This Whisper Report investigates the question, “What’s your biggest access control challenge?” Researched at ISC West in Las Vegas, the report analyzes challenges driven by fragmented systems, persistent legacy technologies, and incomplete integrations. It finds that access control risk increasingly stems from interoperability gaps and response readiness rather than tool availability alone. Insights are drawn from Ed Hendricks of Keri Systems, Joshua Hartman of Hartman, and Peter Evans of Xtract One.
ISC West 2026 brought the physical cyber security community to Las Vegas and the Venetian Expo for a week of live demonstrations, field conversations, and on‑floor video. Coverage spans frictionless screening, threat detection, control infrastructure, and emerging AI and identity capabilities, reflecting how vendors are approaching scale, connectivity, and modernization across real‑world security environments globally.
Cautions
Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
Just because a technology can do something in general doesn’t mean it will work in your environment. It is critical to validate a technology including its false positive and error rates.
One of our first stops was technology everyone at the show wished TSA Adopted yesterday! Xtract One Technologies enables screening without stopping and unpacking one’s bags! The technology provides an image of the person with the threat in their bag, identifies the threat and its location within the bag without slowing down pedestrian traffic through the screening gate.
Physical security systems have a variety of access systems from badge readers to keys. The problem with keys is key management. Introducing InVue’s OneKEY, an adaptable smart key and related system. If you think the best part is only having one key, versus the notorious janitor key ring you are in for a treat! This smart key can communicate via IR to unlock devices and provide wireless energy transfer to lock mechanisms. Furthermore, every action is tracked, logged and fully auditable.
Common to all physical security systems, is equipment that is plugged in and subject to power surge damage. DITEK was in expo hall with their exciting modular surge protection solution. The time saving feature of being able to simply replace a module after end of life versus the entire surge protector is sure to be popular. Hot Swapping modules are easier to change than a printer cartridge. Friendly reminder that licensed electrical contractors are generally required to service 120 volts and up.
Identification of objects with surveillance videos is another tough challenge that was taken on by Everon. Their combination hardware, software, and processes solution is focused on deterring unwanted activity in its protected space.
Physical Cyber Security solutions often involve communications from the field where it can be noisy. Whether the noise comes from the chaos of the emergency or is inherit in the location such as security at an F1 race, it doesn’t matter. The human voice communication must still be possible! Roanwell Corporation also shared their adjustable noise suppression solution leveraged by security personnel, first responders, fire fighters, and war fighters like.
These threat detection and response systems also cannot function in isolation. They must stay connected Teal.io’s eSIM solution provides the ultimate in reliable mission-critical connectivity. Their global technology ensures devices always connect to the best available network. The best part? Their solution frictionlessly provides connectivity so surveillance and robotics solutions can effectively stay in communication.
At the other end of the spectrum, some organizations require surveillance systems that are deliberately disconnected. RGB Spectrum provides air‑gapped security for surveillance environments designed to operate on isolated networks—or no network at all. By leveraging unidirectional HDMI sharing, RGB Spectrum demonstrated an approach intended to prevent external access paths, positioning the system, by their design, as resistant to remote compromise.
Scaling is their middle name at Matrix ComSec. Matrix ComSec manufactures surveillance cameras and access control hardware with a system capacity of 4 to 96 channels. To provide further context, a single gadget can support up to 255 doors.
Focusing on the control center and providing a unified pane of glass for clients, Hartman Controls welcomed all with their booth right outside Expo Hall’s Main Entrance. Established in 1998, Hartman’s engineering-first approach provides hardware flexibility offering traditional and edge-style enclosures. The solution can be deployed on premise, the cloud and is easy to migrate in either direction should your architecture and requirements change.
Maintain the theme of cloud or on-premise availability, Keri Systems shared their Open Platform for access solutions. In addition, Keri’s flexibility enables it to support up to 12-13 different hardware platforms. Furthermore, the product is built to explicitly support multiple vertical markets.
One difficulty in purchasing security equipment is many of the manufacturers started in one sector such as fire. Then after success they expanded by creating another isolated division for go to market. Napco took a different approach. Napco is an integrated security manufacturer providing a single ecosystems spanning fire alarms, access control, security systems, and locks.
Many organizations regardless of their size may not be large buyers when it comes to physical security equipment. In these circumstances it is common for organizations to leverage buyers’ groups. PSA is a buyers group for this space with terms up to 120-day terms for its clients.
IQSIGHT, formerly Bosch Video, operates across hardware, video management, and analytics with capabilities that now include generative AI. Their specialty? Providing the WHY behind what you are seeing through, what they like to call, careful, thoughtful, deployment of generative AI. Today, context is everything.
Moving beyond video capture and on to surveillance intelligence, March Networks was excited to share their new brand resulting from their merger with Vivotek under the Delta Group. By layering advanced business intelligence directly onto their video surveillance systems, they are enabling organizations to transform raw visual data into actionable insights that drive operational improvements and increase profitability.
Many organizations already have the security equipment, the cameras, and video installed. Today the challenge is getting AI for all this physical security equipment without replacing it all! Stepping up to the plate is omniQ, ready to bring AI to physical security equipment at your organization.
Safetrust is known for being major supporters of open IoT-based ecosystems. Manufacturing advanced sensors and equipment Safetrust also produces the software to access the sensors. Their key disrupters are cloud-based firmware updates, federated identities, and an interesting neural adapter panel. This panel eliminates the need for expensive hardware panels and related copper wiring. Specifically, the neural adapter panel functions by leveraging a combination of PoE (power over ethernet), panel emulation, and direct software connection. One final exciting feature, Safetrust is incorporating Dilithium and Kyber into their technology, providing post Quantum readiness.
Physical Cyber Security is often a fragmented, world of antiquated hardware being asked to provide sophisticated access control. The difficulty often can be simply connecting to the device to get its data into a system to enable any type of analytics or intelligence. Braxos understands this and brought their solution to ISC West with over 200 connectors. Their connectors span elevator systems, parking management, vending machines and intercoms.
