CrowdStrike, AI dominate conversation at Black Hat USA 2024

Although the trend of vendors pitching AI-powered products nonstop has continued at Black Hat USA 2024, CrowdStrike and the recent IT outage was an even larger point of discussion.

LAS VEGAS -- The main topics of discussion at Black Hat USA 2024 this week were CrowdStrike and, as expected, generative AI.

The conference was once again held at the Mandalay Bay Convention Center in Las Vegas. As has been the case with every major security convention since early 2023, GenAI was on full display at this year's Black Hat USA conference, with several sessions tackling AI safety and security. A large number of vendor booths on the show floor prominently advertised terms such as AI, GenAI, and LLM, and on Tuesday the conference even had its own AI summit.

Despite AI's dominance in the grander security conversation, the subject that was arguably even more frequently discussed was CrowdStrike -- specifically the global IT outage caused by an errant channel file update the security vendor pushed to its Windows sensors last month. While nearly all Windows systems have been restored as of Tuesday, the fallout continues. CrowdStrike on Tuesday published its root cause analysis report, which described a confluence of errors that contributed to the outage, and the vendor faces potential legal action from customers affected by the incident.

Despite the incident being a black eye for CrowdStrike, the sentiment toward the cybersecurity vendor hasn't been strictly negative. CrowdStrike's quick response to the outage has generally been commended by the larger security community despite criticisms of the vendor's update processes. Based on the discussions TechTarget Editorial had with attendees, CrowdStrike and the outage came up frequently both during sessions as well as in conversations with others.

For example, international security leaders were asked about the CrowdStrike outage during a Wednesday morning keynote, specifically in the context of how to ensure it doesn't happen again. CISA Director Jen Easterly said that the incident reinforced the ubiquity of software and how much society depends on it working properly.

"On the CrowdStrike incident, I think all of us were probably up at various times -- I know I was up at about 2 a.m. We played a big role in both our role as America's cyberdefense agency, but also as the national coordinator for critical infrastructure security and resilience, so we were very early on trying to assess the impact and then work with CrowdStrike to get mitigation guidance out, and then to really figure out how we could reduce risk to the American people through the interruption of services."

CrowdStrike has a full-size booth as well as some limited signage in the convention center, but the vendor canceled media interviews at the conference. CrowdStrike published its annual Threat Hunting Report this week without the usual fanfare or much of any internet-facing advertisement (the vendor's X account includes no mention).

Black Hat USA 2024 show floor photo.
The show floor at Black Hat USA 2024.

A CrowdStrike employee, who was granted anonymity because they were not authorized to speak to the media, told TechTarget Editorial that they felt about half of the conversations they had with attendees at Black Hat this week were related to the outage, while the other half were conversations related to CrowdStrike's products and initiatives. In conversations about the outage, they said, the tone was more casual and empathetic than negative.

Chuck Herrin, field CTO of API security for F5, said that what caught everyone off guard regarding the outage was the blast radius of 8.5 million Windows devices all at once from a single faulty sensor update. "What had been a relatively invisible and seamless process suddenly wasn't," Herrin said.

Moreover, he felt that with the increasing adoption of GenAI, something like this was bound to happen in the future.

"AI specifically is so resource intensive and so expensive to build and train models that we're going to have a lot of dependencies on the very few players that have a billion dollars to train a model. And if anything goes wrong in the supply chain with one of those key players, we're going to see some events that we haven't seen before," he said. "I don't know what that looks like yet, but there's definitely a consolidation supply chain risk to this, and while there some are open sourcing models -- like Meta, for example, which brings another set of risks -- I think we're going to have a lot of risk concentrated in the hands of very few players that are actually training the new models."

GenAI risk and reward

AI was the other major topic at Black Hat this year, though discussions were somewhat different from those at other security conferences from the last two years in that it shared the spotlight with topics including CrowdStrike and election security. Many sessions were dedicated to the technology, such as an Nvidia presentation on Wednesday covering the top threats to large language models (LLMs) such as indirect prompt injections.

Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative, told TechTarget Editorial that as he was walking through the Las Vegas airport before coming into the conference, "every other ad I saw had AI on it." Trend Micro has also been continuing its investment into AI in concert with an ongoing partnership with Nvidia.

Childs told TechTarget Editorial that Trend Micro is currently prototyping a tool where one could feed a technical report of a vulnerability to Trend Micro's AI and have it "immediately spit out a virtual patch." He emphasized that the tool wasn't ready for prime time but that he hopes to demonstrate it sometime next year.

Though LLMs and GenAI have proven controversial -- Goldman Sachs has expressed concerns over the use cases for AI versus its enormous costs -- experts say the technology has practical security uses such as with analyzing large amounts of threat intelligence and making technical data more readable for humans. Herrin said he thought discernment between practical use cases for AI and more gimmicky ones will become a more prominent point of discussion going forward.

David Kennedy, founder and CEO of infosec consultancy TrustedSec, told TechTarget Editorial that he's been coming to Black Hat and Defcon for 19 years, and that when he first started coming to the events, the security industry was much more immature. People were "releasing zero days all the time" as well as "new crazy hacks and tools," and as a result, the security industry matured.

At this point, Kennedy said, AI has not provided much innovation in the security industry. He cited a large number of companies that claim to use AI but don't, as well as others that integrate the technology without much thought into what their AI product actually does.

"I think it definitely has the potential to [innovate the security industry] down the road. Don't get me wrong, I think generative AI, from a code analysis perspective, presents efficiencies such as lower level analysts being able to query and get things back that are more complex in nature, but whittled down to something easier to understand. There are some great usages for AI," he said. "I just think it's very much a hype train."

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.

Dig Deeper on Security operations and management