Published to clients: September 9, 2025 ID: TBW2068
Published to Readers: September 10, 2025
Published to Email Whispers: TBD
Published Publicly with Video: TBD
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
“Trust in fintech isn’t just about compliance—it’s a multi-dimensional strategy. This report explores how transparency, privacy, and strong identity verification shape consumer confidence. Insights from Fintech Meetup 2025 reveal how leading firms are navigating open banking, fraud prevention, and data ethics to earn and retain trust. If trust is your brand’s currency, this report is your blueprint. “
After 61 videos including 4 first ever onsite livestreams, 150 minutes of recording including multiple exclusive shots – our coverage of Black Hat USA 2025 closes. Black Hat USA 2025 featured over 100 briefings and 120 sponsored sessions, with coverage spanning keynote presentations, technical sessions, and exhibit hall innovations. Topics ranged from AI-driven threat detection and agentic SOC platforms to identity verification and proactive risk management. Trends in cybersecurity regarding defence, use of AI agents, and focus on resiliency continue to grow.
The Conference
Black Hat USA 2025 featured over one hundred briefings and 120 sponsored sessions. Attendance numbers are forthcoming. 2024’s edition featured over 20,000 in person attendees.
Cautions
Black hat is not a conference to attend without preparation. All of one’s technology should be up to date. One should ensure they are leveraging a VPN and a RDID wallet when intentionally going around black hat. If not using one’s phone, a portable faraday pouch is always beneficial.
Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
After 61 videos and related fact checks, over 150 minutes of recording including for the first time ever – four onsite LIVESTREAMS – our coverage of Black Hat USA 2025 closes. Black Hat featured over one hundred briefings and 120 sponsored sessions. Clients may recall the expo hall restrictions during our coverage of HIMSS which treated the entire expo hall like a surgical operating room from a privacy perspective. Guess what? It was even tighter at Black Hat. Nonetheless, we were able to capture the energy as Expo Hall was opening. Not only that, for the first time ever, Informa (who owns Black Hat) gave permission to someone to do a walkabout in Expo Hall prior to its opening for the day. That’s right – enjoy your exclusive look at Black Hat USA 2025 Expo Hall. Not only that, we were able to capture the mouthwatering lunch served on Wednesday. Once again, unlike most events, the What’s To Eat? Video does not include any attendees enabling us to really get a great shot of the food! A first for TBW Advisors LLC – we did four livestreams while on site. One live stream on Tuesday, Wednesday, and Thursday morning. One final livestream went out on Thursday as I requested assistance on your favorite videos for my segment on the August 9th broadcast edition of Computer Talk Radio.
While at Black Hat USA 2025, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Kicking off in dramatic fashion, the conference kicked off with an amazing keynote from non-other than the most famous virus hunters – Mikko Hypponen and father of the Hypponen law of IoT security – one of our favorite coverage spaces. Specifically, Mikko said that if a device is smart, it is vulnerable. It was amazing to hear his story.
On the bleeding edge of things, we received two session summaries from Microsoft’s Thomas Roccia. The first session was his Black Hat session on NOVA – Prompt Pattern Matching regarding a new type of threat gaining traction. The second session is actually at DEFCON – the sister conference where no one would be ignorant enough to bring in modern technology outside of a faraday cage. Fortunately, we caught Thomas while at Black Hat. IN this talk Thomas shared that they are releasing an AI Agent to track crypto currency’s movements including visualization to combat crypto money laundering. The final Microsoft session itself that we captured is the Unmasking of Cyber Villains. I always love when engineers get a very loud boastful ovation from the audience. This stage featured the heroes of MISTIC and Dart who shared how they leverage each other’s strength. MISTIIC stands for Microsoft Threat Intelligence Center while Dart stands for Microsoft’s Diagnostics and Recovery Toolset. In this session, the Microsoft team emphasized that incidents require empathy, speed, and precision. The Darth team is on the ground delivering the empathy and getting the data to MISTIC. MISTIC in turn, provides the cheat codes to the Darth rescue team to quickly combat the incident.
