Cisco | Tenable | Torq | Trend Micro | Wiz
Q1. Cisco has been integrating AI capabilities into its security portfolio for some time now. What have you learned about where AI actually moves the needle for security teams versus where it's just incremental improvement? How has that informed your product roadmap?
Across our product development, we’ve seen AI drive outsized security outcomes when it’s purpose-built. Generic models retrofitted into security workflows fall short. Success comes from AI designed for specific use cases.
Our early efforts focused on helping network security teams with repetitive tasks, like fetching config snippets or tuning firewall policies, integrated directly into Security Cloud Control.
To secure AI itself, we red-team LLMs for specific use cases. What’s secure for internal research in a travel company isn’t secure for a patient-facing healthcare app. Purpose-driven validation ensures the right guardrails are in place.
Customers also want enforcement across existing infrastructure. So, we integrated AI policy enforcement into Cisco Secure Access and the Cisco Hybrid Mesh Firewall, enabling threat detection and containment before access is granted.
With Cisco XDR, we trained LLMs on security-native data—network telemetry, endpoint signals, threat intel—to catch fast-evolving attacks. We didn’t stop there. We also built a purpose-built, 8-billion parameter cybersecurity specific LLM - Cisco Foundation AI model. It outperforms larger generalist models, supports on-prem deployment, and we open sourced it—model and weights.
We also use AI for bringing operational simplicity. In AI Canvas, leveraging our Deep Network Model —networking’s most advanced LLM, to unify observability, networking, and security telemetry in one collaborative UI.
Looking ahead, we’re focused on securing agentic AI: systems that don’t just respond, but act on your behalf. As enterprises grant agents access to core systems, the risk to IP, customer data, and operations grows we intend to build capabilities to ensure agents remain secure, constrained, and trustworthy.
Q2. Many security teams are getting pressure to adopt AI tools, but they're worried about adding complexity to already resource-stretched operations. What's your advice for them on how they should evaluate these new capabilities?
The key is to focus on outcomes. AI should simplify your operations, not burden them. Especially for a resource-constrained team, AI can help you move faster and make smarter, better-informed decisions. Start by focusing on what pain points you want AI to solve. Whether it’s alert fatigue, slow response times, or lack of visibility, the value of AI is only meaningful if it directly addresses those challenges.
When evaluating vendors or tools, look for AI that’s embedded into the existing workflow, not something that creates another platform to manage. If a tool requires you to swivel-chair between dashboards or reinvent your runbooks, it’s likely to create more complexity than it solves. Then look at AI that prioritizes transparency and trust. You need to be able to understand the logic behind decisions and be able to say “no” and course correct as needed. Finally, once you put the AI tools into action, go back to those pain points and look for success metrics. Did the tool demonstrably reduce time to detect and respond? Did it cut false positives or automate a routine task? The most valuable AI is the one that quietly removes noise and enables your team to operate at speed and scale.
My last piece of advice: embrace AI’s potential now, because this is only the beginning. Security teams that start small and build trusted foundations today will be best positioned to take advantage of what is coming next.
Q3. What new security products, technologies or services does Cisco plan on showcasing at BlackHat USA 2025? What is the main focus?
You will see transformation innovation from Cisco in three strategic pillars: Universal Zero Trust Network Access (ZTNA), Hybrid Mesh Firewall, and the SOC of the Future.
Starting with Universal ZTNA, Cisco is doubling down on truly universal, identity driven access controls. The Universal Zero Trust Network Access offering—now fully integrated into Cisco SD WAN (including Meraki) and Duo Identity and Access Management (IAM) —brings seamless, phishing resistant, passwordless access across users, devices (including unmanaged and IoT), and AI agents.
While Universal ZTNA protects identities, Hybrid Mesh Firewall protects applications. It isn’t just a product; it’s a shift in how we approach network security by taking a more holistic, integrated approach that infuses security into each layer of the network and cloud fabric. At Black Hat, Cisco will showcase we continue to push past traditional Next-Generation Firewall (NGFW) form factors so that we can extend a distributed presence in every server, every application, every VM, every container, and every endpoint with the intelligence of how to secure them. You'll see a big focus on driving microsegmentation outcomes and meeting new AI use cases.
