At this year’s Black Hat USA, cybersecurity professionals took a pragmatic turn in their approach to artificial intelligence, exploring how AI can drive real operational value. Speaking to The Fast Mode, Jawahar Sivasankaran, President of Cyware, shared his insights on how the event served as a pivotal moment for AI in security - not just as a buzzword, but as a real operational tool.
“Black Hat 2025 wasn’t just about AI hype,” said Jawahar. “It was about AI as a tool - something that can actively reduce investigation time, improve correlation across fragmented data, and drive repeatable orchestration in the SOC.” He explained that throughout briefings and panels, a strong theme emerged around controlled autonomy, where AI assists in triage, enrichment, and response, while human analysts remain firmly in control of high-impact decisions.
Jawahar also noted other major talking points, including the rise of multi-source threat intelligence, the growing adoption of identity-first security, and concerns around securing AI/ML pipelines from adversarial manipulation. “Across the board, security leaders are looking for solutions that integrate seamlessly, connect silos, and produce measurable results - without sacrificing trust, oversight, or control,” he said.
Key announcement: Open Source Model Context Protocol (MCP) server
According to Jawahar, one of Cyware’s biggest moments at Black Hat was the announcement of its open source Model Context Protocol (MCP) Server. The platform is designed to securely connect large language models (LLMs) with Cyware’s threat intelligence and automation ecosystems - allowing AI to interpret natural language requests and convert them into real-world actions while maintaining full context and control.
“We were excited by the level of engagement from the community,” he said. “Security leaders are clearly ready for AI-native workflows that enhance speed and precision in detection and response, without removing the human from the loop.”
Takeaways from Black Hat 2025
Jawahar emphasized two major takeaways from the event. First, automation has become foundational to threat intelligence and SOC operations. “It’s no longer a ‘nice to have.’ Many of the conversations I had were with teams looking to streamline investigations and responses without increasing analyst workload.”
Second, he pointed to collaboration as a recurring theme. “Whether through open standards, intelligence-sharing partnerships, or integrated workflows, Black Hat reinforced that security outcomes improve when tools, teams, and communities work together rather than in isolation.”