At this year’s RSA Conference, the buzz was undeniable: cybersecurity is rapidly evolving under the weight—and promise—of AI. From Agentic AI systems and runtime GenAI threats to non-human identity (NHI) governance and cloud access controls, the conference underscored a critical theme: innovation must be matched with resilience.

In an exclusive chat session with our cybertech analysts, senior tech leaders shared their insights on the RSA Conference 2025. The conversations revolved around the role of AI and machine learning in cybersecurity, and how new technologies can thwart cybercriminals from accomplishing their mission of disrupting the IT systems and networks around the world.

Our panel of experts includes:

  • Eric Herzog, CMO at Infinidat
  • Nicole Carignan, Senior Vice President, Security & AI Strategy, and Field CISO at Darktrace
  • Mike McGuire, Senior Security Solutions Manager at Black Duck
  • Haviv Rosh, Chief Technology Officer at Pathlock
  • Satyam Sinha, CEO and Co-founder at Acuvity
  • Amit Zimerman, Co-Founder and Chief Product officer at Oasis Security
  • Tim Callan, Chief Compliance Officer at Sectigo and Vice-Chair of the CA/Browser Forum:
  • Robb Reck, Chief Trust and Security Officer at Pax8, a Denver, Colorado-based cloud commerce marketplace:
  • Agnidipta Sarkar, Vice President, CISO Advisory at ColorTokens
  • Seth Spergel, Managing Partner at Merlin Ventures
  • Kris Bondi, CEO and Co-Founder of Mimoto
  • Andrew Harding, Vice President, Security Strategy at Menlo Security
  • Krishna Vishnubhotla, Vice President, Product Strategy at Zimperium
  • Eric Schwake, Director of Cybersecurity Strategy at Salt Security
  • Tim Boettcher, Senior Vice President, Head of GTM Strategy North America at AvePoint
  • Rom Carmel, Co-Founder and CEO at Apono

Here’s a detailed snapshot of all our discussions from the RSA Conference 2025.

Why Next-Gen Data Protection is Critical for Cyber Storage Resilience in 2025

Eric Herzog, CMO at Infinidat, said, “Next-generation data protection is needed to enable cyber storage resilience that mitigates the harmful effects of cyberattacks on enterprises. The reality is that it is not ‘if’ your enterprise storage infrastructure will be attacked, but ‘when’ and ‘how often.’ With the average enterprise suffering over 1,650 cyberattacks per week, it is clear that cybercriminals are exploiting the weak points and vulnerabilities of legacy storage arrays from large incumbents. With well over 90% of the most valuable corporate data sitting on enterprise storage, it is critical to increase the security of storage within enterprise deployments. This is why Infinidat is at RSA 2025. Infinidat is instrumental in driving the shift to next-generation data protection.”

Herzog went on to summarize the key building blocks of next-gen data protection that enable cyber storage resilience: “It’s important to adopt a recovery-first approach and integrate cyber storage resilience and guaranteed cyber recovery into a comprehensive enterprise cybersecurity strategy through next-generation data protection capabilities. This is a no-brainer! Here are the capabilities that are needed: immutable snapshots, logical air gapping, a fenced forensic environment, near-instantaneous recovery, automated cyber protection, and cyber detection on storage. Infinidat is at the center of equipping enterprises with these capabilities to safeguard themselves against the severe effects of cyberattacks, including ransomware and malware. At RSA, we’re showing our powerful cyber solutions that help enterprise customers minimize and nullify the impact of these attacks in ways that used to be unthinkable.”

AI: The Double-Edged Sword of Cyber Defense

Artificial Intelligence is the dominant force in nearly every conversation. Mike McGuire of Black Duck warned of the expanded attack surface introduced by AI-powered coding and applications, calling for better tools to sanitize AI prompts, audit AI models, and monitor their behavior. This concern was echoed across the show floor.

Mike McGuire, Senior Security Solutions Manager at Black Duck, was at the forefront of cybersecurity discussions ahead of the RSA Conference. Mike said, “I’m looking forward to seeing how the cybersecurity industry has matured since last year concerning AI. It’s now being used to both write code, and to help power applications, which rapidly expanded the attack surface for supply chain risks. I’d like to see the solutions that vendors are offering for sanitizing AI prompts and output, evaluating AI/ML models used within applications, monitoring and logging AI behavior, etc.”

