The biggest buzzword at the RSAC last week was undoubtedly “Agentic AI,’” but the second word I heard the most was “overwhelming.” Overwhelming is an apt way to describe the experience for the week, which can be best described as part security conference, part festival.
For professionals who have spent a lot of money and time to be in SF, it can be hard to cut through the vendor noise and figure out what lessons there are to learn and how to apply them to your business. If you’ve been at the show for the week, you may find you’ve left with more branded socks than security insights.
Several Expert Insights team members made the trip across from the UK to San Francisco. We spent our time mostly away from the conference floor, either in 1:1 media meeting rooms, attending sessions, or watching panels. This gives us a privileged vantage point at RSAC to oversee the conversations happening in the cybersecurity space as a whole.
We put together a very quick post summarizing our top takeaways in our Decrypted newsletter from last week, but we wanted to share a more detailed overview of what we learned, in the hope there are some takeaways for your business. For more insights, make sure to subscribe to Expert Insights Decrypted:
The Promise Of Agentic AI
“Agentic AI” was the big buzzword of the conference. While many of the people I spoke to did roll their eyes when it came up, there was universal acknowledgement that Agentic AI is going to have a major impact on the cybersecurity space, both in terms of AI for security and security for AI.
Most execs we spoke to were optimistic about the impact Agentic AI could have within security teams and in businesses more broadly. “I do genuinely believe that AI and the models and the GenAI apps and agentic AI will be able to deliver business benefits. If you’re doing any repeated task, it can do better and it can do with more precision,” Akamai’s Rupesh Chokshi, told EI.
There are some processes that can be fully automated by AI. I spoke with a few executives from SentinelOne, who released several updates to their Purple AI solution last week. Ric Smith, President of Product told EI: “For things that you would normally triage as a level one, level two analyst, a lot of that you can just take away.”
Several vendors we spoke to emphasise the need to keep humans in-the-loop to oversee Agentic AI processes. As Proofpoint’s Patrick Joyce put it to me: “You’ll still need people in your SOC, but you’ll have agent-type automations in place that can do things much faster and better in a repetitive way than humans can.”
However, there was also a consensus that, as an industry, we need to innovate safely and securely in the AI space. While that doesn’t necessarily mean introducing more regulations when it comes to AI development, it does mean ensuring the security and integrity of new AI tools being developed. As Darktrace’s Nicole Carignan said in our interview, “As an innovator, I understand the need to run fast, but we must innovate with good data science principles to do it safely, responsibly, ethically, and securely – achieving almost miraculous outcomes while ensuring security is embedded from the start.”
The security and compliance challenges around AI are also significant for businesses; due to the data ownership and privacy challenges with integrating AI into products (who owns the data collected and where does it go once it’s fed into AI systems?) and new attack vectors like prompt engineering.
Boris Logvinsky, VP of Product at compliance provider Vanta, told EI this tension exists with all technologies, and that the best security and compliance officers will “think about business enablement and business growth, and then they think about risk and they think about how to mitigate it. Their job is to think about how to scale and enable their organizations to mature and grow and compete and win, as opposed to being blockers.”
Ultimately, the businesses the advantage in AI will be those with the datasets and budgets to support successful deployment. AI is only as effective as the data that you are able to train it with. We can see a divergence taking place in the industry, with small and mid-sized companies taking much longer to see the benefits of AI within their businesses.
The Threat Landscape – Same Old, Same Old?
The cyber threat landscape is fairly consistent, with the same major challenges around nation-state sponsored attacks, ransomware, phishing, and social engineering.
“The threat landscape doesn’t necessarily change super rapidly,” Google Cloud Security’s Chief Analyst John Hultquist told EI. The top threats John’s team are tracking include state-sponsored social engineering and network edge attacks. There has also been upward trend on zero-day attacks, despite a slight drop over the last 12 months.
The North Korean fake-IT worker trend has also become a significant concern, blurring the line between the traditional role of the security team and other business processes, like HR. “It is just, everywhere. I’m telling you, we have seen situations where two different North Korean IT workers have been competing for the same job. One of my colleagues, Charles Carmichael, will tell you that nearly every CISO he talks to confidentially tells him that they’ve had an incident. It’s unbelievable.”
Attacks are being accelerated by AI, but at the moment AI is benefitting defenders more than adversaries. “I think that the adversary is going to figure out new ways to use AI. And it’s going to help them scale their operations and it’s going to make them better. And I think that we are, whether we like it or not, now in an arms race with them,” Hultquist says.
Where attackers are using AI, it’s mostly to increase the efficiency of their existing attack methods – e.g., by using AI to scrape victims’ social media accounts for personal information to use in targeted spear phishing attempts, or to create phishing emails in multiple languages – rather than to create new, more sophisticated attacks. However, this does present some unique new challenges. One example that Segura’s Joseph Carson gave us was where negotiators in the ransomware space are now finding themselves talking to chatbots instead of humans; instead of relying on empathy to negotiate a ransomware payment, they’re having to find ways to crack the chatbots.
Another key trend in the ransomware space is how Ransomware-as-a-Service is lowering the barrier of entry for prospective attackers, and making previously sophisticated attack methods accessible to virtually anyone with a computer and an internet connection.