After over 50 videos and two dozen fact checks, our coverage of ISC West 2026 closes. Registration was quite efficient IFF you printed your badge at home and went to the correct line; otherwise it may have been a flashback to your TSA experience to get to Vegas. Overall, it was a very engaged atmosphere where attendees could literally feel the momentum of the crowd. Everyone’s meetings seems to go as planned with the expected mixture of vendors. Enjoy the walkabout to and through expo hall. Venetians standard eateries were open throughout the convention including the various Bistros and the Café Presse locations.
We always try to bring you fresh perspective to our coverage of an event over prior coverage as well as new vendors but you will recognize many brands in the walkabout. For additional coverage in physical cyber security, cybersecurity and identity and access management enjoy our prior coverage of ISC West, Identiverse, and Black Hat USA 2025.
Unfortunately, the connectivity at the event was too challenging to be able to live stream. This also caused an interruption to upload videos in the hall versus from expo hall.
We conducted research for five additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available with the video version to be distributed via YouTube Whisper Club upper tier membership area on our YouTube Channel.
Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: ISC West 2026 Playlist in its entirety. The playlist will be sited in the end screen, description, and as a pinned comment of the video edition. Be sure to monitor future broadcasts editions’ of Computer Talk Radio for the forthcoming coverage of ISC West 2026.
Finally, the video edition will conclude with gratitude towards those that contributed and a montage of responses to Bonus Question, “What’s the best part about attending ISC West live in Las Vegas?”.
The ISC West 2027 will once again return to Las Vegas and will be held at the Venetian Expo on March 31 through April 2, 2027.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
Whisper Report:Can AI defend against AI-powered attacks?
Published to insiders: January 13, 2026 ID: TBW2091
Published to Whisper Club: January 14, 2026
Published to Email Whispers: April 20, 2026
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract
“This Whisper Report explores the evolving cybersecurity landscape where AI defends against AI-powered attacks. Drawing insights from Black Hat USA 2025, it outlines four foundational dimensions of AI defense—from scaling and automation to ethical oversight and model diversity—within the context of an escalating AI vs AI arms race. The report emphasizes strategic adaptation, human involvement, and the limitations of current technologies in this rapidly advancing domain. The analysis incorporates perspectives from leading experts and organizations featured at Black Hat USA 2025, including Elastic Security’s James Spiteri, Safe Security’s Saket Bajoria, Cymulate’s Avihai Ben Yossef, Exaforce’s Ariful Huz, Dune Security’s David DellaPelle, Netarx’s Sandy Kronenberg, Cyber Innovate’s Brian Mehlman, Checkmarx’s Jonathan Rende, and Microsoft’s Thomas Roccia.”
Target Audience Titles:
Chief Information Security Officer, Chief Technology Officer, Chief Digital Officer, Chief Information Officer
Chief Product Officer, Chief Experience Officer
IAM engineers, Security Architects, DevSecOps Engineers, IT Ops Managers, Application Security Architects, AI security specialists, Cyber Risk analysis
Key Takeaways
AI vs AI defines today’s threat landscape, requiring defenders to match attacker sophistication.
Attack volume and complexity are rising, demanding scalable, automated responses.
Multiple AI models are essential, as no single model can cover all threats.
Human oversight is vital, ensuring ethical use and contextual accuracy.
AI boosts efficiency, freeing experts from repetitive tasks.
Limitations remain, and defences must evolve with emerging threats.
We took the most frequently asked and most urgent technology questions straight to the Cybersecurity professionals gathering at Black Hat USA 2025 held in Las Vegas. This Whisper Report addresses the question if AI can defend against AI-powered attacks?
In the event it is not obvious yet, one must understand that the new battlefield in cybersecurity is AI vs AI. As Elastic Security’s James Spiteri shared, “I absolutely think AI can fight AI. We’re seeing this today. Uh there’s been a lot of investment in both AI offensive techniques as well as AI defensive techniques. You know, we’re on the defensive side of the house. So we’ve done a ton of research into how effective it actually is and it doesn’t work.” Safe Security’s Saket Bajoria couldn’t agree more. “The only way to combat that is through AI and the attacks is going to be between AI and AI. Humans are just going to be watching it right. So, so the sooner we accept the fact that it’s AI against AI and we do we do watch it ethically and all that like we are ready for that otherwise the more we deny that the more we’ll get impacted.” Or to quote a very famous Classic sci-fi superintelligence named the Borg, “resistance is futile.” Then again, its just an evolution of the traditional cat and mouse game within cybersecurity. As Cymulate’s Avihai Ben Yossef maintained, “I think AI powered attacks can also be protected by AI and vice versa. I think AI powered defense can also not be protected by AI powered attacks. It’s still an ongoing chase that will happen with AI. It happened before AI. It’s going to happen now with AI. The ongoing chase will keep on happening even in the AI world.”
Considering AI will be a required part of the solution for the AI vs AI battle, it is valuable to consider how AI will be leveraged. Exaforce’s Ariful Huz affirmed, “AI can help defend against AI based attacks because mostly from the volume of attacks that we’re going to start seeing because people are going to be leveraging AI to do all kinds of things and the barrier to entry to actually performing these types of attacks is going to be much lower. So you’re going to see a larger volume and that means you need a way you need machines to be able to detect, investigate and respond to these types of attacks because humans are not going to be able to keep up with them.” Coming from a similar angle, Dune Security’s David DellaPelle elaborated, “I think when you think about AI, there’s kind of two elements. There’s the quantity of attack and the quality of attack lead to to breach, right? It’s incredibly important for security companies and security organizations to have really foundational AI models that can help meet the scale right the increased quantity of attacks that are coming from AP groups like scattered spider as well as the quality of attacks.”
Understanding it will ultimately a battle of AI vs AI and AI is necessary to handle the quality and quantity of attacks, it is valuable to understand you will be leveraging multiple models. For anyone who has created AI products, this is common knowledge. The expression is any given model may fail but the product or the solution cannot. Netarx’s Sandy Kronenberg dove into this critical aspect. “AI can defend against AI attacks, but only if we’re using a multitude of AI inference models from many many different sources with which to defend against AI attacks. Social engineering that’s AI powered fraud as an example can only be defeated if you’re using inference models from every single source of metadata and or voice and video inference models. It’s a hard way to it’s very complicated.”
