Security
Hacker Summer Camp 2025 Debrief: AI and the New Threat Landscape
Key Points
- The annual confluence of cybersecurity conferences — known informally as Hacker Summer Camp — drew experts and practitioners from all corners of the cybersecurity ecosystem to Las Vegas in August.
- In this blog post, CableLabs highlights high-level takeaways from the Black Hat USA and DEF CON conferences — with the evolution of AI (and the security gaps arising from it) being a common theme.
- We delve deeper into our insights from the conferences in a new members-only technical brief and will explore the topics further in a CableLabs webinar on Sept. 17.
Last month’s Hacker Summer Camp brought together hackers, researchers, practitioners and leaders in cybersecurity to review the cutting edge of security research, share tools and techniques, and find out what’s at the front of everyone’s mind in the security space.
So, what was at the forefront of the conversation this year in Las Vegas, and what trends in cybersecurity do you need to be aware of?
We outline our takeaways from Black Hat USA and DEF CON in a new CableLabs technical brief, available exclusively for our member operators. We’ll also dive into the conferences further during a members-only webinar on Wednesday, Sept. 17. Members can register here to join us.
For now, some of our high-level insights are summarized here.
What’s Old Is New Again: Hacking Like It’s the 90s
With the rapid adoption of tooling like generative AI and its agentic variants, the implications of overlooking the basics in security are more impactful than ever. Many different presentations at Hacker Summer Camp focused on this theme, in which researchers consistently demonstrated how classic cyberattacks are still thriving, now applied to modern contexts like agentic AI. The takeaway? AI-centric software is still software; thus, the basics apply: applying least privilege, separation of interests, thorough input sanitization and more.
AI: Your New, Non-Deterministic, Insecure Execution Environment
Unsurprisingly, AI remains at the forefront of the discussion. Novel from recent years was the notion that AI is no longer simply a chatbot interface added to your architecture, but a whole new execution environment. Many presentations and demonstrations showcased how large language model (LLM)-powered applications and agentic AI constructions can be abused or confused, with several undesirable outcomes. While there’s a great deal of work to be done to secure emerging AI technologies, many strategies for mitigating attacks were recommended. AI is being adopted in cybersecurity too, from both the adversarial and defender perspectives, which makes it clear that another cybersecurity arms race is underway.
Automation Pitfalls: Deploy Fast, Break Faster — With a Bigger Blast Radius
Automation tooling, such as continuous integration and continuous delivery (CI/CD), took center stage for many discussions, where simple and subtle misconfigurations resulted in significant consequences, from initial access and lateral movement. With one of the killer use cases of agentic AI being coding assistants and source code reviews, today’s relationship between AI and automation tooling is a close one. The aforementioned attack surface of those AI components thus has direct implication to that of the automation tooling.
Initial Access: CI/CD, Developers and Supply Chain Attacks
Finally, the conferences this year demonstrated the increasing burden of developers to act as bastions of security. However, the attack surface faced by the average developer is also increasing. This is due in part to the addition and management of AI assistants with access to code as well as the use of plugins for Integrated Developer Environments (IDEs) like Visual Studio Code that are ubiquitous across the industry. Developers and the tools they interact with are increasingly valuable for adversaries to target, creating opportunities for initial access and even executing supply chain attacks.
Cybersecurity Evolution Continues Moving Forward
Hacker Summer Camp 2025 made it clear that the rapid shifts we’re seeing in technologies like AI have left significant gaps in ensuring that the basics of security remain covered. It also demonstrated that cybersecurity professionals and enthusiasts are doing the work required to address those gaps, as well as adopting new and adapting classic approaches to bolster cybersecurity controls.
To learn more about the content and themes covered during the conferences, download our members-only tech brief and plan to join us Wednesday, Sept. 17, for the Lessons from Hacker Summer Camp 2025 webinar.
If you’re an employee of a CableLabs member operator and don’t yet have an account, register for access to the tech brief and much more member-exclusive content.