Cyware launches AI threat response tool at Black Hat USA 2025
Cyware has taken a significant step in operationalising artificial intelligence for security teams, unveiling its new open source Model Context Protocol (MCP) Server during Black Hat USA 2025. The announcement underscored how AI is shifting from hype to hands-on use in cybersecurity.
Jawahar Sivasankaran, President of Cyware, explained that the discussions at this year’s conference reflected a practical mindset. “Black Hat 2025 wasn’t just about AI hype,” he said. “It was about AI as a tool – something that can actively reduce investigation time, improve correlation across fragmented data, and drive repeatable orchestration in the SOC.”
The MCP Server was positioned as Cyware’s biggest reveal of the week. It is designed to connect large language models (LLMs) securely with Cyware’s intelligence-sharing and automation ecosystem. The platform translates natural language requests into actionable security tasks while preserving context and keeping analysts in control.
Sivasankaran said the industry response highlighted strong demand. “We were excited by the level of engagement from the community,” he remarked. “Security leaders are clearly ready for AI-native workflows that enhance speed and precision in detection and response, without removing the human from the loop.”
Beyond product announcements, broader trends at Black Hat pointed to how AI is being absorbed into daily security operations. A recurring theme, Sivasankaran noted, was controlled autonomy—where AI supports triage, enrichment, and response, while analysts continue to take charge of high-impact choices.
He added that other topics also gained traction, including the importance of multi-source threat intelligence, the adoption of identity-first security strategies, and the challenge of protecting AI/ML pipelines from adversarial threats. “Across the board, security leaders are looking for solutions that integrate seamlessly, connect silos, and produce measurable results – without sacrificing trust, oversight, or control,” he said.
Sivasankaran outlined two clear lessons from the event. First, automation has become essential to both threat intelligence and SOC operations. “It’s no longer a ‘nice to have.’ Many of the conversations I had were with teams looking to streamline investigations and responses without increasing analyst workload.”
The second was the emphasis on collaboration. “Whether through open standards, intelligence-sharing partnerships, or integrated workflows, Black Hat reinforced that security outcomes improve when tools, teams, and communities work together rather than in isolation.”
By making its MCP Server open source, Cyware aligned itself with these industry priorities, offering a platform built for interoperability, transparency, and community adoption. The release not only showcased the company’s approach to AI-powered security but also reflected a broader shift in how organisations intend to deploy automation responsibly in the years ahead.
