Agentic AI: From Hype to Real Threat Detection at Black Hat 2025

Article Summary

Black Hat 2025 marked a critical inflection point for agentic AI in cybersecurity. The dominant theme was a move away from hype and towards demonstrable results, largely fueled by the escalating sophistication of threats, particularly those perpetrated by groups like FAMOUS CHOLLIMA, who are leveraging generative AI to create authentic identities and infiltrate organizations. North Korean operatives infiltrated 320 companies in the past six months, employing tactics such as generating synthetic LinkedIn profiles and using deepfake technology during interviews. Vendors showcased solutions like Foundation-sec-8B-Instruct from Cisco, which outperforms larger models on security tasks, alongside CrowdStrike’s agentic AI capabilities, highlighting the ability to process significant numbers of alerts and reduce investigation times. Crucially, nearly every vendor emphasized the role of human analysts, acknowledging that agentic AI serves as a force multiplier, augmenting human expertise rather than replacing it. This reflects a shift in competitive strategy, focusing on measurable outcomes and operational readiness. The rapid pace of development and deployment is driving a new urgency in the security industry.

Key Points

• The infiltration of 320 companies by North Korean operatives, using AI-generated identities, demonstrates the real-world threat posed by agentic AI.
• Vendors at Black Hat 2025 showcased solutions that deliver measurable improvements in threat detection rates, investigation times, and resource utilization – moving beyond theoretical claims.
• A consistent theme across presentations was the need for human analysts to augment agentic AI, emphasizing the importance of human expertise and creativity in high-stakes situations.