Black Duck | Broadcom | Datadog | Google
Q1. How should organizations rethink their approach to open source risk management given the extensive use of open source components in enterprise applications? What strategies or frameworks can help organizations balance innovation velocity with supply chain security?
Managing open source risk is crucial given that nearly all modern enterprise applications rely heavily on open source components. The 2025 "Open Source Security and Risk Analysis" report reveals that 97% of commercial applications contain open source software, with 64% of these components being transitive dependencies. This creates significant visibility challenges and underscores the need for a comprehensive risk management strategy.
To effectively manage open source risk, consider the following strategies:
To strike a balance between innovation and security, implement tool automation to manage dependencies and detect vulnerabilities early in the development lifecycle. Establish policy-based rules to control which open source components are allowed into the Software Development Lifecycle (SDLC). Integrate security and compliance testing into the SDLC to empower developers to select the safest open source components. Regularly monitor production applications to identify newly disclosed vulnerabilities to maintain a proactive risk management stance.
Adopting these strategies and leveraging advanced tools like Black Duck® SCA simplifies the management of open source risk while maintaining innovation velocity. This enables organizations to harness the benefits of open source software while gaining visibility into associated risks.
Q2. With software development becoming increasingly automated, how must SCA evolve to ensure visibility and trust across the supply chain?
As software development becomes increasingly automated, SCA must evolve to maintain visibility and trust across the supply chain. To achieve this, SCA tools must seamlessly integrate with automated development pipelines and provide real-time insights into open source components and their associated risks.
Key Evolutions for SCA:
To balance innovation velocity with supply chain security, consider the following strategies:
By evolving SCA in these ways, organizations can maintain visibility and trust across their software supply chain, even as development becomes increasingly automated.
Q3. What does Black Duck have planned for Black Hat Europe 2025? What are your company's plans to engage with customers, researchers and others at the event?
As we approach Black Hat Europe 2025, Black Duck is poised to engage with customers, researchers, and industry professionals on the critical topic of AI in software development. Our company has been at the forefront of addressing the challenges and opportunities presented by AI in the software development lifecycle.
We will emphasize the importance of managing AI-related risks, including security vulnerabilities and license compliance issues. Our solutions, such as Black Duck® SCA, can help organizations automate security checks and implement snippet scanning to detect potential license conflicts.
The event will be an opportunity for us to share insights from our 2024 "Global State of DevSecOps" report, which highlights the challenges and best practices for balancing AI usage with security and risk management. At Black Duck, we recognize that AI is becoming indispensable in software development, with 90% of organizations using AI coding assistants and over 96% utilizing open-source AI models. However, AI code generators can introduce vulnerabilities and license risks. Black Duck's Steven Zimmerman will be presenting a session entitled "Productivity vs. Pitfall: What new research reveals about the path to secure AI adoption" to discuss how businesses can address these challenges.
We look forward to engaging with the community and sharing our expertise at this year's event. Be sure to stop by Booth #805 to say hello and learn more about how we can help your business achieve true scale application security.
Q1. There's growing concern about shadow AI emerging as a threat for security organizations. How do you see this trend evolving in 2026 and what should enterprise defenders be doing now to stay ahead of the threat?
I think that we'll start to see internal threats evolve from employees pasting data into chatbots, to individuals deploying "Shadow Agents," autonomous workflows that can connect APIs and move data without oversight. This shifts the risks from simple data leakage to unauthorized autonomous action, where unvetted AI tools can inadvertently grant third-party tools and systems persistent access to internal networks or unintentionally move restricted data to publicly exposed locations.
To get ahead of this security teams will need to control the data in transit as well as the data itself.
Securing the data in transit:
SSE (Security Service Edge): security teams can consolidate security services (SWG, ZTNA, CASB) at the edge to ensure that all traffic is inspected before it touches the internet. This prevents shadow agents from creating "backdoor" connections, without needing full network re-architecture.
Securing the data itself:
Q2. Broadcom ESG launched its Incident Prediction for disrupting LOTL attacks capability in April 2025. How are customers using the capability? What have you heard from them about measurable ROI and reduced breach exposure?
