Analyst(s): Fernando Montenegro
Publication Date: August 14, 2025

What is Covered in this Article:

• The “Security Summer Camp” Experience in Las Vegas: An overview of the major security conferences, highlighting the distinct characters of the enterprise-focused Black Hat USA and the community-driven, hacker-centric DEF CON.
• Key Observations and Industry Trends: A detailed analysis of the main themes from the events, including the all-encompassing conversation around AI, the challenge of a continually expanding attack surface, and the ongoing evolution of the security platform discussion.
• A Glimpse into the World of DEF CON: A look at the unique culture of DEF CON, its organization around topic-specific “villages,” and its ongoing evolution as it engages with a broader set of industry and government stakeholders.

Security Summer Camp

The first week of August is affectionately known in industry as “Security Summer Camp” (or “Hacker Summer Camp”), as thousands of practitioners, executives, researchers, vendors, enthusiasts, and more descend upon Las Vegas for a series of security conferences anchored on two key events: DEF CON, famous for its hacker ethos and composed on numerous specialist villages, and Black Hat, itself made up of trainings, topic-specific summits, and briefings. Surrounding these two events are other community events – notably but not exclusively BSides Las Vegas and The Diana Initiative – as well as other smaller gatherings led by interest groups, vendors, etc.

Black Hat USA

Black Hat USA, held at the Mandalay Bay, is the one closest to enterprise cybersecurity, offering in-depth training sessions, topic-specific summits, and two days of presentations known as briefings. The presentations cover various topics, from AI to reverse engineering, development of exploits, vulnerability discovery, and more. Black Hat is usually recognized as a key venue for security researchers to publish their work.

Right alongside these sessions is a vibrant expo hall, with approximately 400 sponsors of all sizes, from the largest cybersecurity vendors down to startups. In addition to typical vendor booths, the expo hall has a separate area for those presenting security tools (“Arsenal”) and this year included a dedicated area for AI-specific startups.

The summits and micro-summits are topic-specific groupings of sessions, and this year, they included a well-attended AI Summit, a dedicated CISO Summit aimed at executives, and summits covering investments, insurance, supply chain security, and industrial controls security, among others.

This year saw an expansion in keynotes, including presentations from industry luminaries, journalists, and more. The organizers also announced a new global startup competition that will see competition evolve across the multiple events run by Informa, culminating with a final round at next year’s Black Hat USA.

DEF CON

DEF CON actually predates Black Hat USA. The conference has had a storied history, seeping with the ‘hacker ethos’ of testing boundaries of systems. For the past couple of years, the conference has been held at the Las Vegas Convention Center, and this year saw approximately 30,000 attendees. While Black Hat is more aligned to enterprise cybersecurity, DEF CON has a broader appeal, reflected in the diversity of participants, their attire, as numerous participants show up in costumes, and the breadth of topics covered.

DEF CON is primarily organized around topic-specific “villages” that are run by volunteers and include a mixture of technical sessions, activities such as “capture the flag” exercises, and more. The conference also has main stage sessions, with presentations on key topics around hacking.

Black Hat 2025, Def Con, And Others: Yes, AI, Sure, But Much, Much More

Analyst Take: In general, we saw very similar trends related to the industry’s other key event, the RSAC Conference. Like at RSAC, the energy of the events underscored the industry’s vibrancy, with a powerful network effect emerging from having tens of thousands of practitioners, vendors, researchers, investors, and executives in one place. The Futurum Group’s analysis, derived from numerous formal briefings, pre-conference meetings, and other interactions, is aligned with the four major key trends for our current research agenda.

The All-Encompassing AI Conversation

Not surprising, AI was the theme permeating every conversation at the conference. The Futurum Group frames this topic through three lenses: AI for Security, Security for AI, and Security against AI. At Black Hat, we observed how quickly the community is acting, with significant community guidance from groups such as OWASP, MITRE, and NIST, although the material remains highly tactical.

Another important observation is that the industry is coalescing around “AI red teaming” as the standard for testing the security of AI models. A key observation is that practitioners seem to focus on security testing being closely related to “breaking prompts”, which may miss the bigger picture of the underlying technology, a situation analogous to the “blind man and the elephant” parable. As today’s deep learning models begin to plateau—GPT-5, released last week, is “nowhere near the expectation” that was painted a year ago—a significant opportunity exists to educate security teams on deeper AI architectures. This includes a potential resurgence of neuro-symbolic AI and bounded rationality approaches, which could require teaching security teams skills such as formal logic and Bayesian solvers. For now, the most tangible progress is in constrained use cases, such as using AI to augment—not replace—SOC analysts. We also observed significant progress in the use of AI in application security use cases.

In further evidence of the momentum behind AI, startup Noma Security announced a $100M USD funding round just ahead of the conference.

Managing an Ever-Expanding Attack Surface

A constant pressure point for security leaders is the mandate to cover “More things, different things, and different domains within those things”. A hypothetical SOC analyst who once specialized in EDR on 500 endpoints now must manage 5,000 mixed endpoints—including workstations, servers, IoT, and OT devices—while also looking at NDR, identity, data, and application security.

