At Black Hat USA 2025, Dan Berte, IoT Director at Bitdefender, discusses the successes and failures of ride-sharing autonomous vehicles in San Francisco, and how these lessons might help design better IoT integrations of cities and AVs in the future.

Do you really know what’s on your network? A lot of OT devices are white labeled, meaning they have a brand name but under the hood they’re made by someone else. Sean Tufts, Field CTO for Claroty, explains how his team is using AI to sift through all the available data and build a cyber physical library that starts to add specificity to remediation operations, and improve cyber physical security overall

Diversity in healthcare devices complicates segmentation, security controls, and zero-trust approaches. New certifications aim to help. Bob Lyle, CRO of Medcrypt, identifies how layered defenses, rigorous cybersecurity requirements for new devices, continuous monitoring, and dark-web credential surveillance can reduce risk.

At Black Hat USA 2025, Dan Berte, IoT Director at Bitdefender, revisits his talk last year about hacking solar panels in light of the blackout in Spain and Portugal. While the Iberian Peninsula blackout wasn’t an attack, it shows how sensitive these systems are when mixing old and new technologies, and how living off the land attacks might someday take advantage of that. 

At Black Hat USA 2025, Noam Moshe from Claroty’s Team 82 revealed several vulnerabilities in Axis Communications’ IP camera systems, including a deserialization flaw that could let attackers run remote code. The team worked with Axis to patch the issues. Moshe says that this case highlights the broader security risks still common in the billions of common IoT devices in the world today.

Ad fraud driven by both humans and AI agents require new signals beyond traditional bot-vs-human checks. Gavin Reid and Lindsay Kaye from HUMAN Security discuss how monetization includes ad and click fraud (peach pit), selling residential proxy access, and operating botnets for hire and preventing harm requires dismantling criminal infrastructure and collaboration across industry, since many infected devices cannot be practically cleansed by end users.

Certification exams increasingly reflect the IT OT convergence, acknowledging that many protections apply across both domains requiring holistic security approaches rather than siloed solutions. John France, CISO at ISC2, explains that as threats grow more complex, certifications, continuous learning, and diverse skills are essential to building a resilient global workforce.

The EU’s new Cyber Resilience Act (CRA) sets higher security requirements but leaves many technical details undecided. This puts pressure on vendors of connected or software-based products to either redesign, retrofit, or withdraw from the market. According to Roland Marx, Senior Product Manager at Swissbit, the CRA’s three-year rollout is meant to give companies time to adapt while regulators finalize the specifics.

Healthcare organizations are prone to the same weaknesses that any other office or manufacturing site may have. Sonu Shankar, Chief Product Officer at Phosphorus Cybersecurity, explains how the devices you might not suspect might be the ones to bring down your organization if they’re not secured. That includes the printer used to print patient wristbands.

Quantum computers could break today’s encryption, leaving many OT systems—which often lack encryption entirely—at even greater risk. Dave Krauthamer, Field CTO at QuSecure, warns that nation-state attackers may target critical infrastructure like power, water, and food supplies first, making it urgent to adopt quantum-resistant cryptography across both IT and OT systems.