Published to Whisper Club: April 21, 2026 ID: TBW2142
Published to Readers: April 21, 2026
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
ABSTRACT
“This Whisper Report investigates what’s the hardest problem in robotics no one solved. It follows the technologists who reveal why extreme environments, continuous learning during operation, and the elusive quest for a universal foundational model still defy today’s best systems. The full story hints at breakthroughs but leaves the biggest twist ahead. Cited experts: Dr. Yuxin Zhang, Widemount Dynamics Tech Limited; Pai-Heng Hsiao, “Memorence “AI; Anson Yuen, Scanbotics.”
“This Whisper Report investigates the next data breach our industry isn’t ready to handle. It captures urgent insights from Put Data First revealing how emerging threats are reshaping risk landscapes. These include AI pipeline compromises, indirect prompt injections, company chat exfiltration, and deep fake-driven social engineering. Expert perspectives explain why traditional defenses fail. The report urges proactive strategies to secure data integrity across every stage of AI-driven operations before vulnerabilities escalate.”
Target Audience Titles:
Chief Executive Officer, Chief Information Officer, Chief Technology Officer, Chief Data Officer, Chief Security Officer, Head of Data Strategy, Head of Information Security
Director of Cybersecurity, Director of AI Operations, Director of Risk Management, Director Data Governance Manager, Enterprise Architect
Data Scientist, Machine Learning Engineer, Cybersecurity Analyst, AI Operations Specialist, Risk Analyst, Cloud Security Engineer, Threat Intelligence Analyst
Key Takeaways:
AI pipelines are vulnerable at every stage, requiring continuous protection of training data and outputs.
Indirect prompt injections can manipulate AI agents through unvalidated web content, creating hidden security risks.
Company AI chat data is a high-value target for exfiltration, exposing sensitive organizational insights.
Deep fakes amplify social engineering attacks, eroding trust and enabling data breaches through deception.
We took the most frequently asked and most urgent technology questions straight to the data and AI experts gathering at the Put Data First’s Inaugural event held at Planet Hollywood in Las Vegas. This Whisper Report addresses the question regarding the biggest AI risk no one in your organization is talking about as depicted in Figure 1.
Figure 1. Prepare NOW for these Four Data Breaches
Our first area to defend, was suggested by SafeBreach’s Hudney Piquant. “The AI pipeline I like to call it. It’s the pipeline of the data that you are the training data that you have and then your prompting that you’re doing and then the output like those three things I believe that that’s going to be the biggest breach that the adversaries will be looking at because if you’re able to really manipulate those things it’s going to affect the pipeline from a scalability perspective.” Hudney raises an important point that data needs to be always protected, every step of the way on its journey. For more research on how to protect data during execution see Industry Whispers: Public is Private -Confidential Computing in the Cloud.
The next attack vector, brought by Mend.io’s Amit Chita, is subtle and exploits GenAI. “Indirect prompt injections. All the web contains websites. We take AI agents, we connect them to get information from these websites, but we don’t validate that it that this website doesn’t contain prompt injections within them. and they can manipulate our agents as they surf through the web. I think this is going to be one of the major issues that we’re going to deal with in the next coming weeks.” One may want to be careful where you let your agents roam!
Our third attack vector is an insider and SaaS risk with significant exposure potential, highlighted by AnswerRocket’s Shanti Greene. “Exfiltrating company AI chats. So, the organizers like Open AI have done a good job of giving you a sandbox for your company to work within and they’re not training on your data. But being able to exfiltrate a company’s specific use and see what they’re prompting with could be interesting. There’s probably some interesting gold in that data.”
Our final area of concern may not be a direct data breach but rather is a tool frequently leveraged to breach data and trust and is brought to us by The Agentic Manager’s Neil W. Smith. “The implications of deep fakes. We’re already used to AI being used for fishing expeditions, for extracting information from our databases. But what we don’t realize as humans is that we trust other humans to play by the rules more often than not. However, with deep fakes, both voice fakes, visual fakes, and context fakes, I think more and more humans are going to be fooled by the efficacy of deep fakes.” And the more humans that are fooled, the more systems can be compromised. Despite how widely discussed this topic is, deep fakes remain underestimated for their use in fraud and as a social engineering threat.
Published to clients: December 23 2025 ID: TBW2128
Published to Readers: December 24, 2025
Whisper Email Release: February 9, 2026
Public Editions: February 12, 2026
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract
“Aftermarket innovation in 2026 faces three critical blind spots: workforce training lagging behind rapid tech adoption, supply chain visibility gaps impacting profitability, and misinterpretation of EV battery health undermining consumer trust. These challenges, identified through expert insights at AAPEX and SEMA 2025, demand proactive strategies to ensure sustainable growth and competitiveness in an evolving automotive landscape.”
