Cloud intrusions have surged by an impressive 136% over the last six months. North Korean operatives have successfully infiltrated 320 companies using identities crafted with AI. Scattered Spider now manages to deploy ransomware in less than 24 hours. Nonetheless, at Black Hat 2025, the security industry revealed a working solution: agentic AI, which offers tangible outcomes rather than mere promises.

Recently, CrowdStrike identified 28 North Korean operatives embedded as remote IT workers as part of a larger campaign impacting 320 companies. This highlights how agentic AI is transitioning from a theoretical concept to an effective tool for threat detection.

At Black Hat 2025, nearly every vendor presented performance metrics, derived either from ongoing beta programs or full-scale agentic AI deployments. The prevailing theme was operational readiness, moving beyond hype or theoretical discussions.

CISOs interviewed by VentureBeat at Black Hat reported a substantial increase in alert processing capabilities with current staffing levels, alongside significant reductions in investigation times. Specific improvements depend on the maturity of the implementation and the complexity of the use case. What stands out is the shift from ambitious plans to tangible, real-world results.

VentureBeat is beginning to observe security teams achieving practical efficiency gains that translate into the metrics boards inquire about. These include reducing the mean time to investigate (MTTI), improving threat detection rates, and optimizing resource utilization. Black Hat 2025 marked a pivotal moment where the focus shifted from AI's potential to its measurable impact on security operations.

The Agentic AI Arms Race Shifts from Promises to Production

At Black Hat 2025, the dialogue centered around agentic AI, with numerous sessions devoted to how attackers have compromised or could easily compromise agents. VentureBeat noted over 100 announcements related to new agentic AI applications, platforms, or services. Vendors are producing concrete use cases and results, marking a positive change from the many promises made in previous years. There is a pressing need to bridge the gap between hype and real outcomes.

CrowdStrike’s Adam Meyers, head of counter-adversary operations, articulated the driving force behind this urgency in an interview with VentureBeat: “Agentic AI really becomes the platform that allows SOC operators to build those automations, whether they’re using MCP servers to get access to APIs. We’re starting to see more and more organizations leveraging our agentic AI to help them integrate with the Falcon and CrowdStrike systems.”

VentureBeat believes that the scale of the threat necessitates this response. “When they’re moving at that speed, you can’t wait,” Meyers emphasized, highlighting the fact that some adversaries now deploy ransomware in under 24 hours. “You need to have human threat hunters in the loop who are immediately aware when the adversary gains access, or as soon as they emerge, they’re there, engaging in direct combat with those adversaries.”

“Last year, we examined 60 billion hunting leads that resulted in about 13 million investigations, 27,000 customer escalations, and 4,000 emails sent to customers,” Meyers disclosed, illustrating the scale at which these systems now function. Microsoft Security unveiled significant upgrades to its Security Copilot, introducing autonomous investigation capabilities that can correlate threats across Microsoft Defender, Sentinel, and third-party security tools without human intervention. Palo Alto Networks demonstrated Cortex XSOAR’s new agentic capabilities, showcasing how their platform can now autonomously triage alerts, conduct investigations, and even execute remediation actions within set boundaries.

Cisco made one of Black Hat’s most significant announcements, releasing Foundation-sec-8B-Instruct, the first conversational AI model built exclusively for cybersecurity. This eight-billion-parameter model outperforms much larger general-purpose models, including GPT-4o-mini, on security tasks while running on a single GPU.

What distinguishes this release is its fully open-source architecture. Foundation-sec-8B-Instruct is distributed with completely open weights under a permissive license, enabling security teams to deploy it on-premises, in air-gapped environments, or at the edge without vendor lock-in. The model is freely available on Hugging Face, accompanied by the Foundation AI Cookbook featuring deployment guides and implementation templates.

“Foundation-sec-8B-Instruct is live, open, and ready to defend. Download it, prompt it, and help shape the future of AI-powered cybersecurity,” states Yaron Singer, VP of AI and Security at Foundation, emphasizing the collaborative potential of this open-source approach.

SentinelOne took a different approach, emphasizing their Purple AI’s ability not just to investigate but actually “think ahead” or predict adversary moves based on behavioral patterns and proactively adjusting defenses.

CrowdStrike’s threat intelligence reveals how adversaries like FAMOUS CHOLLIMA are weaponizing gen AI at every stage of insider threat operations, from creating synthetic identities to managing multiple simultaneous employment positions. Source: CrowdStrike 2025 Threat Hunting Report

How the North Korean Threat Changed Everything Fast

FAMOUS CHOLLIMA operatives infiltrated over 320 companies in the past year, marking a 220% year-over-year increase, signifying a fundamental shift in enterprise security threats.