On the topic of using AI Agents on a team of humans in wish SOC, James Spiteri from Elastic Security shared a summary of his session. “AI without Borders: Extending analysts capabilities in a modern Soc” dove into details how Agents and humans can successfully interoperate in a SOC. James also covered critical questions you need to think about in order to truly operationalize this type of situation.
As with many events, some exhibits span outside of the formal expo hall. We were invited to the Dune Security Command Center on site where we heard about their solution. Their adaptive training uses a personal credit risk scoring model. It targets each employee’s risky actions and knowledge gaps with customized, targeted, proactive program. The goal is to elevate them to meet corporate standards. This theme of preparation, training, and doing things up-front was definitely a theme. Cumulated shared how their solution focuses on resiliency. Given that the proper way to discuss it is always when and not if, it is wise to ensure a quick recovery when it occurs. This preparation and looking out for the threat aligned with Qualys’s Risk Operations Center. This center is focused on assisting organization proactively identify, prioritize, and finally remediate identified risks. Covering all five personas in a SOC (alerts, vulnerabilities, threat intel, case management and DFIR (digital forensics/incident response )) StrikeReady’s platform integrates with 800 tools and is focused on removing each role’s pain points. Continuous Threat Exposure Management or CTEM is the area addressed most recently by Safe Security. Booli also moves things earlier in the process, in their case identity stitching. Specifically at the very beginning of the process including score carding the identity and providing the information back to the identity service. Ensuring stolen credentials are changed once they have been phished and the criminals attempted to leverage them, Mokn was on site to tell attendees about their solution.
If your organization would prefer to fix vulnerabilities instead of the common security software composition analysis, Heeler Security was the booth to visit. Feeling overwhelmed, by cloud configurations in your organization? imPac Labs was on site talking about their expertise. Admittedly, given my Microsoft Patent application on Policy Profiles, cloud configurations is a problem space on our radar at TBW Advisors. Speaking of high availability environments, HAProxy Technolog exhibited their platform that brings enterprise security performance and configurability into packaged software.
An area we have discussed in Conference Whispers: Money 20/20, Conference Whispers: HIMSS 2025, and Conference Whispers: Fintech Meetup 2025 – verifying the hardware device is a valuable defence vector for fighting fraud. At Black Hat USA 2025 we met SmallStep that enables device identity with cryptographic identity ensuring corporate devices are used to perform work. Leveraging device identification to eliminate deepfakes within a corporation, Netarx leverages multiple models to ensure your corporate communications are safe from deep fakes. Elastic Search – an open-source project known for search – found itself building native security and analytics due to popular demand.
Moving into the agentic side of things, Microsoft’s AI Agent Challenge was a big hit. Their booth had plenty of specialists on site to answer any of your questions. Focusing exclusively on AI Agents for the Red Team, Mindgard’s solution keeps probing to find vulnerabilities, filters through them based on your target and context. Finally, remediation advise is dispensed. Cyata built a built a control plane for Agentic Identity and includes policy enforcement. Addressing the full lifecycle above and beyond triage, Exaforce shared their Agentic SOC Platform. A demo of Exaforce was also captured. Finally, if you are unfamiliar with the current state of agents or have never seen an agent in action, enjoy the video with Ralph. Ralph comes from Cyber Innovate; a think tank focused on stopping threats from AI Agents themselves.
Black Hat USA 2026 will once again return to Las Vegas and will be held at Mandalay Bay Convention Center in August 2026. The exact dates have yet to be announced at time of publication.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
To strengthen cybersecurity in FinTech, experts emphasize a layered approach that combines technology and human awareness. Rising threats like phishing, smishing, and fraud demand not just better tools but also vigilant, well-trained employees. Embedding security scans into software development, analyzing diverse data signals, and adopting a “defense in depth” strategy are all critical. Ultimately, staying curious, asking the right questions, and embracing evolving technologies—especially AI—can help organizations stay ahead of cyber risks.