One always present question when it comes to AI is the line between automation – particularly with agents – and maintaining the human in the loop. Cyber Innovate’s Brain Mehlman and his AI Agent Ralph raises one very valuable question, “What is the AI powered attack? Am I doing AI where I’m actually poking into a system brute force or is actually an AI in the system doing something rogue?” Regardless of the scenario, Brain and his AI Agent Ralph went on further to explain, “You still need human oversight. You still need to understand the context. And you have to remember that an AI defending system can have its own blind spots and yes, AI can be a powerful tool for defense, but it’s part of a bigger strategy and it’s all about using it wisely and understanding that it’s a constantly evolving game.” This was best summarized by Microsoft’s Thomas Roccia, “there is no silver bullet. It’s all about building the right AI system to assist you. you and make sure that the result of an AI is accurate enough for your investigation.” In addition to accurate, we will also hope the AI solution is transparent enough that it obtains and maintains trust amongst its human users.
As discussed many times during our coverage of the media industry, AI has two strengths. It eliminates tedious and mundane tasks from humans and allows them to focus on the other parts. Same can be said for AI in cybersecurity. As Checkmarx’s Jonathan Rende observed, “eliminating mundane toil like repetitive error prone human tasks that we can just take away and allow the experts with their hand on the wheel to actually better use their time in more valuable activities.” Of course this automation doesn’t just benefit the White Hats or those trying to defend people and organizations. Jonathan went on to further explain, “ AI raises the bar both for attackers, but it raises the bar for defenders as well. So, both have to make use of this.”
Cyber Innovate’s Brain Mehlman and his AI Agent summed it up. “So from our perspective, the short answer is yes. AI can defend against AI powered attacks, but with some caveats. Essentially, it’s a kind of arms race. The same technology that can be used to launch AI driven attacks can also be used to build defenses. So we’re seeing AI being used to detect patterns, to automate responses, and to kind of keep up with the speed and scale of AI driven threats. But the nuance here is that it’s not a silver bullet. It’s not like you can just drop in AI and it will perfectly defend against everything.” As Microsoft’s Thomas Roccia reminded us all, it is an evolving landscape. “We are probably not there yet. I think we are started to see some interesting attack with AI such as malware which will embed some LLM prompt and some automatic generation of command inside the bridge the infected machines. I think it’s still the beginning.” And so the game of cat and moues of cybersecurity continues now including AI vs AI.
“This Whisper Report investigates the next data breach our industry isn’t ready to handle. It captures urgent insights from Put Data First revealing how emerging threats are reshaping risk landscapes. These include AI pipeline compromises, indirect prompt injections, company chat exfiltration, and deep fake-driven social engineering. Expert perspectives explain why traditional defenses fail. The report urges proactive strategies to secure data integrity across every stage of AI-driven operations before vulnerabilities escalate.”
Target Audience Titles:
Chief Executive Officer, Chief Information Officer, Chief Technology Officer, Chief Data Officer, Chief Security Officer, Head of Data Strategy, Head of Information Security
Director of Cybersecurity, Director of AI Operations, Director of Risk Management, Director Data Governance Manager, Enterprise Architect
Data Scientist, Machine Learning Engineer, Cybersecurity Analyst, AI Operations Specialist, Risk Analyst, Cloud Security Engineer, Threat Intelligence Analyst
Key Takeaways:
AI pipelines are vulnerable at every stage, requiring continuous protection of training data and outputs.
Indirect prompt injections can manipulate AI agents through unvalidated web content, creating hidden security risks.
Company AI chat data is a high-value target for exfiltration, exposing sensitive organizational insights.
Deep fakes amplify social engineering attacks, eroding trust and enabling data breaches through deception.
We took the most frequently asked and most urgent technology questions straight to the data and AI experts gathering at the Put Data First’s Inaugural event held at Planet Hollywood in Las Vegas. This Whisper Report addresses the question regarding the biggest AI risk no one in your organization is talking about as depicted in Figure 1.
Figure 1. Prepare NOW for these Four Data Breaches
Our first area to defend, was suggested by SafeBreach’s Hudney Piquant. “The AI pipeline I like to call it. It’s the pipeline of the data that you are the training data that you have and then your prompting that you’re doing and then the output like those three things I believe that that’s going to be the biggest breach that the adversaries will be looking at because if you’re able to really manipulate those things it’s going to affect the pipeline from a scalability perspective.” Hudney raises an important point that data needs to be always protected, every step of the way on its journey. For more research on how to protect data during execution see Industry Whispers: Public is Private -Confidential Computing in the Cloud.
The next attack vector, brought by Mend.io’s Amit Chita, is subtle and exploits GenAI. “Indirect prompt injections. All the web contains websites. We take AI agents, we connect them to get information from these websites, but we don’t validate that it that this website doesn’t contain prompt injections within them. and they can manipulate our agents as they surf through the web. I think this is going to be one of the major issues that we’re going to deal with in the next coming weeks.” One may want to be careful where you let your agents roam!
Our third attack vector is an insider and SaaS risk with significant exposure potential, highlighted by AnswerRocket’s Shanti Greene. “Exfiltrating company AI chats. So, the organizers like Open AI have done a good job of giving you a sandbox for your company to work within and they’re not training on your data. But being able to exfiltrate a company’s specific use and see what they’re prompting with could be interesting. There’s probably some interesting gold in that data.”
Our final area of concern may not be a direct data breach but rather is a tool frequently leveraged to breach data and trust and is brought to us by The Agentic Manager’s Neil W. Smith. “The implications of deep fakes. We’re already used to AI being used for fishing expeditions, for extracting information from our databases. But what we don’t realize as humans is that we trust other humans to play by the rules more often than not. However, with deep fakes, both voice fakes, visual fakes, and context fakes, I think more and more humans are going to be fooled by the efficacy of deep fakes.” And the more humans that are fooled, the more systems can be compromised. Despite how widely discussed this topic is, deep fakes remain underestimated for their use in fraud and as a social engineering threat.
