Black Hat USA 2025 Recap: Compliance and Risk Management

What You Missed on the Expo Floor

Key Moves in Security Compliance Management at Black Hat USA 2025:

• Akamai announced a strategic partnership with Aqua Security for AI workload and prompt protection.
• OpenText showcased its AI-driven end-to-end cybersecurity platform.
• Rapid7 highlighted its cutting-edge research, including Metasploit modules for SMB-to-LDAP/HTTP.
• Qualys unveiled Cyber Risk AI Agents for business-impact-based risk prioritization.
• Cribl released Cribl Guard for sensitive data detection in telemetry pipelines.

Compliance and risk management took a front-row seat at Black Hat USA 2025, with vendors showcasing how automation, AI, and contextual intelligence are reshaping how organizations manage regulatory requirements and cyber risk. The shift from reactive audits to continuous, real-time security compliance management was evident across the expo floor.

Our team was on the ground throughout the event—attending keynotes, sitting in on panel discussions, and speaking directly with solution providers and CISOs. The conversations revealed a clear trend: Compliance is no longer a static checklist. It’s a dynamic, integrated process that must adapt to evolving threats, business models, and regulatory landscapes.

Here are some key themes from the show that stood out:

Automation First

Automation-first compliance strategies gained traction reflecting a shift toward scalable, integrated workflows that support both security and regulatory demands.

Vanta introduced a suite of updates aimed at simplifying compliance for complex frameworks like CJIS, SOC 2, and ISO 27001. Their new CJIS module automates up to 40% of the compliance process, including evidence collection and policy mapping.

Scrut Automation showcased its Unified Control Framework, which allows organizations to manage multiple compliance standards, such as GDPR, SOC 2, and ISO 27001, through a single set of mapped controls. The platform automates hundreds of tests across the tech stack, centralizes evidence, and enables auditors to collaborate directly within the system.

AI-Driven Risk Prioritization

AI-driven risk prioritization was touted throughout the show as essential for managing the complexity of modern attack surfaces offering assessments in real time while bridging gaps across cloud, code, and AI systems.

Cyera launched AI Guardian, a platform designed to monitor and enforce compliance across AI systems, including public tools like ChatGPT and proprietary enterprise models. It includes AI-SPM (Security Posture Management) and AI Runtime Protection, offering real-time visibility and control over AI-related risks.

Qualys introduced Cyber Risk AI Agents, part of its new AI fabric for risk management. These agents deliver real-time insights across attack surfaces and prioritize risks based on business impact.

Telemetry and Trust

Telemetry and trust were increasingly intertwined balancing observability with data protection. Emerging solutions focused on real-time detection and intelligent filtering to ensure compliance and reduce risk exposure.

Cribl unveiled Cribl Guard, a new capability within its observability pipeline that detects and protects sensitive data in telemetry streams. The tool identifies credit card numbers, passport data, and other regulated information in real time, helping organizations maintain compliance with privacy laws and reduce exposure.

Cybersecurity companies showcasing further innovations at Black Hat USA 2025:

• XM Cyber highlighted its Continuous Exposure Management platform using digital twin technology to simulate attack paths.
• Picus Security introduced its immersive “Exposure Casino” booth experience, emphasizing adversarial exposure validation.
• Claroty demonstrated its Cyber-Physical Systems protection platform with live demos.
• Black Kite launched its Adversary Susceptibility Index to help third-party risk teams proactively identify vendor vulnerabilities to specific threat actors.
• HackerOne participated in discussions around AI-driven threat detection and vulnerability research.
• Fortra presented integrated offensive and defensive cybersecurity tools aimed at breaking the attack chain.

What We Heard in the Hallways

“AI agents are changing the risk landscape. We need tools that understand context.”
—Sumit Agarwal, Co-founder, Cyera

“Compliance isn’t just about passing audits. It’s about proving trust every day.”
—Christina Cacioppo, CEO, Vanta

Why It Matters

Security compliance management is evolving from a reactive burden to a proactive discipline. The innovations at Black Hat USA 2025 reflect a shift toward platforms that automate, contextualize, and integrate compliance into daily operations. Whether it’s through AI-driven risk prioritization, unified control frameworks, or telemetry protection, the goal is clear: Reduce friction, increase visibility, and build trust.

The takeaway for BDMs and TDMs: Compliance is about enabling secure growth. The tools showcased this year make it possible to scale securely, respond faster, and stay ahead of regulatory change.

Strong compliance builds trust; smart risk management sustains it. Discover our trusted guide to leading CRM solutions.