Research available only to clients at this time.
*When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.
The 2024 Fintech Meetup experienced a 25% increase in size, featuring over 50,000 one-on-one meetings. Key areas of interest included development environments, product connectors, customer engagement solutions, and ACH payment simplification. Risk management and compliance were significant themes, with solutions for identifying threats, ensuring regulatory adherence, and verifying new clients. Identity verification and fraud prevention were also highlighted. Global risk decisioning platforms and extensive marketplaces were showcased, along with solutions for digital payouts, gift cards, and depositor retention.
The Conference
Fintech MeetUp 2025 was held in Las Vegas, Nevada and had just over 5,000 registered attendees including over 1000 CEOs, with diverse collection of exhibiting companies. Over 50,000 one-on-one meetings were also scheduled.
Cautions
It is critical you keep up to date with the deadlines as the MeetUp approaches to get the maximum networking from the MeetUp. If you registered in the last month before the event, you are already too late to participate in the meetups.
The event explicitly did not want any of the sponsored keynotes to be recorded or amplified. Sponsors should keep this in mind if they want any attention outside of those able to make it in-person those exact days.
Having covered Fintech Meetup in 2024, we knew what to expect from the meetups. As you can feel in the energy of the event, it was about 25% larger than last year. This year featured over 50,000 of their infamous one-on-ones – just be sure you register and get your information in early if you want to participate. Our coverage this time focused on the expo hall. In addition, we were able to conduct research for three forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Regardless of your role or fintech need, there was likely a vendor in that specific fintech space. Developers had Gitlab providing an environment to develop solutions from ideas, through the entire software development lifecycle to production. Creating a solution that requires that is required to connect to various products in the fintech space? Merge shared their vast collection of product connectors regardless of development or integration technique. Perhaps you are specifically focused on improving your customer engagement. Interface.ai provides an agentic AI solution designed exclusively for credit unions and community banks to engage with their customers. If the interface you are most concerned with is ACH payments, Trustly can simplify ACH payments and comes with a side of risk management.
Money makes the world go around so risk management will always be a significant area of focus within Fintech. A cognitive AI solution to identify missing threats, Thetaray seeks to find troubling patterns before an organization is compromised. More concerned with compliance? Security Metrics shared their capabilities for ensuring compliance not only with FinTech but also Healthcare and other regulated industries. Focused on compliance, and fraud and perhaps but also must increase your customer conversion rate? OnFido shared their combination solution that enables organizations to quickly and correctly verify potential new clients. The risk profile is configurable depending on the specific needs of a given organization at a given time.
If identity is an area of interest in your organization, TBW Advisor’s research, Conference Whispers: Identiverse is a must read. The identity space also featured quite a few vendors in the identity space. During an exclusive interview, Intellicheck told us about their exclusive access to the data required to strongly identify drivers’ licenses from USA or Canada. If you prefer to leverage phone intelligence, Prove previously covered at Money 20/20, shared an update to their solution that now goes beyond leveraging the chip in the phones. For Fraud, prevention is always better than detection, Aries Fraud Solutions is all about prevention achieved by leveraging different numbers on the card versus the strip. In the area of risk decision and fraud detection, it is also worth to evaluate the extensive offering by Socure with an active customer base across 20 different verticals.
For various solutions, it is frequently not only about what it can do, but how extensive globally is their coverage? Provenir informed TBW Advisors that their global risk decisioning platform is available in 60 countries serving anything from Tier 1 providers all the way to SMBs. It is a multi-component platform offering a marketplace in 120 categories. On the topic of marketplaces, MoneyLion shared their extensive offering with over 800 3rd party products serving 20+ million consumers and as well as the engine behind the largest enterprise fintech customers.
The B2C dimension is always a challenging dimension for payouts. Whether it is payouts for the workforce, or refunds, Onbe’s solution is bringing clients into the digital age. If you are focused more on gift cards, Incentive.AI can create customer solutions to fit your needs. Finally, an interesting solution to help retain depositors was shared by Wysh. Wysh enables financial institutions to offer free life insurance to customers based on deposit values.