“Global Gaming Expo (G2E) 2025 brought nearly 25,000 attendees to Las Vegas for a high-energy showcase of gaming innovation, regulatory tech, and casino infrastructure. TBW Advisors captured over 75 minutes of video across 81 segments, including two livestreams and a full expo hall walkthrough. Our coverage focused on the technologies shaping the future of gaming—from multilingual communication and fraud prevention to cash automation and iGaming compliance. This edition includes four unlisted Whisper Report playlists and concludes with a video montage answering: “What’s the best part about attending G2E live in Vegas?”
The Conference
Nearly 25,000 attendees gathered at the Sand’s Convention Center in Las Vegas. Every aspect of gaming was included while we focused on the technology.
Technologies seen include anti-fraud, anti-money laundering (AML), language translation, casino management, player engagement, data center and server technology, cybersecurity, cyber + Physical security, identity, access management
Cautions
Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
After 15,000 steps, 81 videos, and over 75 minutes of video including 2 livestreams and over 20 fact checks, our coverage of Global Gaming Expo better known as G2E 2025 closes. Registration moved quickly as the nearly 25,000 attendees waited for expo hall to open! While we did not get clearance in writing to record any sessions or keynotes, we were able to get permission to capture Expo Hall. In fact, our favorite quote of the event described expo hall as having ‘some incredibly impressive booths’. See for yourself as you enjoy our walkabout. The usual Venetian eateries were available including the café, the food marketplace and the bistro!
We once again live streamed from on site. On Tuesday requesting those attending to find me to answer Questions 1-3, and Wednesday to let you know about upcoming events we have scheduled and to introduce all to TBW Advisors LLC, and requesting assistance. Specifically, I requested assistance on your favorite videos for my segment on the October 10th broadcast edition of Computer Talk Radio.
While at G2E 2025, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: G2E 2025 Playlist in its entirety. The playlist will be sited in the end screen, description, and as a pinned comment of the video edition.
The video edition will conclude with a montage of responses to Question 4 — “What’s the best part about attending G2E live in Vegas?” — capturing the energy and moments that made the event unforgettable.
Our favorite quote of the event was, “there are some impressive booths in Expo Hall”. From designers showing how your high roller room should really look to chairs for patrons, uniforms for staff, lawyers and accountants specializing in the Gaming ecosystem — everyone was there. At TBW Advisors LLC we of course focused on the technology that tells the story. Commencing with agilysis, they have a solution that can run the entire resort including scheduling and handling advanced amenity types from golfing to spas. Prefer to focus on gaming data organization? CCT is ready to jump in and partner. They organization all your data from casino operations; from the cage through revenue audit.
If you want to make sure everyone working at the resort can communicate reliable across any language barrier, Relay should be on your evaluation list. Relay offers a software cloud-based solutions that enables capabilities not normally available in traditional telecommunication solutions. If you would like to clean up the air in the casino, QleanAir’s smoke free cabin demonstrated their technologies capabilities.
Physical Casinos mean physical payments. Those physical payments may mean your client may have to get up to go to the ATM or counter if their players card runs out. Pavillion Payments would like you to know – this inconvenience is no longer required. Introducing Apple Pay at the machine by Pavillion Payments. If your challenge is in counting the cash that comes into the casino, JCM has a solution including multiple Six-Axis Robots – enjoy the demo! If you would prefer to leverage the same cash counting technology the Federal Reserve in the US leverages, then Giesecke + Devrient were in expo hall ready to show you their highly trusted solution.
Physical Casinos not only must count but secure the cash, chips, and machines. Regulations require very strict key and asset management. Fortunately, companies such as Traka were in expo hall to share their solution which not only manages keys but ensures compliance. Those seeking additional information on physical cyber security are directed to our ISC West Coverage. Druvstar provides cybersecurity and data security for your gaming needs solution created by actual former CIOs and CTOs in the gaming industry. Those seeking additional information on cybersecurity are directed toward our coverage of Black Hat. Speaking of data, Seon leverages over 909 first party data sources to help you stop fraud. Clients may recall when we first covered Seon during our coverage of Fintech Meetup 2024.
iGaming regulations frequently require one to keep the data in country to be compliant. If your expansion plans are hindered by finding data centers in remote locations, Continent 8 Technologies should be on your radar. Trying to maintain compliance in all those exotic iGaming locations? eCOGRA operates anywhere in the world iGaming is allowed – over 50 territories. If however, you are seeking durable, rugged hardware that can be custom created to your needs, Radeus labs was in expo hall looking to meet you. For anyone seeking to understand the ‘why’ behind a player’s actions, fullstory has a solution for you. But if maintaining a player’s engagement during play within the app and you don’t want to build out a new team. Perhaps you are seeking player engagement out of the box? Plotline has an intelligent tool ready for you to leverage. Seeking a platform to build and entire game? Want that game to be equally available for iGaming as it is on land for Casinos? Perhaps with the same exact play as well? Then incisor brought the exact development platform you have been seeking to G2E this year!
Global Gaming Expo 2026 will once again return to Las Vegas and will be held at Sands’ Convention center at the Venetian on September 28 through October 1, 2026. G2E also shared that G2E 2027 will be held September 27 September 30 with G2E 2028 being held October 9-12.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
After 61 videos including 4 first ever onsite livestreams, 150 minutes of recording including multiple exclusive shots – our coverage of Black Hat USA 2025 closes. Black Hat USA 2025 featured over 100 briefings and 120 sponsored sessions, with coverage spanning keynote presentations, technical sessions, and exhibit hall innovations. Topics ranged from AI-driven threat detection and agentic SOC platforms to identity verification and proactive risk management. Trends in cybersecurity regarding defence, use of AI agents, and focus on resiliency continue to grow.
Coverage on Computer Talk Radio August 2, and August 9.
The Conference
Black Hat USA 2025 featured over one hundred briefings and 120 sponsored sessions. Attendance numbers are forthcoming. 2024’s edition featured over 20,000 in person attendees.