We took the most frequently asked and most urgent technology questions straight to the experts from the automotive sector gathering at the Venetian Convention Center AND Caesars Forum AND the Las Vegas Convention Center for AAPEX & SEMA 2025. This Whisper Report addresses the question regarding what tech blind spot will stall aftermarket innovation in 2026 as depicted in Figure 1.
New innovation is great but only if you know how to use and apply it. The first challenge isn’t as much as the tech as the ability for the employees in the organizations to use the tech as shared by Texa’s Fabio Mazzon. “Up to speed with new technology and be try to be trained as much as possible and follow everything that is new in the automotive world.” Sometimes, the technology changes come faster than the teams are ready for. Keeping up to date with the current speed of innovation is a common challenge of many today. Be sure to schedule your inquiry with your TBW Advisors LLC’s analyst to ensure your roadmap is futureproofed and ready for all the new innovations coming your way. For additional research on training technologies available see Conference Whispers: HR Tech 2025.
One of the biggest challenges for those in the aftermarket industry is simply staying profitable with the greatest challenge being the supply chain. The tariffs alone have thrown global supply chain into a new environment. As Lynnco’s Andrew Yokiel emphasized, “Supply chain. Having greater data and visibility into everything from small parcel down to up to full truckload, LTL, and getting your product to your customers faster and having an idea where it is in the marketplace and having cleaner data to make business decisions to be profitable.” Profitability, much like having customers, is truly a key ingredient to staying in business.
In order for the used and aftermarket to flourish, the value of those components or in adding those components should be commonly agreed upon and understood. Unfortunately, this is a challenge particularly in the EV market as Midtronics’ Lance Losinski emphasized. “Consumer understanding and credibility of the value say the health of a battery pack. That drives the market prices down because the understanding versus mileage on a gas car versus what’s the state of health battery and how long is it going to last and how do you repair these things, creates the biggest gap for a consumer to be able to trust and utilize the vehicle despite having lower service costs long term and things like that. I think that’ll be the biggest blocker in the near term.”
oin us for “AI in Medicine: Promise or Peril?”—a candid discussion with leading experts on how artificial intelligence is reshaping healthcare. From groundbreaking diagnostic tools to ethical dilemmas and patient safety concerns, we’ll explore whether AI is the ultimate game-changer or a ticking time bomb. Gain insights into what’s real, what’s hype, and what’s next for medical innovation. Don’t miss this chance to separate fact from fiction and prepare for the future of healthcare.
Research Code: TBW2129
Cannot make it live? Register and submit your question. The answer will be in the video on TBW Advisors’ YouTube Channel.
NO AI note takers allowed. Event copyrighted by TBW Advisors LLC All Rights Reserved.
BIOS
Doreen Galli, PhD MBA
Doreen Galli, PhD MBA is the Chief of Research at TBW Advisors LLC and regular contributor to Computer Talk Radio. She’s led significant and measurable changes as an executive at IBM, DPWN, Dell, ATT, and most recently Microsoft. Dr Galli was Chief Technology and Chief Privacy Officer in Azure’s MCIGET. Gartner recognized Dr. Galli as an expert in data ingestion, quality, governance, integration, management, and all forms and analytics including sensor data.
Barry P. Chaiken, MD, MPH
Barry P. Chaiken, MD, MPH is a physician, public health specialist, and internationally recognized expert in healthcare AI, clinical informatics, and digital transformation. Trained at SUNY Downstate Medical Center and the Harvard School of Public Health, Dr. Chaiken previously worked with the U.S. Centers for Disease Control and Prevention, experience that informs his expertise in public health analytics, system-level strategy, and the design of resilient, data-driven healthcare systems.
A former Chairperson of the Healthcare Information and Management Systems Society (HIMSS), he has served as a strategic advisor to healthcare IT companies, life sciences organizations, and health systems worldwide. Dr. Chaiken is the author of Future Healthcare 2050 and Navigating the Code, and is a leading keynote speaker on AI, trust, clinician workflow, and patient experience.
A two-time cancer survivor and 41-year rider in the Pan-Mass Challenge, Dr. Chaiken brings a unique perspective that connects clinical knowledge, policy insight, and human experience.
Susie Branagan BSN,RN
Susie Branagan is a highly experienced nurse and healthcare leader whose career spans 25 years of ICU, pediatric psychiatry, adult medical-surgical care, telemetry, perioperative services, and hospital leadership. She has served in roles from frontline clinician to Nurse Manager, gaining a deep understanding of patient care, caregiver well-being, and the operational realities that shape healthcare systems.
As the founder of Susie Branagan Consulting, Susie specializes in trauma-informed care, Just Culture principles, leadership development, communication strategies, and building safe, supportive care environments. She helps teams strengthen accountability, improve psychological safety, and respond to challenging situations with clarity, compassion, and evidence-based practice.
What sets Susie apart is that everything she teaches comes directly from real-life experience, not from textbooks or theory. Her coaching, trainings, and leadership support are grounded in decades of navigating complex cases, supporting distressed families, advocating for staff, and leading teams through high-pressure clinical moments.
