Microsoft at Black Hat USA 2025

Microsoft will participate in Black Hat USA 2025, scheduled for August 5-7 in Las Vegas, offering attendees a practitioner-driven experience centered on real-world threat intelligence, incident response, and applied AI expertise. The company emphasizes that cybersecurity is most effective when intelligence, tools, and domain expertise are tightly integrated. To that end, Microsoft has dismantled internal silos, connecting its threat intelligence, red teams, incident responders, and engineering groups into a cohesive, closed-loop system that rapidly transforms threat signals into global defenses.

Microsoft at Black Hat USA 2025: Microsoft showcases unified cybersecurity strategy

This integrated approach is more than conceptual. When threats are detected via Microsoft's global infrastructure, that intelligence immediately informs red team operations, incident investigations, and product engineering, simultaneously. At Black Hat, Microsoft will reveal how this system functions and how security teams can leverage it to defend at AI speed. Attendees interested in connecting more personally can request access to Microsoft’s VIP mixer during the event.

Ahead of Black Hat, the Microsoft Threat Intelligence Podcast features an episode with Grifter, the Black Hat NOC lead, and security professional Lintile. The conversation explores how one of the world’s most prominent cybersecurity conferences is secured, what the Black Hat Network Operations Center (NOC) observes in real-time, and how those insights can benefit defenders in broader contexts. Whether attending in person or remotely, listeners gain rare access to the operations behind the scenes.

Booth 2246: Interactive Discussions, Not Presentations

Visitors to Microsoft’s booth (#2246) can expect informal, interactive conversations rather than traditional presentations. A mobile podcast studio will host ongoing discussions with Microsoft security experts and their podcast collaborators, including members from the Microsoft Threat Intelligence Podcast, the BlueHat podcast (MSRC), GitHub, and other special guests.

Discussion topics include:

• Navigating the ransomware landscape
• Countering business email compromise (BEC)
• Evolving phishing and social engineering tactics
• Securing non-human identities (agents)
• Unannounced bonus content
   

Experts will share field intelligence and practical advice for application in real environments. Sessions will cover everything from live threat briefings to red team operations and incident response case studies. Microsoft will also host product demonstrations of Microsoft Defender, Microsoft Entra, Microsoft Purview, and Microsoft Security Copilot throughout the week.

On Wednesday, August 6, Microsoft will host a Security VIP Mixer, inviting attendees to engage with its threat intelligence, incident response, and Security Copilot teams. The event offers an opportunity for deeper discussions on deploying AI agents, confronting advanced threats, and refining detection and response strategies. Appetizers and beverages will be served.

The mixer is supported by several members of the Microsoft Intelligent Security Association (MISA), including Armor, Cyberproof, Forescout, Ontinue, and Security Risk Advisors.

Session highlights: Unmasking Cyber Threats

Date: Thursday, August 7 | Time: 12:15–12:40 PM

A panel of Microsoft Security experts, including Sherrod DeGrippo, Aarti Borkar, Andrew Rapp, and Simeon Kakpovi, will discuss methods for confronting AI-driven and actor-led cyber threats. The session will provide actionable strategies such as:

• Aligning threat intelligence, incident response, and detection teams
• Reducing operational friction and accelerating response times
• Lessons from tracking social engineering and ransomware campaigns
• Adapting red teaming for an evolving AI threat landscape
   

This session aims to equip defenders with structural and procedural improvements relevant to high-impact cyber incidents.

Inside Microsoft’s Red Team Operations

Date: Wednesday, August 6 | Time: 11:25–11:45 AM

Ram Shankar Siva Kumar (founder of Microsoft’s AI Red Team) and Craig Nelson (Red Team member) will delve into how offensive teams integrate across Microsoft’s broader security infrastructure. Topics include:

• Identifying systemic risks across services
• Testing generative AI for jailbreaks and misuse
• Collaborating with MSRC and threat researchers to close the loop
• Embedding red teaming in product engineering as a design principle
   

Attendees will gain insight into how Microsoft approaches adversarial testing through collaboration, innovation, and continuous iteration. Microsoft’s booth will also feature a dedicated demo station where seven MISA partners will present how their solutions, combined with Microsoft’s security technologies, work together to protect shared customers from cybersecurity threats.

Microsoft's presence at Black Hat reinforces its commitment to breaking down barriers within cybersecurity disciplines to create a cohesive, intelligence-driven defense strategy. This approach will be on full display throughout the conference.

Additional opportunities include:

• Sessions featuring Microsoft Security leadership at the AI Summit (separate registration required)
• Invitations to the Microsoft VIP Mixer
• Demonstrations of Microsoft’s end-to-end cybersecurity platform
• Discounted access to Black Hat briefings and the business hall
• One-on-one meetings with Microsoft Security experts
• Ongoing podcast content via the Microsoft Threat Intelligence Podcast
   

Attendees are encouraged to visit Booth #2246 to explore how Microsoft's AI-enhanced, integrated security ecosystem helps organizations adapt, respond, and stay ahead in an increasingly complex threat environment.