The BlackHat Wrap-Up!

The 2024 BlackHat Conference is in the books. These were the big topics.

Intro

In the 115 degree heat an impatient but hilarious cab driver asked me if I was also here for the “Hack Rats” Conference and yes, indeed, I was. The only thing hotter than the weather in the lovely August sun in Las Vegas were some of the topics covered at this year’s biggest hacker conference. Over the past few days, the Decibel team and I had a chance to catch up with founders, CISOs and security practitioners at our usual Founder Oasis event. We discussed the latest trends and topics in cybersecurity, and I wanted to summarize the key takeaways here: 

The Decibel Founder Oasis in full swing, a place for founders to take customer meetings and exchange ideas. 

I Spy with My Little AI 

The growing excitement around AI Security and the Security of AI is intensifying, especially as AI tools empower criminals to scale their operations more rapidly. These tools are increasingly being used to socially engineer the most vulnerable layer of security—humans—manipulating them to bypass security controls. For example, attackers might pose as high-level executives to pressure a finance department employee into wiring funds to a fraudulent account by creating a sense of urgency. Similarly, they might manipulate a help desk into disabling MFA for an executive. This highlights the critical importance of helping humans make better security decisions—a key topic of discussion.

As AI becomes more sophisticated, so do the threats it faces and poses. Without continuous research and innovation, we risk falling behind in understanding and mitigating these emerging risks. It is essential to stay ahead of the curve, ensuring that AI systems are not only effective but also resilient against exploitation by malicious actors.

Therefore, in collaboration with our friends at SpecterOps and Dreadnode, we were thrilled to launch our first-ever “Man vs. Machine” competition at Black Hat. This open challenge gave over 100 security researchers the opportunity to test their skills by hacking AI models in real-world simulations. Participants tackled 12 different “capture the flag” (CTF) exercises, generating more than 2 million API requests against widely used LLMs. While more than 50 researchers successfully completed the first challenge, only 3 managed to conquer all 12. We hope that competitions like these will inspire researchers in our community to develop protective measures and guardrails for today’s AI models.

Kenneth Yeung was crowned the winner of the event and was awarded an NVIDIA RTX-4090 by our honorary guest HD Moore (founder of Metasploit and runZero). 

The Programmable Defense: The Crowd Strikes Back

At our annual Black Hat Decibel Founder Happy hour, the July CrowdStrike IT outage was a major topic of discussion. Huge kudos to Crowdstrike founder George Kurtz for showing up to the Innovators and Investors Summit where he sent all of our founders a message that you need to show up when times are tough. There were many lessons learned and open questions on how the industry moves forward and many in our community are working towards a more resilient solution: a Programmable Defense which allows vendors, researchers, and early adopters to collaborate through open security solutions. Our portfolio companies Sublime Security, SpecterOps, Prowler, Push Security, and our friends at Panther continue to lead the way in this very important movement. We expect an even larger group next year - the crowd will definitely strike back! 

Our Decibel Founder Happy Hour at Libertine Social 

Will.”IAM” - Where is the love?

Identity and Access Management (IAM) and Identity Security (IS) took center stage at Black Hat 2024, underscoring its critical role in modern cybersecurity. As the cloud era continues to evolve, IAM and IS has become more than just a security necessity; it's now a frontline defense against increasingly sophisticated credential compromises and identity-related attacks. This year's conference highlighted how security leaders are realigning their IAM and IS strategies to meet the demands of this new landscape, recognizing that effective IAM and IS is vital for protecting sensitive data and ensuring only authorized access to critical systems.

Packed house at the Push Security, Sublime and Panther Happy Hour!

Our portfolio company Push Security –which focuses on identity attack detection and response – held a detailed webinar on the topic, in particular covering the massive recent spike of AitM (Adversary-in-the-Middle) attacks. The growing threat of advanced phishing tools like Evilginx, EvilnoVNC, Muraena, and Modlishka, which attackers use to bypass traditional security measures such as multi-factor authentication (MFA). These tools enable attackers to steal live session logins, making it critical for organizations to adopt robust detection strategies. One way to protect against this is to leverage browser telemetry to identify and block these phishing toolkits.

Conclusion

Attending Black Hat in Las Vegas this year was, as always, an incredible experience, filled with insightful discussions, innovative ideas, and the chance to connect with some of the brightest minds in cybersecurity. While it’s great to be back in the cooler climate of San Francisco, the excitement and energy from the conference are still fresh in our minds. We're already looking forward to next year, eager to reunite with founders, CISOs, and practitioners to continue exploring the cutting edge of security. As always, if you are thinking about or building in security, AI or infra IT space please reach out to me or join our Founder Catalyst community!