Black Hat 2025: Why your AI tools are becoming the next insider threat

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now

Cloud intrusions increased by 136% in the past six months. North Korean operatives infiltrated 320 companies using AI-generated identities. Scattered Spider now deploys ransomware in under 24 hours. However, at Black Hat 2025, the security industry demonstrated that it finally has an answer that works: agentic AI, delivering measurable results, not promises.

CrowdStrike’s recent identification of 28 North Korean operatives embedded as remote IT workers, part of a broader campaign affecting 320 companies, demonstrates how agentic AI is evolving from concept to practical threat detection.

While nearly every vendor at Black Hat 2025 had performance metrics available, either from beta programs in process or full-production agentic AI deployments, the strongest theme was operational readiness over hype or theoretical claims.

CISOs VentureBeat spoke with at Black Hat are reporting the ability to process significantly more alerts with current staffing levels, with investigation times improving substantially. However, specific gains depend on the implementation maturity and complexity of the use case. What’s notable is the transition from aspirational roadmaps to real-world outcomes.