It’s always good to be back at Black Hat, and this year, it felt like the security industry is standing at a major inflection point.
We came to Vegas with something big: the launch of the new Reveal Platform, the first solution purpose-built for Preemptive Identity Security. And after a week of conversations with CISOs, SOC leaders, founders and analysts, it’s never been more clear that the market is ready, and the need is urgent.
Let me share a few key takeaways from my week on the ground.
1. AI Is Everywhere, but Attackers Are Ahead
AI was the headline at Black Hat this year (no surprise). A lot of it felt like marketing.
Most vendors are layering in LLMs for chat interfaces, applying generative AI to assist with investigation summaries, or promising AI-enhanced workflows. While there’s clear value in automation and augmentation, much of what we saw felt like AI applied at the surface – not at the core.
The real urgency in cybersecurity isn’t about how vendors are using AI, it’s about the fact that attackers are leveraging it to become better at impersonating legitimate users. By using standard business applications, they can hide in plain sight, turning the task of detection into a nightmare for security teams. And many of the attacks we’ll see in the next few years will be things we’ve never seen before.
That’s a problem for defenders still relying on signatures or predefined logic. If you have to know what you’re looking for before you can stop it, you’re already behind.
That’s why at Reveal, we’ve never been rule-based. We’re behavior-based. As the old adage goes: behavior doesn’t lie. And with AI on the rise, the only way to keep up is by understanding normal so you can catch these threats in the critical moments after they log on.
2. Identity Is the New Battleground
You’ve heard it before: identity is the new perimeter. Call it the new control plane if you like – it doesn’t matter what language you use. What matters is that defenders need to monitor identity at the point of access, and also monitor identity behavior post-authentication in order to catch the malicious insider or external adversary with creds. That’s what made so many of the Black Hat conversations interesting this year. CISOs aren’t just talking about securing the login anymore. They’re talking about what happens after.
Because once an identity is authenticated and inside your SaaS or cloud environment, the threat doesn’t look like an anomaly. It looks like normal user behavior – until it’s not. And if you’re not watching identity behavior after the login, you’re flying blind in the very systems that run your business.
Reveal starts where others stop. Most identity tools stop at the door….authentication, posture, entitlements. Important stuff, but not enough. We focus on post-authentication, where business actually happens and data lives. That’s the visibility gap we solve.
3. Detection “Left of Boom” Is Having Its Moment
Another theme I heard: the need to detect left of boom. That phrase means catching threats before the adversary achieves their objective, not after.
This shift matters. It shows the industry is starting to accept that incident response and recovery aren’t enough. You have to stop attackers during recon. During lateral movement. Before data exfiltration. Before impact.
And this is exactly what the Reveal Platform is built for. We give security teams the power to detect early-stage identity threats in SaaS and cloud environments, based on behavioral deviations – not rules. Not thresholds. Not after the fact. It’s a new mindset: preemptive cyber defense.
We believe this is where the industry is going…and we’re already there.
4. Most Vendors Still Miss the Post-Auth Gap
Walking the show floor with our team, one thing became very clear: Reveal is doing something truly different.
Lots of vendors are talking about identity. But most are focused on the perimeter: SSO, MFA, IAM, provisioning, access reviews and ITDR. Again, these are all important. But none of it answers the question, what is this identity doing inside my SaaS and cloud apps right now?
That’s where Reveal lives. We are laser-focused on giving security teams behavioral visibility after login. That’s where attackers operate. That’s where business processes live. And that’s where traditional security solutions fall short.
We’ve also been building and refining our AI and ML engine for years, not weeks. We’re not slapping a chatbot on an old product. Our unsupervised ML models power detection across SaaS and cloud identity activity, tailored to your environment and contained within your systems. It’s purpose-built for this problem, and it works.