Cautions
Black hat is not a conference to attend without preparation. All of one’s technology should be up to date. One should ensure they are leveraging a VPN and a RDID wallet when intentionally going around black hat. If not using one’s phone, a portable faraday pouch is always beneficial.
Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
After 61 videos and related fact checks, over 150 minutes of recording including for the first time ever – four onsite LIVESTREAMS – our coverage of Black Hat USA 2025 closes. Black Hat featured over one hundred briefings and 120 sponsored sessions. Clients may recall the expo hall restrictions during our coverage of HIMSS which treated the entire expo hall like a surgical operating room from a privacy perspective. Guess what? It was even tighter at Black Hat. Nonetheless, we were able to capture the energy as Expo Hall was opening. Not only that, for the first time ever, Informa (who owns Black Hat) gave permission to someone to do a walkabout in Expo Hall prior to its opening for the day. That’s right – enjoy your exclusive look at Black Hat USA 2025 Expo Hall. Not only that, we were able to capture the mouthwatering lunch served on Wednesday. Once again, unlike most events, the What’s To Eat? Video does not include any attendees enabling us to really get a great shot of the food! A first for TBW Advisors LLC – we did four livestreams while on site. One live stream on Tuesday, Wednesday, and Thursday morning. One final livestream went out on Thursday as I requested assistance on your favorite videos for my segment on the August 9th broadcast edition of Computer Talk Radio.
While at Black Hat USA 2025, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Kicking off in dramatic fashion, the conference kicked off with an amazing keynote from non-other than the most famous virus hunters – Mikko Hypponen and father of the Hypponen law of IoT security – one of our favorite coverage spaces. Specifically, Mikko said that if a device is smart, it is vulnerable. It was amazing to hear his story.
On the bleeding edge of things, we received two session summaries from Microsoft’s Thomas Roccia. The first session was his Black Hat session on NOVA – Prompt Pattern Matching regarding a new type of threat gaining traction. The second session is actually at DEFCON – the sister conference where no one would be ignorant enough to bring in modern technology outside of a faraday cage. Fortunately, we caught Thomas while at Black Hat. IN this talk Thomas shared that they are releasing an AI Agent to track crypto currency’s movements including visualization to combat crypto money laundering. The final Microsoft session itself that we captured is the Unmasking of Cyber Villains. I always love when engineers get a very loud boastful ovation from the audience. This stage featured the heroes of MISTIC and Dart who shared how they leverage each other’s strength. MISTIIC stands for Microsoft Threat Intelligence Center while Dart stands for Microsoft’s Diagnostics and Recovery Toolset. In this session, the Microsoft team emphasized that incidents require empathy, speed, and precision. The Darth team is on the ground delivering the empathy and getting the data to MISTIC. MISTIC in turn, provides the cheat codes to the Darth rescue team to quickly combat the incident.
On the topic of using AI Agents on a team of humans in wish SOC, James Spiteri from Elastic Security shared a summary of his session. “AI without Borders: Extending analysts capabilities in a modern Soc” dove into details how Agents and humans can successfully interoperate in a SOC. James also covered critical questions you need to think about in order to truly operationalize this type of situation.
As with many events, some exhibits span outside of the formal expo hall. We were invited to the Dune Security Command Center on site where we heard about their solution. Their adaptive training uses a personal credit risk scoring model. It targets each employee’s risky actions and knowledge gaps with customized, targeted, proactive program. The goal is to elevate them to meet corporate standards. This theme of preparation, training, and doing things up-front was definitely a theme. Cumulated shared how their solution focuses on resiliency. Given that the proper way to discuss it is always when and not if, it is wise to ensure a quick recovery when it occurs. This preparation and looking out for the threat aligned with Qualys’s Risk Operations Center. This center is focused on assisting organization proactively identify, prioritize, and finally remediate identified risks. Covering all five personas in a SOC (alerts, vulnerabilities, threat intel, case management and DFIR (digital forensics/incident response )) StrikeReady’s platform integrates with 800 tools and is focused on removing each role’s pain points. Continuous Threat Exposure Management or CTEM is the area addressed most recently by Safe Security. Booli also moves things earlier in the process, in their case identity stitching. Specifically at the very beginning of the process including score carding the identity and providing the information back to the identity service. Ensuring stolen credentials are changed once they have been phished and the criminals attempted to leverage them, Mokn was on site to tell attendees about their solution.
If your organization would prefer to fix vulnerabilities instead of the common security software composition analysis, Heeler Security was the booth to visit. Feeling overwhelmed, by cloud configurations in your organization? imPac Labs was on site talking about their expertise. Admittedly, given my Microsoft Patent application on Policy Profiles, cloud configurations is a problem space on our radar at TBW Advisors. Speaking of high availability environments, HAProxy Technolog exhibited their platform that brings enterprise security performance and configurability into packaged software.
An area we have discussed in Conference Whispers: Money 20/20, Conference Whispers: HIMSS 2025, and Conference Whispers: Fintech Meetup 2025 – verifying the hardware device is a valuable defence vector for fighting fraud. At Black Hat USA 2025 we met SmallStep that enables device identity with cryptographic identity ensuring corporate devices are used to perform work. Leveraging device identification to eliminate deepfakes within a corporation, Netarx leverages multiple models to ensure your corporate communications are safe from deep fakes. Elastic Search – an open-source project known for search – found itself building native security and analytics due to popular demand.
Moving into the agentic side of things, Microsoft’s AI Agent Challenge was a big hit. Their booth had plenty of specialists on site to answer any of your questions. Focusing exclusively on AI Agents for the Red Team, Mindgard’s solution keeps probing to find vulnerabilities, filters through them based on your target and context. Finally, remediation advise is dispensed. Cyata built a built a control plane for Agentic Identity and includes policy enforcement. Addressing the full lifecycle above and beyond triage, Exaforce shared their Agentic SOC Platform. A demo of Exaforce was also captured. Finally, if you are unfamiliar with the current state of agents or have never seen an agent in action, enjoy the video with Ralph. Ralph comes from Cyber Innovate; a think tank focused on stopping threats from AI Agents themselves.