Susie’s mission is to transform healthcare culture by empowering leaders and caregivers with practical, human-centered tools that create safer, stronger, more resilient organizations.
Chris Hutchins
Chris Hutchins is the Founder & CEO of Hutchins Data Strategy, a consultancy that helps healthcare organizations unlock the value of data, AI, and analytics with clarity, ethics, and measurable impact. A nationally recognized voice in healthcare transformation, Chris previously served as SVP and Chief Data & Analytics Officer at LifePoint Health, and prior to that, as Chief Data & Analytics Officer at Northwell Health, New York’s largest integrated delivery network.
Over the past two decades, Chris has led enterprise-wide initiatives in self-service analytics, ambient AI, digital governance, and workforce enablement, always with a sharp focus on care equity, operational sustainability, and trust. His leadership is grounded in building practical, inclusive strategies that bring technologists, clinicians, and operators into shared alignment.
Chris is also the creator and host of The Signal Room, a podcast platform amplifying leadership, ethics, and innovation in health. He is a frequent contributor to CDO Magazine, HIMSS, and other national forums, where he advocates for AI adoption that augments human care, not replaces it.
Chris holds a deep belief that every data strategy is ultimately a human strategy, and that transformation only succeeds when it is designed with care at the center.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other example products in the same category may have also been on display.
Published to clients: November 28, 2025 ID: TBW2098
Published to Readers: December 1, 2025
Public Release Date: April 13, 2026
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract
This Whisper Report reveals nine overlooked AI risks in HR—from loss of human connection and identity challenges to compliance, data quality, and black-box concerns. Insights from HRTech2025 experts stress the need for ethical design, integrated systems, and AI literacy to safeguard trust and organizational resilience.
Target Audience Titles:
Chief Human Resources Officer (CHRO), Chief People Officer (CPO), Chief Technology Officer (CTO), Chief Information Officer (CIO), Chief Data & Analytics Officer (CDAO)
VP of HR Technology, VP of Talent Management, Director of HRIS (Human Resource Information Systems), Director of Data Privacy & Compliance
HR Technology Manager, HRIS Analyst, Data Scientist (HR Analytics), AI Ethics Specialist
Key Takeaways
Keep humans in HR: Overreliance on AI erodes trust and relationships—HR must preserve human touchpoints for employee engagement.
Protect identity and ethics: AI adoption impacts employee identity; embed responsible AI design and ethical standards from the start.
Secure and integrate systems: Data security lapses and fragmented AI tools increase risk—prioritize compliance and cohesive integration.
Invest in AI literacy: Lack of training leads to misuse; HR teams need prompt engineering and clear goals for effective AI use.
We took the most frequently asked and most urgent technology questions straight to the human resource technology professionals gathering at HRTECH2025 held in Las Vegas. This Whisper Report addresses the question regarding the biggest AI risk in HR no one talks about? Figure 1 displays the nine risks we will now discuss.
Figure 1. Nine Hidden AI risks in HR No One Talks About
Human resources is all about managing the employees of an organization. It is one of the most critical relationships an organization has. Fountain’s Bastian Botella raises one very concerning risk. “It’s the loss of trust between employees and the company. AI is all over right anywhere from the hiring phase down to retention communication tools everywhere. Okay. At some point and I think it’s going to be sooner rather than later all employees will figure out that the human has been removed from all processes. Removed from interviews, removed from communication, removed from any touch points that they have with their employer.” BambooHR’s Paul Swenson is on the same page. “I see in HR is the over reliance on AI. HR is all about people, right? Like interacting with people and AI can sometimes pull you away from that. So HR needs to stay close to the people. Build relationships with the people that they work with in their companies. But sometimes I think an over reliance on AI can lead to people not doing as much of that which is really the bread and butter of what HR is good at and what they excel at. Right? So as we use AI we need to make sure that we’re you know remaining consistent with our relationships with the people at our companies and providing great employee experiences for our people.” In other words, let’s keeps the humans in humans resource management!
HRTech2025’s opening keynote speaker, FranklinCovey Leadership’s Patrick Leddin observed, “a lot of people in the organization find a lot of value in the work they’re doing. It isn’t just about replacing a task and giving somebody a new task or saying this is going to be something that generative AI is going to do and you you’ll be able to do more analysis. It’s recognizing that people’s sense of self is often times connected to their work and if you take that away from them, how are you going to help them find their new identity?” Given that one of the first questions a stranger asks outside of your name is your profession, it is easy to understand how one’s profession is tied to one’s identity. What is a software engineer who no longer writes code but monitors the AI writing code?
