News

5 Big AI & Cybersecurity Takeaways from HumanX 2025

Editor’s column: 5 key insights from HumanX 2025.

Last updated on Mar 13, 2025
Joel Witts
Written by Joel Witts
This article will cover

HumanX has just wrapped here in Las Vegas. This inaugural AI conference brought together 3,300+ thought leaders, innovators, and decision makers from across the AI landscape.

I’ve been here at the show all week, meeting AI thought leaders and following the major announcements and keynotes as they related to cybersecurity, AI governance and AI safety to bring you actionable insights and advice.

Cybersecurity was a key focus this week, with expert voices including former Vice President Kamala Harris, and Abnormal Security co-founder Evan Reiser discussing how we mitigate some of the risks around AI.

But why does all of this matter to you and your business? Here are my top actionable insights and takeaways from HumanX 2025.

1. Does the US Need a Federal Data Protection Law? 🏛️

Jay Obernolte – Photo by Big Event Media/Getty Images for HumanX Conference)

The debate over a federal data protection law will become critical for businesses using and developing AI tools. Compliance intersects directly with security teams, and so many of these debates may become central to the cybersecurity world over the next five years.

Currently, different state laws in the US can create confusion and obstacles, especially for startups and small businesses that lack the resources of larger companies to navigate this complex landscape. A unified federal law in the USA could simplify compliance, but at the moment it seems very unlikely to emerge.

Key Insights:

  • Rep. Jay Obernolte, the Chairman of the Task Force on Al for the US House of Representatives: “28 different state data privacy standards create a destructive regulatory landscape.”
  • Karen Silverman, Founder & CEO at The Cantellus Group: “Old regulatory schemes can’t solve new problems.”
  • David Danks, Professor of Data Science, Philosophy, & Policy at the University of California, San Diego: “Smart governance increases innovation.”

2. AI is Accelerating Phishing and AI Deepfakes 🎣

The rapid pace of AI technology not only brings advancements but also transforms cybercriminal tactics. Phishing is often one of the top issues affecting security teams. With AI, phishing and deepfakes are more sophisticated than ever, increasing the risk to businesses and individuals. 

For security teams, understanding this evolution is vital for developing effective countermeasures and keeping ahead of potential threats.

Key Insights:

  • Evan Reiser, Co-founder & CEO at Abnormal Security: “ChatGPT is a boon for criminals, enabling phishing emails at unprecedented scale.”
  • Rajat Taneja, President, Technology at Visa: “An explosion of social engineering and phishing.”
  • Steve Schmidt, Chief Security Officer at Amazon: “The biggest mistake is clicking on links that they shouldn’t… AI certainly is affecting that world. It’s making it easier for the less sophisticated actors.”

3. Is AI Helping the Good Guys or the Bad Guys? 🤖

Charles Carmakal – (Photo by Big Event Media/Getty Images for HumanX Conference)

AI is not one fixed entity. It can mean millions of different apps and can be used in millions of different ways. This means AI can be a powerful ally or a dangerous adversary in cybersecurity. 

While adversaries are beginning to use AI tools, defenders also stand to gain considerably from AI’s capabilities in rapid threat detection and response. Understanding where we stand in this arms race is critical for security teams. 

Key Insights:

  • Charles Carmakal, CTO at Mandiant: “AI benefits the defenders more than it benefits the adversaries…The use of AI by adversaries is very rudimentary today. And yes, they will get better at it…But today, AI is better for the defenders than it is for the adversaries.” 
  • Steve Schmidt, Chief Security Officer at Amazon: “I think we’ll see vast improvement in agentic behavior for security operations…Lower latency decisions, the ability to identify things with more rapidity and frankly to get rid of more of the alarm noise that’s out there.”
  • Timothy Galluzi, CIO at State of Nevada: “As generative AI advances, those that want to do us harm have access to this technology in magnitudes much greater than what we have access to… Being able to defend against these things means I need to also have access to those tools.”
  • Galina Antova, Co-founder & Board Member at Claroty: “We simply do not have enough humans to deal with all of the security tools and all of the false positives and all of the security telemetry that’s coming our way…AI doesn’t sleep. And the good news for the defenders is that it’s not going to sleep for us either.”

How To Ensure Safe AI Deployment 💾

2204461452.jpg
Sadie Creese, Professor of Cybersecurity at University of Oxford

AI presents exciting possibilities, but the rush to adopt it often leads to oversight in cybersecurity practices which can lead to friction between security, governance and product teams.

“Shadow AI,” or unsanctioned AI deployments, can pose significant risks if not integrated into security oversight and frameworks. Companies must find a balance between innovation and security.

Key Insights:

  • Sadie Creese, Professor of Cybersecurity at University of Oxford: “A lot of organizations are discovering…shadow AI. It wasn’t in the plan for the live operations in such a way that the cybersecurity teams and the people charged with risk governance can deploy the right policies and get the right kind of oversight around it…Shadow AI can lead to unforeseen risk.”
  • Nia Castelly, Co-Founder & Head of Legal, Checks at Google: “One of the great benefits of AI is unlocking security innovations. But some people think that can happen without any human intervention…There should be humans in the loop to take these insights and make the decisions that ensure your company is operating the way you intended and hopefully in a safe way.”

What does the future look like? 🔮

Perhaps the number one challenge for security teams with AI today is the breakneck speed of innovation and change. Security teams must try and keep up from a security perspective without holding back company innovation and growth. 

It’s important to at least try to skate toward where the product is going as opposed to where it has been. A lot of the discussion this week has focussed a lot on what the future of AI in cybersecurity may look like.

Key Insights:

  • Alex Stamos, CISO at SentinelOne: “What excites me most is the ability to let human beings make human decisions instead of spending all this time churning through logs. The truth is, we have no problems as security teams getting data. We have tons of data. We have petabytes of data. The real problem has been for years now, looking across that data and trying to pull insights out of it. AI gives us the ability to do that. The ability to make an English language query that pulls insights across multiple different kinds of logs in real time is incredibly powerful.”
  • Asheem Chandna, General Partner at Greylock: “We’re entering an era where there’s going to be a team of good AI vs bad AI. AI is going to be applied for a lot of good purposes, and it’s really going to enhance everybody’s lives here. It’s also going to be applied unfortunately on the other side.”
  • Didem Un Ates, Chief Executive at LotusAI Connect: “It could be very well that in the long term, I don’t know if it’s 10 years or 7 years…but truly getting help from AI to govern. Because when we say AI governance, if it’s done well, we also need to govern humans.

With AI’s potential for good comes a set of risks, making it imperative for organizations to stay vigilant and proactive. The future belongs to those who can successfully navigate these opportunities.

About Expert Insights

Expert Insights saves you time and hassle by rigorously analyzing cybersecurity solutions and cutting through the hype to deliver clear, actionable shortlists.

We specialize in cybersecurity. So, our focus is sharper, our knowledge is deeper and our insights are better. What’s more, our advice is completely impartial.

In a world saturated with information, we exist to arm experts with the insights they need to protect their organization.

That’s why over 1 million businesses have used us to inform their cybersecurity research.

Expert Insights’ Cybersecurity Resources

Written By
Joel Witts
Joel Witts

Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.