RSAC 2025

RSAC 2025: The Top 10 Innovation Sandbox Finalists

A look at who RSAC 2025's Innovation Sandbox Finalists are.

Last updated on Apr 28, 2025
Joel Witts
Written by Joel Witts
RSAC Innovation Sandbox 2025

RSAC’s Innovation Sandbox kicks off in San Francisco this week – who are the finalists this year? and what are they bringing to the cybersecurity market?

The RSAC Conference Innovation Sandbox – celebrating its 20th anniversary this year – gives 10 cutting-edge cybersecurity innovators the chance to pitch their company to a panel of judges in three minutes or less.

The contest has been running for 18 years, with past winners including Imperva, Wiz, SentinelOne, and Hidden Layer. This year, the competition has ramped up, with each of the top 10 finalists receiving a $5 million USD investment.

“The RSAC™ Innovation Sandbox contest is an unparalleled opportunity for both the industry and the founder to highlight industry-changing solutions, companies, and entrepreneurs,” Cecilia Marinier, Vice President, Innovation & Scholars, RSAC told Expert Insights.

“This year’s Top 10 Finalists were perhaps the strongest we’ve seen yet in this contest as we saw a 40% increase in submissions for 2025, and I am beyond excited for our attendees to learn more about their innovative ideas and solutions on April 28.”

Let’s meet this year’s Top 10 finalists. We’ll provide an overview, and a quote from each company on why they were selected.

Aurascape

  • Overview: Aurascape is an AI-native cybersecurity platform that safeguards enterprise AI adoption. Aurascape delivers real-time visibility and protection across thousands of AI applications, preventing data leaks, ensuring compliance, and blocking AI-driven threats while minimizing disruption.
  • Key Quote: “By choosing to build enterprise-grade, real-time security for AI, we took on an ambitious task. The accomplished engineering and product team at Aurascape is up to this task, and we look forward to sharing what we’ve built.” –– Moinul Khan, CEO and Co-Founder of Aurascape

CalypsoAI

  • Overview: As the enterprise AI stack evolves and securing inference becomes central to trust, governance, and scale, CalypsoAI has proven to be a leader in securing AI at the inference layer. Enterprises are moving beyond experimentation and deploying AI across core workflows, opening a new security frontier. These systems influence decisions, interact with other internal tools and operate at scale – often without visibility or control at runtime.
  • Key Quote: “CalypsoAI uses AI and purpose-built agents to secure inference – when AI is making real-world decisions that carry risk and impact.” ––  Donnchadh Casey, CEO of CalypsoAI

Command Zero

  • Overview: Command Zero is an AI-assisted cyber investigations platform that transforms security operations. It automates complex investigative workflows, enabling tier-2 and tier-3 analysts to conduct consistent, auditable investigations with real-time insights and automated reporting, addressing the talent gap in cybersecurity.
  • Key Quote: “Deep analysis is inconsistent, slow, and highly dependent on the processor. We are building Command Zero ecosystem to allow every analyst to ask questions on every system within the environment.” — Dov Yoran, Co-Founder and CEO of CommandZero

EQTY Lab

  • Websitehttps://www.eqtylab.io
  • Overview: EQTY Lab is an AI governance platform that ensures trusted AI development. Its AI Integrity Suite uses advanced cryptography and federated systems to provide verifiable provenance, governance, and auditable records for AI data, models, and agents, enabling secure and compliant AI deployment across enterprises.
  • Key Quote: “We need to fundamentally restructure trust and bring it to the AI agent. We can trust the agent because you can know its lineage.” — Jonathan Dotan, Founder of EQTY Lab

Knostic

  • Overview: Knostic is focused on enterprise AI security, providing the world’s first need-to-know access controls for Large Language Models (LLMs). Knostic prevents data leakage and oversharing in AI tools like Microsoft 365 Copilot and Glean by dynamically tailoring responses to users’ access levels. Its Copilot Readiness Assessment identifies and remediates sensitive data exposure, ensuring secure AI adoption.
  • Key Quote: “LLMs don’t know how to keep a secret. Knostic stops LLM oversharing and enables wide-scale enterprise adoption of enterprise-level search engines such as Copilot, Gemini, and Glean.” –– Gadi Evron, Co-Founder & CEO of Knostic

