Maybe it’s the confidence that comes from meeting 20,000 of your peers in Las Vegas, but security professionals at this year’s Black Hat conference expressed optimism about using AI and automation to thwart attackers.
Citing bug-bounty programs, automated code-flaw discoveries, and the increasing automation of the security operations center (SOC), infosec veterans and industry professionals—some of who work for companies designing AI-assisted defenses, funnily enough—shared a few early AI wins for defenders.
“AI is the key because that’s one of the few fields where defenders are ahead of the attackers,” said Mikko Hypponen, a cybersecurity practitioner since 1991.
In a conference-opening speech on August 6 highlighting his many decades of threat research, Hypponen, who recently left cybersecurity company WithSecure to join the drone-detection firm Sensofusion as chief research officer, shared how defenses have evolved from reverse-engineering floppy-disk computer viruses in the ’90s to finding never-before-seen code vulnerabilities (aka zero days) with the help of today’s large language models.
A June 2025 paper revealed how UC Berkeley researchers used a “CyberGym” of AI models to find 15 previously unknown vulnerabilities, or zero days, in 188 large open-source code bases. Google’s Project Zero team, in a November 2024 post, revealed how they used an AI agent to find a previously unknown software flaw.
“I’m already losing count,” Hypponen said of how many zero days have been discovered by large language models (LLMs).
Hack and forth. Speaking of losing count, there are many adversaries using AI in their attacks today:
- Deepfakers have impersonated execs;
- LLMs like FraudGPT, according to its dark-web ads, create undetectable malware;
- Ransomware actors use chatbots; and
- Prompt injections can lead to a convincing phishing message.
“Adversaries definitely have an edge for the simple reason that adversaries don't have a compliance department slowing them down,” Ian L. Paterson, CEO at cybersecurity provider Plurilock (and Black Hat attendee), told us, adding that AI has helped drive an uptick of high-quality phishing messages in a variety of languages.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Security vendors and defenders, however, showed off their own AI-powered defenses. Microsoft says its “Project Ire” agent prototype, released on August 5, fully reverse-engineers a software file to determine if code is malicious. Threat intel platform SOCRadar released an agentic approach to detect domain impersonation. Meanwhile, DARPA announced winners of its AI Cyber Challenge—an effort to use autonomous systems to secure critical application software.
In a conference-closing panel featuring Black Hat’s review-board members, VP of security engineering at Google Heather Adkins and Black Hat founder Jeff Moss agreed that AI will help defenders enforce cybersecurity mechanisms—shutting down accounts and sending malicious code quickly for review—across their infrastructures.
“It’ll take a while for us to trust that. But in the end, I think the definition of winning will be that the defense has better tooling to be able to shut these [cyberattacks] down fast,” Adkins told attendees.
One problem for defenders, according to Jason Haddix, CEO at Arcanum Information Security, has been “scaling the humans that we have that protect us, and scaling the technologies across massive amounts of code or infrastructure.”
“I think that the scale that AI brings will help defenders more than it will help attackers,” he told the crowd.
You had one job! While security pros expressed confidence in AI’s assistive capabilities, one attendee raised concerns about AI replacing today’s human security analyst. Security budgets have tightened, and orgs are increasingly willing to spend on tooling rather than people, according to a recent report.
An informal poll of the room revealed more confidence in numbers amongst the Vegas security professionals.
“How many people here are concerned that they will be losing their role to our robotic overlords?” Daniel Cuthbert, global head of cyber security research at Santander, asked.
According to Cuthbert’s count (which did not include a “yes” vote from Adkins onstage): only four in the crowd raised their hands.