The Top Trends at Black Hat 2024

This year’s Black Hat conference provided security practitioners with a wide range of opportunities to discuss emerging technologies and their intersection with emerging threats. The majority of panels, talks and side conversations on the floor focused on the challenges and opportunities presented by cutting-edge technological advances, and I wrapped these up into several top trends that investors, founders and security leaders should track in the coming months. 

AI, AI, AI

Unsurprisingly, AI continues to be the buzz of the ball, but it is increasingly interesting to witness the evolution of how AI tools and tech are discussed from a security perspective. Discussions ranged from AI-powered threat detection to the potential misuse of AI for creating deepfakes and other malicious purposes. Black Hat provided a condensed view of how AI has taken over the cybersecurity industry, with various categories and products adopting this groundbreaking technology. It’s become nearly impossible to find a security solution that doesn’t boast its ability to leverage AI. 

Security for GenAI is one the most interesting subcategories in the AI sector that recently emerged, as we’re seeing a growing number of startups chasing one, coveted goal: enabling organizations and users to leverage AI in a safe and secure manner. Some of these startups focus on securing enterprise use of AI by employees, some strive to find innovative ways to protect their company models from malicious inputs, unauthorized access or other forms of misuse, and others, such as Aim Security, introduce a holistic approach with a comprehensive platform for 360-degree GenAI Security.

Several startups are exploring the use of AI for Security, attempting to leverage its revolutionary benefits for efficiency, speed and cost effectiveness. These attributes can be leveraged across all existing cybersecurity sectors, from automation for the SOC analyst to prioritizing vulnerabilities (check out Opus Security), to security design reviews. 

Application Detection and Response (ADR)

One of the standout categories at Black Hat this year was ADR, a new approach to securing applications from within, rather than externally. As modern apps become more complex with microservices, APIs and cloud native architectures, gaps are formed as traditional AppSec tools struggle to keep up. Application Detection and Response has risen to the taks of closing these gaps, with ADR-focused startups such as Miggo Security offering comprehensive visibility at runtime, with continuous monitoring of the flows between application services to detect and respond to cyberattacks. It isn’t surprising that Black Hat attendees were talking about these gaps and relevant solutions, with the high-profile application attacks of 2023 and their critical AppSec blind spots (MOVEit, Microsoft Sharepoint, Ivanti Gateway and GoAnywhere breaches) are still top of mind. 

The Human Element

The human element in cybersecurity has been a recurring topic of concern for security professionals, taking center stage at this year’s Black Hat. Attacks have been growing in sophistication and security leaders have been spending growing amounts of money and effort on security tools to address them, only to find that the human element – bolstered even more by the emergence of AI – is riskier than ever. Often considered “the weakest link” in the security chain, humans are a consistent concern for security professionals and vendors. Startups now understand the need for a holistic approach to this risk, addressing both technological and human factors – including security culture. Hox Hunt and Amplifier Security are two such examples, focusing on individualized phishing training, automated security awareness training and advanced behavior change. 

The Software Supply Chain

A source of ongoing CISO frustration, securing the software supply chain remains a top-of-mind concern and was featured prominently in this year’s Black Hat. CISOs know that they can have a top tier, well-rounded security stack in their organization, but a breach originating from third parties in their supply chain can put the entire organization in danger. Vendors that focus on this space, including Endor Labs, Scribe, and others, address the complex software development attack surfaces and other hot supply chain security areas of concern. 

Until Next Year

Black Hat 2024 underscored the constantly evolving nature of the modern cybersecurity landscape. This year’s top trends make it clear that organizations must adopt a multifaceted, proactive approach to safeguard their assets and strengthen their security posture. As we look forward to next year’s conference, we anticipate even greater emphasis on emerging technologies, mitigating the complexity challenge and regulating the rampant use of AI as the industry continues to scale, adapt and innovate at an accelerated pace.