Our next risk came from Eightfold AI’s Michael Dunne. “Great concern that should be attention given to is responsible AI by design.” Many of the critical aspects of a solution need to be thought of from the very beginning. TBW Advisors LLC repeatedly reminds one that security, privacy, and accessibility cannot be an afterthought. Ethical AI is right in the center and a critical part of the predesign work. Michael continued, “You having this bloom of hype around AI and the possibilities. There’s a lot of excitement but one is always take into account then how was this system built from the start and so what I like to say is people should look at their providers and see has this been done by design which means have they done understandings about managing the data what’s called feature sets and how it goes in for recommendations also understand whether the right certifications have been done around data privacy data residency and controls around the use of AI. One is for developing applications being consumers of applications and the use of that data. And you’ll see that now with a number of standards that have come out a lot of people pay attention about the EU AI act. There’s also ISO 420001.” Thus the organization’s ethical stance on how to use the data and AI should be defined in conjunction with your security and privacy policies.
With AI comes a lot of data and information. Darwinbox’s Eli Kameron warns that, “people are sending their data all over the place without even thinking about security. This was a problem already with APIs and it is going to explode with agentic AI particularly folks using MCP protocol servers. So a lot of folks are not thinking about the risks and the compliance risks that they are exposing themselves to when they send data everywhere.” Just because it will take your data, doesn’t mean you should be sharing it with the application. Even lower tiered paid models do not provide the privacy expected by many enterprises.
Risk number five comes to us from Benifex’s Joe Sears. “All these different AI agents out there with different functionality. But each of these companies has their own thing that they’re doing and we need to keep that message joined up and all of the different AI needs to talk to one another. If we can integrate our AI capabilities with the wider AI capabilities that are going on, then that’s going to be that best experience for the employee.” In other words, much like what we saw with commercial UAV’s in the enterprise, AI systems are popping up by function within organizations. Enterprises should take a cohesive desired solutions approach to achieve the best ROI with their AI investments. If AI and your data is becoming siloed in your organization, be sure to schedule your inquiry with your TBW Advisors LLC’s analyst. We can provide you guidance based on first hand experience that is sure to make the difference even is the work is outsourced.
One concerning risk was highlighted by Paychex’s Nathan Shapiro. “Over reliance on AI and even furthermore folks outside HR trying to practice because lacking the expertise can lead to dangerous things. The democratization of AI and the proliferation is fantastic and is going to really change the way we work. But lacking that expertise can run you into some significant challenges and liability. Just think about asking AI for guidance on a termination scenario with an employee and lacking the expertise to know that their age is really critical for discrimination law. What jurisdiction is going to rule on that and the liability it could create?” As long as worker’s have rights and the AI isn’t training on the complexities and nuances of those rights, it may be best to keep seasoned professionals as the humans in the loop!
A tool is only useful if it is used and used properly. As Attensi’s Joanna Akar denoted, a huge risk in, “AI is actually not having the knowledge on how to use it. If you don’t know how to prompt engineer or use AI or Gen AI or whatever type of AI you’re using within your day-to-day. If we fall
you risk not being able to follow the trend, not being able to be more efficient within the learning environment. So, it’s super important that HR people are trained in how to prompt AI or prompt engineering to make sure that they’re utilizing it in the best way possible to get the most return on investment that they can get out of their people.” Lollipop’s Jonathan Ferrell shared very similar concerns. “Lack of understanding on what AI is and what it isn’t. I think a lot of people recognize how quickly it’s able to solve immediate tasks and maybe make it feel like it’s a more complex task, but what really matters is what you’re trying to accomplish. And if you don’t know upfront what you’re trying to accomplish, you could really go in the wrong direction.” Thus to minimize this risk, start with the problem and learn how to communicate with the specific AI you are using for best results!
One Model’s Phil Schrader reports our next risk. “Data quality. The AI is going to be able to answer questions in new ways for organizations. But if you don’t have a quality data model to feed into it or quality reliable tools for it to use, it is going to generate noise, it is going to generate nonsense that actually moves you backward.” Or as previously highlighted in Whisper Report: What are the biggest challenges of Using Gen AI in Logistics?, you put garbage data in you get garbage out. Without quality data, it is not possible to get reliable answers.
The final risk should come as no surprise from anyone but is always important to remember. Aptia USA’s Jeff Williams reminds all, “AI is a black box the way it’s permeating everything we do on an everyday basis. And think about how little each of us really understand about what AI is, how it’s generating the answers it’s generating, and the advice it’s dispensing, and the actions that are being taken as a result. I think the fact that we are lumping AI together for things as simple as a chatbot and things as complex as fully generative large language models. I think kind of lumping all that together, calling it AI and expecting to solve all of our problems without really knowing what’s feeding it underneath, I think is a big un-discussed risk that we really need to address.” Clients will recall a similar warning arrived in Whisper Report: What’s the biggest Cybersecurity Myth in 2025? One of the biggest requirements to shine the light on the black boxes are logs. Let’s make 2026 the year all AI systems are required to provide immutable logs.