While this year’s event was held at the Sands Convention Center of the Venetian, next year’s event will be at Mandalay Bay. The event will be held March 30-April 1, 2026.
Fintech Meetup 2024 allowed over 4,000 attendees to not only meet up, but see an extensive collection of exhibitors and extended formal interviews as keynotes. Attendees and exhibitors agree the word that best described the event was “different”. The conference featured technologies that are specific to Fintech, those that benefit regulated industries such as fintech and healthcare and interesting technologies for enterprises including those in Fintech and in general.
The Conference
Fintech MeetUp 2024 was held in Las Vegas, Nevada and had just over 4,000 registered attendees, with large collection of exhibiting companies.
Attendees at CES 2024 hold titles such as CEO, Founder, Investor, VP, Director, Chief Marketing Officer, VP of Engineering, VP of Product Development, data scientists, Chief Risk Officer, Chief Revenue Officer, and lead engineer.
Highlights
Fintech Meetup would have to be the meetups that resulted from the preparation for the event and neat matching technology in the background.
Cautions
It is critical you keep up to date with the deadlines as the Meetup approaches to get the maximum networking from the MeetUp.
As a Meetup I had no idea what to expect as I approached the entrance. The informal font on the conference title makes it seem quite small. In reality, there were over 4,000 people there and the meeting space was literally buzzing! Did the conference meet our expectations? Well it was larger than thought but managed to maintain the quaintness you would expect from the name. I really do think everyone was so much friendlier than I ever experienced at a conference as observed in the walkabouts! There was food galore albeit I heard a lot about the heavy curry on Monday’s lunch!
Much to our surprise there were in fact keynotes sessions. Unlike most conferences, all keynotes were interviews. TBW Advisors LLC was able to catch a few of these. Specifically, Kevin O’Leary on behalf of Beanstalk*. Interestingly, Kevin has a few quotable moments. He reported he only gives start-ups 3 years to make it. He also stated that Shark Tank investments are expected to recoup their investment within 48 hours of airing on television. Finally, he also will not invest in a company that cannot handle its own social media!
Attendees were also treated to an in depth interview of Angela Strong, a long-time venture capitalist. Angela was decidedly giddy about the quality of the current group of start-up entrepreneurs. She further delved into the depth of their experience on the exact niche of a problem they are solving.
MasterCard’s CTO, Ed McLaughlin also provided an in-depth interview to attendees. His advice is to not push new technology aside just because you have something that can do something the new technology can do. Rather, he strongly urged all to explore what the new technology can do that other technology cannot – for that is where the magic of innovation will occur. Max Neukirchen from JP Morgan also shared the passion his organization has for innovation.
For banks seeking mobile image capture, UrbanFT was there to meet your needs. Likewise if you are trying internally to get data from such captures, a new startup Docsumo was there trying to get your attention. If you bank is attempting to stop fraud from skimmers, Aries Anti-fraud solution with separate numbers on the front and back of cards caught a lot of attention! If however, your organization is seeking ultimate personalization based on user data, Finalytica.ai offered an option. If your bank is in a state with legal Cannabis industry, Shieldbanking’s solution offers a method to meet AML compliance requirements.
As you might expect some tech was not specific to Fintech but applied to regulated industries in general. For example, Skyflow offers data privacy for regulated industries and is equally at home in healthcare. While not unusual for VCs to require this tech of their investments, Zeni provides accounting and bookings for startups regardless of what sector they serve with their customers.
There were two interesting vendors that leveraged behavioral science. Symend leverages customer behavior to increase sales as well as detect fraud. For example, some customers cannot resist a FOMO type of advertisement while others never respond. Likewise. NeuroID leverages typing patterns and copy and paste detection to identify fraud. As you might guess, most people don’t have to copy and paste their own addresses into fields, but cyber criminals do.
Next year’s event will be March 10-13, 2025 in Las Vegas.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
