What’s Next For Cybersecurity? 19+ Key Predictions From Security Experts

At the 2025 RSAC Conference in San Francisco, our team met with dozens of industry experts, cybersecurity professionals, and investors to find out more about the biggest security technologies and trends that are impacting your business. 

To help you stay ahead of the game, we asked each of them what their biggest cybersecurity prediction is for the next 12 months—and here’s what they said. 

Looking for more key takeaways from RSAC 2025? The latest edition of Decrypted, our weekly newsletter, is packed with vendor announcements, new research and threat intel, and podcast coverage with unfiltered conversations from top execs and security leaders. Subscribe today:

The Rise Of Agentic AI

The past two years at RSAC saw many experts talking about the power and risk of generative AI, but this year the conversation evolved to focus on use cases for agentic AI. And while lots of vendors are already rolling out AI agents and assistants, the consensus was that there’s still a lot of room for growth in this space.

The clear message? Despite the current security and privacy concerns associated with many systems, agentic AI is here to stay, and organizations need to embrace it or risk falling behind the curve. To give them the confidence to do that, we can expect not only the number of agentic AI tools and use cases to increase, but also a rise in the number of “security for AI” tools on offer.

Key Insights: 

• Ben Kliger, Co-founder, Zenity: “AI agents are not going anywhere. With a lot of macro economic changes going on in the world, companies will look to be more efficient; to have a competitive edge. The way to do it is with adopting the agent. So, I think it’s one of the things that’s going to become more stable in the tech scene.”
• Kara Sprague, CEO of HackerOne: “The life cycle of cybersecurity companies is much shorter than most other tech companies, because the technology that you need to be testing and looking for issues in continues to evolve and change, and the techniques that attackers are using to exploit issues in that technology are also evolving and changing. This is a space where there’s going to continue to be a gap between what the human capability is in finding issues, and what AI is able to do – and that will perpetuate for quite some time, possibly even indefinitely.”
• Simon Hunt, Chief Product Officer at Securonix: “With the agentic push we’re in at the moment, we will go through this crazy hype cycle and then there’ll be a trough, but in that trough will be some very useful experiences. Next year, you’ll come to RSAC and it will all be about the experiences and the time-saving and the value that agentic AI creates, not about how the individual pieces of these solutions work.”
• Nicole Carignan, SVP of Security & AI Strategy and Field CISO at Darktrace: “We’re already almost there with a fully autonomous SOC analyst. Humans are always still going to be a part of it, but their roles are going to drastically change, and that’s really exciting. AI will offload SOC level one and two triaging, allowing humans to focus on strategic remediation, level three threat hunting, or proactive cyber resiliency tasks that have a bigger impact on risk reduction, especially as threat actors innovate with AI unsafely and unethically.”
• Yogesh Badwe, CSO at Druva: “We’re seeing more industry standardization in the agentic AI space; the momentum is there with this industry adoption of the same protocol, the same standard, and the same way to do things. Because of that, by the end of this year, we are going to start seeing a lot of agents being deployed in enterprises, and multiple agents talking to multiple source data systems to provide a lot of value to companies.”
• Deepen Desai – Chief Security Officer at Zscaler: “Last year, we weren’t talking about a lot of agentic stuff. This year is all about agentic, and we’re going to see more and more development and innovation over the next few months and years.”

AI In The Hands Of The Adversary

Whatever tools the defenders use, the attackers are using too. And just as white hats are using AI to improve the efficiency and effectiveness of their defense operations, so are cybercriminals using it to improve their attacks—and this is something that we should expect more of. 

However, this “arms race” isn’t new, and it’s not just limited to AI—it’s a story as old as the internet itself. And, as with all other technologies that the black hats are using, it’s up to us to come together as a community to stay ahead of the adversary.

Key Insights:

• Rachel Jin, CTO at Trend Micro: “AI will definitely help hackers to improve their productivity, and also improve the quality of their attacks. But it’s not all bad, because we are also leveraging AI! It’s always like this: attackers evolve using some new technology, and we just need to be better than them. The collaboration within the cybersecurity community is one way for us to achieve that.”
• Donnchadh Casey, CEO at CalypsoAI: “AI is a new surface through which a company can be attacked. New kinds of threat vectors exist now and are evolving all the time at a very rapid pace, probably a more rapid pace than we’ve ever seen before. At the same time, there’s a lot of sensitive data flowing to and from these applications, and that’s only going to be further increased with agents.”
• Deepen Desai – Chief Security Officer at Zscaler: “Bad guys are already using AI to do a lot of their activity, whether it’s phishing, malware generation, exploitation, recon activity, or post-infection activity.”
• Rupesh Chokshi, SVP & GM of Application Security at Akamai: “A lot of use cases are coming up with agentic AI. The industry as a whole is going to struggle a little bit, because how do you figure out if there’s a good agentic or bad agentic? The intensity is going to increase, and a lot of it is happening at a massive speed.”
• Patrick Joyce, Global Resident CISO at Proofpoint: “We need to think about how they’ve been deployed, how they’re being used, how information is being educated, how systems are being informed and trained. And security around the models themselves—the change control around it, how is it managed, not just initially, but every second that it operates—is going to have to dramatically improve.”

Governance And Guardrails

A key question we had at the show was whether the rapid pace of innovation in the agentic AI space could lead to the development of unsecure or vulnerable machine learning models and agentic AI systems and, if so, whether the industry needs more governance or guardrails in place to protect end users against those risks. 

For the most part, out experts were against official regulation when it came to agentic AI, but saw the need for more internal governance and security standards within the industry in the near future. 

