LAS VEGAS — Once the undisputed hub for the most groundbreaking technical security research, the Black Hat conference no longer boasts the same prestige it once held in the eyes of old-timers. However, despite losing its sheen and morphing slowly into a corporate vendor boondoggle, ‘hacker summer camp’ remains an essential barometer of the state of play in cybersecurity as whispers about layoffs and dwindling VC funding happen alongside chatter about zero-days, APTs and the newest in hacking wizardry.
The conference, which opens here this week, promises a mix of keynotes and technical sessions reflecting the latest offensive and defensive trends, but it is the business of cybersecurity that will take center stage as struggling startups jostle for attention with shiny expo booths and late-night Las Vegas parties.
Across the board, cybersecurity is in a state of shock and confusion. The industry has been ravaged by large-scale layoffs, even at cash-rich companies like Cisco, Microsoft and Google. On LinkedIn, there’s a noticeable spike in profile photos with #OpenForWork badges while the US government continues to lament a cybersecurity skills shortage.
Dwindling VC Funding
On the venture capital funding front, investments have slowed dramatically, especially for mid- to late-stage startups while deal values continue to fall. According to data from Crunchbase, a website that tracks VC activity, investments in cybersecurity companies dropped to just slightly more than $1.6 billion in the second quarter this year, a 63% drop from the same quarter last year when startups banked $4.3 billion in financing.
“These numbers are just the latest reminder of how dramatically the venture capital environment has changed in just 24 months,” Crunchbase said, pointing out that the investment number marks its lowest point since the last quarter of 2019, when startups raised just under $1.6 billion.
The Crunchbase data syncs with calculations from Pinpoint Search Group that show a 55% decline in year-over-year funding for cybersecurity startups and research from DataTribe warning that unprofitable startups with poor revenue metrics “will need to find other ways to survive.”
Despite the financing doom-and-gloom, there are still VCs making abnormally large early-stage bets on the IAM, software supply chain and cloud security categories. At the same time, Cisco has gone shopping for security startups and investors say the economic climate has forced entrepreneurs to “be more realistic” about valuation expectations.
These economic realities will be front and center at Black Hat as budget cuts force marketing teams to tiptoe around the optics of overspending while colleagues are being laid off. On the show floor, booths are expected to be smaller and without the expensive bells-and-whistles while the agenda for side-events like the sold-out CISO Summit features sessions on the economics of cybersecurity.
Generative AI Hype
Still, there will be no shortage of vendors at Mandalay Bay claiming to have built the world’s greatest platform to solve security’s biggest problems. Judging from PR pitches in my inbox, security vendors have latched on to the ChatGPT hype, promoting new integrations, tooling and capabilities “driven by AI.”
While it might be difficult to wade through the AI hype, security leaders are bullish on the promise of artificial intelligence to create leapfrog technologies in cybersecurity.
Jason Chan, a veteran security executive who last managed IT and security at Netflix, is among the believers. “I think right now we’re seeing a lot of really simple efficiencies. ‘Help me write this thing better’, or ‘look at this thing, create some test data’, some really, really amazing simple use cases,” Chan told me in a recent interview.
“If I were to try to imagine, say, a decade from now, I think you’re going to see a lot more really intelligent code generation where you start to see computers as software engineers. The computer will build the code for you,” said Chan, now serving as an advisor to VC outfit Bessemer Venture Partners.
“I’m really excited to see what’s coming at BlackHat, I think you’re already seeing security companies adding ChatGPT integrations to make things smoother and I’m expecting to see some really interesting automation and classification tech to really speed things along,” Chan added.
Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub, expects AI to be a big theme at Black Hat this year.
“It will be a big theme at Black Hat and I think it’ll be a big theme for years to come. If you look at the progress in terms of real world implementation of AI, I can tell you that Copilot is booming at GitHub in terms of the demand and appetite for it, which is fantastic. But when you imagine the other use cases, I mean, I’m really excited about what that can mean for bug hunters, for other productivity needs, for other security suggestions and capabilities,” Hanley declared.
“The experiences will not stop with chat-based interaction. I think that’s one modality in which people can interact with and benefit from AI,” the GitHub security chief added.
“Being able to ask questions like ‘How many bugs are in this code?’ or ‘Tell me about the history of this code and how long it’s taken to address defects.’ I mean, there’s a sort of a universe of questions that will probably get answered in the course of the next several years through different AI experiences.”
Related: Mobile Platforms ‘Actively Obstructing’ Zero-Day Malware Hunters
Related: Cybersecurity Investors Pivot to Safeguarding AI Training Models
Related: What’s Going on With Cybersecurity VC Investments?
Related: New CISA Boss Unveils Anti-Ransomware Collab With Big Tech
