Artificial Intelligence (AI) dominated conversations at Black Hat USA 2025. On the show floor, attendees and vendors discussed AI-powered capabilities and the future of cybersecurity, and the annual AI Summit and AI Track Meetup drew its usual crowd. More than a dozen keynotes, mainstage presentations and sessions explored the challenges and opportunities associated with this emerging technology, from security concerns and cognitive implications to innovative security solutions and increased defenses. Across the conference, the pros, cons, challenges, opportunities, concerns, revolutions and world transformation AI is bringing in were universally top of mind.  

Shining the Spotlight on AI’s Benefits and New Opportunities 

From the customers and booth visitors we spoke with, the outlook was optimistic. Many see AI as a way to unlock new levels of efficiency, improve decision-making and better serve customers. The potential to reduce alert fatigue, automate routine tasks and accelerate detection and response was frequently mentioned. To many, AI is starting to be seen as a critical tool in a cyber defender’s arsenal. 

Some sessions reinforced this view. In a standout talk, Brendan Dolan-Gavitt, AI Researcher, XBOW, demonstrated how AI agents can autonomously identify zero-day vulnerabilities at scale without overwhelming analysts with false positives. By using robust exploit validation, his team uncovered more than 200 zero-day vulnerabilities in public web applications. During another compelling session, “Let LLM Learn,” Phd students explored how language models can evolve beyond simple static analysis by incrementally building semantic knowledge. This approach mimics the intuition of expert analysts, enabling LLMs to detect bugs in complex systems such as VirtualBox and medical devices with greater accuracy and contextual understanding. While challenges remain, including concerns around hallucinations, model integrity and data security, the momentum is clear.  

A Sober Look at AI as Challenges Persist 

Despite the many promising advancements, many sessions leaned into the concerns and challenges surrounding AI. Experts spoke about the risks of weaponized AI capabilities, including how threat actors could exploit tools from major tech providers or take advantage of security gaps introduced by autonomous agents. Several speakers emphasized the urgent need for purpose-built security approaches that can keep pace with agentic AI. Beyond technical threats, researchers also explored the intersection of AI, cybersecurity and neuroscience — raising early but important questions about how AI could influence or manipulate human behavior. 

While these cognitive implications are still emerging and complex to address, securing AI agents themselves is more achievable than many assume. It requires targeted solutions and best practices that treat these Non-Human Identities (NHIs) as distinct entities with their own risks and privileges. Unfortunately, many organizations are not yet adapting to this shift, and as a result, are leaving critical gaps in their defenses.  

AI adds a new level of complexity to identity management. Models, pipelines, autonomous agents and orchestration tools often create short-lived, high-privilege NHIs outside traditional IT workflows, with little centralized visibility or governance. This rapid sprawl of machine identities makes it difficult for organizations to understand who or what has access to critical systems and to enforce security policies effectively. As AI systems become more autonomous and dynamic, security teams face the challenge of continuously discovering, mapping and monitoring these identities in real time to reduce risk and maintain control. Without tools designed to handle the scale and speed of AI-driven infrastructure, many organizations risk falling behind and leaving critical gaps open to exploitation. 

At our booth, we invited visitors to run a two-minute scan with our “Was I Leaked?” tool, powered by the Oasis NHI Security Cloud. The idea was simple: enter your work email and get a real-time look at whether any secrets tied to your domain had surfaced in public repos, breach datasets, or darknet dumps. For many attendees, it was the first time they saw the real-world blast radius of leaked credentials tied to NHIs.  

AI is adding another layer of complexity. Automated agents and AI workloads regularly create and consume credentials, often with little centralized oversight or clear ownership. These short-lived, high-privilege identities expand the attack surface and increase risk. Effective remediation requires knowing which identity a leaked secret belongs to, who owns that identity and what systems rely on it. Without that context, revoking credentials can cause unintended outages or leave gaps open for attackers. 

The good news is that combining continuous detection with identity-aware remediation can dramatically shrink the window of exposure from days down to minutes. Automated workflows that safely rotate secrets and remove stale credentials without disrupting operations are essential.  

Looking Toward the Future 

At Black Hat this year, one thing was clear: AI is reshaping cybersecurity at every level, from benefits like vulnerability discovery and automated threat detection and response to challenges like new attack vectors. Strategic, responsible adoption and deployment of AI is increasingly critical.