The insider’s guide to Black Hat 2025

Black Hat brings thousands of security practitioners to Vegas every August. This year, AI security dominates the agenda alongside the usual cloud and application security talks.

Whether you're going in person or watching remotely, the schedule is packed. Our research team went through everything and pulled out what matters for cloud security people.

What You Need to Know

• Dates: August 2-7, Mandalay Bay Convention Center 

• Trainings: August 2-5 (separate registration) 

• Main talks: August 6-7 

• Remote access: 30 days on-demand starting August 15 (based on previous years)

The event breaks into trainings, specialized summits, main conference talks, and the vendor hall. Plus networking events every night.

What Everyone's Talking About

AI Security - The biggest theme by far. Attacking AI models, AI-powered threats, defending AI systems, and using AI for defense. Expect talks on:

• Prompt injections and model backdoors

• AI-generated phishing and malware

• Securing LLMs and training infrastructure

• AI for automated detection and response

• Regulatory compliance for AI systems

Cloud Security - Multi-cloud environments, Kubernetes attacks, identity management. Real-world exploits and how to stop them.

Red Teaming - New evasion techniques, bypassing EDR, lateral movement. How attackers actually work.

Vulnerabilities - Zero-days, hardware flaws, better risk scoring than CVSS.

Application Security - Supply chain risks, modern app attacks, secure development.

Wiz Research Sessions

We're presenting three sessions based on our latest findings:

Breaking Out of The AI Cage: Pwning AI Providers with NVIDIA Vulnerabilities

August 6, 11:20 AM, Mandalay Bay H

We found a critical bug in NVIDIA Container Toolkit that lets you escape containers and take over entire clusters. We'll show how this works on major AI platforms like Replicate and DigitalOcean, plus how to protect your own AI infrastructure.

Unify Vulnerability Management Everywhere with Wiz

August 6, 11:25 AM, Theatre D

How our platform centralizes vulnerability management across cloud, code, and on-prem. We add business context to help you prioritize what actually matters and fix things faster.

HoneyBee: Misconfigured App Generator

August 7, 2:00 PM, Arsenal Station 4

Open-source tool that uses LLMs to generate deliberately misconfigured Dockerfiles and manifests. Great for honeypots, testing your detection rules, and training teams on common mistakes. Works with any cloud provider.

15 Talks Worth Your Time

We went through the schedule and picked talks across different areas. Times might shift, so check the official schedule.

AI Security

1. FACADE: High-Precision Insider Threat Detection Using Contrastive Learning (Elie Bursztein et al., August 7, 10:20 AM) - Google's AI system for catching insiders, going open source.

2. Hackers Dropping Mid-Heist Selfies: LLM Identifies Information Stealer Infection Vector (Flare Team, August 6, 3:20 PM) - Using LLMs to analyze stealer logs and figure out infection vectors.

3. Invitation Is All You Need! Invoking Gemini for Workspace Agents (Ben Nassi et al., August 6, 4:20 PM) - Simple Google Calendar invites can hijack Gemini agents to delete calendar events, control smart home devices, and launch worms. Demonstrates 15 attack scenarios with 73% classified as high-critical risk.

Cloud Security

1. Breaking Out of The AI Cage: Pwning AI Providers with NVIDIA Vulnerabilities (Wiz Research, August 6, 11:20 AM) - Our research on taking over AI infrastructure.

2. Vulnerability Haruspicy: Picking Out Risk Signals from Scoring System Entrails (Tod Beardsley, August 6, 2:30 PM) - Why CVSS sucks and better ways to prioritize risks.

3. Advanced Active Directory to Entra ID Lateral Movement Techniques (August 6, 4:20 PM) - New ways to bypass MFA and steal data in Microsoft environments.

Red Teaming

1. I'm in Your Logs Now, Deceiving Your Analysts and Blinding Your EDR (Olaf Hartong, August 6, 10:20 AM) - ETW tricks to avoid detection.

2. Death by Noise: Abusing Alert Fatigue to Bypass the SOC (August 6, 1:30 PM) - Using low-priority alerts to create blind spots.

3. From Spoofing to Tunneling: New Red Team's Networking Techniques (August 6, 1:30 PM) - Stateless tunnels like GRE for network access.

Threat Intelligence

1. Pwning User Phishing Training Through Scientific Lure Crafting (UC San Diego & Censys, August 6, 2:30 PM) - How phishing training metrics are broken.

2. Keynote: Chasing Shadows: Chronicles of Counter-Intelligence from the Citizen Lab (Ron Deibert, August 6, 1:30 PM) - Real cyber espionage cases including Pegasus.

Also Worth Seeing

1. Hacking the Status Quo: Tales From Leading Women in Cybersecurity (Panel, August 6, 4:20 PM)

2. A Worm in the Apple: Wormable Zero-Click RCE in AirPlay (Gal Elbaz et al., August 6, 11:20 AM) - Zero-click remote code execution affecting nearly every AirPlay device from MacBooks to car systems. Live demos of full device compromise with wormable propagation across networks.

3. Unify Vulnerability Management Everywhere with Wiz (August 6, 11:25 AM)

4. HoneyBee: Misconfigured App Generator (Arsenal, August 7, 2:00 PM) 14-20. Plus talks on zero-click RCEs, Apple AI exploits, supply-chain attacks, and more.

Check the official schedule for a sortable view. We'll add links to slides and recordings when they're available.

Networking Events

Wiz Happy Hour - August 5, 7:00 PM at Flanker Kitchen + Sports Bar, Mandalay Bay. Food, drinks, and cloud security talk. RSVP required.

THE HACKASAN PARTY - August 7, 7:00 PM at Hakkasan. Pentera's after-party with DJ, drinks, and networking.

Beyond Black Hat

Black Hat is part of "Hacker Summer Camp" with other events:

• The Diana Initiative (August 4) - Focused on underrepresented voices in infosec.

• BSides Las Vegas (August 4-6) - Community talks and workshops.

• DEF CON (August 7-10) - Hacker villages, contests, and hands-on learning.

Attending DEF CON? Don’t miss our session: Auths Gone Wild: When 'Authenticated' Means Anyone (Danielle Aminov & Yaara Shriki, August 8, 12:10 PM) - Wiz researchers reveal that 15% of cloud environments have buckets exposing sensitive data to any authenticated user. These aren't your typical "public bucket" misconfigurations—they block anonymous access but let any logged-in account from any cloud provider access your data.

Many people hit multiple events. For us, Black Hat is mostly for business and research, and DEF CON is for hands-on content.

Bottom Line

AI security is everywhere at Black Hat 2025. Cloud environments are getting more complex. The best insights come from connecting with people, not just sitting in talks.

Come find us at our sessions or happy hour. We'll have post-event recaps on our blog.

RSVP for Happy Hour

P.S. We’d love to see you at our toy-store themed booth!