We are adding accurate predictions to enhance over 80% of incidents in real-world deployments. That means we are able to tell our customers, very specifically, what the attacker is going to do next and recommend the best action to stop the attack chain.
This allows our customers to take the next critical step in incident response faster and more confidently. Disrupting the attackers before they can accomplish their goals, buying additional time for security operations teams to investigate the incidents and greatly limiting business disruption. Our Incident Prediction and Adaptive Security capabilities are shifting the advantage to defenders.
Q3. What's Broadcom ESG's main focus at Black Hat Europe 2025? Are you highlighting existing capabilities, launching anything new, or both?
We'll be highlighting our portfolio of legendary solutions across Endpoint, Network and Data Security on the Black Hat show floor. This will feature live demos of our newly updated Threat Tracer investigation tool. You also won't want to miss Dick O'Brien and Paul Miller's talk AI Unleashed: Witness the Next Generation of Cyber Defense and Offense, where they will showcase the immediate and near-future impact of Agentic AI, Large Language Models (LLMs), and Machine Learning (ML) on both offensive (Red Team) and defensive (Blue Team) cybersecurity operations.
Q1. Datadog's recent State of Cloud Security report showed that 40% of organizations have adopted data perimeters to combat credential theft? What exactly are data perimeters? How do they help mitigate risks related to credential theft?
A data perimeter is a security concept designed for the cloud to prevent unauthorized data access and movement.
In the cloud, traditional network perimeters (firewalls) are less relevant because cloud APIs are exposed to the Internet. But every API represents a potential entry point to your environment with access to critical data. A data perimeter enables teams to restrict certain cloud API calls, allowing them to succeed only if they originate from approved networks or trusted cloud accounts.To do so, cloud data perimeters rely on Identity and Access Management (IAM) policies and Service Control Policies (SCPs) to create guardrails and protect data across various accounts and resources.
IAM (i.e. identify) is the enforcement engine behind a data perimeter. and it's implemented by adding context-aware conditions (like location and account origin) to your IAM policies. Hence the term “identity is the new perimeter”.
For example, with credential theft, an attacker who steals cloud credentials (like an API key) can use them from anywhere in the world to access cloud resources and data.
A data perimeter creates a policy that checks where an API call is coming from, not just if the credential is valid. If an attacker uses stolen credentials from an unapproved network or an untrusted account (like their own), the data perimeter blocks the API call, preventing access.
Q2. With platforms like Datadog providing deeper visibility across cloud and IT environments, how can organizations leverage observability insights to detect, anticipate, or mitigate emerging threats before they escalate?
A unified platform offers three benefits for both observability and security: Baseline behavior; shared metadata; and faster, automated response
Baseline Behavior
A unified observability platform establishes a baseline of "normal" system behavior. This allows security tools to detect threats that siloed tools miss. Performance metrics help spot anomalies that signal an attack. A sudden spike in API requests from a user could mean credential theft. A rise in database errors could signal probing. Distributed traces show the end-to-end journey of a request. This can reveal if a process tries to access an external API unexpectedly, a sign of data theft.
Shared Metadata
Sharing data between operations and security teams is advantageous for fast response and fixing issues. A platform like Datadog has logs and configuration data, but also operational context. This includes knowing which team owns a service, what resources (like hosts or pods) are involved, or who is on-call. A separate security tool does not typically have this live organizational map.
Platform Capabilities
The platform's benefits are in automated workflows and faster response, which reduces the "Mean Time to Resolution" (MTTR). The unified platform removes the separation between Security, DevOps, and SRE teams.
With Bits AI, we've added intelligent AI capabilities that work across monitoring, development, and security.
Even in unfamiliar scenarios, Bits guides your team toward the most appropriate next steps.
Q3. What can attendees at Black Hat Europe 2025 expect to see or experience from your team at the event? What are you most excited to showcase or discuss with customers and partners at the event?
