortune 1000 companies, helping them understand complex cyber threats and design practical defence solutions. While he’s not your typical corporate exec, Nick’s deep hands-on experience, from advising global organisations to contributing to open-source projects and speaking at respected events like GrrCON, B-Sides, DEFCON Villages, and SANS Institute makes him a valued voice in the cyber security community. He also hosts the podcast Leakly Weekly, where he breaks down real-world cybercrime trends with honesty and clarity.

Why This Episode is a Must-Watch & Value You’ll Gain:

In this episode, we explore how info-stealers and session hijackers are evolving to bypass multi-factor authentication (MFA), a growing threat many organisations still underestimate. Nick walks us through the lifecycle of these attacks, the economics driving the dark web marketplaces, and why session hijacking is quickly becoming the go-to method for cybercriminals. We also cover practical, often underused defence strategies organisations can start implementing today to detect and respond faster. If you’re a CISO, security professional, or anyone invested in protecting digital infrastructure, this episode offers crucial, no-nonsense insights to help you stay ahead in an increasingly hostile cyber environment.

📺 Watch Full Session Here: https://youtu.be/NgbiFqGCae8?si=gbvNhxywUh5Fl8C3

🎧 Listen Here: https://open.spotify.com/episode/6e0acWZPjcKK0Q7sDrOU8P?si=90921eb3cb234b18

🎥 Join the live replay & discussion on LinkedIn Monday at 12:00: https://www.linkedin.com/events/secure-cyberconnect-howinfo-ste7359535104496476161/theater/

Short-form:

We trust you also find value in our Earlier Sessions:

Curious about Quantum Security? Check out EP Fifty-Eight.

How can we better protect SME, Schools and Children? Check out EP Fifty-Seven.

We also offer a range of "Short-form content and practical tips across X, Instagram, TikTok & Facebook.

✅ Follow, Rate, Subscribe, Like & Share - Simple Search: “Secure Cyber Connect”

SECURE | CYBER CONNECT COMMUNITY – UPDATES

🎁 A Gift for Our Community: Thanks from Flare Just for You!

As a big thank you to our amazing community and readers, we’ve teamed up with Flare to bring you a special gift! Head over to the episode notes on YouTube to unwrap this exclusive surprise from the Flare team, just for you! Don’t miss out!

🗣️ YOU'RE INVITED: Share Your Story with us on the Podcast at International Cyber Expo 2025!

Your story matters… Get ready for exclusive pre-event podcast episodes and live, authentic conversations, your chance to connect, share your views, learn, and lead alongside industry innovators.

Whether you’re a leader, professional, or enthusiast from academia, startups, scaleups, SMEs, or enterprises, we want to hear from you—register your interest here or nominate someone who should join us! Register HERE.

The DATATRIBE CHALLENGE 2025 DataTribe

If you’re an early stage, startup or scaleup in cyber security- this is for you!

This is open to entrants across the globe, submissions close Sep 12th. Learn more HERE.

EVENTS YOU SHOULD KNOW!

Join founders, innovators & investors from across the globe | 4th November.

If you're looking to get on the radar of top venture firms in cyber, check out Cyber Innovation Day 2025, register HERE.

Join the Cyber Leaders’ from across the UK & Benelux | 22nd – 23rd September, Belgium Cyber Leaders' Summit

Join your peers from across the UK | 30th Sept – 1st Oct, London International Cyber Expo

Join AI, Cyber, Data & Technology Leaders | 1st – 2nd October, London Digital Transformation EXPO (DTX)

How can we help to address your unique challenges?

We’re more than just a Recruitment Partner, check out our Solutions and Services.

🔗  The SECURE Cyber Connect Directory facilitates Strategic Introductions cross-sector, helping organisations tackle Cultural, Technological & Talent Acquisition challenges, build partnerships, and adapt to regulatory shifts.

A must read:

Reach Out to Warren Atkinson or Justin (Jay) Adamson to explore how we can collaboratively navigate the complexities of AI, Information & Cyber Security to build a safer digital future.

Curious to Learn More about the Community, Initiatives & Value provided, click the image below to access our Linktree.