RSAC Conference 2025 live: All the latest news and updates

For now, that's the day-one keynote over and RSAC Conference 2025 truly underway. Stay tuned throughout the week for the very latest from all the keynote sessions, as well as detailed analysis on the biggest announcement and what it all means for IT leaders.

Vasu Jakkal, corporate vice president, Microsoft Security, is now rounding the session off with a detailed look at how agentic AI will impact security – which we'll be covering tomorrow in detail with a dedicated piece on ITPro.

"And winning is not that we're going to eradicate crime, but the win is by working together we become more robust and agile to withstand these kinds of attacks. Whether you're on the vendor side, or in the frontlines of your own organization, you are a part of that resilience."

"When we know who's targeting us and how they operate, we gain the clarity to fight back," Fokker says, adding that by bringing adversaries into the light as a community, these criminals can be more effectively taken down.

Fokker rounds his talk out by bringing it back to Thompson's theme of collaboration, describing how it takes a full community to form these maps. Together, he says, cybersecurity professionals can critically undermine these threat groups.

"According to the pyramid of pain, TTPs sit at the top – it's the most difficult to change for a threat actor. Once we've mapped out their playbook, any code tweaks, quick rebrands, won't mask their underlying behavior.

"Once we know how they operate at the TTP level, we can spot them the moment they launch the next offensive – and that's where we hold the real power."

Black Basta will rebrand down the line, Fokker says, but the cybersecurity community gets stronger every time it identifies their tactics, techniques, and procedures (TTPs).

"A reliable decryption process is fundamental to their business model," Fokker explains, with Black Basta forced to resort to threatening to expose public data for profit – and failing.

The important thing to remember, Fokker says, is these groups are beatable at their own game because they're only human. He points to Black Basta's major attack on a US healthcare provider in 2024, which spiralled out of the group's control and left it unable to decrypt the data.

"If cybercrime were a legitimate industry, it would be the world's third-largest economy," he says, with cybercriminals set to generate more than $10 trillion this year.

The motivation isn't just political, but financial, Fokker adds.

Numerous companies, he says, offer intrusive services for nation states and this undermines the worldwide security landscape.

Leaked conversations showed Oleg had claimed he was able to escape law enforcement in Armenia due to close ties with a high-ranking government official, Fokker explains. He adds that this isn't an isolated incident, as Conti and EvilCorp have shown similarly strong connections between governments and cyber gangs.

More notably, Fokker says they were able to identify 'GG', the group's leader, as an individual named Oleg who is wanted by the FBI. He adds that Oleg used to be a member of the Conti group under the alias 'Tramp'.

"They worked in a normal office building, they had an HR department, a vacation policy, scheduled work hours, entry-level employees, middle managers, C-suite," Fokker says. He adds that his team were even able to identify the location of the Black Basta cafeteria within the Moscow HQ: the first and third floors.

To give an even more recent example, Fokker talks about a recent leak on Telegram that Trellix dubbed 'The Panama Papers of ransomware'. It concerned the Black Basta group, with chats demonstrating a clear link between the ransomware group and a government.

Nation states are using companies as proxies, he says, as in the recent case of Salt Typhoon.

We're moving into the meat of Fokker's talk now, as he explains the lines are blurring between hacktivists, cyber criminals, state-sponsored groups.

Fokker also says that while AI attacks are interesting to focus on, attackers always prefer easy attacks against poorly-defended victims. Ransomware, he says, is another name for the very old crime extortion.

"So often we forget these cybercriminals are real people and it's tempting to anonymize threats, give them elaborate names for research purposes, but really they're just bad people with regular names sitting behind a keyboard."

While attendees will hear lots of new announcements surrounding products and services over the course of RSAC Conference 2025, Fokker also says the audience should remember what they're doing: protecting organizations.

In his current role, Fokker says his goal remains the same: "To give bad people a bad day."

Fokker begins by explaining how he used to be an officer in the Dutch National High-Tech Crime Unit, with the audience just having seen footage he shot of a raid on CTB ransomware group threat actors.

Cyber attacks don't just come from nowhere – they're launched by hacking groups and many are launched by nation states. Here to tell us more is John Fokker, head of threat intelligence at Trellix.

Cisco believes the sector is headed toward what it calls 'Super Intelligent Security', in which human workers, AI models, and AI agents collaborate to massively improve defenses.

In the future, Patel suggests agents will be able to work together to detect and prevent breaches, massively driving down the cost of sophisticated security.

Patel describes an example situation in which a SOC operator receives a wave of cybersecurity alerts and the Foundation AI Security Model and associated agents are able to identify the attack methodology, produce a confidence and severity score, complete further investigation, and produce a compliance report.

The 8-billion-parameter model has been trained for efficiency and fine-tuning, with Patel adding that it can run on one or two Nvidia A100 GPUs. The model and its tooling will also be made open source, with the intention of empowering the cybersecurity community to band together against adversaries.

