Former New York Times Cyber Reporter Issues Chilling Warning at Black Hat

Cybersecurity is no longer just about code — it is about people, power, and the fight for truth.

Speaking Thursday at Black Hat USA 2025, Nicole Perlroth, former New York Times reporter and founding partner of Silver Buckshot Ventures, warned that digital threats have outpaced traditional defenses. Malware has gone quiet and autonomous. Ransomware operates like a subscription service. Artificial intelligence has begun to distort reality itself.

She explained that cyber threats have moved beyond networks, now targeting public discourse, critical systems, and democracy itself.

“But now the threats are being automated by AI and deployed at scale,” Perlroth explained. “The question is not whether we can stop them. It’s if we even have the courage to try.”

Perlroth urged the security community to define red lines, protect what matters most, and understand that courage will shape the future.

When the headlines fade, the threats remain

Perlroth spoke from experience. As a cybersecurity reporter for The New York Times, she spent a decade covering the escalation of digital conflict. These stories often made front pages, then quietly disappeared. But the incidents, she argued, were not anomalies. They were warnings.

Soon after she joined the Times, the newsroom was hacked. Journalists were expected to defend themselves from nation-state attackers. From that point on, the threats kept mounting: malware hidden in takeout menus, wiper attacks on Iran and Saudi Arabia, the Sony breach that attempted to silence a media company, and the DNC hack that shaped public discourse.

“What it really was,” Perlroth said, “was an assault on the First Amendment.”

Over time, the scope of attacks widened. Ransomware crippled hospitals. Spyware intimidated reporters. Cybercriminals leaked sensitive corporate data to apply pressure. The attacks grew bolder, the stakes higher, and the human toll more visible.

“I had a front-row seat to the human cost,” she noted. “And every time it got worse.”

Yet, the industry repeatedly moved on. These were not edge cases, Perlroth warned — they were stress tests. And adversaries were paying attention.

A new kind of cyber war, powered by AI

Perlroth’s warning extended beyond historical failures — it focused on the future.

Artificial intelligence is rapidly changing the rules of engagement. Hackers are already using AI to identify business-critical assets, craft convincing phishing lures, and automate psychological manipulation. Some groups, she said, are training chatbots to apply maximum pressure during ransomware negotiations.

Meanwhile, defenders are falling behind. Agentic workflows are being targeted. AI models like Claude are already winning hacking competitions. Still, Perlroth insisted, the outcome is not inevitable.

“We can still steer AI,” she said. “But the window is narrow, and it’s closing fast.”

Despite the stakes, she expressed cautious optimism. New technologies are emerging that can detect deepfakes in real time, scan third-party risk at scale, and democratize security for under-resourced businesses. More importantly, she said, this field is driven by people who step up to defend, not destroy.

“The only way out is through,” Perlroth concluded. “And the only way through is with courage.”