Horizon3.ai And The NSA Sound Alarm On Supply Chain Cyber Threats

Introduction to the Evolving Cybersecurity Landscape

Attackers aren’t breaching the front gates—they’re quietly slipping in through overlooked suppliers. Black Hat 2025, more affectionately known by those who perennially attend the event as “Hacker Summer Camp” is taking place this week in Las Vegas. It is filled with insightful presentations and training, but one joint keynote from Horizon3.ai and the NSA is drawing attention not just for the pairing, but for the message: cybersecurity strategies must evolve—fast.

The Focus on Real-World Threats

The focus isn’t on hypothetical threats. It’s on something both sides say is happening now: attackers exploiting weaknesses not in primary targets, but in the long tail of their supply chains. Snehal Antani, CEO of Horizon3.ai and a former DoD tech executive, brings first-hand perspective to the conversation. In an exclusive interview ahead of the event, he described how AI is changing the speed and scale of attacks—and why security validation must catch up.

The Growing Threat to the Defense Industrial Base

The keynote centers on a growing risk to national defense: the vulnerability of smaller defense contractors and suppliers. Nation-state actors are no longer just targeting large enterprises or government systems directly. Instead, they’re looking for the easiest point of entry—which is often a small design firm, subcontractor or third-party IT provider. Antani shared an example where Horizon3’s autonomous pen-testing platform uncovered sensitive CAD files for Nimitz-class aircraft carriers within five minutes of running a simulation at a small ship design firm. “They didn’t have to go after the Pentagon,” he said. “They got the full design—including nuclear submarine specs—from a supplier.”

This approach is consistent with how modern cyber-espionage works. As Richard Stiennon, chief research analyst at IT-Harvest, explains, “When a spy agency picks a new target, the first tool they reach for is exploits against the target’s software infrastructure. Reconnaissance is not about enumerating the target’s attack surface; it is all about enumerating the target’s supplier base.” And it’s not just a defense-sector issue. Scott Crawford, research director for information security at 451 Research, part of S&P Global Market Intelligence, notes the same pattern across many industries.

The Role of AI in Offensive Security

Bailey Bickley, chief of defense industrial base defense for the NSA Cybersecurity Collaboration Center, will join Antani onstage to discuss how the NSA is working directly with small and mid-size suppliers to raise their baseline defenses—not just enforce compliance. This carrot-and-stick approach complements frameworks like CMMC. “The carrot raises the ceiling of security, and the stick raises the floor,” Antani said. Bickley explained, “Nation state actors have the resources to probe every link in the supply chain, there is no company or target too small. By working with industry to continuously test and validate defenses, we can close gaps before adversaries can exploit them.”

The core of Horizon3.ai’s approach lies in automated adversary emulation. Instead of waiting for an attack or relying on static controls, organizations can simulate real-world threats across their environments. These autonomous pen tests run continuously, surfacing exploitable issues before an attacker can. Scale is key. “I run more pen tests a day than Big Four consulting firms run in a year,” Antani noted. “That gives us a telemetry advantage—five billion unique events a month.”

A Rare Public-Private Alignment

The NSA rarely shares a keynote stage with a private startup. Their collaboration with Horizon3.ai reflects a broader trend: traditional agencies working with newer, faster-moving companies to solve complex challenges that span both sectors. Antani, who helped lead AI initiatives in the U.S. military, sees public-private collaboration as essential—especially as the threat surface expands. What happens to a small defense contractor in Ohio can have ripple effects across military readiness, critical infrastructure and even civilian technology supply chains.

From Pen Tests to FixOps

Horizon3.ai is also using Black Hat to introduce a new integration: wrapping its autonomous pen testing with Model Context Protocol servers. These systems let users query security issues in plain language—no need for complex dashboards or cross-tool coordination. Antani calls the result “FixOps,” short for fix operations—a closed-loop process for identifying and remediating security issues with automation. “The end user doesn’t have to care about all the technical nuances anymore,” he said. “MCP completely simplifies the workflow of remediation.”

Looking Ahead

The Horizon3.ai–NSA keynote is a signal that assumptions about how security should be measured—and how defense is prioritized—are shifting. As AI accelerates the pace of cyberattacks, static controls and annual audits won’t be enough. The defense industrial base is only as strong as its weakest supplier. If organizations want to be resilient, they’ll need to validate their defenses continuously—and extend that mindset beyond their own perimeter.

Conclusion

Whether or not every organization embraces the model Horizon3.ai is proposing, the core message rings true: in a world of persistent, fast-moving threats, visibility is no longer optional. The collaboration between Horizon3.ai and the NSA highlights the importance of public-private partnerships in addressing the evolving cybersecurity landscape. As the threat surface continues to expand, it’s crucial for organizations to prioritize continuous security validation and extend their defenses beyond their own perimeter.

FAQs

Q: What is the main focus of the Horizon3.ai and NSA joint keynote at Black Hat 2025?
A: The main focus is on the evolving cybersecurity landscape and the need for organizations to validate their defenses continuously, particularly in the face of threats targeting smaller defense contractors and suppliers.
Q: How does Horizon3.ai’s autonomous pen-testing platform work?
A: The platform simulates real-world threats across an organization’s environment, surfacing exploitable issues before an attacker can, and runs continuously to provide a telemetry advantage.
Q: What is the significance of the NSA’s participation in the joint keynote?
A: The NSA’s participation reflects a broader trend of traditional agencies working with newer, faster-moving companies to solve complex challenges that span both sectors, and highlights the importance of public-private partnerships in addressing cybersecurity threats.
Q: What is FixOps, and how does it simplify the workflow of remediation?
A: FixOps is a closed-loop process for identifying and remediating security issues with automation, using Model Context Protocol servers to let users query security issues in plain language, simplifying the workflow of remediation.