Black Hat USA 2026 will once again return to Las Vegas and will be held at Mandalay Bay Convention Center in August 2026. The exact dates have yet to be announced at time of publication.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
“Organizations can implement zero-trust security without disrupting user experience by prioritizing frictionless authentication, especially biometrics, and enforcing least-privilege access through dynamic policies. Understanding user context and behavior enables informed decisions that preserve continuity. Self-service access tools reduce delays, while streamlined verification processes minimize frustration. With thoughtful planning and clear communication, zero trust can enhance both security and usability, ensuring users access only what they need—when they need it—without unnecessary barriers. This report includes insights from executives and technologists at CyberSolve, Lumos, Imprivata, Simeio, Panani, Keyless, Oasis, Apono, Omada, and Cubeless, quoted throughout the discussion.”
Target Audience Titles:
Chief Information Security Officer, Chief Technology Officer, Chief Digital Officer, Chief Information Officer
Chief Product Officer, Chief Experience Officer
IAM engineers, Security Architects, DevSecOps Engineers, UX Designers, IT Ops Managers, Application Security Architects
Key Takeaways
Use biometric authentication to streamline access and reduce friction for users.
Apply least-privilege policies with dynamic adjustments to maintain secure, appropriate access.
Enable self-service access changes to minimize delays and improve user experience.
Understand user context and behavior to make informed, non-disruptive security decisions.
How can organizations implement zero-trust security without disrupting user experience?
We took the most frequently asked and most urgent technology questions straight to the Technologists gathering at Identiverse 2025 held at Mandalay Bay in Las Vegas. This Whisper Report addresses the question regarding how can organizations implement zero-trust security without disrupting user experience?
What is the desired user experience?
At the end of the day, the goal is, as Imprivata’s Diron Chai put it, “authentication and visibility and control to making sure that you know the right people are accessing the data whether remotely or within the organization in terms of their role and their functionality and then be a being able to understand who’s in the system when and why that all ladders up to a zero-trust architecture that we’re able to bring forth in a full architecture.” Reaching this goal won’t be easy but as Simeio’s Octavio Lopez emphasized, “There’s a lot of communication that needs to happen and that’s something that we help a lot of our customers with.” A lot of communication and planning with the customers’ experience kept in mind. Here are five suggestions attendees at Identiverse offered also depicted in Figure 1.
1. Go Frictionless with Bio
One common suggestions to deploy biometric based identity and access management solution. As Panani’s Jim Harris suggested, “make the authentication of your customer as frictionless as possible a one-time identity verification process establishes that customer in the future they present a simple credential match their biometric information to the information stored in the credential that they own and control making it a very frictionless fast way to authenticate with your customer.” And this is something Alex Jones from Keyless can also agree with! “going to pitch biometrics this is the fastest way to prove who you are effectively implementing zero trust.”
2. Understand User Context
Guy Feinberg at Oasis suggests that understanding the user context is the winning approach. He started by simply asking “Are you familiar with the scream test?” For those of you not familiar, one not uncommon method in IT to understand how a resource, in this case an identity, is used by disconnecting or unplugging the resource and see who screams. Feinberg went on to further explain, “when you want to understand what’s this identity is used for so what you do you decommission it and just see who’s at the open space is screaming that something is broke. We do we help you construct all the context around the consumption of that identity so you can see the full picture before you’re taking actions so you’ll have informed actions deciding do we need this type of identity now uh should we change the permission should we decommissioning it completely all without disrupting the workforce and making sure that business continuity stays on and nothing is disrupted aspects of this.”
3. Understand User behaviour
Beyond the context of what the user is using, Imprivata’s Diron Chai recommends also understanding the how and the when. “ Being able to inject simple multifactor authentication into the environment at the local level also being able to track the behavior of credentials of people accessing like Windows endpoints as an example or mobile devices and be able to have the analytics to show utilization of the endpoint but also who what when was accessed within that session.”
4. Use Self-Service
To maintain the best user experience, Apono’s Ofir Stein recommends getting the human out of the loop. “you keep the user experience by allowing self-serve in your organization to provide access changes combine these two and you actually provide zero trust to all of the resources.”
5. Leverage Dynamic Policies
Omada’s Craig Ramsay highlighted the potential behind dynamic policies. “By using dynamic and continuous policies to make sure that their access is appropriate and it’s always at that level of least privilege and then it’s granted, when they join the organization, and as they move around the organization, and it stays appropriate.” It’s always nice when your privileges keep up with organizational changes – without human intervention or manual configuration.
In Conclusion
As Cubeless’ Treb Ryan concluded, “I find zero trust has greatly enhanced our user experiences and greatly made my job easier in the old days where there’s systems where you had to figure out which networks could connect or who would have access to what particular piece it was a nightmare.”
Finally Lumos’s Janani Nagarajan reminded all, “not just in the networking layer not just in the app layer but a critical layer for us is identities because that’s where the workforce the humans the employees the contractors the vendors your customers are actually interacting with the apps.” Identities is the key to minimizing friction for the users in zero trust. If your organization is implementing a zero trust architecture and want to ensure you are on the right track, remember to book an inquiry.
To strengthen cybersecurity in FinTech, experts emphasize a layered approach that combines technology and human awareness. Rising threats like phishing, smishing, and fraud demand not just better tools but also vigilant, well-trained employees. Embedding security scans into software development, analyzing diverse data signals, and adopting a “defense in depth” strategy are all critical. Ultimately, staying curious, asking the right questions, and embracing evolving technologies—especially AI—can help organizations stay ahead of cyber risks.
Target Audience Titles:
Chief Technology Officer, Chief Security Officer, Chief Information and Security Officer, Chief Trust Officer, Chief Compliance Officer, Chief Risk Officer
Head of Product, VP of Product, Chief Marking Officer, Data Protection Officer, Director of Data Protection
Adopt a Layered Defense: Use a “defense in depth” strategy—combine multiple security measures and analyze broad data signals to stay resilient against evolving threats.
Train Your Team: Human error is a top vulnerability. Regular employee training helps prevent phishing, smishing, and social engineering attacks.