“It’s fascinating to see how vendors are solving the fast-growing problem of alert fatigue caused by security tools. In 2024 alone, there were approximately 40,000 CVEs reported. I think vendors offering solutions for customers to better triage this massive amount of vulnerabilities are going to get a lot of attention.”

Nicole Carignan of Darktrace highlighted Agentic AI as a defining trend for 2025—autonomous systems that can detect, respond, and even summarize incidents in real time. But she was quick to point out the risks: hallucinations, bias, prompt injections, and self-discovering agents with excessive permissions. “We must build these systems with guardrails,” she emphasized.

Similarly, Satyam Sinha of Acuvity pointed to the rising problem of Shadow AI—unauthorized or unmonitored GenAI use in enterprise environments. Without full visibility, organizations are risking sensitive data exposure on a massive scale. “Most enterprises don’t even know what GenAI services are in use,” Sinha warned, calling for adaptive, context-aware security frameworks.

Identity at a Crossroads: Human, Non-Human, and Everything Between

The notion of identity was completely redefined at RSAC 2025.

Haviv Rosh of Pathlock stressed the critical need for unified access governance across employees, contractors, and third parties. With third-party breach involvement now at 30%, treating external access as secondary is no longer acceptable. “Trust must be dynamic and continuously re-evaluated,” Rosh asserted.

On the machine side, Amit Zimerman of Oasis Security spotlighted NHIs—non-human identities—as an emerging weak link. NHIs now outnumber humans in many organizations, particularly in cloud-native environments using Retrieval-Augmented Generation (RAG) systems. “Nearly 50% of organizations have reported NHI-related breaches,” Zimerman said, urging organizations to secure these invisible users with the same rigor as people.

Robb Reck, Chief Trust and Security Officer at Pax8, expressed his thoughts on the RSA conference agenda. Robb said, “At Pax8, we are always on the lookout for new ways to make our partners better. My focus is on security, and there’s no better place to meet with the world’s best security providers than the RSA Conference. From vendors with whom we already do business, like CrowdStrike and Blackpoint Cyber, to vendors not yet available to our partners, we will spend this week ensuring that the world’s best security technologies are available in the Pax8 Marketplace. I’m especially excited to see how vendors are using agents above and beyond traditional use-cases for AI, unlocking innovative ways that help scale for the AI age.”

Alert Fatigue, API Exploits, and Mobile Mishing

Another repeated concern: alert fatigue. With over 40,000 CVEs reported in 2024 alone, McGuire called for smarter triage systems that reduce noise and surface high-priority issues. Mimoto CEO Kris Bondi added that AI’s future role should be in filtering alerts and enriching them with real-time context, not just generating more noise. “Today, a third of alerts are ignored,” she noted. “We need AI to sharpen our analytical edge, not drown it.”

CyberTech News: ON2IT Launches AUXO Curator, Enhancing ON2IT MDR Services

API security and mobile attack vectors were also hot topics. Eric Schwake of Salt Security emphasized how API misuse—especially in automated environments—is becoming the new battleground. Meanwhile, Krishna Vishnubhotla of Zimperium warned that mishing (mobile phishing) has evolved. GenAI is now being used to craft highly personalized, multimedia phishing messages, often slipping past traditional detection.

Andrew Harding, Vice President, Security Strategy at Menlo Security, explained the new cyber threats that target valuable data companies. Andrew said, “Threat actors have advanced in speed and skills. They are using the same tools and infrastructure as professional engineers. We’re seeing a dangerous combination of zero-day attacks, advanced social engineering techniques, sophisticated phishing techniques, and readily-available phishing-as-a-service kits, all designed to infiltrate systems and steal valuable data. The annual State of Browser Security report, released in March, revealed a stark reality: One in five attacks in 2024 displayed some form of evasive technique designed to evade traditional network and endpoint-based security controls. This trend is only poised to escalate dramatically as attackers adopt AI to increase both scale and effectiveness. At RSA Conference 2025, organizations must have deeper discussions around the necessity to prioritize browser security to detect and stop such attacks.”