Lastly, you will see us drive new innovation for the SOC of the Future, bringing together the power of both Cisco and Splunk. Earlier I talked about Agentic AI, and Cisco XDR is a perfect example of bringing Agentic AI into your everyday SOC operations. With Instant Attack Verification, we can now validate alerts in real time - determining with high confidence whether it represents a true attack and not just an anomaly.
Cisco’s Black Hat presence will show how these pillars converge into a security platform purpose-built for the AI era: context-rich, automated, and deeply embedded into the infrastructure.
Q1. How do you expect your previous experience as a security executive at Google and Microsoft will shape your vision as the new chief product officer at Tenable? What are your immediate priorities?
Microsoft and Google are both great companies and I was lucky to have had some amazing opportunities to grow and learn in those contexts. One of the most important lessons I learned was how to build a rich ecosystem and platform that brings simplicity and control to enterprise customers. This is exactly what we are doing with Tenable One, our Exposure Management platform that helps our customers understand and manage their enterprise risk. Only 60 days in, I'm still learning a lot about our team, processes and technology, and that kind of discovery, synthesis and planning is where most of my focus is. The other top priority for me is meeting so many of our amazing customers from around the world to understand their challenges, how they use our platform and how we can help them even more with our solutions to understand and reduce their cyber risk.
Q2. A recent Tenable study found that AI workloads are driving new cloud security challenges. Why is that happening? What should organizations be doing now to mitigate the risks?
Here is a breakdown of the key issues and recommended mitigations we identified in our recent Tenable Cloud Security Risk Report 2025. Undoubtedly, yes, AI workloads are driving new cloud security challenges because AI services are often built from cloud components that have risky, insecure default settings. This is compounded by the fact that AI workloads are more likely to contain unpatched critical vulnerabilities than their non-AI counterparts. The study revealed that 70% of cloud AI workloads had at least one unremediated critical vulnerability, compared to 50% in non-AI workloads. These vulnerabilities can serve as an entry point for attackers to access sensitive training data, manipulate models, or poison data. And on top of all this, AI models require an enormous amount of data to train, and this data often contains sensitive information (PII, intellectual property, etc.). This makes AI workloads a high-value target for attackers whose primary goal is data theft.
What Organizations Should Do to Mitigate the Risks
Luckily, tried and true cloud security best practices are still effective for mitigation, in combination with an AI-powered security platform like Tenable One. Organizations should:
Secure Sensitive Data for AI: Actively inventory, classify, and track where sensitive data resides across all cloud environments, paying special attention to the AI and developer services that access it.
Enforce Least Privilege for AI Services: Address the risk of overprivileged defaults by securing identities and managing entitlements. This includes educating security teams on entitlements, using Identity Providers (IdPs) effectively, and implementing Just-in-Time (JIT) access to eliminate standing permissions for AI service accounts.
Prioritize AI Workload Vulnerabilities: Correlate vulnerability data with identity and network configuration information to identify "toxic combinations" (e.g., a critically vulnerable workload that is also publicly exposed and highly privileged) and prioritize remediation based on the actual risk to the business.
Safeguard Secrets: Implement a strong secrets management strategy using the mature, native tools offered by cloud service providers (CSPs).
Monitor and Minimize Public Exposure: Continuously monitor for public access to storage and other resources used by AI workloads.
Q3. What will Tenable be highlighting at Black Hat USA 2025? What are your company's plans to engage with customers and the broader security community at the event?
Based on our recent "Cloud Security Risk Report 2025" and strategic acquisitions, Tenable’s focus at Black Hat USA 2025 will be on reducing cyber risk associated with the AI-driven attack surface. The central theme will be extending our proactive exposure management philosophy to help organizations secure both the AI they build and the AI they use.
The highlight will be the Tenable One Exposure Management Platform, featuring its ExposureAI engine and new AI Security Posture Management (AI-SPM) capabilities. These features, enhanced by the recent acquisition of Apex Security, demonstrate a move beyond mere visibility into AI usage, towards active governance and policy enforcement. Tenable will use its own research—such as the finding that 70% of AI workloads contain critical vulnerabilities—to frame the urgency of this new security frontier.
