Black Hat 2024: Community, AI and resilience
In this blog
Every year, the cyber community braves the heat of the Las Vegas summer to converge for the annual hacker/cyber summer camp — otherwise known as Black Hat USA. Founded in 1997, Black Hat is an internationally recognized cybersecurity event series providing the most technical and relevant research in information security.
This year was special for two reasons:
- The introduction of the almost 1000-person strong AI Summit that gathered top executives and investors with technology vendors and data specialists from across the globe to network, learn and forge partnerships.
- World Wide Technology was not only the title sponsor of the AI Summit but also fielded a large team that spanned our AI proving ground showcase in the Business Hall and our thought leadership and networking space at Sbar.
Community has always been the cornerstone of the conference in the sense of connecting with colleagues and friends, and coming together to learn and collaborate, especially around AI and resilience. But this year the focus on community took on an entirely new importance: community in the sense of the impact when either malicious intent or mistake causes a cyber event. This was a stark new perspective we all grappled a bit with at the show.
AI, showcased by the AI Summit, was in the spotlight. While joked to be the buzzword of buzzwords, AI was not just a hot topic, but a focal point the entire community could not ignore. The first keynote of the AI Summit, featuring World Wide Technology's own CEO and Co-Founder, Jim Kavanaugh, and Bartley Richardson from Nvidia, set the tone.
-Jim Kavanaugh, CEO and co-founder of World Wide Technology
The world will be forever changed, both in positive and negative ways, from the rapid adoption of generative AI. As we leverage AI in our organizations without fully understanding the potential risk, we must embrace the innovation, but also come to terms with the new responsibility we face as operators and practitioners.
While it seemed like every company at the show had some new AI lens on their solutions, the truth is, we are at the tip of the iceberg when it comes to AI innovation and use. In a session with Chris Krebs, he highlighted that we are just at the beginning of understanding how AI will be leveraged from a threat perspective, and the adversaries are just getting started. We have the chance from an offensive perspective to be much better prepared as new AI leveraged threats emerge, and we cannot waste the opportunity.
AI Insights In-Depth
Amid the lights and flash of the business hall pageantry, a noticeable divide between hype and practical implementation highlighted AI's emerging infancy stage in modern cybersecurity frameworks. The normalization of security for new AI systems is a new focus area which calls for deeper review. Enlightening key themes from sessions attended plus customer and partner interactions include:
AI as a core strategy element
It should come as no surprise that AI has graduated from a nice-to-have to a critical strategy component for the majority of organizations. AI is increasingly viewed as an integral part of enterprise security strategies. This includes monitoring and controlling the flow of data into and out of large language model (LLM) systems and applying the principle of least privilege to all components, particularly in plugin management. From the AI Summit to the solutions displayed in the Business Halls, it's clear AI is here to stay.
Secure AI by design
Another key takeaway from the AI Summit was the critical importance of adopting a "secure by design" philosophy in AI development. This approach emphasizes the need for security to be embedded into AI systems from the earliest stages of development, ensuring that vulnerabilities are addressed proactively (and early) rather than reactively. Industry leaders at the summit stressed that integrating security into AI systems from the outset is crucial to preventing these systems from being exploited by adversaries later on. As AI continues to evolve, this foundational principle will be essential in building resilient AI-driven security solutions.
Transparency in AI implementations
Many conference discussions and briefings highly stressed the need for transparency from vendors regarding their AI implementations in order to foster trust and facilitate effective integrations. Lack of transparency has multiple register implications, which has raised flags with both Boards and practitioners alike. With the current laser focus on supply chain and interdependences, we should see this trend continue to emerge as a critical topic.
The AI hype cycle
The business hall buzzed with claims of revolutionary AI-powered security solutions. Yet, only a select few vendors backed their claims with robust evidence of real-world implementation. In- depth discussions were crucial in setting realistic expectations and understanding the practical applications of AI in security. The conclusion is that hype is still a very real issue, and many organizations have underestimated the complexity of building customer ready GenAI solutions. As a result, they are now coping with delays in the release of features that are long past commitment dates. Deep vetting, as executed in the WWT's AI Proving Ground, and expectation setting and achieving will help the hype cycle over time.
Cybersecurity's data problem
Another AI-focused theme at the conference was the immense challenge of managing and securing vast data volumes. AI is seen as a potential solution, but this underscores the necessity for clean, well-curated data to train effective AI systems and prevent AI-driven solutions that are reliant on poor-quality data. There were many ideas on how to address this, but as we start to discuss responsible AI use, data quality will remain a huge focus going forward.
Balancing speed and security in AI adoption
Another concept highlighted in the sessions of the AI Summit was the challenge of balancing rapid AI innovation with the need for robust security measures. While generative AI is driving significant business growth, it also introduces new vulnerabilities and expanded attack surfaces that must be managed from the start. Experts at the summit emphasized that this balance is critical to ensuring that the benefits of AI are not overshadowed by the risks. Collaboration between the public and private sectors was highlighted as essential to help address these challenges and build a secure AI ecosystem. Public-private partnerships will play a crucial role in achieving this balance, particularly in critical sectors like finance and infrastructure.
Further reading: check out our CISO's Guide to AI, step-by-step guide to unlocking the power of AI while protecting critical data.
Red teaming evolution
This was one of the highlights of the show for our technical teams. While the commercial aspects of AI and red teaming have been focusing on using AI to enhance existing red team techniques and tooling, a new practical focus for security engineers is shifting toward discipline of targeting generative AI systems. This evolution was highlighted through detailed discussions and workshops, where new strategies and tools were demonstrated. This focus reinforced the need for security professionals to anticipate and mitigate several types of attacks that exploit the structural weaknesses of LLMs, such as training data poisoning and model serialization attacks.