Build Security into Development: Embed security checks directly into software pipelines to catch issues early and reduce risk at every stage of development.
We took the most frequently asked and most urgent technology questions straight to the finance technology experts gathering at Fintech Meetup 2025. This Whisper Report addresses the question regarding what the best practices are for enhancing cybersecurity in FinTech. As SecurityMetrics’s Matt Cowart shared, there is a, “big rise that we’ve seen is fishing and smishing.” Your employees are getting targeted via email and SMS messages. But that is not the only threat. The user or customer angle also brings in cybersecurity issues. Incentiva’s Heather Alvarez shares, “fraud is something that is very big right now and (is something) that we’re trying to combat.”
Cybersecurity frequently feels like a game of whack-a-mole. Vulnerabilities seem to pop up in every dimension you explore but there is still hope. As Socure’s Matt Thompson shared, “creating layers and looking at lots and lots of data signal is important for protecting your Enterprise.” This is also known as defense in depth.
What might these layers include? Gitlab’s Field CTO, Joshua Carroll recommends, “making sure your code is secure and doesn’t have vulnerabilities by building the security scanners into your pipelines and do those as you build the software you can save yourself an awful lot of time.” Likewise, SecurityMetric’s Matt Cowart points out that it all, “comes down to training. The weakest link is where hackers get in. Being able to strengthen your entire area – all of your employees making sure they know what to do what not to do is going to be on of the biggest things that keeps your network safe.” Effective training can minimize phishing and smishing as well as positively impact fraud detection during customer interactions.
Thus to enhance your cybersecurity, ensure a depth in defense security strategy and that the strategy includes both technical aspects of your enterprise as well as your humans in the loop. But most important stay curious and keep building. As Incentiva’s Heather Alvarez shared, “ask the right questions .. continuing to push and look for new features look for to AI to help us because there are a lot of Technologies out there.”
If you are evaluating your cybersecurity environment, be sure to book an inquiry for timely advice.
*When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.
Cybersecurity in healthcare is responsible for protecting the data that represents the life’s story of patients and infrastructure to enable proper care. Managing and securing the plethora of edge devices and the interoperability of all the technologies is an increasing challenge. There are four steps to take to enhance your healthcare cybersecurity: select a framework, leverage depth in defense, automate where possible, and test your environment.
Target Audience Titles:
Chief Information Security Officer, Chief Information Officer, Chief Security Officer, Chief Technology Officer, Chief Compliance Officer, Chief Data Officer, Chief Privacy Officer
VP of Cybersecurity, Director of Information Security
Security Architect, Information Security Architect, Network Security Engineer, Systems Security Engineer, SOC Analysts, IAM Specialists, Director of Privacy
Key Takeaways
Device maintenance and interoperability continue to challenge healthcare environments cybersecurity.
Four steps to enhance cybersecurity in healthcare environments. Select a framework, leverage depth in defense, automate where possible, and test your solution.
Tags
cybersecurity, privacy, healthcare, healthcare technology, health tech, HIMSS, HIPPA, medical devices, edge devices, IoT, depth in defense, automate, integration, cybersecurity frameworks, Evidently, Hal Wolf, Kai Romero, Brennen Reynolds, Absolute Security, Alexander Group, Trey Chamberlin, Aisera, Daniel Carvajal Marin
We took the most frequently asked and most urgent technology questions straight to the health systems technology experts gathering at the Healthcare Information and Management Systems Society (HIMSS) 2025 Global Health Conference and Exhibition or HIMSS 25 for short. This Whisper Report addresses the question regarding the best practices for enhancing cybersecurity in healthcare. Given that data breaches in 2024 affected 1 in 2 American’s health records, cybersecurity is top of mind in healthcare1. But healthcare data is not your shopping data, it represents much more. As Evidently’s Kai Romero shared, “the narrative Arc of who they are how they’ve suffered, how they’ve overcome the illnesses that they’ve experienced, you can’t treat that lightly … this is their life.” But there is a reason for concern in healthcare. For those unfamiliar, Russia has been found the source of ransomware attacks on the healthcare industry2. As HIMSS Hal Wolf shared, “security is a major issue our own the federal government the United States just announced that they were bringing down cyber security blockage or fundamentals against another foreign country recently that was yesterday.” There is no indication that the cyberattacks on healthcare will stop, just an announcement that the government is no longer stopping such attacks.
Understanding that healthcare data represents the whole person and their life, where are the vulnerabilities coming from in the healthcare environment? Examining the source of the security vulnerabilities can offer insights to the efforts to defend and protect this valuable healthcare data. Turns out there are two large sources of vulnerabilities.
Device Maintenance
First, devices in the healthcare environment itself are an issue. As we discussed in Whisper Report: How can AI be effectively integrated into healthcare systems?, many devices on site are old. They may not have over the air (OTA) updates, may require human in the loop to update. As Absolute Security’s Brennen Reynolds stated, “any given organization that man that has our technology about 15% of the devices that are being manually managed have some missing critical security control which increases their risk to either an operational outage or a cyber event like Ransomware.” It may sound like simple advice you have heard a million times, but keeping your equipment up to date with the latest software and security patches is simply critical.
Interoperability
Healthcare creates complicated environments full of an array of diverse vendors. Somehow these vendors and their technology – or more specifically – the diverse array of data about the patient derived must interoperate. Not just interoperate, the data must come together to provide a picture of the patient for the practitioner. Unfortunately, as Alexander Group’s Tray Chamberlin pointed out, “a lot of interoperability issues and leaks.” Getting the technology to work together is so difficult in and of itself, the process created that ‘works’ may not be a secure solution. It is critical that during any interoperability project that protection of the data in the processes is the first a priority. Furthermore, the integration architecture and solution must be examined at a detailed level to understand and identify any potential leakages created in the process.
Organizations concern about security in healthcare technology is not going to go away. Per HIMSS’s Hal Wolf, “this is going to be the coinage of which we really improve Healthcare is information (and) information comes from data the data will be unprotected so .. it is why it (cybersecurity) is one of our (HIMSS) four focus points.. at HIMSS (25) digital Health transformation, AI, cyber security, and Workforce Development.” Information is how we improve care, thus information is the goldmine of healthcare. Figure 4 depicts Four Steps to Enhance your Healthcare Cybersecurity.
