Black Hat 2025: AI As The New Insider Threat

Category :

AI

Posted On :

Share This :

 

Over the last six months, there has been a 136% surge in cloud incursions. North Korean agents used AI-generated identities to penetrate 320 businesses. Ransomware may now be distributed using Scattered Spider in less than a day. But at Black Hat 2025, the security community showed that it has at last found a solution that works: agentic AI, which produces quantifiable outcomes rather than empty promises.

 

As part of a larger campaign that affected 320 firms, CrowdStrike recently identified 28 North Korean spies embedded as remote IT workers. This shows how agentic AI is progressing from idea to real-world threat detection.

The most compelling theme at Black Hat 2025 was operational readiness rather than hype or theoretical claims, even though almost all of the vendors had performance figures available, either from agentic AI deployments in full production or from beta programs in progress.

 

According to CISO spoke with at Black Hat, investigation times have greatly improved and the company can handle a lot more alerts with existing staffing numbers. Specific benefits, however, are contingent upon the use case’s complexity and implementation maturity. The shift from aspirational roadmaps to actual results is noteworthy.

 

Additionally, security teams are beginning to see tangible, genuine efficiency gains that correspond to the metrics that boards request. These include better resource use, increased threat detection rates, and decreased mean time to investigate (MTTI). At Black Hat 2025, the focus of the discussion changed from AI’s potential to its quantified effects on security operations.

 

 

The Arms Race For Agentic AI Moves From Promises To Output

Agentic AI dominated the discussion at Black Hat 2025, with numerous sessions focusing on how attackers own or can readily hack agents. They saw more than 100 announcements advertising new platforms, services, or applications for agentic AI. Use cases and outcomes are being produced by vendors. Compared to the numerous promises made in previous years, that is a refreshing difference. Closing hype gaps and delivering results are urgent priorities.

 

In an interview, Adam Meyers, chief of counter adversary operations at CrowdStrike, explained the factors causing this urgency: Whether SOC operators use MCP servers to gain access to APIs, “Agentic AI truly becomes the platform that allows them to build those automations.” More and more businesses are beginning to use our agentic AI to facilitate their integration with the Falcon and CrowdStrike platforms.

 

We think this response is necessary given the severity of the threat. Meyers underlined, “When they’re moving at that speed, you can’t wait,” pointing out that some enemies now spread ransomware in less than a day. “You need human threat hunters in the loop who are alerting you to the fact that the adversary is present and engaged in hand-to-hand combat with them as soon as they gain access or appear.”

 

Meyers highlighted the scale at which these algorithms now function by revealing, “Last year, we looked at 60 billion hunting leads that result in about 13 million investigations, 27,000 customer escalations, and 4000 emails that we started sending to customers.” Significant improvements were made to Security Copilot by Microsoft Security, which now has autonomous investigative capabilities that can correlate threats across Sentinel, Microsoft Defender, and third-party security solutions without the need for human participation. Palo Alto Networks showcased the new agentic capabilities of Cortex XSOAR, demonstrating how their platform can now independently investigate, triage warnings, and even carry out remediation activities within predetermined boundaries.

 

One of Black Hat’s biggest announcements came from Cisco, which unveiled Foundation-sec-8B-Instruct, the first conversational AI model created just for cybersecurity. Running on a single GPU, this eight-billion-parameter model performs better on security tasks than much larger general-purpose models, such as GPT-4o-mini.

 

The architecture of this edition is entirely open-source, which makes it unique. Security teams can use Foundation-sec-8B-Instruct ships with fully open weights under a permissive license, allowing them to be deployed at the edge, on-premises, or in air-gapped environments without being locked into a vendor. Hugging Face offers the model for free together with the Foundation AI Cookbook, which includes implementation templates and deployment instructions.

 

“Foundation-sec-8B-Instruct is operational, accessible, and prepared for defense. Yaron Singer, VP of AI and Security at Foundation, emphasizes the collaborative potential of this open-source approach by saying, “Download it, prompt it, and help shape the future of AI-powered cybersecurity.”

 

SentinelOne used a different strategy, highlighting the Purple AI’s capacity to not only conduct investigations but also to “think ahead,” or anticipate enemy actions by analyzing behavioral patterns and proactively modifying defenses.

