What 60,000 Hackers Taught Us About Cybersecurity's Future

Last week we shared first impressions from the opening day of Black Hat, focusing on three compelling themes that emerged and took shape early in the event. Now, with the dust settled and the full after-action report complete, we can see a more complete picture of what this massive gathering of 60,000 cybersecurity practitioners revealed about where the industry is heading—and where the real opportunities lie.

The short version? The cybersecurity market is experiencing fundamental shifts that create genuine investment opportunities for those willing to look beyond the obvious plays.

The SMB Security Crisis Is Real (And Massive)

"Security Below the Poverty Line" wasn't just an interesting talk—it highlighted a market failure affecting millions of businesses. The numbers tell the story: the Defense Industrial Base alone consists mostly of small and medium businesses (SMB) that simply cannot afford enterprise-grade security solutions. These aren't companies being stingy; they're facing a fundamental mismatch between what security tools cost and what their risk profiles actually require.

The conventional approach treats SMB security as watered-down enterprise security. Build gold-standard tools, then strip features until they're "affordable." This backwards engineering creates solutions that are simultaneously too expensive and inadequate for their intended users.

The better path? Build security solutions for SMBs from the ground up. "Good enough" security that matches actual risk profiles and operational capacity.

For investors, this represents a massive addressable market that's been systematically underserved. SMBs need security tools designed for their reality, not enterprise hand-me-downs. The companies that crack this code will find themselves serving millions of customers who've been waiting for someone to build for them, not around them.

The Defense Tech Moment

One quote from a VC happy hour captured a compelling point: "Defense Tech is having its moment." This isn't just venture capital hype. The convergence of cybersecurity challenges and national security priorities is creating opportunities that simply did not exist five years ago.

State actors—notably China—are systematically targeting intellectual property and critical infrastructure vulnerabilities. The attack surface is expanding as AI, autonomous systems, and critical infrastructure become increasingly software-dependent. Meanwhile, the Defense Industrial Base consists largely of SMBs that lack the cybersecurity maturity to defend against sophisticated adversaries.

This creates a classic national security challenge with clear commercial applications. Solutions that can secure defense contractors and critical infrastructure suppliers at SMB scale address both market needs and national priorities. The companies building here are solving problems that matter for economic and security resilience.

Algorithm vs Algorithm Future

Perhaps the most striking insight came from discussions about cyberwarfare evolution. We're moving toward algorithm vs algorithm conflicts, with humans intervening only by exception. Autonomous penetration testing tools are already accelerating vulnerability discovery and remediation significantly.

This shift has profound implications. Traditional security models assume human-speed attacks and human-mediated responses. When both offense and defense operate at machine speed, the entire security paradigm changes. Response times are measured in milliseconds, not minutes. Attack patterns evolve faster than human analysis can track. Defense systems must operate autonomously or fail entirely.

For investors, this underscores the value of opportunities in companies building for this algorithmic future rather than retrofitting human-centric security models. The winners will be those who design for machine-speed operations from day one, not those trying to make human-oriented tools run faster.

The AI Whirlwind Phase

Black Hat revealed that cybersecurity investing is currently in what one observer called an "AI whirlwind" phase. Everyone's talking about AI applications, but much of it lacks substance. The real opportunities lie with teams that have moved beyond the hype to build something genuinely differentiated.

The concept of "infer the inference" exemplifies this. LLMs and AI systems generate enormous amounts of metadata about what society is actually interested in, searching for, and concerned about. Smart companies are exploring how this data can reveal collective behavior patterns and emerging threats.

Smart investors are prioritizing quality development teams, proprietary models, and durable five-year plans that will survive the post-hype reality. The companies that matter are building real capabilities, not just riding the AI wave.

Compliance as Competitive Advantage

The most effective organizations we encountered treat compliance as a natural outgrowth of good security practices, not an external burden. When security programs are well-designed and systematically implemented, compliance becomes an automatic byproduct rather than additional overhead.

This philosophical shift creates clear market opportunities. Tools that integrate compliance reporting and evidence collection into core security workflows—rather than treating them as separate functions—will see better adoption and customer satisfaction. More importantly, they'll help their customers transform compliance from cost center to competitive advantage.

