Artificial intelligence dominated as an opening day theme of the RSAC Conference, commanding attention from established security vendors and startups alike.
"AI [has] changed everything," Hugh Thompson, the conference's executive chairman, said in opening remarks for the annual security event. "The way that attackers operate is changing dramatically – the pervasive use of AI, the rapid adoption of AI, the security implications of that, massive changes to what we do, and how we might do it."
Generative AI technologies like ChatGPT, DeepSeek, and Copilot, were the catalyst for the momentum around AI. But AI discussions highlighted at RSA have moved beyond generative AI to agentic AI; application of AI to traditional security domains, especially in the security operations center; AI-driven application security; defending against adversarial attacks on large language models (LLMs); and compliance and governance.
In a keynote, Vasu Jakkal, corporate vice president for security at Microsoft, called agentic AI one of the most exciting inventions of our time due to its ability to "help us achieve rapid competency in not just one domain, but across all."
With that said, Jakkal contended security is a key early adoption area for AI. "I do fundamentally believe AI has the best use case, or definitely the most serious use case, in security," Jakkal said.
In another keynote, Cisco Executive Vice President and Chief Product Officer Jeetu Patel also predicted that security would be a key driver for AI adoption, which he framed as ironic given security practitioners' tendency to put the brakes on new technologies.
"Security is actually getting to be one of the largest accelerators of AI adoption in the market today, and it's actually fascinating to see, because in the past, security used to be an inhibitor for adoption," said Patel, attributing that turn of events to the market need for assurances of safety when it comes to letting AI agents loose inside corporate environments.
To that end, Patel announced that Cisco was releasing its own open source AI model built specifically for security purposes on Monday. "We're using general models out there in the [security] market, and what the security community needs right now is its own AI model," he said. "If you want to solve hard security problems, you want to make sure that those models that are built for solving those problems are purpose-built for security. They aren't the same model that's also used to write poetry."
At the startup end of the market, the annual RSA Innovation Sandbox competition also delivered a heavy dose of AI. Of 10 finalists presenting their elevator pitches to a panel of VC and other industry luminaries Monday morning, seven of the companies had prominent AI components to their businesses.
"We all know agentic is the future," Benny Porat, co-founder and CEO of Twine Security, said in his pitch. Another participant, Eran Barak, co-founder and CEO of MIND, said, "We are currently living in the AI era, which is both inspiring and alarming."
While judges had selected the finalists out of 200 submissions, they also had tough questions for the startups that reflected some of the AI-related issues the security industry is wrestling with.
Of Twine's plan to deploy multiple AI agents for security purposes, Niloofar Razi, operating partner at Capitol Meridian Partners, had concerns. "They say controlling AI is like trying to keep Frankenstein's monster under control," she said. "It's built from a lot of parts and once it's alive it doesn't always do what its creator asked it to. So you guys are planning on launching a lot more agents. Are they going to be intelligent, are they going to learn from each other, and if they are, how do you control the chaos?"
Of a contestant planning to use AI to check on the validity of another AI process, independent researcher Paul Kocher worried about the resource demands that already have major AI providers looking to reopen shuttered nuclear power plants or build new, small reactors.
"If every AI query generates more queries to check whether the inputs and outputs are appropriate, then we just have this infinitely spiraling set of compute costs and power consumption," Kocher said. "Is this really scalable?"
Moinul Khan, co-founder and CEO of Aurascape AI, articulated the bullish attitude shared by many security executives at RSAC.
Asked how much an enterprise would spend on their AI-focused solution relative to their spending on more traditional security technology like firewalls, Khan expressed confidence in the trajectory of the market.
"We are only focusing on AI. But our theory is that in the next couple of years, when AI becomes mainstream, we are going to be much more relevant," Khan said.
Why Microsoft thinks diversity will keep security workers relevant in the age of agentic AI
Microsoft: get used to working with AI-powered "digital colleagues"
RSAC Conference 2025 live: All the latest news and updates
Cisco takes aim at AI security at RSAC with ServiceNow partnership
What to look out for at RSAC Conference 2025
'You need your own bots' to wage war against rogue AI, warns Varonis VP
CrowdStrike CEO: Embrace AI or be crushed by cyber crooks
Microsoft security boss warns AI insecurity 'unprecedented' as tech goes mainstream
APIcalypse Now: Akamai CSO warns of surging attacks and backdoored open source components
AI is changing the game when it comes to cyber security