The first reason for this is that AI is still too general, Patel states, with more security specialization needed. He says Cisco's Foundation AI Research Lab is a step toward this and announces the release of a new Foundation AI Security Model.

Overall, Patel says, AI in security is slower than in other industries.

"There's about 3,500 vendors in this market, no one owns more than ten to twelve percent of the market, on average people have between 50-70 products within theri cybersecurity stack – and the complexity is untenable."

Finally, the complexity of the security landscape is a challenge in and of itself, Patel says.

The next is alert fatigue, which can overwhelm security teams and make finding the signal from the noise very difficult.

The first of these is skill shortages.

"Very few security practitioners worry about AI taking their job," Patel says. "What they worry about is 'If I don't have AI, will I be able to do my job effectively at scale, given the volume of attacks which I'm expected to go out and deal with with the same level of spend?'"

Going back to using AI for security, to adopt more autonomous defenses, Patel says there are still three key challenges,

All of this means security is accelerating, not inhibiting, AI adoption, as leaders demand sufficient controls are put in place for adopting AI safely. Patel explains that this is a massive shift, as security teams used to be regarded as blockers for adoption of new technologies – fuelling a false choice between productivity or security.

"It's going to be irresponsible in the future for application developers to not use something like this, so that they can make sure that they've consistently applied security and safety across every single one of these models."

"You need to have a common substrate of security that goes across every model, every agent, every application, across every cloud," he says.

AI model developers are already putting guardrails in place but each is inconsistent with the last, Patel says.

Patel says validation has to happen at machine scale for AI models – explaining that human red-teaming just won't live up to the task. For example, a user can jailbreak models using abstract prompts but these are easier to discover at algorithmic scale.

The third, run-time enforcement, means establishing guardrails that can operate at the level of responsiveness necessary to rein in potentially risky AI.

To achieve this, Patel says organizations must focus on visibility, validation, and run-time enforcement. The first two focus on monitoring models and confirming that they're not operating in a risky manner.

On the latter, Patel says human-scale defense activity will "no longer be sufficient when the attacks are happening at machine scale". But first we're honing in on securing AI itself.

He says leaders must focus on securing AI and using AI for security.

Enterprises have spent the past few years pursuing greater fine-tuning of foundation models to tailor them to their unique organizational data and style. But Patel says this makes models three times more susceptible to jailbreaks and 22 times more likely to output harmful responses.

As a practical example of the latter, Patel points to a recent Cisco study that found DeepSeek could be jailbroken 100% of the time using malicious techniques, compared to just 26% of the time with OpenAI's models.

On safety, Patel questions whether issues such as AI hallucinations and toxicity can affect our trust in AI-powered apps. On security, he suggests that external attacks on models could affect their behavior.

This AI model layer contains many models, which are "non-deterministic" meaning it can't be reliably predicted. Patel says this inherently opens organizations to risks, in the categories of AI safety and AI security.

Complexity is the main reason for this, Patel says. Infrastructure used to be three-tiered, with infrastructure, data, and application topped with a presentation layer, he explains, but AI has inserted a 'model layer'.

"This is going to come with a whole new class of risks that we've never seen before, that we have to make sure we actually mitigate ourselves against," Patel says, adding that AI will be the hardest challenge in the past 30 years of cybersecurity.

Patel says that the world population of eight billion people will feel more like it has a throughput capacity of eighty billion as a result – bringing all kinds of challenges along with it.

One of the biggest shifts in the coming years, Patel says, will be the "huge augmentation of robots, of AI agents, of humanoids, of AI apps".

But cybersecurity is also getting more difficult because AI is changing the whole landscape, he says.

"If you look at what's happening right now within the world, the body of work that each and every one of the security practitioners in this room and beyond are doing is so phenomenally important," Patel says, adding that cybersecurity organizations and are shorting up national security and helping human safety overall.

We're now hearing from Jeetu Patel, EVP and chief product officer at Cisco,

And with that, Thompson takes his leave from the main stage.

"I ask you as you approach this week: what can you give to this community and how can you learn more from the incredibly dedicated folks that are in this room?"

Emphasizing the bonds that form when people are open to exchange, he challenges the RSAC community to become even stronger.

"There is not one single person that you can't learn something new from," he says.

For his parting words, Thompson once again implores the audience to be more Bayesian.

The first of these is primarily AI-driven application security, with "practical" adversarial attacks on LLMs also predicted to be a big worry for next year.

Using Cybersecurity Atlas, RSAC has also been able to make a prediction for the biggest topics of 2026.

The application of AI for traditional security domains – particularly how AI will integrate in the security operations center (SOC) – is also a major topic, Thompson adds.

It's a topic ripe for discussion. Thompson says there will be sessions on agentic AI identity, governance, and traceability throughout the week.