Tenable's engagement strategy will include a major booth presence with live demos and access to our product experts for customers, partners and prospects to learn more about how we’ve become the leader in exposure management, reducing risk and securing today’s complex, AI-integrated enterprise environments.
Lightning talks at the Tenable booth in the Business Hall will revolve around identifying and mitigating "toxic combinations" in the cloud and will demonstrate how our unified platform exposure management provides context across the entire attack surface to prioritize these high-risk threats.
We’re also excited to be joined by Tenable executives who have recently joined us from Apex Security and will be on hand to meet with the community to talk about the value that third-party connector data is bringing to our platform.
Q1. Where do you see the biggest gap between what security automation promises and what it actually delivers today? What is Torq's approach to closing that gap?
The main promise of security automation has always been an efficient handling of a growing amount of security events, while preventing alert fatigue and burnout for the security personnel. Improvement of an organizational security posture as a result of the people focusing on issues that matter is the expected end game.
The traditional gap faced by the industry was a challenging ROI for automation, due to high investment required in automating various scenarios with previous generations of technology.
Torq's approach is to provide a holistic platform consisting of a combination of technologies that can be applied at various stages of security operations. Each of the technologies helps "move the needle" in a specific part, and the overall outcome is much greater and has a more systemic impact on the organization's security posture than any other approach.
The main technological components are:
Q2. How do you see automation transforming not just tooling, but the culture of SOC teams? How do you balance the need for automation with the need for analyst oversight and context in critical incident response?
Automation-first mindset is first and foremost about how to address certain problems and how to build your security organization focused at addressing a growing amount of problems in a certain way, rather than picking a specific tool. Naturally, when deciding upon a strategy, the toolset that would support implementing it is required, but the first decision is on What needs to be achieved.
The most fundamental shift in the culture here is to look at a certain problem — category of security events the organization is facing — and to ask, "how can we ensure that a mechanism is in place to handle these events properly when they come," rather than just "what do we need to do now in order to handle this event."
Having a mechanism in place does not necessarily mean that a building/engineering effort is always required. Modern AI-driven systems allow establishing mechanisms without the need to code. Autonomous systems can put mechanisms in place with relatively low effort but then, indeed, the question of oversight over autonomous systems becomes pivotal in the organization's ability to ensure consistency of its security operations.
In fact, the role of the analyst in the process shifts from a mere operator, executing processes time after time to a supervisor overseeing the corpus of automated process executions and being responsible for calibration of the mechanisms behind the processes to achieve accountability in outcomes. Ensuring proper context is fed into the processes and the inference is made continuously with the accuracy the organization requires is the role of a “new analyst” in this schema.
Q3. What does Torq have planned by way of events, talks or community engagement at Black Hat USA 2025? What's the key message you're hoping attendees take away from your company's presence at the event?
Torq is roaring into Black Hat the only way we know how: all gas, no brakes. We're bringing the same showstopping booth that Forbes called "a reminder that cybersecurity events can still be fun" to Black Hat — and yes, that means that Grave Digger is coming too.
But our real main event is the TorqHyperSOC demo, which shows agentic AI live in action to power the autonomous SOC. You can pre-book your demo to skip the lines at our booth, or go VIP by requesting an Executive Briefing in our suite at the Four Seasons for a deep dive into Torq's AI-powered SOC roadmap.
We're also bringing a heavy hitter to the stage. On Thursday, Carvana CISO Dina Mather will talk Hyper-AUTO-Mation, going under the hood to share how the Fortune 500 company bet on Torq's agentic AI to operate with the scale and effectiveness of SecOps teams five times larger.
Torq will also officially launch our Alliance & Momentum Partners (AMP) program at Black Hat, a disruptive new partner program built to prioritize customer outcomes while driving results, incentives, and value for Torq AMP partners.
Bottom line: Stop by Torq's booth to see Grave Digger — but stay for the autonomous SOC solution that won the 2025 SC Media Award for Best Emerging Tech, and which Cyber Research Analyst Francis Odum described as "a huge game-changer for enterprises."
