WhoisXML API Joins Code Blue 2025 in Tokyo
Earlier this month, the global cybersecurity community converged in Tokyo, Japan, for Code Blue 2025. WhoisXML API was proud to be part of the conversation, represented by our top executives: Jonathan Zhang (CEO), Ed Gibbs (Vice President of Research), and Ching Chao (Head of APAC and Global Partnerships).
Running from November 16–19, 2025, the event kicked off with two days of intensive, specialized training sessions—covering everything from attacking and defending AI agents to advanced IDA decompiler skills—before diving into the main conference tracks.
Joining hundreds of fellow experts, our team gained important insights into the evolving threat landscape. Here is a recap of the key themes and significant research presented at Code Blue 2025.
AI and Autonomous Security
A dominant theme this year was the double-edged sword of artificial intelligence. The discussions moved beyond automation and focused heavily on agentic AI, systems capable of autonomous decision-making in both offensive and defensive capacities.
In his keynote, "The Hacker Path to Autonomy," David Brumley explored areas where AI already surpasses human ability to discover, exploit, and patch vulnerabilities. He shared a future outlook on automatically checking and protecting systems, which suggests that the only defense against autonomous AI attackers is autonomous AI defenders that can patch systems faster than humans.
Supporting this theory were technical sessions like "Practical Automation of Penetration Testing with Agentic AI." Speakers demonstrated multi-agent systems tested against real-world simulations and standard hacker training grounds like HackTheBox, proving that AI-driven offense is effective.
However, the future isn't entirely devoid of human input. Takahiro Kakumaru proposed a coexistence model in which AI agents handle the massive volume of data correlation and triage, while human analysts act as strategic supervisors, verifying the AI’s logic rather than getting bogged down in raw investigation.
In this coexistence model, AI is viewed as an extension of human thinking, which resonates deeply with WhoisXML API’s development roadmaps. Our MCP Server and domain intelligence AI assistant, Jake AI, are designed on this very principle: leveraging AI to process massive amounts of threat intelligence data and empowering human analysts to make faster and more informed strategic decisions.
Strategic Analysis of Cybercrimes
Several sessions at Code Blue provided deep dives into specific criminal tactics and group behaviors to help defenders anticipate future attacks.
The business of synthetic media was exposed in "The Deepfake Supply Chain." Researchers analyzed the entire lifecycle of these attacks, demonstrating how cybercriminals monetize deepfakes from initial OSINT collection all the way to fraud and extortion. The session also offered a comprehensive defense framework, including content authenticity infrastructure (C2PA), security engineering controls, and organizational playbooks for handling executive impersonation.
Another session analyzed the state-sponsored "FINALDRAFT" backdoor and provided technical insights for security operations centers (SOCs). Researchers detailed the malware's evolution, its modules for lateral movement, and its recent activities and Tactics, Techniques, and Procedures (TTPs), which included obfuscation techniques and open-source offensive security tools.
Embedded and Hardware Hacking
Some of the most alarming presentations reminded attendees that cybersecurity is not just about protecting data in the cloud; it’s about protecting the physical devices we rely on daily.
Hands-on demonstrations revealed critical vulnerabilities across several sectors:
- Automotive: The "JVC Kenwood Pwn2Own Automotive 2025 Deep Dive" showed how seemingly minor flaws in a common car component could be chained together to gain complete control over that component. Another workshop showed attendees how to eavesdrop on and inject messages into CAN and LIN buses—the internal networks controlling everything from steering to braking.
- Medical devices: In a shocking and technically deep presentation, "When X-Rays Become Hacker Weapons," researchers demonstrated how altering the format of a standard medical image file (like an X-ray or CT scan) could trigger severe bugs in the hospital software used to view, store, and transmit those images.
- Maritime: The talk "Don’t Ship Your Bridges!" explored wireless attack surfaces in marine navigation systems, specifically targeting the Automatic Identification System (AIS) that ships use to avoid collisions at sea.
About WhoisXML API
WhoisXML API is a seasoned OEM data provider, specializing in delivering well-parsed, normalized, and comprehensive WHOIS, IP, and DNS intelligence. With more than 15 years of industry experience, we have amassed a vast repository of data, encompassing more than 25.5 billion historical WHOIS records, 50+ billion hostnames, 116+ billion DNS records, 10.5+ million IP netblocks, and 99.5% coverage of active IPv4 and IPv6 addresses.
We offer a wide range of domain, DNS, and other Internet intelligence solutions delivered via comprehensive databases, secure APIs, and intuitive web GUIs. Regardless of the consumption model, our intelligence serves as a robust foundation for leading cybersecurity products and services, with products like predictive threat intelligence data feeds leveraging AI predictive analytics capabilities and domain telemetry to enable organizations to detect potential malicious web properties early.
Trusted by more than 52,000 satisfied customers spanning cybersecurity, marketing, law enforcement, e-commerce, and financial services, WhoisXML API has consistently been recognized for its rapid growth and innovation, earning multiple accolades as an Inc. 5000 honoree and a Financial Times Top Fastest-Growing Company.