Black Hat 2025 is on its dwelling stretch, having gathered collectively 1000’s of security professionals to debate the most recent developments in adversarial tradecraft and cybersecurity protection.
Safety leaders and groups explored AI-driven threats and improvements, with a deal with the hazards lurking in autonomous AI brokers and shadow AI, the acceleration of identity-based assaults, and the vital significance of hardware-level security and supply-chain safety.
The convention additionally included a dizzying variety of new product and replace bulletins, largely specializing in (shock) AI. Right here’s a have a look at a few of them.
SOCRadar launches Agentic Menace Intelligence
SOCRadar’s new brokers in its Agentic Menace Intelligence platform perceive menace context, determine applicable programs of motion, and autonomously set off responses. The brokers specialise in totally different threats, comparable to phishing, IP publicity, or credential leaks, and could be blended and matched and customised.
SOCRadar can also be launching what it calls the primary cybersecurity AI market, the place security groups can browse, buy, and handle brokers.
Snyk secures AI from inception
Snyk’s new platform functionality, Safe at Inception, consists of real-time security scanning that begins in the mean time of code technology or execution. It provides visibility into generative AI, agentic, and mannequin context protocol (MCP) parts in software program, and likewise includes a new, experimental scanner for detecting AI-specific MCP vulnerabilities.
Safe AI Inception is now out there in early entry.
AirMDR AI SOC handles majority of Tier-1 alert triage
AirMDR says its new AI SOC platform automates greater than 90% of Tier-1 alert triage. Safety groups can carry out one-click, sub-5-minute root trigger evaluation and autonomous response. Designed for managed security service suppliers (MSSPs), its multi-tenant operations maintain buyer knowledge remoted by centrally triaging and investigating alerts. The platform provides 200–plus native integrations and full audit trains.
AirMDR additionally launched a “free endlessly” plan that helps as much as three knowledge sources and 100 alerts per week.
Descope manages AI brokers
Descope’s agentic identification management aircraft institutes policy-based governance, auditing, and identification administration for AI brokers and MCP environments.
The platform provides security groups the power to limit agent entry inside particular third-party instruments and lets them enact insurance policies based mostly on person roles. Monitoring and auditing capabilities assist customers spot errors and misconfigurations and determine “rogue brokers.” AI lifecycle administration supplies visibility into agent conduct and hyperlinks with human customers.
Cyera secures all kinds of AI
Cyera’s AI Guardian secures any kind of AI, from public instruments like ChatGPT to embedded software-as-a-service (SaaS) fashions and proprietary platforms. The platform has two core merchandise: AI-SPM (security posture administration), which supplies stock of all AI property; and AI Runtime Safety, which displays and responds to dangers in real-time. AI Guardian additionally options Omni AI, a brand new conversational AI device that may analyze thousands and thousands of enterprise data in seconds, and creates security experiences to assist remediate threats.
AI-SPM and Omni AI can be found in personal beta; AI Runtime Safety is offered for early entry.
Netskope One copilot
Netskope One now provides a copilot for zero belief community entry (ZTNA) and a Netskope MCP server. The AI-powered copilot optimizes ZTNA, routinely recommends insurance policies for newly-discovered functions, and configures apps and insurance policies. The device is now typically out there.
Netskope MCP server permits fashionable LLMs comparable to Claude, Microsoft Copilot, Amazon Bedrock, and Google Vertex to work together with Netskope administration APIs to realize context to enhance workflows. The server consists of a number of instance situations, together with incident evaluation and standing, and insider threat evaluation.
Flashpoint’s AI-powered summarization for search and investigation
Flashpoint Ignite now consists of AI summarization of search and investigations. Search summarization is instantly integrated into workflows; with one click on, groups can achieve insights into discussions from darkish internet boards, social networks, and chat platforms. These are supplied in footnoted snapshots.
AI investigation summarization is constructed into Ignite, routinely producing reference-backed summaries. Customers can regenerate, summarize, and share investigation findings through PDF or plaintext recordsdata. These findings keep updated as investigations evolve.
Cyware additionally incorporates MCP
Cyware’s MCP Server integrates LLMs instantly into workflows to offer real-time context and management throughout detection and response. MCP Server is integrated into Cyware’s Quarterback AI, which options automated summarization and sensible parsing, the place embedded AI brokers floor indicators of compromise (IOCs), adversary TTPs, malware, and vulnerabilities. It additionally provides suggestions from menace intelligence and alerts.
Palo Alto Networks expands Cortex Cloud
Palo Alto Networks’ Cortex Cloud now options utility security posture administration (ASPM) and an open AppSec accomplice ecosystem that shares confirmed instruments and integrates findings from industry-leading scanners. Cortex Cloud surfaces vital dangers and vulnerabilities, automates fixes, and routinely maps vulnerabilities and routes them to the related developer. Findings are correlated throughout the menace floor in order that SOCs have the visibility to detect, prioritize, and reply to essentially the most critical threats.
CrowdStrike Falcon Defend expands help for tons of of apps
Falcon Defend is now built-in with the OpenAI ChatGPT Enterprise Compliance API to assist groups see and govern GPT-based and Codex brokers. This expands help for 175-plus SaaS apps.
Falcon Defend maps brokers to their human creators to hint entry, govern privileges and safe identities; detects dangerous conduct; and routinely accommodates threats through Falcon Fusion, CrowdStrike’s no-code security orchestration, automation, and response (SOAR engine).
AppOmni provides groups app management
AppOmni has launched three new product packages to present enterprises management over their SaaS and AI apps. A “foundations” starter bundle discovers shadow SaaS and AI, app customers and permissions, and threats and suspicious actions. A sophisticated tier provides extra subtle menace detection and SaaS controls, whereas an enterprise bundle supplies “the best degree of SaaS security maturity.”
The platform additionally options enhanced menace detection and help for 30 new AI and SaaS functions, together with ChatGPT Enterprise, Claude, Cisco Umbrella and Safe Entry, and Gong.
Tenable AI Publicity permits groups to see, handle, and management dangers
Constructed into Tenable One, the brand new Tenable AI Publicity helps enterprises see, handle, and management dangers introduced by enterprise use of generative AI instruments comparable to ChatGPT Enterprise and Microsoft Copilot. It identifies all AI utilization (whether or not allowed or not), prioritizes dangers, and enforces security guardrails and group insurance policies.
Menlo secures storage and controls browsers
The brand new Menlo Safe Storage provides customers full accessibility to recordsdata. They don’t seem to be, nevertheless, allowed to avoid wasting regionally to their very own units; all file interactions keep confined inside the cloud atmosphere. This enables contractors and different third events to securely entry delicate paperwork and staff to switch recordsdata between safe apps with out exposing them on endpoints.
Menlo’s new Adaptive Net provides cloud-based browser controls. Delivered by means of Menlo’s cloud service, the platform permits groups to tailor customers’ capabilities, redact knowledge, block and redirect pages, implement secure search, and disable password fields. Modules could be custom-made and deployed based mostly on particular person customers or teams throughout browser periods.
