News

22+ Insights From Cybersecurity & AI Experts at HumanX 2025 

Actionable insights and advice from the opening days at HumanX 2025.

Last updated on Mar 19, 2025
Joel Witts
Written by Joel Witts
This article will cover

“Trust in AI is at an all-time low,” said HumanX CEO Stefan Weitz as he opened the inaugural HumanX conference, held in Las Vegas.

Addressing the lack of trust in AI is a key theme of the conference. In the opening keynote, Weitz announced the launch of RAIL (Responsible AI Landscape), a new framework for measuring AI trust.

When it comes to cybersecurity and AI, trust and responsible usage of data are essential. Expert Insights was on the show floor meeting industry experts and tracking key panels and conversations to bring you actionable insights.

Here are some key insights from day one here in Las Vegas.

🏛️ On AI Safety Policy

  • Former Vice President Kamala Harris: “I think it is an absolute false choice to suggest we can either have safety or have innovation. We can and we must have both. The United States must be a leader of this, and we have got to figure out a way to bring government and technology and the people who are leading it together in a way that we can find common ground.”
  • Rep. Jay Obernolte, the Chairman of the Task Force on Al for the US House of Representatives: “I think we’ve got now something like 28 different state data privacy standards. And it creates this complex regulatory landscape that is very destructive to innovation. Because if you’re Google, not to pick on them, but they have buildings full of lawyers. They can navigate a regulatory landscape that complex. If you are two guys in a garage trying to start the next Google, you can’t.”

🎣 The Impact Of AI On Phishing & Social Engineering

  • Evan Reiser Co-founder & CEO at Abnormal Security: “Historically criminals have been the first to adopt new technologies. Typically, defenders lag behind a couple of years. We’re seeing that today, where if you’re a criminal, ChatGPT is the best thing that has ever happened to you. It can send out phishing emails at scale and they’re better than they’ve ever been written in the past. A lot of organizations are just slower to adopt new technology. We’re in a window of time right now I think is pretty scary for the world, but the defenders are going to catch up and we’ll probably get to a better spot.”
  • Rajat Taneja President, Technology, Visa: “We’re seeing an explosion of social engineering and phishing. It’s reaching such sophisticated standards and we’re only a couple years into this technology wave. It puts the onus on us to have pessimistic design in our systems to ensure layers and layers of defense, knowing that the interface with voice and video is becoming very difficult…It used to be asynchronous, fraud would take place as a text message or voice mail. Now it’s synchronous, a live conversation happening with a phishing agent.”
  • Steve Schmidt Chief Security Officer at Amazon: “When you think about humans and authenticating and authorizing humans, the biggest mistake people will make is clicking on links that they shouldn’t. And it’s basic phishing. I’d love to say we’re immune to that, we’re not, because we’re a company of humans. 
So, AI certainly is affecting that world. It’s making it easier for the less sophisticated actors to do things like that. It’s not really changing the real top end actors at all, because they’ve always been very good at that.”
  • Kara Sprague, CEO of HackerOne. “Human errors lead to the breaches. It’s one of the largest causes. You have to continue education. AI is actually making this very difficult because of the speed at which things are evolving. But teaching employees how you detect and to think: “If you think that you’re talking to me on the phone, and I’m asking you to wire millions of dollars somewhere, don’t do it!”
  • Vijay Balasubramaniyan Founder & CEO at Pindrop Security Inc: “A lot of us know about business email compromise and phishing emails. We’ve all been trained to spot the email header and things like that. And interestingly enough, right now, especially after the Arup attack where a finance worker wired $25 million because he got on the phone call thinking he was talking to a CFO, but it wasn’t a CFO, it was a CFO face swap, cyber criminals are sending phishing emails with Zoom links and Teams links. In fact, 40% of subsequent emails after the first phishing email now has a Zoom link or a Teams link.”

🔐 Can AI Help Security Teams Better Prevent Threats?

  • Charles Carmakal, CTO at Mandiant: “I actually believe that AI benefits the defenders more that it benefits the adversaries based on what we’ve actually seen from a threat perspective. The use of AI by adversaries is very rudimentary today. And yes, they will get better at it. People abuse any new technology that gets created. But today, AI is better for the defenders than it is for the adversaries.” 
  • Steve Schmidt Chief Security Officer at Amazon: “I think we’ll see vast improvement in agentic behavior for security operations. That’s what I’m looking for. Lower latency decisions, the ability to identify things with more rapidity and frankly to get rid of more of the alarm noise that’s out there…I think this is an opportunity where the tooling can really make a material difference in both the effectiveness of our engineers, but also, our internal studies have shown us, when we give our engineers better tools, they like their job better. Which means we retain those very things which are most important to us, and that’s our super qualified staff.”
  • Kara Sprague CEO, HackerOne: “If you look at what a Security Operations Center (SOC) does, you basically have a bunch of humans that are filtering through piles and piles of alerts coming through a lot of different security platforms and capabilities. You only have to be wrong once to get a critical breach, which means that the cost of a false negative is much, much, much worse than a false positive. 
My hope at least is that we can start applying artificial intelligence and a lot more automation to unburden SOC operators, make them much, much more effective, and reduce the number of false positives that are getting thrown at them.”
  • Dean Sysman, Co-founder & CEO of Axonius IncReally understanding your infrastructure and understanding what in your data is true signal, and what is noise, is the foundation for being able to take action. That’s what we need to feed the AI to make sure that when we’re expecting it to give answers, we give it data that we know is already cleaned up and not biased to one subjective view.”
  • Itai Tevet CEO and co-founder at Intezer: “On the defense side, I think that the biggest change since GenAI became a thing is this new excitement that wasn’t present in the industry for a long time. The potential opportunity to solve one of the biggest challenges that has haunted the industry for a long time, which is talent shortage, which is by far the biggest problem in our industry.”
  • Galina Antova Co-founder & Board Member at Claroty: “We simply do not have enough humans to deal with all of the security tools and all of the false positives and all of the security telemetry that’s coming our way. And what I’m really excited about is when I talk about the future where security is going with CISOs, the really good ones that are at the frontier with the use of gen AI [say]… I think we will finally have fully staffed cybersecurity teams… And therefore kind of have a chance of like fighting AI with AI because AI doesn’t sleep. And the good news for the defenders is that it’s not going to sleep for us either.”