The number one term "by far" across all the data was agentic AI, Thompson says, with this and autonomous security systems set to be a major focus throughout the conference.

To show what means, Thompson gestures to a display with three blue circles representing AI in the years pre-LLMs. In contrast, the updated view for AI shows a cluster of circles, representing the technology's penetration throughout all areas of cybersecurity.

This shows the relative importance of any given trend to cybersecurity workers, with color-coding.

RSAC has also, Thompson says, worked with a team of data scientists to develop a tool called 'Cybersecurity Atlas'.

"We have developed, based on what you told us, a first version of a community platform. Something we think can help you connect with others and learn all throughout the year," he says.

RSAC has been on an evolutionary journey, Thompson adds, and has given a lot of thought to how the months in between each event can best be used.

To illustrate his point, Thompson gets audience members who have never attended this event before to stand, then those who are veterans – first those who have attended at least five, then at least fifteen, RSAC conferences.

Thompson wants attendees to approach the conference as a Bayesian. He urges audience members to interact and use the opportunity to meet peers from all walks of cyber, across various sub-disciplines and verticals.

"Often, when they talk to somebody, they get changed in the exchange – and the other person gets changed too. And I think this is a fascinating mindset to approach RSAC conference, be open to change," he says.

The point of this, Thompson says, is to be open to change.

A bayesian looking for the odds of a green M&M, he says, would survey a few bags and then go around asking people if they remember the color of the first M&M they pulled out of the last packet they had.

Bayesian statisticians, on the other hand, are willing to accept change and even the fact that their original hypothesis could be wrong, Thompson explains.

To give a practical example, Thompson describes an experiment he conducted along with his children – to figure out the odds of pulling a green M&M out of any given packet. Frequentists would survey thousands of bags, he says, to get to the odds.

The first kind of statistician that Thompson is focusing on is 'frequentists', those folks who really enjoy counting things, making a record of events over a long period of time.

At this year's event, there will be more than 400 educational sessions – not to mention the enormous expo hall – and Thompson acknowledges that this can be difficult to navigate. To help the audience through it, he’s now leading us all on a tour through the “world of statisticians”.

"It is incredible to see the power than can happen when you bring this group of human being together," he adds.

“We convene because we need each other,” Thompson says.

“We convene because we need to learn from each other, we convene because we need to calibrate with each other.”

It’s the 34th year of the conference, he says, with more than 44,000 attendees onsite at the Moscone Center.

Thompson wants the community to consider how they can "operate with purpose", as well as how defenses can be maintained in the midst of great change.

"So much is changing., The way that attackers operate is changing dramatically – the pervasive use of AI, the rapid adoption of AI, the security implications of that."

"There has never been a more important time for us to come together as a community," Thompson says.

Moving on, Thompson pays tribute to the range of companies and entrepreneurs who took part in its Innovation Sandbox competition. And that's all just day one, he says, with a packed schedule to look forward to in the week ahead.

Thompson says the New York Times Stock Exchange flew its opening bell over to RSAC, so it could ring in the start of the conference at 6:30am.

"In these times, that's the message that we need: community. It's what makes us strong in cybersecurity. It's community," Thompson begins.

Common has left the stage – and we're back to regular programming with Hugh Thompson, executive charman & RSAC conference program committee chair at RSAC, taking to the stage.

"As we go on and on, you know this conference is going to peak and change things," he says.

"Thank you for your cybersecurity, from your hearts I can feel the purity."

This has become a rap about the cybersecurity community, with Common saying the cyber professionals in the audience have been through "digital fires" to reach "gold" outcomes.

Common says that great things, growth, and a step toward a better world is possible when people come together.

"I don't want to skip over the notion that community is a way of life," he says, paying a lyrical tribute to the RSAC cybersecurity community.

"I know a lot of people don't know what exactly all you people do," he says, acknowledging the service that cybersecurity professionals provide to wider society.

As a surprise, the award-winning musician Common has taken to the stage.

And we're off, with a montage showing the challenge facing security professionals and how cybersecurity professionals are brought together via RSAC.

We're just a few minutes away now from the opening keynote, with Hugh Thompson set to take to the stage.

We've already had some RSAC news out today from Cisco and ServiceNow, in the form of a new AI security partnership. With the opening keynote centered around working together to improve the overall cybersecurity landscape, it's a timely announcement.

While we're waiting for the keynote to begin, it's worth looking at some of the key themes for RSAC Conference 2025. I covered these in my pre-conference analysis piece here:

• What to look out for at RSAC Conference 2025

It's just a few hours to go until the first keynote, which begins with a session titled 'Cybersecurity Together', led by Thompson (as outlined in the introductory paragraph above).

In this session, we're expecting to hear about how cybersecurity collaboration can accelerate knowledge sharing, advance research, and expand the cyber industry.