At the show, we saw a strong preference for vendors looking to address this via the “Exposure Management” approach. Wiz, for example, announced its Exposure Management offering. Closely related to this is a broader acceptance of more sophisticated risk management conversations, with vendors such as Qualys proposing a more robust handling of the topic.

From a technology perspective, the industry’s response includes leaning heavily on AI for augmentation and increasing focus on areas such as browser security and micro-segmentation.

Quantum security was notably absent from discussions, with only three or four vendors in this space. This is attributed to a collective industry mindset that mirrors the Eisenhower Matrix: AI is currently in the “urgent and important” quadrant, whereas quantum likely fits in the “important, but not urgent” category.

The Evolving Security Platform Discussion

The debate over security platforms continues, but The Futurum Group finds the “platform versus best of breed” framing insufficient. The analysis should be three-dimensional, including platform vs. point product, best-of-breed vs. good enough, and the often-overlooked build vs. outsource choice. While this topic took a backseat to AI this year, every large security platform vendor, such as Palo Alto Networks, CrowdStrike, Microsoft, Google, Fortinet, Trend Micro, and SentinelOne, was present. We also note that vendors such as OpenText and Hewlett-Packard Enterprise (HPE) have portfolios that can be part of this broader conversation.

From a focus perspective, the market is still digesting the news about Palo Alto Networks’ acquisition of CyberArk. The topic overshadowed other news, such as SentinelOne’s acquisition of Prompt Security.

Notes on Data Protection and Cyber Resilience

The data protection space saw some interesting movement. A noteworthy announcement was a recent partnership between Rubrik and Sophos to deliver data protection for Microsoft environments. This move suggests Sophos is methodically building out a security platform aimed at the smaller mid-market and small market segments. Elsewhere, Cyera was highly visible with a flurry of announcements related to its SPM and AI capabilities. Other smaller data-centric security vendors, including CyberHaven and Concentric AI, were also noted for follow-up.

A Note on DEF CON

DEF CON has a completely different vibe. It is larger than Black Hat, with an estimated 30,000 attendees this year, and it retains the “original hacker mentality”. The conference is changing; the attendee base is “getting older,” and the event is “accepting more of this broader reach of things”. While this evolution of its core identity may represent a shift from its roots, it is likely a helpful development for fostering dialogue with a wider range of industry and policy stakeholders. Still, it takes some adjustments to see “Dark Tangent” (the hacker handle for Jeff Moss, conference founder and organizer) sharing the stage with retired general Paul Nakasone. Still, as the industry evolves, it is precisely these types of interactions that can yield collaboration across critical areas of infrastructure.

One of the most fascinating aspects of DEF CON 33 was the conclusion of the AIxCC DARPA/ARPA-H cyber challenge. Here, teams competed to create autonomous systems that find and remediate software flaws. In an effort supported by Google, Microsoft, OpenAI, Anthropic, Linux Foundation, and the Open Source Security Foundation (OpenSSF), teams competed for a first-place prize of $4M USD, with over $15M USD in total prizes, in a competition that spans three years.

Other Topics

As The Futurum Group looks ahead in our research agenda, it was notable to have conversations with key vendors in selected spaces. In software supply chain security, Lineaje and Cybeats offered interesting insights into the evolution of the usage of Software Bills of Material (SBOM). In terms of future research on risk management, we appreciated the interactions with Qualys and Tenchi Security on topics including cyber risk quantification and third-party risk management.

What to Watch:

• Will the renewed energy of in-person events continue? This year’s RSAC Conference was described as a great and vibrant edition, attracting over 44,000 attendees and spawning hundreds of side events. Black Hat and DEF CON continued this trend, raising the question of whether other industry events can maintain this momentum.
• How will agentic AI workflows evolve from augmentation to autonomy? Today, the consensus is that agentic AI serves to augment human analysts, not replace them, particularly in the SOC. The question is how these workflows will mature from assisting with triage and enrichment to handling more complex, coordinated multi-agent tasks.
• As platforms consolidate, what is the future of the partner ecosystem? The push for platformization is clear, but this doesn’t eliminate the need for specialized offerings. Point product vendors are being encouraged to integrate with and work alongside major platforms, suggesting a future defined by strategic partnerships and a rich channel ecosystem.
• How will DEF CON’s identity evolve with its audience? The conference is maturing, now in its 33rd edition. This shift suggests increasing dialogue with enterprise and government stakeholders, raising questions about how it will balance its “original hacker mentality” with these new dynamics.

For more details about the key events from Security Summer Camp, please refer to the Black Hat conference recap and to the DEF CON home page.

Declaration of Generative AI and AI-assisted Technologies in the Writing Process: While preparing this work, the author used Google Gemini to summarize notes and transcripts. After using this service, the author reviewed and edited the content as needed. The author takes full responsibility for the publication’s content.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other insights from Futurum:

Trends at the RSAC Conference Point to the High-Stakes Nature of Cybersecurity – Report Summary

Cybersecurity is a Strategic and Budgetary Priority, Per Futurum Research

Governing the Browser: Security’s Next Frontier – Report Summary

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.