Trust in the Age of Quantum and the Cloud

RSA also saw heated debate over the reduction of TLS certificate lifespans—from 398 to just 47 days by 2029. Tim Callan of Sectigo called this a major turning point, requiring widespread automation. “Renewing certificates monthly isn’t sustainable without a shift in tooling,” he said.

Tim Callan, Chief Compliance Officer at Sectigo and Vice-Chair of the CA/Browser Forum, said “The recent news that the CA/Browser (CA/B) Forum ballot to reduce the maximum validity term of SSL/TLS certificates to 47 days by 2029 has passed should be a topic of great discussion in San Francisco at RSA Conference 2025. The newly approved measure, initially proposed by Apple and endorsed by Sectigo in January 2025, will gradually reduce certificate lifespans from the current 398 days to 47 days through a phased approach. This change marks a turning point for digital certificate management. Organizations will now need to renew certificates nearly every month, an unsustainable pace without automation.”

Latest News: CIRA XDR Brings Cutting-Edge Cybersecurity Technology to Canadian Organizations

Tim added, “The industry’s unified support for reducing certificate lifespans reflects a shared commitment to enhancing digital security and trust for all. This pivotal and positive advancement for our industry underscores the importance of agility and proactive risk management in today’s threat landscape while preparing for the risks of the quantum era. We believe it’s important for organizations to view this industry shift not as an abrupt or radical change, but rather an incremental step towards future proofing their business.”

Cloud access control also remains an unsolved problem. Rom Carmel of Apono addressed the complexity of managing privilege across multi-cloud platforms. With standing access and credential reuse still rampant, he called for a defense-in-depth strategy anchored in least privilege and identity containment.

Startups, Strategy, and the Global Investment Outlook

VC insights from Seth Spergel of Merlin Ventures highlighted cybersecurity’s growing role in global diplomacy. Despite geopolitical tensions, international markets—including adversarial nations—are aggressively investing in Israeli cybersecurity technology. “Security innovation transcends politics,” he observed. “And AI has become the driving force.”

Seth Spergel mentioned, “Today, we are facing increasingly sophisticated cybersecurity attacks that are being driven by the growth of AI. While AI is powering a whole new generation of defensive tools, it also makes the types attacks that were once the domain of only very experienced threat actors much more accessible. As a result, organizations around the world are seeing both nation-states and criminals probe their defenses at a significantly higher volume than years past. Combine that with the geopolitical tensions we are witnessing around the globe, and there is an obvious driver for investing in the cybersecurity market.”

Seth continued, “What has been interesting to see as a VC that primarily focuses on the Israeli cyber market is the desire of many countries, in all regions of the world, to overlook past (and even present) geopolitical tensions to gain access to the cybersecurity technologies coming out of Israel. I believe that continued investment in cybersecurity will be one of the hottest topics at the RSA Conference 2025.

Finally, thought leaders like Tim Boettcher of AvePoint reminded attendees of the broader implications of AI on governance, data exposure, and agent autonomy. As AI agents become new endpoints, securing them demands entirely new policies and perspectives.

Conclusion: RSA 2025 Signals the Start of Cybersecurity 3.0

The takeaway from the RSA Conference 2025 is crystal clear: the rules of engagement have changed.

As Agnidipta Sarkar, Vice President CISO Advisory at ColorTokens, mentioned, “In 2024, we saw multiple zero-days succeeding to exploit vulnerabilities across browsers, operating systems, and network devices. This highlights the fact that we continue to lack a serious, repeatable patch and vulnerability management program. Unless enterprises build in foundational capabilities, such as microsegmentation or physical segregation, digital resilience will continue to be a pipe dream. This is  an important discussion organizations must have this year.”

To add, autonomous systems, non-human users, and AI-generated threats have made yesterday’s security frameworks obsolete. But with the right investment, leadership, and innovation, the industry has the tools to adapt.

Many voices, one community—that theme rang true. But what’s more important is what comes next: many technologies, one mission—to secure the future.

Thank you, cybersecurity leaders, for sharing your insights with us. We look forward to seeing you again.

To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com