7AI | Fortinet | ReliaQuest | Zscaler
Q1. You've positioned 7AI around 'agentic security' and autonomous AI agents handling a whole range of non-human work. At what point does the 'human analyst" become the bottleneck rather than the enabler as these technologies take hold? What role do you see for them in future?
In traditional security environments, human analysts have often been the first and last line of defense – triaging alerts, correlating data, and responding manually. But this model doesn’t scale against today’s velocity and volume of threats. With 7AI’s AI Agents, we’re shifting from a world where analysts do the work to one where they direct it.
The human analyst doesn’t disappear – they evolve. As specialized AI agents take on the non-human tasks of triage, enrichment, correlation, and even autonomous remediation, analysts become strategic orchestrators. They focus on validating security outcomes and applying human judgment where it matters most – proactivity, strategy, and innovation.
The real bottleneck isn’t the analyst, but the work they’ve been expected to do. The future is not human vs. AI – but human with AI – operating at a speed and scale that was previously unthinkable.
Q2. How exactly is agentic AI changing the role of the CISO? How is the trend creating the need for what 7AI describes as a "Chief Innovation Security Officer" role?
CISOs are no longer measured solely by how well they prevent attacks. Today, they’re expected to drive operational efficiency, stretch flat budgets, and act as business enablers – all without compromising outcomes. The bar is rising even as resources shrink.
In the past, security leaders could justify growing headcount to match complexity. They could stack more tools to close gaps. They could separate “real security” from compliance and still get the budget to manage both. That era is over.
Boards are now asking harder questions. They’re looking at the impact of AI across other parts of the enterprise and asking: “What is our strategy for leveraging AI in security?” Executives expect security leaders to not only keep pace, but to lead the way.
That’s where agentic AI comes in – and where a new kind of leader is emerging: the Chief Innovation Security Officer. The kind of security leader that isn’t satisfied with incremental change, doesn’t accept the status quo, and knows there’s a better way.
Agentic security unlocks a new kind of leverage. Instead of more people doing more manual work, AI agents autonomously execute high-volume, high-friction tasks at machine speed – freeing human teams to focus on intent, outcomes, and strategy.
For forward-looking CISOs, this pressure becomes a catalyst. The new mandate isn’t just about reducing risk, it’s about reimagining how work gets done across security operations. CISOs move from asking “how can our people do this faster?” to “why are our people doing this at all?”.
Q3. What are some of the key themes and trends that 7AI plans to focus on during Black Hat USA 2025? Can you share some insights on the interactions and discussions 7AI plans on having with attendees at the event?
At Black Hat USA 2025, 7AI is inviting attendees to do something bold: dare to reimagine. We’re putting the spotlight on operationalizing agentic AI – not as a concept, but as a real, ready, and effective transformation of security operations. For too long, security operations have been defined by constraints – limited headcount, alert fatigue, slow investigations, and rigid workflows. But agentic AI changes the equation.
Our conversations with CISOs and security leaders will center on a powerful shift: moving from manual defense to autonomous and better outcomes. We’ll dive into how organizations can operationalize agentic AI to drive efficiency, reclaim analyst time, and accelerate threat response. This is the core of what we do with customers: we enable enterprises to shift security work to AI agents today.
Already deployed across enterprises from 1,000 to 250,000+ employees, 7AI agents have autonomously resolved over 178,000 alerts, reclaiming thousands of hours of human work. That’s thousands of hours of human time redirected to more high-value, strategic work.
Attendees can expect hands-on demos and direct insights from customers who are using 7AI to innovate their security programs – shifting investigations to AI agents, reclaiming analyst time, and transforming the SOC into a living, autonomous system that adapts, responds, and scales in real time.
This isn’t a concept. It’s the future, already in motion. And it’s built for leaders ready to reimagine what’s possible.
Q1. Fortinet's recent threat report showed a record increase in AI-enabled, automated cyberattacks over the past year. What are the implications of this trend for organizations that might not be able to match the AI capabilities of nation-state actors and well-funded criminal groups?
While threat actors are certainly incorporating AI into their attack toolboxes, it’s critical to understand that the sensational, doomsday scenarios we often hear about are still largely theoretical. AI isn’t yet reinventing cyberthreats—instead, it’s turbo charging them.
Today, we’re observing threat actors primarily use AI to enhance the efficiency and scale of existing techniques like social engineering and malware deployment. Attackers rely on AI as an “easy button,” using the technology to automate labor-intensive tasks like scaling reconnaissance efforts and optimizing credential-stuffing attacks, create highly personalized and contextually relevant social engineering communications in convincing language, and optimize existing malicious code to evade detection.
The technology is also lowering the barrier to entry for cybercriminals, making it easier for both novice and skilled threat actors to execute successful attacks. To that point, we’re seeing the rapid growth of AI-as-a-Service models on the dark web. Much like Ransomware-as-a-Service models that became common in the past decade, cybercriminals can purchase AI-enhanced services that provide reconnaissance tools, deepfake generation, or social engineering kits targeted at specific industries or languages.