“They’re using AI throughout the entire process,” Meyers informed VentureBeat during an interview. “They’re employing generative AI to create LinkedIn profiles, to craft resumes, and during interviews, they utilize deep fake technology to alter their appearance. They use AI to answer questions during the interview process and, once hired, they employ AI to develop the code and perform the tasks they’re expected to do.”

The infrastructure supporting these operations is sophisticated. One facilitator in Arizona maintained 90 laptops to enable remote access. Operations have extended beyond the U.S. to France, Canada, and Japan as adversaries diversify their targets.

CrowdStrike’s July data reveals the scope: 33 FAMOUS CHOLLIMA encounters, with 28 confirmed as malicious insiders who had successfully secured employment. These are AI-enhanced operators working within organizations, utilizing legitimate credentials, rather than relying on traditional malware attacks that security tools can detect.

Why the Human Element Remains Vital

Despite technological advancements, a consistent theme across all vendor presentations was that agentic AI augments rather than replaces human analysts. “Agentic AI, as proficient as it is, will not replace the humans in the loop. You need human threat hunters who can leverage their insight, expertise, and intellect to devise creative ways to uncover these adversaries,” Meyers emphasized.

Every major vendor echoed this human-machine collaboration model. Splunk’s announcement of Mission Control emphasized how its agentic AI serves as a “force multiplier” for analysts, managing routine tasks while escalating complex decisions to humans. Even the most ardent proponents of automation acknowledged that human oversight remains essential for high-stakes decisions and innovative problem-solving.

Competition Shifts from Features to Results

Despite fierce competition in the race to deliver agentic AI solutions for the SOC, Black Hat 2025 ironically showcased a more unified approach to cybersecurity than any previous event. Every major vendor emphasized three critical components: reasoning engines that can understand context and make nuanced decisions. These action frameworks enable autonomous response within defined boundaries and learning systems that continuously improve based on outcomes.

Google Cloud Security’s Chronicle SOAR exemplified this shift, introducing an agentic mode that automatically investigates alerts by querying multiple data sources, correlating findings, and presenting analysts with complete investigation packages. Even traditionally conservative vendors have embraced the transformation, with IBM and others introducing autonomous investigation capabilities to their existing installations. The convergence was apparent: the industry has moved beyond competing on AI presence to competing on operational excellence.

The cybersecurity industry is witnessing adversaries leverage GenAI across three primary attack vectors, forcing defenders to adopt equally sophisticated AI-powered defenses. Source: CrowdStrike 2025 Threat Hunting Report

Many Are Predicting That AI Will Become the Next Insider Threat

Looking ahead, Black Hat 2025 also highlighted emerging challenges. Meyers delivered perhaps the most sobering prediction of the conference: “AI is poised to become the next insider threat. Organizations inherently trust these AIs. They are using them to perform numerous tasks, and as they grow more comfortable, they are less likely to verify the output.”

This concern ignited discussions about standardization and governance. The Cloud Security Alliance announced a working group focused on agentic AI security standards, while several vendors committed to collaborative efforts around AI agent interoperability. CrowdStrike’s expansion of Falcon Shield to include governance for OpenAI GPT-based agents, combined with Cisco’s AI supply chain security initiative with Hugging Face, signals the industry’s recognition that securing AI agents themselves is becoming as important as using them for security.

The pace of change is accelerating. “Adversaries are moving at an incredible speed,” Meyers cautioned. “Scattered Spider targeted retail back in April, moved on to insurance companies in May, and then aviation in June and July.” The ability to iterate and adapt at this speed means organizations can’t afford to wait for perfect solutions.

Bottom Line

This year’s Black Hat confirmed what many cybersecurity professionals anticipated. AI-driven attacks now threaten organizations across a broadening array of surfaces, many of them previously unanticipated.

Human resources and hiring have become the threat surfaces no one foresaw. FAMOUS CHOLLIMA operatives are infiltrating every possible U.S. and Western technology company, seizing immediate funds to support North Korea’s weapons programs while pilfering invaluable intellectual property. This introduces an entirely new dimension to attacks. Organizations and the security leaders guiding them must remember what is at stake: the core IP of businesses, national security, and the trust customers place in the organizations they engage with.