Metalware

  • Overview: Metalware provides firmware security for critical infrastructure. It offers an automated, end-to-end firmware fuzzing solution that proactively detects and remediates vulnerabilities in embedded systems. Metalware’s intelligent binary fuzzer identifies zero-day vulnerabilities before deployment, ensuring robust, secure, and compliant hardware products.
  • Key Quote: Metalware was selected for two reasons: “Our novel insights and non-traditional background, and the current industry relevance of critical infrastructure due to geopolitics, potential war, supply chain instability, rise in firmware attacks, etc.” ––  Ryan Chow, Co-Founder & CEO of Metalware

MIND

  • Overview: MIND is the first data security platform that puts DLP and insider risk management programs on autopilot to stop data leaks. MIND was built from the ground up to unify both posture and prevention, protecting sensitive data at rest, in motion, and in use. 
  • Key Quote: “With our MIND AI multi-layer classification engine, real-time detection and automated prevention and remediation capabilities, we give enterprises a smarter, faster way to protect what matters most – with less complexity and fewer resources.” –– Eran Barak, Co-Founder and CEO of MIND

ProjectDiscovery

  • Overview:  ProjectDiscovery specializes in vulnerability management and attack surface discovery. Its flagship tool, Nuclei, is a fast, customizable vulnerability scanner that leverages a global security community to detect exploitable vulnerabilities in real-time across websites, APIs, cloud environments, and networks.
  • Key Quote: “Traditional scanners rely on version matching, generating tons of noise, Nuclei thinks like an attacker, using YAML templates to determine what’s actually exploitable.” — Andy Cao, COO at ProjectDiscovery.

Smallstep

  • Overview: Smallstep ensures only company-owned devices can access sensitive resources. Co-developers of ACME Device Attestation with Google and Apple, Smallstep’s Device Identity Platform solves the “other half” of Zero Trust by securing Wi-Fi, VPNs, ZTNA, SaaS apps, and cloud APIs with hardware-bound credentials.
  • Key Quote: “Device identity is literally half of Zero Trust.” –– Mike Malone, CEO & Founder of Smallstep

Twine Security

  • Overview: Twine is a cybersecurity startup founded in 2024 that develops AI-powered digital employees to address the cybersecurity talent gap. Its first digital employee, Alex, automates Identity and Access Management (IAM) tasks, proactively resolving issues in complex environments.
  • Key Quote: “Cyber teams simply have too much on their plate. That’s why we are equipping them with AI Digital Employees who execute tasks from A to Z and help close the industry’s talent gap. We are building trustworthy Agentic AI professionals who work to understand and execute tasks just like your best employee would, no matter your organization’s data readiness state.” –– Benny Porat, Co-Founder and CEO of Twine Security

The Results

After the judges had asked their questions, they deliberated the merits of each company, wanting to find the one that showed great innovation, go-to-market strategy, a great team, and a compelling need. In short, the solution with most potential.

They narrowed the ten companies down to two, even this decision was not an easy one. These companies were CalypsoAI and ProjectDiscovery.

The winner announced that the winner of the 20th RSAC 2025 Innovation Sandbox was ProjectDiscovery.

The judges explained that this year was the hardest yet, with a 40% increase in entries and their desire to pick a top 3 rather than a top 2. In their explanation of the top solutions, the judges spoke of the ambition, the scope, and the innovative solution.

Every company that made the top 10 were awarded $5M, giving each of the companies a route to growth.

Looking for more RSAC 2025 coverage?

The Expert Insights team will be live at RSAC 2025 bringing you insights that matter to your business. 

For more of our coverage, subscribe to Decrypted, our cybersecurity newsletter.

This field is for validation purposes and should be left unchanged.
Written By Written By
Joel Witts
Joel Witts

Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.