Published to clients: November 20, 2025 ID: TBW2107
Published to Readers: November 21, 2025
Whisper Email Release:
Public Release Date:
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
“This Whisper Report explores the most desired casino innovations identified at G2E 2025. Industry experts highlighted two key areas: operational improvements for casinos—such as seamless system integration and cross-platform play—and enhanced player experiences through biometric authentication, personalized VIP services, and engagement strategies. These insights reveal opportunities for transformation and differentiation in gaming technology.”
Put Data First’s Inaugural event brought together a few hundred ranging from deep learning AI experts and data enthusiasts for in-depth, detailed conversations. Sponsoring vendors had demonstrations on-site to enable tangibility to their product capabilities. The event featured 23 round tables as opposed to keynotes and speakers providing an intellectually satisfying and successful networking experience for those involved.
The inaugural Put Data First made an impressive splash featuring AI experts with a long-standing track record in deep learning. This led to deep and insightful conversations by all.
Featuring 23 round tables, vendors at the show were prepared to show product demonstrations to attendees.
Cautions
Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
After 3,000 steps, 30 videos, over 30 minutes of content including demos and a livestream, and a handful of fact checks, our coverage of the inaugural Put Data First held at Planet Hollywood in Las Vegas closes. Registration was easy to find once inside the conference section of Planet Hollywood. Rather than endless keynote speakers, this event featured approximately 23 round tables. In addition, vendors had demonstrations so one could tangibly understand the products. What I enjoyed most was the fact that the event was full of those with deep expertise in deep learning leading to deep conversations about the state and future of various forms of AI in our enterprises and society at large. Enjoy the walkabout of the conference space.
We once again live streamed from on site. On Tuesday requesting those attending to find me to answer Questions 1-3, to introduce all to TBW Advisors LLC, and requesting assistance. Specifically, I requested assistance on your favorite videos for my segment on the November 14th broadcast edition of Computer Talk Radio.
While at Put Data First 2025, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: Put Data First Playlist in its entirety. The playlist will be sited in the end screen, description, and as a pinned comment of the video edition.
The video edition will conclude with gratitude towards those that contributed and a montage of responses to Question 4, “What’s the best part about attending the combination event live in Vegas?”
As mentioned earlier, Put Data First vendors didn’t just show up, but showed up with demonstrations many of which we were able to capture. Kicking things off as many do with an Agentic Workshop for your leadership teams to get your organization on the right path. Led by established AI author, Neil W. Smith, his demonstrations were live conversations with those that attended and at the round tables.
Putting data first, we will start with Mend.io whose platform can secure you application data. The demonstration shows how they help organizations pull back the shadows hiding what AI platforms are being leveraged withing their organizations. The platform monitors vulnerabilities in agentic and generative systems and tests them to ensure resilience against both known and emerging threats.
If you are seeking to secure you environment, above and beyond and including the latest threats? SafeBreach shared the details of their breach and attack platform. During their demonstration, their shared how one could drill into the various aspects of the score to identify the exact weakness to address. Not only were automated updated possible, but one could simulate a red team or blue team against their environment.
Enjoying all the newest forms of AI and convinced you want your own enterprise agentic solution? Lucky for you AnswerRocket was their to answer your need. If you have never seen or thought of the enterprise use case for the power of agentic AI, do enjoy their demo of its power.
Finally, and perhaps the star of the show, are you tired of your generative models hallucinating? Interested in a fact-based model? Well established deep-learning expert Herb Roitblat, Ph.D. was there to share Reliath AI. The demonstration of his fact-based system quickly reveal the differences behind his straight forward concept. Answer based on building up from known facts. I look forward to watching how fast and far they can run and to discover where it shines most.
Either way, fact-based models will be a critical model type to leverage in solutions that must be relied upon. Experienced AI solution developers know it’s not about a single model. The product/end result is about how a combination of models, methods, and agents are orchestrated to deliver the desired customer experience and required business outcomes that matter most.
If you are embarking on any type of data journey, be sure to schedule your inquiry with your TBW Advisors LLC analysts. You can leverage our first-hand experience through-out your transformation and future proofing processes.
We do not have exact dates for Put Data First 2026 at the time of publication; however, it is scheduled to be mid-to-late July 2026 in Las Vegas.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
After 61 videos including 4 first ever onsite livestreams, 150 minutes of recording including multiple exclusive shots – our coverage of Black Hat USA 2025 closes. Black Hat USA 2025 featured over 100 briefings and 120 sponsored sessions, with coverage spanning keynote presentations, technical sessions, and exhibit hall innovations. Topics ranged from AI-driven threat detection and agentic SOC platforms to identity verification and proactive risk management. Trends in cybersecurity regarding defence, use of AI agents, and focus on resiliency continue to grow.
Coverage on Computer Talk Radio August 2, and August 9.
The Conference
Black Hat USA 2025 featured over one hundred briefings and 120 sponsored sessions. Attendance numbers are forthcoming. 2024’s edition featured over 20,000 in person attendees.