See you at Black Hat.
Q1. What specific security benefits have early adopters of Trend Cybertron reported so far? How is the technology helping them bolster their overall security posture?
Early adopters are seeing tangible benefits—from reducing breach risk and alert fatigue to unlocking proactive cyber resilience and operational efficiency—thanks to Trend Cybertron’s predictive AI, unified telemetry, and automation within Trend Vision One™.
A dramatic shift from reactive to proactive security is driven by Trend Cybertron as it forecasts potential attack paths and enables preemptive migration before threats materialize. We’re not just seeing results on paper. Customers have also reported significantly fewer false positives, thanks to AI-driven alert prioritization that filters noise and highlights truly critical threats, which relieves alert overload so SecOps teams can focus on high-impact incidents. Organizations have also experienced an average 17% reduction in data breach risk, equating to substantial cost savings which reflects Trend’s Cybertron’s capacity to unify intelligence across endpoints, cloud, network, email, identity and AI, giving unparalleled visibility and faster response. Customers are also seeing enriched threat insights and efficiency – Trend Cybertron leverages data from 250 million sensors covering 82 million assets and 500,00+ enterprises, leveraging real-time and history threat telemetry, giving it a massive intelligence backbone. Customers also report 99% faster remediation since key security tasks like resource scanning, risk assessments and remediation recommendations are automated, allowing them to manage threats and vulnerabilities more efficiently, reducing their workloads and freeing them to focus on strategic priorities.
Q2. How do you envision the role of unified cybersecurity platforms evolving in the next three to five years? What do you perceive will be the primary drivers of this change?
First, we expect unified platforms to become the default strategy for organizations looking to consolidate visibility, reduce tool sprawl, and respond to threats faster. Platforms like Trend Vision One™ will lead this shift by delivering proactive, integrated security across endpoint, identity, cloud, network, and email vectors—breaking down silos to not only manage the attack surface, but to anticipate and mitigate risk before it impacts the business. AI-driven defense will drive this platform consolidation. The growing scale, speed, and sophistication of threats are outpacing traditional, siloed defenses. Unified platforms will evolve to embed AI and machine learning at every layer—not just for detection, but for prediction, prioritization, and automated response. Trend Cybertron, the world’s first proactive cybersecurity AI, is an early indicator of how unified intelligence engines will separate noise from real risk in real time.
Second, cybersecurity digital twins will become the foundation of proactive security, serving as the contextual data layer that powers every function of the platform. By modeling assets, behaviors, and relationships in real time, platforms like Trend Vision One™ can simulate risk, prioritize threats, and automate actions with greater precision and business relevance.
Third, digital transformation will demand platform agility and cloud-nativeness. As organizations move workloads across hybrid and multi-cloud environments, a unified platform must evolve to be cloud-native and extensible—not just integrated, but intelligently adaptable. Platforms like Trend Micro’s offer API-first architecture and unified policy enforcement across any environment, allowing security to move at the speed of DevOps and cloud-native innovation.
Fourth, platformization will be fueled by risk context – not just alerts. The future of unified platforms isn’t just about telemetry correlation—it’s about contextualized, risk-based decision making. Cybersecurity teams need to prioritize what truly matters. Trend’s innovations in cybersecurity digital twins and beyond will be key to helping CISOs move from reactive threat management to proactive business enablement.
Finally, market forces will demand efficiency, ROI and simplification. With security budgets under pressure and talent in short supply, organizations will increasingly look for platforms that simplify operations, reduce vendor overlap, and deliver measurable outcomes. Agentic AI platforms like Trend Vision One™ are positioned to meet this need with broad native coverage, cross-layer XDR, Agentic SIEM, and built-in automation—reducing total cost of ownership without compromising protection.
Q3. What do you expect customers, and others will want to hear from Trend Micro at Black Hat USA 2025? What is the company's main focus at the event?
At Black Hat 2025, customers will expect Trend Micro to lead the conversation on how to outpace AI-enabled adversaries with smarter, AI-powered proactive security. We’re setting the stage for the next evolution of cybersecurity. We’re here to discuss the future, not just respond to the present.