Key Insights:

• Sounil Yu, Co-Founder/CTO at Knostic: “We’re at a stage where the machine is going to do decision making. And of course, there are a lot of things that could possibly go wrong. We need to very quickly come up with the right decision-making guardrails, and ‘need to know’ is part of those decision-making guardrails.”
• Boris Logvinsky, VP of Product at Vanta: “In Europe, you’re going to continue to see regulation, whether those are laws that are forced onto folks through government legislation, or just through businesses optimizing for what they need in order to be successful.”

Tech-Specific Innovation

While AI was one of the hottest topics at the show, it wasn’t the only topic of discussion; we also heard a lot about the evolving ransomware ecosystem and what organizations need to be doing today to prepare for the arrival of “Q-Day”. 

But perhaps the second-biggest discussion piece was around identity and access security. 

With the rise of AI-powered deepfakes and fraud attempts, we’re seeing more need than ever before for organizations to make the switch from passwords to more secure methods of authentication, such as Passkeys—and many experts were optimistic that this space will see a lot of adoption over the next year. 

Key Insights:

• Andrew Shikiar, Executive Director and CEO of the FIDO Alliance: “We’re going to see Passkey deployment continue to grow in regulated industries. That’s really important, because addressing the higher assurance use cases and taking passwords out of play there will give greater confidence for more and more companies to deploy Passkeys at scale, which will further accelerate our journey towards putting passwords fully in the rear-view mirror.”
• Patrick Wardrop, Head of Identity & Access Management at IBM: “One of my personal missions this year is to get a higher adoption of Passkeys internally, as well as with our clients. That involves sharing the education that we’ve built for our employees, our workforce, and our customers; making sure users know that this is available, how it works. It also comes down to ‘nudging’ people to use it: making sure it’s the first authentication method that you get to select on the screen; if someone’s using a password, they always get a two-factor authentication; when they’re resetting their password, letting them know they don’t have to do that resetting if they use a Passkey.”
• Jason Keenaghan, Director of Product Management, IAM at Thales: “Initially, a lot of deepfakes were happening on the mobile channel specifically, because there are lots of tools that are readily available on App Stores to go and create these deepfakes. So, as vendors, we put a major emphasis on locking down those channels. So now, they’re starting to be experiment back towards desktops and other devices, and trying to find other paths.”

Nation State Activity

In terms of the impact of nation state activity on the cybersecurity landscape, we heard from ESET’s Director of Threat Intelligence, Jean-Ian Boutin, about how the line is continuing to blur between cybercrime and state-organized operations, particularly amongst Russia-, Chine-,  and North Korea-aligned threat actor groups who are using not only espionage tactics, but also sabotage tactics that target other nations’ infrastructure, government, and finance sectors. 

In terms of what the future might look like for attacks at this level, we also heard some insightful predictions. 

Key Insights:

• Joseph Carson, Chief Security Researcher: “One of the things that a lot of people aren’t talking about is the potential of a peace deal with Ukraine and Russia. Sanctions play a big part in ransomware resilience; previously, they’ve led attackers to target countries that didn’t have sanctions in place, such as Central and South America and Africa. And because those countries don’t have as much money, the value of cryptocurrency payments for the ransom was reduced—but you also saw the rise of affiliates and RaaS. So, sanctions have played a massive part in ransomware crime. And I’m concerned that, over the next couple of months, if the sanctions are lifted, then ransomware might see a massive increase that we’re not ready for.”

A Renewed Sense Of Community

The final predication we heard was that, amid all the new areas of innovation, impactful landscape trends, and evolving adversary tactics, we can expect the sense of community between cybersecurity vendors, professionals, and investors to continue to grow. 
Key Insights: 

• Darren Shou, Chief Strategy Officer at RSAC: “Success today, tomorrow, a year, and 10 years from now is the same. A rising tide rises all ships, and this is what we can do in cybersecurity. Adversaries are adapting quickly; they’re getting the same tools as the defenders, so we have to be constantly vigilant. Individually we are strong, but together, I think we might actually be unstoppable.”
• Simon Hunt, Chief Product Officer at Securonix: “Every competitor to a cybersecurity company is a cybercriminal. Sure, security companies compete with each other for dollars, but if one of us wins, we win as a society.”
• Andy Cao, Co-Founder and COO at ProjectDiscovery: “Security started as a community effort. Over the years we moved away from that, but I think the industry is ready to embrace that again.”
• Patrick Joyce, Global CISO at Proofpoint: “What I see, and it just gets stronger and stronger, is that ecosystem of trust among security professionals. Because they’re all protecting against anarchy, relative to security.”

Looking For More RSAC Coverage?

You can find more of Expert Insights’ coverage at RSAC 2025 over on our LinkedIn page or in our News Hub. Make sure to subscribe to Decrypted, our cybersecurity newsletter, to keep up-to-date with the latest cybersecurity news and analysis.

🔍 About Expert Insights

Expert Insights saves you time and hassle by rigorously analyzing cybersecurity solutions and cutting through the hype to deliver clear, actionable shortlists. 

We specialize in cybersecurity. So, our focus is sharper, our knowledge is deeper, and our insights are better. What’s more, our advice is completely impartial.

In a world saturated with information, we exist to arm experts with the insights they need to protect their organization.

That’s why over 1 million businesses have used us to inform their cybersecurity research.

Expert Insights’ Cybersecurity Resources

• The Top RMM Solutions For MSPs
• The Top Mobile Device Management (MDM) Solutions
• The Top Email Security Solutions For Office 365
• The Top Email Security Gateways
• The Top Multi-Factor Authentication (MFA) Solutions For Business
• The Top Phishing Protection Solutions
• The Top Cyber Threat Intelligence Solutions