✅Ensuring Compliance With AI & Cybersecurity

  • Nia Castelly Co-Founder & Head of Legal, Checks (Google) ”One of the great benefits of AI is unlocking security innovations. But some people think that can happen without any human intervention. You just set it and forget it. That’s really what we always come back to when we talk about responsible development and deployment. There should be humans in the loop to take these insights and make the decisions that ensure the product or your company is operating the way you intended and hopefully in a safe way.”
  • Christina Cacioppo CEO at Vanta: “One of the primary holdups we have seen is concerns about whether an enterprises’ data, or anything an enterprise user puts inside an AI tool is then used to train either that model…or the application company that may be using that model to provide a service. Broad strokes what we have generally seen is that the companies willing to make commitments [not to train on enterprise data] can go forward and have a conversation with that potential customer’s security team. Those not willing to make that statement…there’s more uncertainty.”
  • Sadie Creese, Professor of Cybersecurity at University of Oxford: “There’s this big rush towards exploiting AI for brilliant reasons, there is a brilliant future ahead of us. But what organizations are finding is they haven’t had the discipline around how you move from experimentation to live operations, core business…. And a lot of organizations are discovering what we would refer to as shadow AI. And what do I mean by that? It wasn’t in the plan for the live operations in such a way that the cybersecurity teams and the people charged with risk governance can deploy the right policies and get the right kind of oversight around it…Shadow AI can lead to unforeseen risk.”

🤖 AI & The Cyber Threat Landscape

  • Charles Carmakal CTO at Mandiant: “A lot of organizations have this perception that AI is going to enable adversaries to exponentially increase their ability to break into their organization. And as we look at how threat actors today are actually leveraging AI to break into companies, for the most part, it is relatively basic. They’re leveraging AI to do research on technology, they may be using AI to write little bit cleaner phishing emails with better grammar…The reality is we’re not really seeing threat actors using GenAI to create the malicious software today in any kind of way that would enable them to get past the security technology that we’ve had available to us for the last say decade or so.”
  • Arif Janmohamed Partner at Lightspeed: “It’s well known in the open source domain there’s a number of scripts that bad people can actually pull together to create phishing attacks, malware attacks, what have you. GenAI just makes it that much easier to do so. Now you don’t have to be that technical to use a foundation model, whether it’s open source or not, or to create a personalized attack to go to someone.”
  • Asheem Chandna General Partner at Greylock: “We’re entering an era where there’s going to be a team of good AI vs bad AI. AI is going to be applied for a lot of good purposes, and it’s really going to enhance everybody’s lives here. It’s also going to be applied unfortunately on the other side. If you look at who are the bad guys, the bad guys are primarily nation states that are very well financed and have small armies of people working to attack…. And so if you are putting AI in the hands of those people…I think we really haven’t seen anything yet in terms of sophistication, volume and in terms of targeted attacks.”

💡 Final Advice

  • Craig Martell Chief AI Officer at Cohesity: “Have a healthy skepticism for machine learning systems. Realise that if they’re 80-90% correct, that means they’re 10-20% wrong. It’s important to think on that side too. I think there’s real value here, but again I think the biggest use case to me are the experts becoming more efficient, because experts can evaluate the output. I don’t mean worldwide experts; I mean experts at your job. So you. And you can evaluate when it’s telling you something that doesn’t seem right.”

For more coverage from HumanX 2025, follow Expert Insights on Linkedin.

About Expert Insights

Expert Insights saves you time and hassle by rigorously analyzing cybersecurity solutions and cutting through the hype to deliver clear, actionable shortlists.

We specialize in cybersecurity. So, our focus is sharper, our knowledge is deeper and our insights are better. What’s more, our advice is completely impartial.

In a world saturated with information, we exist to arm experts with the insights they need to protect their organization.

That’s why over 1 million businesses have used us to inform their cybersecurity research.

Expert Insights’ Cybersecurity Resources

Written By
Joel Witts
Joel Witts Content Director

Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.