Microsoft at Black Hat USA 2025: How Unified Cyber Defense, AI, and Real-World Expertise Shape Tomorrow’s Security

At Black Hat USA 2025, Microsoft is taking center stage with a practitioner-driven showcase dedicated to demonstrating its unified approach to cybersecurity, built around real-world threat intelligence, incident response, AI innovation, and deep technical expertise. Over August 5–7 in Las Vegas, attendees will gain unprecedented access to the methodologies, tools, and minds powering Microsoft’s end-to-end global security operations.

A Unified Approach: Breaking Down Silos for Global Protection

For decades, Microsoft has invested in cybersecurity talent, advanced threat detection, and outbreak analysis. In 2025, the company is pulling back the curtain on what it sees as its single greatest strength: the elimination of internal silos. Rather than segregating threat intelligence, red teaming, incident response, and product engineering, Microsoft’s teams now operate as a single ecosystem. This closed-loop model ensures that when a threat is detected through their expansive global network, it immediately triggers a coordinated response, stress-testing defenses, patching vulnerabilities, and pushing critical knowledge directly into product engineering. It’s a system that learns, adapts, and scales rapidly—translating signals into protection for customers every single day.

Just like last year at Black Hat, Microsoft invites the global security community to “see inside the loop”—demonstrating how this integration transforms cybersecurity practice, speeds up response, and drives innovation in AI-powered defense.

Black Hat USA 2025 Kicks Off with the Microsoft Threat Intelligence Podcast

To set the stage for Black Hat, Microsoft recommends starting with the latest episode of the Microsoft Threat Intelligence Podcast, featuring NOC (network operations center) leads Grifter and Lintile. They reveal the challenges and behind-the-scenes efforts of securing world-class events, providing listeners with firsthand insights into the threat intelligence gleaned from monitoring one of the most targeted enterprise networks on the planet. Whether you are attending Black Hat in person or online, this episode offers a rare, actionable perspective for defenders seeking new strategies for their own environments. Check out what happened last year

Booth 2246: Real Conversations, Live Demo, and Hands-On Learning

Skip the crowded conference theater and join Microsoft’s security experts at Booth 2246 for unscripted, interactive conversations. The approach is informal—pull up a chair and engage with real practitioners about what they’re seeing in the wild and how those observations translate into actionable defense strategies. Topics range from defending against ransomware and business email compromise (BEC) attacks, to tackling the evolution of social engineering, phishing, and securing non-human identities.

Microsoft invites guests from its industry-leading podcasts—Microsoft Threat Intelligence, Microsoft BlueHat podcast (MSRC), and partners like GitHub—for ongoing, deep-dive discussions. Live demos will be running throughout the event, highlighting:

• Microsoft Defender: Next-gen endpoint and identity security.

• Microsoft Entra: Identity and access management in multi-cloud environments.

• Microsoft Purview: Data governance and compliance solutions to protect sensitive information.

• Microsoft Security Copilot: Hands-on exploration of AI-powered incident response and threat investigation.

With a mobile podcast studio and direct access to engineers and podcast guests, Booth 2246 is ground zero for security pros seeking unfiltered knowledge and collaboration.

VIP Mixer: Connect With Defenders and Experts

On Wednesday, August 6, Microsoft is hosting an exclusive VIP Mixer—an evening for security peers, industry experts, and the Microsoft incident response and threat intelligence teams to connect, share stories, and build future strategies over drinks and appetizers. The event is made possible by leading partners from the Microsoft Intelligent Security Association (MISA), including Armor, Cyberproof, Forescout, Ontinue, and Security Risk Advisors.

Space is limited and open to practitioners seeking in-depth, practitioner-led discussions about AI agents, advanced threat landscapes, and evolving detection and response strategies. Attendees can request an invite directly online.

Key Sessions and Spotlights

1. Gain Practical Strategies for Unmasking Cyber Threats

Thursday, August 7, 12:15–12:40 PM
Microsoft Security executives Sherrod DeGrippo, Aarti Borkar, Andrew Rapp, and Simeon Kakpovi deliver a main stage session outlining how their teams deal with high-impact intrusions. Attendees will learn:

• How to align threat intelligence, incident response (IR), and detection teams for speed and clarity.

• Methods to reduce silos and accelerate “signal-to-action.”

• Lessons from tracking advanced threat actors, especially those using social engineering and ransomware tactics.

• Practical applications of AI and incident playbooks for today’s threat landscape.

2. Inside Look: Microsoft Red Teams in Action

Wednesday, August 6, 11:25–11:45 AM
Ram Shankar Siva Kumar (founder, Microsoft AI Red Team) and Craig Nelson (Microsoft Red Team) show how Microsoft’s offensive security experts work in sync with MSRC and threat researchers to identify systemic risks, probe generative AI for jailbreaks, and ensure red teaming is embedded from product design to real-world deployment. The talk addresses:

• Proactive adversarial testing as an ongoing design principle.

• Lessons learned from collaborating across engineering and security disciplines.

• How this approach advances industry best practices in offensive security.

3. Partner Power: MISA Demos and Collaboration

Microsoft’s booth will feature seven members from the Microsoft Intelligent Security Association (MISA), demonstrating how integrating partner solutions with Microsoft’s security technology strengthens protection against real-world threats. This collaboration underscores Microsoft’s commitment to a community-oriented security ecosystem, where customers benefit from both in-house innovation and strategic partnerships.

Special Offers and Ways to Connect

For security teams seeking to take full advantage of Black Hat and Microsoft’s offerings:

• Get $200 off Black Hat briefings and $100 off business hall passes with the Microsoft discount code.

• Request a one-on-one meeting with Microsoft security experts for tailored guidance.

• Catch Microsoft Security executives at the AI Summit at Black Hat (separate pass required).

• Access exclusive event briefings, demos, and podcasts (Threat Intelligence Podcast, Security Copilot deep dive), and stay updated via Microsoft’s Tech Community blog.

Why Microsoft’s Unified, AI-Fueled Security Matters Now

The 2025 threat landscape is rapidly evolving, with adversaries harnessing generative AI, social engineering, and new vectors for attack. Microsoft’s demonstration at Black Hat focuses on how unification—across people, processes, and technologies—can enable defenders to stay ahead, respond faster, and mount effective, scalable defense. The fusion of AI, practical playbooks, and live collaboration delivers what today’s enterprises urgently need: resilient, adaptable security designed for the real world.

Whether you attend Black Hat in person, join virtually, or follow along via podcasts and webinars, this is the year to connect with the experts driving cybersecurity forward—side by side with Microsoft.