Cautions
Black hat is not a conference to attend without preparation. All of one’s technology should be up to date. One should ensure they are leveraging a VPN and a RDID wallet when intentionally going around black hat. If not using one’s phone, a portable faraday pouch is always beneficial.
Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
After 61 videos and related fact checks, over 150 minutes of recording including for the first time ever – four onsite LIVESTREAMS – our coverage of Black Hat USA 2025 closes. Black Hat featured over one hundred briefings and 120 sponsored sessions. Clients may recall the expo hall restrictions during our coverage of HIMSS which treated the entire expo hall like a surgical operating room from a privacy perspective. Guess what? It was even tighter at Black Hat. Nonetheless, we were able to capture the energy as Expo Hall was opening. Not only that, for the first time ever, Informa (who owns Black Hat) gave permission to someone to do a walkabout in Expo Hall prior to its opening for the day. That’s right – enjoy your exclusive look at Black Hat USA 2025 Expo Hall. Not only that, we were able to capture the mouthwatering lunch served on Wednesday. Once again, unlike most events, the What’s To Eat? Video does not include any attendees enabling us to really get a great shot of the food! A first for TBW Advisors LLC – we did four livestreams while on site. One live stream on Tuesday, Wednesday, and Thursday morning. One final livestream went out on Thursday as I requested assistance on your favorite videos for my segment on the August 9th broadcast edition of Computer Talk Radio.
While at Black Hat USA 2025, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Kicking off in dramatic fashion, the conference kicked off with an amazing keynote from non-other than the most famous virus hunters – Mikko Hypponen and father of the Hypponen law of IoT security – one of our favorite coverage spaces. Specifically, Mikko said that if a device is smart, it is vulnerable. It was amazing to hear his story.
On the bleeding edge of things, we received two session summaries from Microsoft’s Thomas Roccia. The first session was his Black Hat session on NOVA – Prompt Pattern Matching regarding a new type of threat gaining traction. The second session is actually at DEFCON – the sister conference where no one would be ignorant enough to bring in modern technology outside of a faraday cage. Fortunately, we caught Thomas while at Black Hat. IN this talk Thomas shared that they are releasing an AI Agent to track crypto currency’s movements including visualization to combat crypto money laundering. The final Microsoft session itself that we captured is the Unmasking of Cyber Villains. I always love when engineers get a very loud boastful ovation from the audience. This stage featured the heroes of MISTIC and Dart who shared how they leverage each other’s strength. MISTIIC stands for Microsoft Threat Intelligence Center while Dart stands for Microsoft’s Diagnostics and Recovery Toolset. In this session, the Microsoft team emphasized that incidents require empathy, speed, and precision. The Darth team is on the ground delivering the empathy and getting the data to MISTIC. MISTIC in turn, provides the cheat codes to the Darth rescue team to quickly combat the incident.
On the topic of using AI Agents on a team of humans in wish SOC, James Spiteri from Elastic Security shared a summary of his session. “AI without Borders: Extending analysts capabilities in a modern Soc” dove into details how Agents and humans can successfully interoperate in a SOC. James also covered critical questions you need to think about in order to truly operationalize this type of situation.
As with many events, some exhibits span outside of the formal expo hall. We were invited to the Dune Security Command Center on site where we heard about their solution. Their adaptive training uses a personal credit risk scoring model. It targets each employee’s risky actions and knowledge gaps with customized, targeted, proactive program. The goal is to elevate them to meet corporate standards. This theme of preparation, training, and doing things up-front was definitely a theme. Cumulated shared how their solution focuses on resiliency. Given that the proper way to discuss it is always when and not if, it is wise to ensure a quick recovery when it occurs. This preparation and looking out for the threat aligned with Qualys’s Risk Operations Center. This center is focused on assisting organization proactively identify, prioritize, and finally remediate identified risks. Covering all five personas in a SOC (alerts, vulnerabilities, threat intel, case management and DFIR (digital forensics/incident response )) StrikeReady’s platform integrates with 800 tools and is focused on removing each role’s pain points. Continuous Threat Exposure Management or CTEM is the area addressed most recently by Safe Security. Booli also moves things earlier in the process, in their case identity stitching. Specifically at the very beginning of the process including score carding the identity and providing the information back to the identity service. Ensuring stolen credentials are changed once they have been phished and the criminals attempted to leverage them, Mokn was on site to tell attendees about their solution.
If your organization would prefer to fix vulnerabilities instead of the common security software composition analysis, Heeler Security was the booth to visit. Feeling overwhelmed, by cloud configurations in your organization? imPac Labs was on site talking about their expertise. Admittedly, given my Microsoft Patent application on Policy Profiles, cloud configurations is a problem space on our radar at TBW Advisors. Speaking of high availability environments, HAProxy Technolog exhibited their platform that brings enterprise security performance and configurability into packaged software.
