AI is reshaping the cybersecurity landscape for MSPs, from how SOCs investigate threats to how attackers exploit new tools. Cybersecurity Technical Fellow Roddy Bergeron shares his key takeaways from Black Hat 2025 and DEF CON 33 to help MSPs prepare for what’s next.
Attending Black Hat 2025 and DEF CON 33 in Las Vegas was a whirlwind immersion into the future of cybersecurity and what the good guys are doing to protect our critical infrastructure. This year, everything revolved around AI transformation, new community energy, headline-grabbing vulnerabilities and gaining insights into known threat actors.
AI tracks: A new era in security operations
Black Hat 2025 felt like a tipping point for the application of artificial intelligence in cybersecurity. The dedicated AI Summit at Black Hat launched the conference with densely packed sessions about practical AI adoption and governance, not just theoretical discussions. Key industry players showcased live demos of tools now integrated into Security Operations Centers (SOCs) that automate investigations and respond to threats in minutes rather than hours. Companies like Microsoft, Palo Alto Networks, and SentinelOne moved past pilot projects. Attendees learned about full production deployments where AI engines are handling enormous incident volumes, surfacing millions of investigations from billions of leads, all with existing staff sizes.
One of the hottest topics was the new “agentic AI” threat model. Presenters shared how attacker groups now weaponize generative AI throughout the attack chain, from crafting synthetic social profiles using deepfakes to writing credible production code as embedded insiders. This raised profound questions about how to verify not just code snippets but digital identities throughout organizations.
Likewise at DEF CON, the discussions were around attacker’s use of AI, over-permissioned agentic AI or AI bots causing data leakage, and the poor “soft controls” which are easily circumvented by crafting special prompts. Researchers also showed off how badly threat actors mess up either with poor coding, insecure methods, and how publicly they brag about their efforts. Don’t take them lightly though, they have tons of resources due to their connection with nation states.
The villages at DEF CON are also special. Opening, welcoming, and full of people passionate about their craft. Walking around the floor, you get a sense of a real community ran by some of the best people in the world. You also get some of the coolest stickers, which are now proudly displayed on my laptop.
The community: Diversity and next-gen talent
What stood out this year was the sheer diversity and collaborative energy. The hallway conversations included not just established researchers and enterprise security architects, but also open-source advocates, cloud-native developers, and AI ethicists. This diverse group brought a lot of practical knowledge as well as theoretical talks about the future of AI.
Major announcements and industry reality checks
Multiple vendors used the conference to roll out not just upgraded products but partnerships to shore up the software supply chain. This was one of the year’s headline concerns as breaches showed just how fragile the chain has become, especially in organizations that leverage vast open-source and third-party AI and code. Security teams are now racing to tag, track, and secure code as it zips through rapidly evolving CI/CD pipelines. Software bill of materials was discussed in depth as a way to help with vulnerability management and threat hunting.
CrowdStrike’s Adam Meyers issued what many considered the conference’s bluntest forecast. “AI is going to be the next insider threat. Organizations trust those AIs implicitly… the more comfortable they become, the less they’re going to check the output.” This candor captured much of the atmosphere, a recognition that AI’s promise demanded new security paradigms, not just faster pattern matching.
DEF CON spotlight: The Kaseya REvil talk
One of my most anticipated sessions was easily the Kaseya REvil ransomware panel. It drew a packed room of researchers, incident responders, and journalists. The speakers provided granular, undisclosed details about the 2021 supply chain ransomware attack, including attacker tradecraft, backend accounting information, and their intimate talks with Yaroslav Vasinskyi, who was a major player with REvil. Getting to hear more about Yaroslav’s story, mainly because he stayed quiet during his trail and sentencing, was a great way to help the audience understand how these groups operate while letting you know they are humans with flaws. You can read the full interview here:
Ransomware Diaries Volume 7: The Kaseya Hacker Breaks His Silence
A convergence of technology and responsibility
Leaving Las Vegas, it was clear Black Hat and DEF CON 2025 didn’t just celebrate emerging technology. They challenged the entire security community to come together in new ways. As a person who spends the majority of his time in the MSP space, it’s great to get out of our world to see how the broader community security is changing. My overall thoughts: Whether you’re an old hand or attending for the first time, this is the moment to get involved.