Social engineering continues to be the #1 security threat Expert Insights hears about from both vendors and end-customers. The prevalence of phishing scams and social engineering was something that came up in almost every conversation that we had at the conference last week. AI is also accelerating this problem––enabling attackers to build more realistic phishing emails or deepfake voices at scale.
We spoke with Zscaler’s Deepen Desai about their new phishing report, which showed that while the overall rate of phishing is down; targeted attacks continue to rise. “There is definitely a shift happening from volumetric to quality; more targeted spearphishing attacks, more attacks involving bad guys bringing in the current context before they go after an organization. And because they’re able to leverage automation and AI, they’re able to do it fairly accurately, and at scale.”
Innovation In Cybersecurity
We made it a mission to speak with several smaller, more innovative companies at RSAC this year, including all of the “Innovation Sandbox” finalists, which each received a $5 million USD investment from the RSAC team and their partners. The big themes in terms of innovation were around AI, identity shifts, and vulnerability management.
ProjectDiscovery won the title of “most innovative” company in the sandbox competition. They offer an open-sourced vulnerability management platform designed to detect modern security risks, backed by a large global community of security engineers and ethical hackers. The community element is a critical aspect of the product, as Co-Founder and COO Andy Cao told Expert Insights:
“Security started as a community effort. Over the years we moved away from that, but I think the industry is ready to embrace that again. If you look at all of our most critical vulnerabilities, template contributions have come from our community and it’s from people all over the world. It’s just so great to see the community come together because, the sooner we get a detection template, the sooner companies can actually run that and see where they’re exposed or vulnerable.”
MetalWare, another innovation sandbox finalist, boasts an impressive team of engineers and techies coming from companies like SpaceX, helping to run mission-critical hardware. They have built a firmware security company to improve the security posture of these critical industries using their domain expertise and deep understanding of the risks. This is an interesting gap in the security market, where there is a knowledge gap for firmware, hardware, and security. Definitely one to watch.
Zenity also has an impressive story focussing more on the AI space. Founded four years ago, Zenity wanted to tackle the issue of brining security principles and governance to low-code/no-code development. Generative AI has transformed this space, and enabled them to market a platform focussed on securing AI-agents against prompt injections and vulnerabilities.
Another stand-out finalist was Twine Security, a company that’s building AI Digital Assistants to extend the capabilities of in-house security teams. While AI-powered SOC team members already exist, Twine have taken a different approach by making their AI, “Alex”, an expert in all things IAM:
“The risk is huge in the identity space; it’s becoming predominant in almost all cybersecurity programs, and it’s a very difficult challenge to solve because it requires an in-depth level of business knowledge,” Twine’s CEO, Benny Porat told EI. “There are some great tools, but the first-gen tools don’t have the ability to get this knowledge.” At Expert Insights, we’re excited to see Alex’s “family” grow as Twine expands into more areas of cybersecurity.
The final point to highlight is that AI has the potential to be a driving force of innovation in the cybersecurity industry. As Chas Clawson, Sumo Logic’s Field CTO, told EI: “I think you have to broaden your use case for AI. It’s not all about writing code. Start at the very beginning, let AI help you identify a problem, help it build a use case. Can it be monetized? Help it build your marketing plan, help it build the architectural diagrams. This is all happening before you write a single line of code.”
On a similar note, Securonix’s Simon Hunt told EI that the conversations around agentic AI should be focussed on what experiences each tool delivers, rather than how each tool works or simply the ability to write, “We’re using AI!” on your booth on the expo floor.
“With the agentic push we’re in at the moment, we will go through this crazy hype cycle and then there’ll be a trough, but in that trough will be some very useful experiences. Next year, you’ll come to RSAC and it will all be about the experiences and the time-saving and the value that agentic AI creates, not about how the individual pieces of these solutions work.”
The Evolving Role Of The CISO
We had several conversations at RSAC about the evolving role of the CISO (Chief Information Security Officer), which has changed significantly over the last several years. Previously, CISOs were seen as IT leaders focussed on technical security, but increasingly they have a true C-level officer position within organizations, engaging with boards regularly to educate company leaders.
Proofpoint’s Global CISO Patrick Joyce describes CISOs as a business partner rather than a “traffic cop” within the business. The goal of the CISO should be to integrate security with business objectives and “answer every question with ‘Yes… and here’s the most secure way to do it,’” he tells Expert Insights.
The role continues to be very stressful, but this can vary by industry and the support given to the CISO. One of the key strengths of the CISO community continues to be the eco-system of trust between security leaders, Joyce told EI. Even CISOs in highly competitive sectors will continue to work together to share insights and warn of risks like social engineering.
The Expo Floor
The craziness of the expo –floor this year just further highlighted for us how difficult it is for security professionals to find the right solutions to solve their needs.
Part of that was down to some of the more outlandish booth designs and marketing gimmicks. No shade to any marketers out there that feel the pressure to go “bigger and better” each time RSAC comes around, but as an industry we need to be asking ourselves whether, amid the puppy petting pens and giant “Wipeout”-style inflatables, we might be losing the message behind what we’re doing.
Looking For More RSAC Coverage?
You can find more of Expert Insights’ coverage at RSAC 2025 over on our LinkedIn page or in our News Hub.
Make sure to subscribe to Decrypted, our weekly newsletter, get our latest cybersecurity analysis and research directly in your inbox.
