• Home
• cyber security

We asked a simple question to cybersecurity pros at Black Hat 25: What keeps you up at night

Their answers cut through the noise, surfacing urgent concerns about evolving threats, weak organizational readiness, and an uncertain future. But one theme rose above the rest: AI is accelerating everything. Infrastructure grows faster, attacks land quicker, and defenders are racing to keep up.

The consensus? Defenses are lagging, while the risks continue to intensify.

When the machines move faster than we do

AI is rapidly transforming cybersecurity, empowering defenders and supercharging attackers alike. According to IBM’s 2025 Cost of a Data Breach Report, 13% of organizations reported security incidents involving AI models or applications; of those, 97% lacked proper access controls at the time of the breach.

Tools like generative AI are fueling faster, more convincing phishing and social engineering campaigns. Meanwhile, defenders scramble to update training, policies, and incident response playbooks to match the speed of change.

Ken Phelan, chief technology officer of Gotham Technology Group in New York City, sees this acceleration as a fundamental infrastructure problem.

“We’re creating assets faster than we can manage them,” Phelan told TechRepublic. “The infrastructure world is moving faster than compliance. We’re in a world of containers and automation, and security is lagging behind.”

He described it as a “velocity problem” — one where organizations are forced to move quickly but lack the visibility and control to do so safely.

That challenge is front and center for Rana Khurram, head of InfoSec GRC at C&R Software in Ontario, Canada.

“Organizations don’t have proper guidance or controls in place,” Khurram told TechRepublic. “Deepfakes could be used to impersonate our COO and trick the accounting team into releasing funds.”

The speed of AI innovation is stretching security management to its limits.

“From the managing perspective,” he added, “we’re just trying to keep up with it all.”

Facing the unknown: Don’t pani, but prepare

For some cybersecurity professionals, the greatest concern is the sheer unpredictability of what AI will bring next. That uncertainty weighs heavily on Jared Currie, IT security manager at Claro Enterprise Solutions in Miramar, Florida.

“Right now, it’s the unpredictability of what the impact will be,” Currie told TechRepublic. “We all have ideas about how we think it will impact things, but we’re thinking in limited terms. I think this will introduce new ways and avenues of data flow and interaction.”

Currie said deepfakes are both a workplace threat and a broader concern with political and societal implications. And while ransomware remains a pressing issue, he said it’s AI’s unknown ripple effects — from hiring needs to defense priorities — that make it harder to plan.

His advice: don’t panic, but prepare.

“There’s no point in worrying about the unknown. Do what you’re doing — keep your defense in depth, focus on what you can control. And as new technologies emerge, be ready to adapt.”

In the end, it’s still people making the mistakes

For all the conversation around AI, deepfakes, and automation, one person reminded us that the oldest vulnerability in cybersecurity is still the most persistent: people.

Joseph Resendes, a cybersecurity intelligence student in his final semester at Embry-Riddle Aeronautical University, pointed to user behavior as a lingering and underestimated threat.

“It’s the people,” Resendes said. “A lot of folks in the industry don’t really know the kinds of attacks hackers use. Phishing emails still get through because they appear to be coming from a boss or executive. Someone clicks to try to be helpful — and just like that, they’ve launched a remote access trojan.”

While technical controls are in place to reduce the damage, Resendes believes the real problem is a failure to learn from past mistakes.

“We have mechanisms in place to stop employees from making mistakes, but users don’t always learn from them,” he said. “Hackers love to prey on that lack of knowledge.”

Resendes’s comments echo a common truth across cybersecurity: no matter how advanced the tools become, human error remains one of the most exploitable gaps.