August 26, 2025

This year’s Black Hat made one thing crystal clear: cybersecurity vendors are no longer just talking about AI, they’re wiring it straight into enterprise data pipelines. Across the expo floor, whether it was the big names like Microsoft, Cisco, and Palo Alto, or NDR specialists like Darktrace, Vectra AI, and ExtraHop, every conversation centered around AI that doesn’t just analyze alerts in isolation but sits natively on network flows, endpoints, and cloud workloads.

The messaging convergensce was striking. Competitors all pitched unsupervised machine learning that learns from raw organizational data, whether packets, telemetry, or identity graphs, and then turns that into “autonomous” detection. The ambition is the same: eliminate signatures, baseline normal activity, and catch anomalies in real time. The problem? Real-world performance still lags. Despite bold claims of “zero false positives,” users report persistent noise, with Vectra AI and Darktrace often called out for flagging up to 50% benign behaviors in hybrid and cloud environments.

Still, the direction of travel is unmistakable: AI is being hardwired into enterprise nervous systems. Instead of siloed threat feeds or rule-based detectors, companies are chasing systems that continuously learn from the customer’s own environment (endpoints, networks, IoT, and cloud) and self-adapt without retraining. This is less about AI as a bolt-on tool and more about AI as the operating principle of the data layer itself.