At Black Hat Europe 2025, our team will demo the evolution of cloud security: the convergence of observability, security, and generative AI.
What we're most excited to showcase is how our Cloud SIEM and Bits AI work together. We know this audience is tired of the alert fatigue, false positives, and the operational divide between Security and DevOps. We're fixing that.
We'll be showing live, interactive demos of how our Cloud SIEM unifies security signals with the rich, real-time context from metrics, traces, and logs.
The innovation here is Bits AI. We'll be demonstrating how Bits AI acts as an autonomous security analyst. Attendees will see Bits AI:
For our customers and partners, this means a massive reduction in MTTR, a more proactive security posture, and a true partnership between security and engineering teams. We're excited to show what Bits AI is capable of.
Q1. What's the most significant shift you've observed in adversary behavior and TTPs in 2025 compared to two years ago? Looking ahead to 2026, what trends or changes in attacker behavior do you expect will have the biggest impact on defenders?
Over the past two years, adversaries have begun to employ artificial intelligence to scale and automate attacks, marking a major turning point in how operations are planned and executed. The use of AI has started to allow attackers to move faster, target more precisely, and exploit environments with greater efficiency, forcing defenders to respond at a new tempo.
Looking ahead to 2026, several emerging shifts will reshape the security landscape. The rapid adoption of AI agents for executing workflows and decisions will create new security challenges, since traditional environments were never designed with these agents in mind. Organizations will need to develop new methodologies and tools to map their AI ecosystems and identify vulnerabilities. A key change will be the evolution of identity and access management, as AI agents are treated as distinct digital actors with their own managed identities. Adaptive systems will be required to continuously assess risk and adjust access in real time to prevent privilege creep or unsafe actions.
At the same time, attackers are expanding their focus to the underlying virtualization layer, which has long been considered a strength but is emerging as a critical blind spot. By targeting the hypervisor, adversaries can bypass detection, encrypt virtual machine disks, and cripple enterprise operations within hours. Defending against this will require developing new capabilities that directly protect this foundational layer.
Finally, as cryptocurrencies and tokenized assets drive the growth of an on-chain economy, adversaries are exploiting blockchain’s immutability and decentralization to operate with greater resilience. Malicious actors are beginning to shift entire stages of their campaigns on-chain, from command and control to data exfiltration and asset monetization. To keep pace, defenders will need new investigative skills and visibility across this evolving attack surface.
Q2. What's the one security control or practice that, if organizations had implemented it properly, would have prevented or significantly limited the majority of breaches you investigate? What separates organizations that recover quickly versus those that struggle for weeks and months?
In our experience, the single control that could have prevented or significantly limited many breaches is effective identity management. Many successful attacks do not rely on sophisticated exploits but on weak or poorly governed identities. Identity has become the new security perimeter.
Organizations that recover quickly are those with full visibility of every identity, human and machine. They know what each account is authorized to do and can rapidly revoke or adjust credentials as risk changes. Those that struggle often lack this visibility and spend days tracing access rights, identifying forgotten service accounts, and unpicking over-privileged credentials before systems can be restored.
As AI agents become more embedded in enterprise workflows, the same strict governance principles must apply. Treating every AI or service identity as a managed digital actor with context-aware permissions will be essential to maintaining resilience and ensuring that security keeps pace with automation.
Q3. What are Google Cloud Security’s plans at Black Hat Europe 2025? How will you be engaging with customers, researchers and the broader security community at the event?
This year Google Cloud Security is a Titanium sponsor at BlackHat Europe. We’ll be at booth 105 with our team of experts and ready to talk about the latest threats we’ve been seeing, how to empower your defenders through the use of AI, and the best methods to proactively protect your business.
We’ll also be holding two sessions looking at the latest security developments - firstly on how AI will transform security operations, and secondly on threat intelligence via a Capture The Flag challenge workshop.
There will also be an opportunity to get creative with our interactive AI Lego demo to experience the power of Gemini and win prizes at our booth. We’re looking forward to connecting with this year’s Black Hat Europe attendees.
