Blackhat USA 2023: A Dive into Cybersecurity Insights
Returning to Blackhat 2023 USA felt like a homecoming, witnessing its undeniable revival in size and popularity post-pandemic. Despite the intense and somewhat searing heat of Las Vegas, it was heartening to see the return of in-person events and to see so many people coming together as a community to learn, train, share and to advance the cybersecurity purpose. The sheer scale of the event, number of exhibitors and attendees shows just how strong the cybersecurity market remains despite global economic uncertainty and how many challenges there are still to overcome. This year’s conference was filled with thought-provoking discussions, ground-breaking revelations, and a few intriguing surprises. Here’s a glimpse into the lessons I gathered from my time at Blackhat 2023.
Artificial Intelligence – The Hype vs. Reality
Artificial Intelligence (AI) was undoubtedly the topic du jour, it permeated throughout the whole conference from main stage to small meeting rooms and discussions over drinks. Discussions focused on both the industry-changing benefits of AI but also the technology’s ability to be weaponised and how it could be used to completely disrupt threat models. Are threat actors using ChatGPT? Very likely it can be, but evidence is scarce. Can large language models (LLMs) be used maliciously? Yes, but methods for maximum harm are still being studied. Despite uncertainty, the consensus seems to be that generative AI will drastically reshape cybersecurity, beyond our expectations.
A key-note speaker that really stood out for me was Maria Markstedter, the CEO and founder of Azeria Labs. Collaborating with Arm on exploit mitigation research, she empowers global security researchers and developers in tackling and safeguarding Arm-based software. Maria delivered a keynote about the future of generative AI, required skills for the security community in the upcoming years, and methods malicious actors use to compromise AI-based applications today. According to Markstedter, the rapid development of generative AI, spearheaded by major players like Microsoft, is outpacing the security community’s efforts to keep pace. She drew a parallel between the generative AI surge and the early iPhone days, when security wasn’t a focal point and jailbreakers pushed Apple to enhance defences. She believes this trend is triggering a wave of emphasis on security, akin to what happened during the iPhone revolution.
This same shift is occurring with generative AI, she said, driven not solely by new technology but by the vast array of applications that have emerged since ChatGPT’s rise. Businesses are seeking autonomous agents that offer access to a highly capable workforce around the clock, Markstedter explained. Understanding the transforming technology and the resulting threats is essential in this changing landscape, she concluded.
Regulators are Struggling to Keep Up
A frequently raised inquiry that was a key discussion point revolved around the role of regulators and national bodies concerning AI, particularly Generative AI with Language Learning Models. This topic led to a complex discussion. However, the consensus was that the genie is already out the bottle. Regulators operating on a national level are grappling with coordination issues and the absence of a unified stance, causing them to scramble to catch up with the rapidly evolving landscape.
Something I found fascinating, that underpinned the importance of addressing the issues raised by AI was the launch of DARPA’s AI Cyber Challenge (AIxCC), a two-year competition aims at drive innovation at the nexus of AI and cybersecurity to create a new generation of cybersecurity tool with the ultimate goal of securing USA’s critical national infrastructure. The AIxCC offers two participation tracks: the Funded Track and the Open Track. In the Funded Track, participants are chosen from proposals submitted through a Small Business Innovation Research solicitation. Up to seven small businesses will receive funding to take part. The Open Track involves competitors registering through the competition website and proceeding without DARPA funding.
Clearing the Acronym Jungle
I have never been shy about stating how cybersecurity marketing has a jumble of acronyms – SIEM, SOAR, EDR, XDR, MDR… the list goes on. It’s no surprise that these terms are often used interchangeably, leading to confusion among even seasoned professionals. The theme was crystal clear: the cybersecurity industry needs clearer messaging. The call for transparency and simplicity echoed in various talks. At Adarma, we’re actively shedding unnecessary jargon and buzzwords to give clients better outcomes in security operations. Customer feedback shows they appreciate our transparent, straightforward approach and want to partner with experts who avoid fear tactics. They value engaging with individuals who simplify technical language into accessible terms. In a challenging market, showcasing products or services that solve business problems and deliver outcomes is now more vital than ever.
Innovation Amidst Consolidation
The innovation and funding in the cybersecurity realm remains palpable, indicating a promising path forward. Notably, the past couple of years have seen the API Security category rise to prominence, with key players like SALT and Cequence driving disruption. It’s clear that this niche is maturing into a force to be reckoned with, with others also carving a space in the cybersecurity ecosystem.
Diversity is Progressing
Diversity and representation, a topic close to my heart, yielded both pleasant surprises and reminders of ongoing challenges. Blackhat 2023 demonstrated a notable improvement in diversity compared to previous years, with compelling smart women leading discussions. The sessions I attended were graced by the presence of eloquent and knowledgeable female experts, breaking barriers and contributing to meaningful conversations.
Blackhat 2023 offered a myriad of insights and revelations that left me pondering the current state and future directions of the cybersecurity landscape. While AI’s potential remains a double-edged sword, the need for clear communication and transparent messaging is more critical than ever. The industry’s innovative spirit continues to thrive, evident in the emergence of evolving categories like API Security. And as we celebrate the progress in diversity, we’re reminded of the journey still ahead to ensure equitable representation within the field. Until next year, Blackhat!
An error has occurred, please try again later.An error has occurred, please try again later.