Reality Check and Real Opportunities

Black Hat confirmed that the cybersecurity industry remains in rapid evolution rather than settling into mature categories. The rise of AI, autonomous systems, and new development practices represent genuine paradigm shifts that create new attack vectors and security challenges.

This continued evolution means opportunities exist for companies that address the SMB market gap, integrate AI security considerations from the ground up, and rethink traditional enterprise security models for modern development practices.

The key insight from our week in Las Vegas? The cybersecurity market's biggest opportunities aren't in incremental improvements to existing solutions. They're in fundamentally rethinking how security works for different customer segments, threat landscapes, and operational realities.

The companies that will matter five years from now are the ones building for the world as it's becoming, not as it's been. They're designing for SMBs from day one, planning for algorithm-speed conflicts, and treating compliance as a feature rather than a burden.

For investors willing to look beyond the obvious plays, Black Hat 2025 revealed a cybersecurity market full of genuine opportunities. The question isn't whether these shifts are happening—it's whether you're positioned to benefit from them.

From Vegas Quip to Market Reality: Defense Tech by the Numbers

PitchBook's latest defense tech snapshot reveals the sector's rapid maturation through hard numbers. Q2 2025 saw $19.1 billion deployed across 165 deals, more than doubling Q1's volume, with median pre-money valuations climbing to $115 million from $61.3 million in 2024.

The autonomous systems surge tells a compelling story. Investment jumped from $3.7 billion in 2023 to $6.7 billion through Q2 2025, with unmanned surface vessel funding nearly doubling to $729 million in Q2 alone. This maritime focus reflects strategic priorities around Indo-Pacific tensions and algorithm-speed conflicts.

Counter-drone technologies saw even more dramatic acceleration, surging from $21.2 million in 2023 to $324.9 million year-to-date in 2025 – a 15x increase that underscores how rapidly threat landscapes evolve.

Public markets reinforce the investment thesis. Karman Space & Defense trades at 21x EV/revenue while Voyager commands 15-17x despite losses, suggesting investors are pricing in substantial future government spending and commercial expansion.

The institutional backing has matured too, from Andreessen Horowitz's 49 deals to government-backed In-Q-Tel participation. PitchBook's conclusion rings true: defense tech has moved from experimental frontier to mainstream investment category.

More links to explore:

• Investing Capital to Defend the Nation

• Triangle raises $65 million to combat China’s control of rare earth magnets

HavocAI CEO Paul Lwin has been selected to serve on the Washington Post Intelligence Council, joining former Deputy Secretaries of State and National Security Advisors in this prestigious group of thought leaders across Energy and Climate, Tech and AI, and Global Security verticals.

The selection reflects HavocAI's remarkable trajectory from startup to operational defense contractor in just over a year. The company has already delivered fully autonomous maritime systems to the U.S. Department of Defense and demonstrated scalable collaborative autonomy to both Navy and Army in real-world scenarios. Their recent demonstration showcased the future of maritime operations - one operator controlling 25 autonomous vessels simultaneously across Europe, Rhode Island, and San Diego from a single command center.

Paul's appointment brings a unique operational perspective to policy discussions around national security and emerging technologies. As he noted in the announcement, "When you have real autonomous systems executing actual warfighter missions today, it fundamentally changes how you approach policy discussions around national security and emerging technologies."

This recognition validates HavocAI's approach of delivering immediate operational impact rather than extended development cycles. The company represents a new generation of defense technology firms focused on shipping working systems that perform under pressure, transforming from prototype to Pentagon deployment with exceptional speed.

The WP Intelligence Council appointment positions HavocAI at the center of critical conversations about the future of autonomous defense systems, where operational experience meeting strategic policy creates the foundation for informed decision-making in an increasingly complex security environment.

In this episode of the 'Securing Our Future' podcast, hosted by New North Ventures, Jeremy interviews William “Mac” McHenry, an experienced leader from the Department of Defense and Intelligence Community, to discuss the evolving landscape of technology acquisition and the crucial role of government partnerships. Learn about the journey from being a Marine aviator to leading at the Defense Innovation Unit, the cultural shifts in Silicon Valley, and strategies for tech startups to successfully navigate government contracts.

Thanks for reading Securing Our Future! Subscribe for free to receive new posts and support my work.