An area we have discussed in Conference Whispers: Money 20/20, Conference Whispers: HIMSS 2025, and Conference Whispers: Fintech Meetup 2025 – verifying the hardware device is a valuable defence vector for fighting fraud. At Black Hat USA 2025 we met SmallStep that enables device identity with cryptographic identity ensuring corporate devices are used to perform work. Leveraging device identification to eliminate deepfakes within a corporation, Netarx leverages multiple models to ensure your corporate communications are safe from deep fakes. Elastic Search – an open-source project known for search – found itself building native security and analytics due to popular demand.
Moving into the agentic side of things, Microsoft’s AI Agent Challenge was a big hit. Their booth had plenty of specialists on site to answer any of your questions. Focusing exclusively on AI Agents for the Red Team, Mindgard’s solution keeps probing to find vulnerabilities, filters through them based on your target and context. Finally, remediation advise is dispensed. Cyata built a built a control plane for Agentic Identity and includes policy enforcement. Addressing the full lifecycle above and beyond triage, Exaforce shared their Agentic SOC Platform. A demo of Exaforce was also captured. Finally, if you are unfamiliar with the current state of agents or have never seen an agent in action, enjoy the video with Ralph. Ralph comes from Cyber Innovate; a think tank focused on stopping threats from AI Agents themselves.
Black Hat USA 2026 will once again return to Las Vegas and will be held at Mandalay Bay Convention Center in August 2026. The exact dates have yet to be announced at time of publication.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
Public and Video Edition Released: August 11, 2025 11am
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
“Integrating AI customer service with existing IT systems starts by setting clear business goals. AI should enhance, not disrupt, current workflows and streamline real-time support. Every organization has unique systems, so tailored integration is essential. A major challenge is fragmented data—making robust pipelines and clean, synchronized data critical. Accurate timestamps and system compatibility across platforms are key to ensuring effective AI performance and a smooth digital transformation journey.”
Target Audience Titles:
Chief Information Officer, Chief Technology Officer, VP/Director of IT Operations, Enterprise Architects
Chief Customer Officer, VP/Director of Customer Services/Success, Contact Center Operation Managers
Solution Architects, DevOps & IT Administrators, Customer Support Agents, Data Scientists and ML Engineers
Key Takeaways
Start with clear business goals so AI enhances workflows without causing disruptions.
Tailor integration to your unique tech environment to avoid inefficiencies.
Reliable, clean, and synchronized data pipelines are essential for effective AI-driven customer service.
We took the most frequently asked and most urgent technology questions straight to the technologists gathering at Customer Connect Expo 2025 held at the Las Vegas Convention Center. This Whisper Report addresses the question regarding how can we integrate AI-driven customer service solutions with our existing IT infrastructure? As Ford’s Dr. Kalifa Oliver shared, “first we need to break down our needs and our goals and figure out which pieces of AI actually build efficiencies in our IT systems because right now there are too many systems that are fragmented.” With ALL AI projects, it is best to start with the business goal not the technology. We do not want to spend resources to integrate technology that goes unused. Furthermore, the context of the business goal helps guide engineers when they have design choices to make.
AI in Customer Service is all about optimizing and improving the customer service workflow to lead to maximum customer satisfaction. As Zaon’s Jason Kaufman shared, “using artificial intelligence tools within the organization to actually help drive and make more efficient the processes that go into place in order to support good customer service. For example, leveraging artificial intelligence to actually analyze chats real time community forums real time. Actually monitoring that (the communities) helping to gain insights about what your customers have questions about so that you can leverage the AI to actually generate the knowledge on the fly to actually provide that (information removing confusion) back to them real time as if it’s another person on that community thread.” The nonobvious challenge in achieving this solution is best described by Claritiv’s CEO Sean Gigremoss. “Everybody has workflows. Every company is unique. What tools do they use? What products do they use now? Do we need to build it?” In other words, every organization has a unique, highly mixed environment with varying degrees of maturity both in the technology itself and the organization’s ability to deploy technology.
Verse.ai’s Zac Brooksher recommends focusing on complimenting the current workflows and processing. “We can integrate AI driven customer service solutions using full funnel metrics understanding all of the conversations the timestamps the channels the appropriate team members what next steps are all integrating into existing systems and processes just to complement what the current workflows and data processing is today like.” Any technology not realizing it is complimenting an existing process will instead create process interrupts. The distinction really is a big difference.
As Claritiv’s Sean Gigremoss shared, data is everywhere! “They make it so easy for us to integrate because in the end that’s important because all the data are in this different .. disparate systems. You need information from Salesforce you need information from zoom you need information from slack you need information from your database you need information from your customer’s database so to be able to do that you need to make sure that you’re using the tools or you’re partnering with companies that help you so that you can focus on what you do best.”
