What You Missed on the Expo Floor
Key Moves in Endpoint Security at Black Hat USA 2025:
- Datadome showcased its Cyberfraud Protection Platform.
- Sophos presented innovations in AI-driven threat detection, MDR, and SOC automation.
- Bitdefender unveiled GravityZone PHASR to combat Living-Off-the-Land (LOTL) attacks.
- Halcyon demonstrated its anti-ransomware platform with live demos and private briefings.
- CrowdStrike expanded Falcon Shield with AI agent governance and GPT integration.
Endpoint security was front and center at Black Hat USA 2025, with vendors and researchers zeroing in on the evolving threat landscape targeting devices, users, and AI-driven agents. From firmware-level defenses to autonomous SOC capabilities, the show revealed how endpoint protection is adapting to meet the demands of hybrid work, AI adoption, and increasingly sophisticated adversaries.
Our team was on the ground throughout the event—attending keynotes, sitting in on panel discussions, and speaking directly with solution providers and CISOs. The conversations were candid, the demos were hands-on, and the announcements were packed with practical implications for security teams managing sprawling device fleets and remote workforces.
Here are some key themes from the show that stood out:
AI-Augmented Endpoint Defense Is Here
AI was embedded in nearly every endpoint security announcement. CrowdStrike’s Falcon Shield now integrates with OpenAI’s ChatGPT Enterprise Compliance API, enabling visibility into GPT-based agents and mapping them to their human creators. Similarly, Cyera launched AI Guardian, which includes AI Runtime Protection and AI-SPM (Security Posture Management) to monitor and respond to risks across AI-powered endpoints.
Endpoint Visibility Is Expanding—And Getting Smarter
Vendors are pushing beyond traditional EDR to offer deeper visibility and smarter automation. SentinelOne’s Singularity platform now includes autonomous threat response capabilities, while Sophos introduced enhancements to its XDR suite that allow for faster triage and containment of endpoint threats.
Absolute Security stood out with its firmware-embedded persistence technology, which ensures endpoint agents remain active even after tampering or reimaging. This kind of resilience is becoming critical as attackers increasingly target agent integrity.
SaaS and Shadow IT Are Now Endpoint Concerns
The definition of an “endpoint” is expanding. AppOmni unveiled new packages that help enterprises discover and secure shadow SaaS and AI applications. Their platform now supports over 30 new apps, including ChatGPT Enterprise and Cisco Secure Access.
Menlo Security introduced Secure Storage, which confines file interactions to the cloud, preventing local saves and reducing endpoint exposure. Their Adaptive Web platform also adds granular browser controls, allowing teams to redact data, block pages, and enforce safe search policies.
Endpoint Security Is Becoming a Business Conversation
Wallarm launched API Revenue Protection, a tool that quantifies how API attacks impact business revenue. While not a traditional endpoint solution, it reflects a broader trend: Endpoint security is a business imperative and no longer just a technical concern.
Qualys introduced a Cyber Risk AI Agents marketplace, enabling real-time risk insights across all attack surfaces, prioritized by business impact. This kind of contextual intelligence is helping CISOs communicate risk in terms that resonate with boards and executives.
What We Heard in the Hallways
“We’re seeing endpoints evolve from static devices to dynamic AI agents. That changes everything.”
— George Kurtz, CEO, CrowdStrike
“Endpoint security must now account for SaaS, shadow IT, and AI tools. The perimeter is gone.”
— Brandon Andrews, VP Product, AppOmni
Why It Matters
Endpoint security is about securing the entire digital workspace, from AI agents to SaaS apps to firmware. The innovations showcased at Black Hat USA 2025 reflect a shift toward proactive, intelligent, and business-aligned security strategies.
For BDMs and TDMs, here is the takeaway: Endpoint security must evolve alongside your workforce and technology stack. Whether you’re deploying AI tools, managing remote teams, or securing legacy devices, the endpoint remains a critical, and increasingly complex, frontline.
If your endpoint strategy still ends at detection—it’s probably already behind. Check out our vetted list of Endpoint Security solution providers.