A renewed focus on cyber resilience
From a cyber perspective, with the recent events surrounding some of the largest brands in security, it was natural that resilience would be a close second to AI in terms of show focus. There seemed to be two camps of opinion among attendees. There was the "it would not have happened to us" camp, and the "this is a wakeup call to look deeper into resilience" camp. What everyone could agree on is the three areas when considering cyber resilience: operational, financial, and recover and respond. We should all be paying more attention to all three of these major areas of focus. From the CISO Summit to the Cyber Insurance Breakfast, and in many of the Briefings, attendees discussed at debated all facets of cyber resilience and the future changes we will all face.
One main highlight from the CISO Summit was operational resilience, specifically with alternate solution planning and better restoration practices. This was top of mind for many attendees. The three key themes that resonated were:
Code
We need to pay more attention to CODE. Control processes around testing, updates and deployment must have much more rigorous quality assurance (QA) processes. Quick rollback functionality and dual systems for critical business functions with zero interdependencies are quickly emerging as the talk tracks for the near future.
Diversification
Single vendor strategies have evaporated overnight. As proven, the failure point is just too great. There is already a massive look back at the diversification techniques used in network engineering in the early 2000s with dual paths, dual providers, even dual entrances for redundancy. We can expect to see replication in current cyber architecture resilience planning going forward.
Regulation
After cyber events, either malicious or by mistake, regulation will follow. We expect a ripple effect, supported by several of the executive orders that have come out of this administration, to pave the way for more rigor around both code creation and deployment and resilience. There are theories everywhere of what will come, but given it is an election year, along with the recent Chevron reversal, it may be a while until we see the full effect.
The consensus is that we, as a community, will be learning and relearning the lessons learned from these events for the near future and will be impacted both from a strategic and regulatory perspective for a long time to come. Resilience is not just an emerging buzz word, but something we need to incorporate into the fabric of our risk registers. Technology now impacts every operational area within an organization. Lessons from the past and innovation from our AI future will need to be blended if we are to adequately address our digital reality.
The perspective of CISOs and risk executives
As our WWT Field CISO team talked to CISOs and our broader security community, some themes emerged:
- You can't go it alone in cybersecurity. Our clients want help and advice. The expectations for the cybersecurity community to work together collaboratively has never been higher. "I need WWT to be my cybersecurity shortcut so I can get to my goals faster." This was a consistent sentiment we heard at Black Hat. The foundation and expectation of trust and collaboration have never been higher as we secure all together.
- We all talk about collaboration, but at best it's cooperation. Collaboration comes when there is trust within the participants. There is more trust and collaboration this year as we work together to solve cybersecurity challenges quicker.
- CISOs discussed the personal challenges and liability they face depending on how they handle incidents and how they communicate them. It is a challenge that is leading to increased angst and burnout in the CISO community.
- Cybersecurity resource challenges persist. Finding and retaining cyber talent continues to be a significant challenge for everyone. Building teams, retaining talent and growing their skillsets requires consistent effort.
- This year, I observed many of our OEM partners forming "tech alliances." It was not so much about individual companies showcasing their latest capabilities but rather about demonstrating how their offerings and products seamlessly integrate with those of other vendors.
Observations on AI
- CISOs are in all stages of managing AI in their companies from putting governance in place, to building their own systems, to mitigating shadow AI. But many are preparing or using AI to defend their enterprises as adversaries ramp up utilizing AI attack methods. Some notable observations:
- Research will forever be changed by AI and its ability to parse peta, exa, zetta, and even yottabytes of data.
- AI has already changed the attack patterns of bad actors and will continue to assist them with new ways to exploit vulnerabilities.
- Conversely, AI will assist defenders with cross-correlations to reveal attack patterns that human analysts might miss.
- Power consumption of AI and the supporting infrastructure required will also be impactful, disruptive, and transformative to the modern data center, whether cloud or on-premise. The rise of AI, particularly in data centers, has led to a surge in energy consumption. For instance, data centers, which are crucial for AI operations, consumed over 4% of all electricity in the U.S. in 2022, and this is projected to more than double by 2031. A single data center can use as much power as 80,000 U.S. homes.
Community: The real jewel of the Black Hat crown
The highlight of Black Hat was spending time with the team and the community. The innovation and desire to learn about what is emerging in our brave new digital risk filled world was palpable. Whether walking the Business Hall floor or spending time in the "lobbycons," there was a massive influx of new companies and new quadrants of solutions, creating excitement and energy unlike in past years.
For World Wide Technology, it was a chance to participate as a leader in these areas. As a leader in AI and AI partnership, both from an opportunity and risk perspective, the chance to highlight legacy and emerging partners and how we can collaborate with them in our Advanced Technology Center was amazing. We were struck by how many clients and prospective clients spent meaningful time with our teams to learn and collaborate. In addition, our SBar lounge hosted excellent sessions on topics like emerging regulation, diverse workforce development and emerging cyber trends. It was a hive of activity, with new partners mixing with our team and clients. In addition, it was an honor to highlight the amazing work of our workforce development partner NPower and spend time with the incredible women that make up the Forte Group.
As the cybersecurity landscape continuously evolves, Black Hat 2024 helped us look ahead at the ever-expanding role of AI in enhancing security measures. However, as we looked ahead to the innovations, we were reminded that we must maintain the crucial balance between embracing innovation and adhering to foundational security principles. As we look forward, the integration of AI into cybersecurity strategies promises a more resilient digital infrastructure, provided it is approached with careful consideration of its limitations and impacts.
This Black Hat and the AI Summit will go down for our team as the show we truly took our place in leading the AI and digital revolution from a cyber perspective. The lessons learned from the show and the collaboration with partners and clients will shape our strategy for years to come.