AI still dominates but the conversation has matured
Unsurprisingly, AI remained a hot topic. But unlike last year—when it felt like every booth simply slapped a "Powered by AI" sticker onto their product—this year’s focus shifted to deploying AI safely and protecting AI systems themselves.
One of the most visible trends was the rise of agentic AI, especially with the growing integration of Model Context Protocol (MCP). Two categories stood out with their advances in that area, but I’m sure many will follow this year.
- Agentic vulnerability scanners that can now perform basic penetration tests autonomously.
- SOC automation agents that help reduce alert fatigue by filtering noise, performing triage and prioritizing critical incidents.
We're seeing a clear evolution: security platforms are becoming smarter, more integrated, and increasingly autonomous. But these advancements depend heavily on data visibility and trust—because a blind AI is no better than no AI at all.
My Top 5 Takeaways from RSA 2025
Here are the five most talked-about topics this year—from my point of view.
🧠 Securing AI
The focus is shifting from simply using AI to ensuring that models are protected, responsibly managed, and auditable. Topics like A2A security, MCP hardening, and “Shadow AI” governance are gaining momentum.
🔐 Non-human identities
API keys, service accounts, and machine-to-machine (M2M) interactions are under scrutiny. Identity isn't just about people anymore—securing these non-human entities is now mission-critical.
☁️ Cloud breaches
While detection and reporting have improved, prevention still lags. There’s growing awareness that proactive cloud security needs more attention, not just reactive measures.
🔒 Zero Trust
Still a buzzword—but implementation remains tricky. Usability and simplicity are the biggest hurdles holding Zero Trust back from broad adoption, but momentum is increasing.
⚛️ Quantum-safe cryptography
Long-term data privacy is driving urgency around quantum-resistant encryption. This is no longer a “future problem”—especially for industries with long data retention needs.
Consolidation, integration & efficiency
Beyond the top trends, broader themes emerged: platform unification, tool consolidation, and resource efficiency. The market is clearly shifting from “buy more tools” to “make the ones we have work better together.” Automation and AI are central to this effort.
Take xorlab, for example. Our automated abuse mailbox solution streamlines the triage and response to reported phishing emails—reducing manual effort while improving detection and response times.
Email security still on CISOs’ minds
While email security didn’t dominate the expo floor, it came up repeatedly in conversations with CISOs. Email remains the backbone of business communication—yet many organizations have given up and accept the fact that some phishing emails will get through. Their current approach often leans on damage control—strong authentication and UEBA—rather than proactive threat detection.
Unfortunately, this won’t be a feasible approach with the increase in AI-generated phishing volume, as these companies will get buried under the coming wave.
Others aren’t yet aware of how quickly and efficiently modern analysis and triage tools can stop new campaigns before they spread. We had some fantastic discussions with potential customers who are looking to close this gap.
Final thoughts
RSAC 2025 reaffirmed its place as a cornerstone for networking and discussing trends in the cybersecurity world. This year’s message was clear: we’re not short on tools—we’re overwhelmed by them. The real challenge is how we integrate, prioritize, and scale our security operations efficiently to align with actual business risk.