Our main focus is showcasing how Trend Vision One™, backed by our industry-leading threat research and digital twin technology, enables security teams to anticipate, model, and mitigate threats before impact. We’ll spotlight our innovations in agentic AI, Cyber Risk Exposure Management (CREM), and autonomous red teaming—all designed to move organizations from reactive defense to proactive control, empowering them to anticipate threats and take action before adversaries strike. Our core message is clear – proactive security starts with Trend Micro. We have several sessions we encourage customers to attend, including the keynote at the AI Summit as well as expo and sponsored sessions at Black Hat itself. We also encourage customers to connect with us in-person at our booth and various events we’ll be hosting throughout the conference.
Q1. The pace of cloud adoption appears to be outstripping traditional security models. How do CISOs need to rethink their approaches to risk mitigation not just from a technical implementation standpoint, but conceptually as well?
Cloud adoption has outpaced the traditional security models many organizations still depend on. CISOs can no longer think in siloed layers: code, pipelines, infrastructure. Attackers don’t. Developers don’t. Instead, they see the cloud as one continuous, dynamic system where a single weak point can lead to lateral movement and critical compromise.
Yet most security tools are stuck in those vertical silos. Application security scans code, cloud teams scan infrastructure, CI/CD teams scan pipelines. The result is duplicate findings, alert fatigue, and a lack of context to see which risks actually matter. Security teams can’t prioritize, and developers get generic tickets that slow them down.
To keep pace, organizations need a new operating model for cloud security – one that unifies visibility across the entire software development lifecycle. By connecting signals from code to runtime, security teams get a holistic view of risk, and developers receive actionable, contextual alerts within their workflows. This isn’t about restructuring teams. It’s about breaking down silos, building trust, and enabling faster remediation in the cloud era.
This horizontal approach is core to how we built Wiz. We unify scanning and policies across the entire cloud stack – from code to runtime – and share context and prioritization with every team that needs it. The result: developers and security teams work together to fix what matters most, and over 50% of our customers have reached zero criticals in their environments.
Q2. Enterprise computing infrastructures are becoming increasingly ephemeral. What is 'zero trust' going to actually mean in practice in these environments?
In ephemeral environments where infrastructure spins up and down by the second, zero trust has to move just as fast. That means continuously verifying every identity, device, and interaction with no assumptions and no exceptions.
In practice, that looks like strong identity foundations — MFA, least privilege, and continuous posture checks — combined with automation that enforces policies in real time. Think dynamic access controls that adapt to context, microsegmentation that limits blast radius, and real-time detection that flags risky behavior before it escalates.
Traditional perimeter models don't work when your infrastructure doesn’t sit still. In the cloud, zero trust is about context-aware decisions, built-in guardrails, and tight feedback loops between security, identity, and runtime. And it only works if it's automated. Manual processes can’t keep up.
Wiz helps make Zero Trust real in the cloud. We give teams full visibility into every workload, identity, and permission, so they can eliminate blind spots and enforce least privilege. Our platform continuously surfaces critical risks with automated scanning and real-time detection, while monitoring identity and access to prevent lateral movement and insider threats. It’s how modern teams stay secure, even as their environments shift by the second.
Q3. How does Wiz plan to engage with customers and other attendees at Black Hat USA 2025? What can they expect from Wiz by way of talks, demos, events and announcements?
As AI becomes a cornerstone of innovation, it’s also exposing new security risks. Wiz Research has been tracking these closely – from the exposed DeepSeek database leaking sensitive data to more than 30 companies accidentally publishing AI secrets in public code repositories.
At Black Hat, our team will share how they uncovered a critical flaw in NVIDIA’s Container Toolkit. This vulnerability could let attackers escape AI containers, compromise hosts, and access sensitive cross-tenant data. While this single point of failure threatens the foundations of AI infrastructure, we’ll also share lessons for securing AI environments and building resilience.
Our key message at Black Hat: AI’s potential is enormous, but so are the risks. Organizations need a proactive approach to secure this fast-evolving landscape.