But the data isn’t just everywhere, it comes from everywhere. The first obvious location was shared by Enthu.ai’s Atul Grover, “we integrate with the telephony at the dialer.” And the rest such as the web and email communications, “we ingest that using an API driven environment.” Diabolocom specializes in capturing all that occurs between the customer and the organization on mobile devices. As Diabolocom’s Benjamin Shakespeare shared, “with our mobile solution that we are about to release
the market .. So all field reps anybody who is using a cell phone today with every interaction they have on their phone our AI will then score that call transcribe it and push it directly into the CRM So any lack of compliance that you are seeing today in your organization from people that are not sitting behind a computer that will be no longer.”
Now that we understand we are complimenting the existing customer experience workflows for the benefit of the customer experience and that data is everywhere, what can we do? As Macy’s Siva Kannan Ganensan shared, “you need to make sure your data pipeline is very robust when we talk about all this AI integration data is the core so make sure the data is cleansed and always readily available ready to serve with that we’ll be able to integrate an into your existing architecture or in your organization.”
Figure 1. Compliment Workflows & Leverage Robus Data Fabric
It’s all about the data infrastructure! You need robust data pipelines as part of your data fabric to seamlessly integrate any new AI offering as depicted in Figure 1. AND you must ensure data quality. For example, data quality is paramount when dealing with timestamps of customer communications. What time zone is your organizational standard? Do your IT systems work in that time zone, and do you know what systems provide timestamps in other formats or time zones? Is that true for any and all corporate acquisitions feeding data into the system? Is the system designed to handle the variety of daylight savings time scenarios? Are all the clocks adjusted for daylight savings automatically or manually? Finally, are the timestamp clocks aligned? To the second or to the minute? It’s valuable to know if you can look at time as fact or approximation in your organization. If your organization is going through any type of digital transformation, it is critical to get the best advice available to ensure your success. Ensure your success by scheduling your inquiry with a TBW Advisors advisor before starting any critical phase of your digital transformation journey. Get the smartest advice available and leverage our firsthand experience to your advantage.
To strengthen cybersecurity in FinTech, experts emphasize a layered approach that combines technology and human awareness. Rising threats like phishing, smishing, and fraud demand not just better tools but also vigilant, well-trained employees. Embedding security scans into software development, analyzing diverse data signals, and adopting a “defense in depth” strategy are all critical. Ultimately, staying curious, asking the right questions, and embracing evolving technologies—especially AI—can help organizations stay ahead of cyber risks.
Target Audience Titles:
Chief Technology Officer, Chief Security Officer, Chief Information and Security Officer, Chief Trust Officer, Chief Compliance Officer, Chief Risk Officer
Head of Product, VP of Product, Chief Marking Officer, Data Protection Officer, Director of Data Protection
Adopt a Layered Defense: Use a “defense in depth” strategy—combine multiple security measures and analyze broad data signals to stay resilient against evolving threats.
Train Your Team: Human error is a top vulnerability. Regular employee training helps prevent phishing, smishing, and social engineering attacks.
Build Security into Development: Embed security checks directly into software pipelines to catch issues early and reduce risk at every stage of development.
We took the most frequently asked and most urgent technology questions straight to the finance technology experts gathering at Fintech Meetup 2025. This Whisper Report addresses the question regarding what the best practices are for enhancing cybersecurity in FinTech. As SecurityMetrics’s Matt Cowart shared, there is a, “big rise that we’ve seen is fishing and smishing.” Your employees are getting targeted via email and SMS messages. But that is not the only threat. The user or customer angle also brings in cybersecurity issues. Incentiva’s Heather Alvarez shares, “fraud is something that is very big right now and (is something) that we’re trying to combat.”
Cybersecurity frequently feels like a game of whack-a-mole. Vulnerabilities seem to pop up in every dimension you explore but there is still hope. As Socure’s Matt Thompson shared, “creating layers and looking at lots and lots of data signal is important for protecting your Enterprise.” This is also known as defense in depth.
What might these layers include? Gitlab’s Field CTO, Joshua Carroll recommends, “making sure your code is secure and doesn’t have vulnerabilities by building the security scanners into your pipelines and do those as you build the software you can save yourself an awful lot of time.” Likewise, SecurityMetric’s Matt Cowart points out that it all, “comes down to training. The weakest link is where hackers get in. Being able to strengthen your entire area – all of your employees making sure they know what to do what not to do is going to be on of the biggest things that keeps your network safe.” Effective training can minimize phishing and smishing as well as positively impact fraud detection during customer interactions.
Thus to enhance your cybersecurity, ensure a depth in defense security strategy and that the strategy includes both technical aspects of your enterprise as well as your humans in the loop. But most important stay curious and keep building. As Incentiva’s Heather Alvarez shared, “ask the right questions .. continuing to push and look for new features look for to AI to help us because there are a lot of Technologies out there.”
If you are evaluating your cybersecurity environment, be sure to book an inquiry for timely advice.
*When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.