Threat intelligence from CrowdStrike shows how adversaries such as FAMOUS CHOLLIMA are using gen AI as a weapon at every step of insider threat operations, from managing many concurrent job roles to establishing synthetic identities. CrowdStrike 2025 Threat Hunting Report is the source.

 

 

How Quickly Everything Altered Due To The North Korean Threat

Over 320 businesses were invaded by renowned Chollima agents in the previous year. That is a significant change in enterprise security threats, up 220% over the previous year.

In an interview, Meyers stated, “They’re using AI throughout the entire process.” “They’re employing deepfake technology to alter their appearance during the interview after using generative AI to construct resumes and LinkedIn profiles. AI is being used to provide answers to interview questions. Once they are employed, they will use AI to write the code and carry out their assigned tasks.

 

These operations are supported by very advanced infrastructure. To provide remote access, one facilitator from Arizona kept up with ninety laptops. As adversaries broaden their targets, operations have extended outside the United States to France, Canada, and Japan.

 

According to CrowdStrike’s July data, there were 33 FAMOUS CHOLLIMA interactions, of which 28 were verified as malevolent insiders who had been successful in landing a job. Instead of depending on conventional malware attacks that security tools can identify, they are AI-enhanced operators operating within companies with valid credentials.

 

 

Why The Human Aspect Is Still Essential?

The idea that agentic AI complements human analysts rather than replaces them was a recurring theme in all vendor presentations, regardless of the advancements in technology. Even with its current level of excellence, “agent AI will not take the place of humans in the loop.” “There must be human threat hunters out there who can use their intelligence, experience, and insight to try to find these adversaries in novel ways,” Meyers underlined.

 

This approach of human-machine collaboration was adopted by all major vendors. In its Mission Control release, Splunk highlighted how its agentic AI acts as a “force multiplier” for analysts, managing repetitive chores while elevating more complicated decisions to people. Even the most passionate proponents of automation agreed that human supervision is still necessary for critical choices and innovative problem-solving.

 

The Focus Of Competition Changes From Features To Outcomes

Ironically, Black Hat 2025 demonstrated a more cohesive approach to cybersecurity than any other event, despite intense competition in the drive to offer agentic AI solutions for the SOC. Three essential elements were highlighted by each major vendor: reasoning engines with context awareness and the ability to make complex decisions. These action frameworks allow for learning systems that continuously improve depending on results and autonomous response within predetermined limitations.

 

This change was demonstrated by Google Cloud Security’s Chronicle SOAR, which added an agentic mode that autonomously looks into warnings by requesting information from several sources, comparing results, and providing analysts with comprehensive investigation packages. With IBM and others adding autonomous investigative capabilities to their current deployments, even historically conservative companies have embraced the shift. The convergence was clear: the industry is now competing on operational excellence rather than AI presence.

 

AI is expected to emerge as the new insider threat, according to many predictions. Black Hat 2025 also emphasized new issues for the future. “AI is going to be the next insider threat,” Meyers said, possibly the most sobering prediction of the conference. Those AIs are implicitly trusted by organizations. They use it for all of these things, and the more at ease they get, the less they will check the results.

 

Discussions concerning governance and uniformity were spurred by this worry. A working group on agentic AI security standards was announced by the Cloud Security Alliance, and a number of firms pledged to cooperate on AI agent interoperability. The industry’s realization that protecting AI agents is becoming just as crucial as utilizing them for security is demonstrated by CrowdStrike’s extension of Falcon Shield to incorporate governance for OpenAI GPT-based agents and Cisco’s AI supply chain security project with Hugging Face.

 

The rate of change is quickening. Meyers said, “Adversaries are moving incredibly fast.” “In April, scattered spiders attacked retail, followed by insurance companies in May and the aviation industry in June and July.” Organizations cannot afford to wait for ideal solutions given the pace at which they can iterate and change.

 

The Bottom Line

What many cybersecurity specialists anticipated was validated by this year’s Black Hat. Their organizations are now at risk from AI-driven attacks on a growing number of unanticipated surfaces.

 

Hiring and human resources turned into the unanticipated threat surface. Famous Chollima agents are infiltrating every U.S. and Western technology company they can find in order to steal priceless intellectual property and obtain quick cash to support North Korea’s weapons development. Attacks take on a whole new dimension as a result. Businesses’ fundamental intellectual property, national security, and the confidence that consumers have in the companies they do business with are all at stake in doing this right, therefore organizations and the security leaders leading them would be wise to keep this in mind.