While there are many ways attackers can use AI in the future, the good news is that AI-driven attacks aren’t unstoppable and defenders have also been advancing defensive approaches and technologies (and leveraging AI for their own purposes) just as quickly. Security teams are already beginning to embrace activities like AI-powered threat hunting, hyper-automated incident response capabilities, and the potential rethinking of security architectures.
Let’s not forget the role that public-private partnerships play in evolving our collective defenses. AI will continue to impact every aspect of cybersecurity, and no single entity can successfully navigate this shift alone. Success will depend not just on technology, but on cooperation, flexibility, and continuous adaptation.
Q2. How has Fortinet enhanced its global threat intelligence capabilities to help organizations stay ahead of evolving supply chain attacks, especially those involving SaaS providers?
Global threat intelligence plays a vital role in helping security practitioners to understand, detect, and defend against all types of attacks, including those involving their respective supply chains. Established nearly 25 years ago, our FortiGuard Labs team has long been at the forefront of threat intelligence and cybersecurity innovation, processing millions of global events daily. The evolution of cyber threats has impacted corresponding advances in how we gather, process, and share threat intelligence.
Beyond simply collecting and sharing these insights with the cybersecurity community, we integrate our threat intelligence across our internal and external attack surface management offerings. By combining these into a platform with FortiRecon—Fortinet’s continuous threat exposure management product—we gain visibility into both internal and external assets. This provides a more comprehensive view of the attack surface including the supply chain, as well as the relevant risks that surround it.
Additionally, FortiGuard Labs team also specifically monitors the entire supply chain ecosystem, closely tracking the threat actors who specifically target hardware manufacturers, software vendors, and service providers with detection and protection in mind. We analyze attack patterns, tactics, techniques, and indicators of compromise (IoCs) from previous supply chain incidents to predict how threat actors may behave in the future—adjusting our approach and communicating to our customers and the broader cybersecurity community accordingly.
Q3. What do you expect Black Hat USA 2025 attendees will be most interested in hearing from Fortinet at the event? How does your company plan on engaging with the broader security community there?
As we look across the current threat landscape, we’re seeing emerging trends reshaping the attack environment and defensive approaches.
In addition to the ways in which AI is impacting the cybersecurity industry, threat actors are shifting left. Cybercriminals are increasingly adopting a nation-state level of sophistication, which stems from newfound funding that allows cybercrime organizations to operate with greater resources and precision.
Attack strategies are becoming more targeted. According to our 2025 Fortinet Global Threat Landscape Report, adversaries are expanding beyond traditional data theft and now targeting critical services and operational infrastructure.
There’s also a fundamental shift in attack methodology. Instead of breaking into networks directly, attackers are visiting cybercriminal marketplaces on the dark web to purchase stolen credentials, lowering the barrier to entry for cybercrime.
In response, defenders are strengthening their Security Operations Centers (SOCs), using generative and agentic AI to reduce analysis cycles and filter through the noise. The evolution of the SOC is especially important given the persistent cybersecurity skills gap and the analyst burnout that impacts our entire industry.
While strengthening individual defenses is crucial, public-private partnerships play a vital role in enhancing our collective cyber resilience—from building the future cyber workforce to creating initiatives designed to facilitate the sharing of threat intelligence that helps disrupt global cybercrime operations. One example of this is Fortinet’s ongoing work with the UC Berkeley Center for Long-Term Cybersecurity. Together, we’re creating a series of tabletop exercises (TTXs), surveys, workshops, and interviews, all of which will engage subject matter experts and share findings in a public-facing report and follow-on presentations. The project simulates real-world scenarios to help defenders better understand the dynamics of AI-powered cybercrime, enabling the development of forward-looking defense strategies.
Q1. When helping CISOs communicate security posture to their boards, what metrics or narratives are actually moving the needle in terms of securing budget and executive buy-in? In what ways is ReliaQuest helping CISOs in this regard?
Right now, everything is about speed. Our research has shown that attackers can move laterally in less than 30 minutes after they gain access, so knowing how quickly you’re able to contain and respond is critical. We’re expanding our metrics to show not only mean time to resolve (MTTR), but also contain (MTTC), which really gives CISOs and board members a clear picture of where they’re at in this race and communicates the urgency behind investing in security.
We’ve also always been big on visibility. You can’t protect what you can’t see. Being able to show things like detection coverage, MITRE technique coverage, or any gaps or exposures can help CISOs direct resources where they’re needed most.
One of our biggest goals is to take analysts out of the tier 1 and tier 2 grind and help them get faster on the stuff that matters. So, team efficiency metrics are important here. How much time are you saving by using automation? How many alerts have been handled by AI that otherwise would’ve been escalated? Where else are you spending your time?
