Preparing for Black Hat and DEFCON 2025

It's almost time to board the plane and head to Las Vegas to attend the two most famous cybersecurity conferences in the world. I thought I'd drop a few lines to capture my thoughts before the conferences begin.

Black Hat

Agentic AI and AI/LLM security are everywhere. Considering all the pre-conference product presentations, I think that only a handful are missing AI capabilities. What drew my attention, though is companies that are offering identity management, access control and AI governance, which shows how this field seems to be evolving in an uncontrolled way for each company. Additionally, there are companies offering complete agentic and automated SOC analysts, AppSec architects and it just seems that this year as well, everything will be dominated by AI. Not entirely unexpected or unjustified...

There are also presentations on LLM exploitation, AI 0-day exploits and AI secure architecture that looks really promising. I am looking forward to James Kettle's talk "HTTP/1.1 Must Die! The Desync Endgame" and also, Nicole Perloth's keynote, who is the author of one of my favorite books "This is how they tell me the world ends". The Black Hat app is really neat and helps organize the experience, although it feels a bit outdated.

DEFCON

This is really a "dream come true" for me and I think that for a good few hours I will be wandering around like a child in a candy shop.. When reality hits me, I will for sure attend both the social engineering village and the AppSec village that have amazing things planned. I believe the social engineering village will be integrating AI assistants to help hacking and I'm sure that the results will be great. What I am hoping for is to meet people interested in agentic AI development and hacking.