We requested a easy query to cybersecurity professionals at Black Hat 25: What retains you up at night time?
Their solutions minimize via the noise, surfacing pressing considerations about evolving threats, weak organizational readiness, and an unsure future. However one theme rose above the remaining: AI is accelerating every little thing. Infrastructure grows sooner, assaults land faster, and defenders are racing to maintain up.
The consensus? Defenses are lagging, whereas the dangers proceed to accentuate.
When the machines transfer sooner than we do
AI is quickly remodeling cybersecurity, empowering defenders and supercharging attackers alike. In response to IBM’s 2025 Price of a Information Breach Report, 13% of organizations reported safety incidents involving AI fashions or functions; of these, 97% lacked correct entry controls on the time of the breach.
Instruments like generative AI are fueling sooner, extra convincing phishing and social engineering campaigns. In the meantime, defenders scramble to replace coaching, insurance policies, and incident response playbooks to match the velocity of change.
Ken Phelan, chief expertise officer of Gotham Expertise Group in New York Metropolis, sees this acceleration as a basic infrastructure downside.
“We’re creating property sooner than we are able to handle them,” Phelan advised TechRepublic. “The infrastructure world is shifting sooner than compliance. We’re in a world of containers and automation, and safety is lagging behind.”
He described it as a “velocity downside” — one the place organizations are pressured to maneuver shortly however lack the visibility and management to take action safely.
That problem is entrance and middle for Rana Khurram, head of InfoSec GRC at C&R Software program in Ontario, Canada.
“Organizations don’t have correct steerage or controls in place,” Khurram advised TechRepublic. “Deepfakes might be used to impersonate our COO and trick the accounting workforce into releasing funds.”
The velocity of AI innovation is stretching safety administration to its limits.
“From the managing perspective,” he added, “we’re simply making an attempt to maintain up with all of it.”
Going through the unknown: ‘Don’t panic, however put together’
For some cybersecurity professionals, the best concern is the sheer unpredictability of what AI will convey subsequent. That uncertainty weighs closely on Jared Currie, IT safety supervisor at Claro Enterprise Options in Miramar, Florida.
“Proper now, it’s the unpredictability of what the influence will probably be,” Currie advised TechRepublic. “All of us have concepts about how we predict it should influence issues, however we’re considering in restricted phrases. I feel it will introduce new methods and avenues of knowledge circulate and interplay.”
Currie mentioned deepfakes are each a office menace and a broader concern with political and societal implications. And whereas ransomware stays a urgent difficulty, he mentioned it’s AI’s unknown ripple results — from hiring must protection priorities — that make it more durable to plan.
His recommendation: don’t panic, however put together.
“There’s no level in worrying in regards to the unknown. Do what you’re doing — maintain your protection in depth, give attention to what you may management. And as new applied sciences emerge, be able to adapt.”
In the long run, it’s nonetheless individuals making the errors
For all of the dialog round AI, deepfakes, and automation, one particular person reminded us that the oldest vulnerability in cybersecurity remains to be essentially the most persistent: individuals.
Joseph Resendes, a cybersecurity intelligence pupil in his last semester at Embry-Riddle Aeronautical College, pointed to consumer habits as a lingering and underestimated menace.
“It’s the individuals,” Resendes mentioned. “Quite a lot of people within the business don’t actually know the sorts of assaults hackers use. Phishing emails nonetheless get via as a result of they look like coming from a boss or government. Somebody clicks to attempt to be useful — and identical to that, they’ve launched a distant entry trojan.”
Whereas technical controls are in place to cut back the harm, Resendes believes the true downside is a failure to be taught from previous errors.
“We’ve got mechanisms in place to cease workers from making errors, however customers don’t at all times be taught from them,” he mentioned. “Hackers like to prey on that lack of expertise.”
Resendes’s feedback echo a typical reality throughout cybersecurity: irrespective of how superior the instruments develop into, human error stays one of the crucial exploitable gaps.
Extra Black Hat protection
AI is altering the menace panorama. Right here’s easy methods to shield your group from what’s coming subsequent.