Q2. As someone who bridges both vendor and customer perspectives, how do you see the role of the modern CISO evolving? How do you see that evolution playing out in your conversations with enterprise security leaders?
Modern CISOs need to be far more than technical security experts to be effective in today’s corporate environment. I see CISOs moving into three additional roles: They need to be businesspeople, framing the need for strong security in terms of the company’s business goals. They need to be educators, teaching everyone in the board room to the staff room how they contribute to security. And they need to be politicians, lobbying to ensure security is considered at the strategic level in the company’s decision-making process.
When speaking to CISOs, solution providers need to enable them in each of these roles. You need to help them explain how your solution meets the demands of the company goals.
Q3. What can customers and others at Black Hat USA 2025 expect from ReliaQuest by way of panels, presentations, workshops or other events?
We have a lot planned for Black Hat.
One of our goals is to help customers contain threats in under 5 minutes. At our booth, we’ll be doing live demonstrations of how our security operations platform, GreyMatter, is using at-source detection and agentic AI to achieve that.
We’re particularly excited to share our multi-agentic approach. We currently have our customers offloading tier 1 and 2 tasks to our IR agent, which handles it all autonomously. At Black Hat, we’re releasing another autonomous agent that will take on the persona of a Threat Intel Analyst, which conducts deep research and writes tailored threat reports for each customer.
Our CTO, Joe Parlow, is doing a speaking session on this, too, explaining how these agents are built to collaborate with each other, sharing knowledge and operating like a virtual SOC. It’s pretty mind-blowing, so make sure you check that out.
Another big thing we’re showcasing at Black hHat is our new Data Pipeline solution, which further expands our ability to give our customers a modular architecture. Data Pipeline will give customers the power to shape, route, and manage their security data as it flows, enabling faster detection through detection in transit, resulting in a more simplified architecture.
Q1. How does Zscaler's recently announced plans to acquire Red Canary fit into the company's long term vision and strategy? What gaps is it aiming to close in customers' threat detection and response workflows?
Our acquisition of Red Canary is a game-changer—a bold move to expand into MDR services and supercharge the AI-driven SOC. By combining Red Canary’s detection expertise with our unmatched Zero Trust platform and cloud intelligence, we’re delivering broader visibility across IT environments while strengthening our competitive position. This isn’t just a step forward; it’s a leap. The data goldmine we sit on is turning Red Canary into a Red Velociraptor, ready to hunt down threats faster, smarter, and on a global scale. It’s about plugging perceived gaps, accelerating innovation, and proving our Zero Trust story is not just complete—it’s unbeatable.
Q2. What specific zero trust strategies or tools does Zscaler recommend for protecting SaaS applications against threats such as those exploiting stolen credentials or vulnerabilities resulting from avoidable misconfigurations?
Our approach? No implicit trust. Ever. All users flow through the Zero Trust Exchange transparently—and even if someone’s creds are stolen, good luck. Since policy is based on identity and the Zero Trust Exchange, you can log in from grandma’s basement. Inline, endpoint, email, and out-of-band DLP shut that nonsense down before it even tries to play.
CTEM is our secret sauce. It puts every tool, app, SaaS, and IaaS in the spotlight, deduplicates the noise, correlates the data, and applies rich context—so you can tackle risk across assets, vulnerabilities, users, apps, and locations.
And we don’t stop there. SSPM (SaaS Security Posture Management) keeps SaaS misconfigs from becoming front-page headlines—monitoring posture continuously and enforcing best practices before attackers can exploit gaps.
Add AppTotal to the mix and now you’re protecting against 3rd-party and potentially malicious apps and browser extensions. We identify all apps connected into the SaaS ecosystem, provide threat and security intelligence, and can automatically disconnect risky apps—so shadow IT doesn’t become shadow risk.
Bottom line: this isn’t just protection; it’s domination.
Q3. How does Zscaler plan on using its presence at Black hat USA 2025 to engage with customers, researchers and the broader security community? What does the company have planned by way of events, talks and demos?
At Black Hat USA 2025, we’re not just showing up — we’re showing off. We’ll be on the floor at booth 3551, demoing our bleeding-edge Zero Trust tech, running theater sessions, whiteboarding, and handing out giveaways. If you want to see what real cloud security looks like, come watch us work.
Our executive leadership team will be there for 1:1 meetings — this is your shot to get face time and real answers, not buzzwords. We’ll talk about what’s broken in today’s security and how we’re fixing it.
We’re also taking things up a notch with a VIP reception at The Barbershop in The Cosmo — the kind of place where good ideas flow and bad ones get shaved off. If you’ve been to one of our events, you know what I mean.
And here’s the big one: our EVP & Chief Security Officer, Deepen Desai, will be delivering a 50-minute session on “The AI Imperative.” AI isn’t the future — it’s the now. Deepen’s going to break down where the opportunities are, where the landmines are, and how to stay a step ahead.
Bottom line — we’re coming to Black Hat to engage, to share, and to disrupt. Come hang with us.