Select Framework
Through the various conversations while conducting this research, it became very clear that each organization has their own framework to guide their cybersecurity program. When selecting amongst the frameworks, ensure these common characteristics are present.
It should be 100% restricting while enabling productivity.
Needs guardrails and controls
It should be deliberate and intentional with how it handles your assets.
Leverage Defense in Depth
Regardless of where the technology is used within healthcare, certain security practices should be consistent. As Evidently’s Kai Romera shared, “some of the same things that we use in the clinical setting to protect patient data whether that’s logging out of a screen pretty quickly after it’s not active or you know taking away the protected patient information so that anyone who’s looking at the screen would not know who that patient was you want to know that they’re employing those things because this (is) patient data.” Understanding no single method covers all scenarios, it is good to use every method available when possible. For example, clinical data masking technology and standards can easily be applied to the terminals used at the front desk and billing as well.
But data masking is not just useful at the terminal level. As Aisera’s pointed out, regarding you agentic AI solutions, we can do everything from masking PII for mask any personal data “architecture that’s going to keep your data private data privacy is probably the most important thing especially when it comes to healthcare right .. but also how it is stored right even in our cloud approach” our customers get the unique architecture so when you’re training the LLM you’re not trained in our models.”
Deploy Automation
Many shy away from automation, but as we pointed out in Conference Whispers: Black Hat USA 2019, a ransom ware attack can take down an organization in 30 minutes. What human on call can get notified, get online and stop an attack that fast? Furthermore, as Absolute Security’s Brennan Reynolds shared, “topic of automation there’s just too many things to be done in a day to allow and require humans to be doing all of the maintenance and management task so if the it devices across their organizations whether you have a th000 devices 10,000 or a million devices you’re never going to have enough staff to manually execute tasks to keep those devices safe and secure.” Thus it is physically impossible to stop many attacks or even simply update all the devices on site without automation.
Test!
Regardless of the care taken, it important to review the architecture and test the system. As Alexander Group’s Tray Chamberlin explained, “make sure that it’s not just we want this system we want to stand it up and we want the functionality but also going through the paces and testing and making sure that is playing nice but also doesn’t open up a new vulnerability within your system going forward.” A system that simply works is not the goal. Rather, a system must work and be secure, resilient, and hardened against attacks including its integration points is the minimum standard.
We will close with remarks by HIMSS’s Hal Wolf, “ I think cyber security is going to continue to be at the Forefront of our thoughts whenever you’re dealing with data and information they are going to be bad actors… HIMSS is focused on cyber security we have cyber security forums (and) there are cyber security events taking place.”
*When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.
As cyber and physical security continue to merge, proactive, multi-layered strategies are essential to safeguard critical assets in interconnected environments. Secure data practices, including encryption for data in transit and at rest, during compute, and ensure compliance with high security standards. Architectural resilience is crucial, integrating cybersecurity from the outset rather than retrofitting outdated systems. Correlating physical and cyber events provides valuable context. Finaly, digitizing workflows streamlines response efficiency, minimizing the window of vulnerability during attacks.
Target Audience Titles:
Chief Technology Officer, Chief Security Officer
Chief Information and Security Officer, VP of Cybersecurity
Director Cyber Physical Security, Security Analyst
Cybersecurity Engineer, Incident Response Analyst
Key Takeaways
Data must be encrypted at rest, in transit, and during execution.
Cyber Physical security requires a securely designed architecture from the start.
Cyber and physical threats must be correlated.
Only a digitized workflow can respond with the required speed to cyber physical threats.
As with all security, cyber physical security must also be concerned with, “ data security and encryption … that’s data in the device, data in transit, data in rest at the servers, and so all of those things we have the highest level standards and we also meet more advanced requirements, “ Bioconnect’s Edsel Shreve. The solution should be flexible enough to enable any data protection requirements that come into play. Edsel Shreve went on to further explain, “for example you need to do certificate rotation for things like TLS encryption So we can do those things not every customer wants them but those are the things that we’ve actually got in our system for the folks that have those higher level requirements so it really is the combination of how do we make sure that they’re cyber secure sitting on the network and then how do we make sure that they’re physically and the data is secure on the on the readers and devices themselves.” In addition, TBW Advisors LLC recommends confidential computing architectures for protection and privacy during computations. For additional information see Industry Whispers: Public is Private – Confidential Computing in the Cloud.
Taking a 1968 mustang and updating it to 2025 safety standards would be quite the challenge and likely land up with an ugly beast that is neither safe nor resembling of a mustang. Cyber physical security is no different than safety. It must be thought of and integrated from the very beginning. As LVT’s Steve Lindsey explained, “it starts with architecture if we can rethink our architectures and we can start building for cyber security in mind.” The challenge of physical cyber security is that, “for the longest time in the physical security space we’ve been using on premise systems and as we’ve lifted and shifted those into the cloud .. what complicates that is as we’re deploying these systems it’ not just cloud to end User, it’s Cloud to IoT (Internet of Things) device which is going through usually public cellular or satellite infrastructure itself and there’s other things that need to be done to address that” Steve Lindsey.
The real power of cyber physical security is the two areas working together to correlate events. Through correlation, context and a greater understanding is realized. An example shared by Advancis’ Paul Shanks demonstrates this best. “Someone loses their badge and falls out of their pocket and they’re logged into the network from home and their badge is used at the building. Those two events by themselves are benign but we take that together and create a an alert for the operator to look into whether is it a Cyber attack or is it a physical attack.”
As early as 2019 TBW Advisors LLC has been advising clients to automate security responses when possible for the simple fact you must. Ransomware attacks were already taking place within a 35-minute window. In 2025 the cyber physical attack vector also calls for automation or a digitized workflow at the very least. As Advancis’ Paul Shanks communicated, “we can take that and make that workflow digitized so that all they have to do is read click and go. Simple as that.”
