By Byron V. Acohido
SAN FRANCISCO — The cybersecurity trade confirmed up right here in drive final week: 44,000 attendees, 730 audio system, 650 exhibitors and 400 members of the media flooding Moscone Conference Heart within the Metropolis by the Bay.
Associated: RSAC 2025 by the numbers
Beneath the cacophony of GenAI-powered product rollouts, the sign that stood out was subtler: a broadening consensus that synthetic intelligence — particularly the agentic variety — isn’t going away. And likewise that intuitive, discerning human oversight goes to be important at each step.
Abdullah
Let’s begin with Dr. Alissa “Dr. Jay” Abdullah, Mastercard’s Deputy CSO who gave a keynote handle at The CSA Summit from Cloud Safety Alliance at RSAC 2025. She spoke passionately about being a each day energy consumer of AI, recounting an experiment through which she tried to generate a collectible 3D motion determine of herself utilizing a number of GenAI platforms.
Her prompts have been clear, detailed, and methodical — but the outcomes have been laughably off-base. The takeaway? Even well-crafted prompts might be derailed by flawed fashions or skewed coaching knowledge. On this case, not one of the fashions managed to reliably painting her likeness or skilled context — regardless of the enter being constant.
AI wants a human chaperone
This wasn’t only a quirky consumer expertise — it underscored deeper issues about bias, hallucination, and the immaturity of enterprise-grade AI. Abdullah’s takeaway: lean in, sure. However check relentlessly, and don’t take the output at face worth.
That form of real-world friction — the place AI promise meets AI actuality — confirmed up repeatedly in RSAC’s meatier panels and menace briefings. The SANS Institute’s 5 Most Harmful New Assault Methods panel highlighted how authorization sprawl is giving attackers frictionless lateral motion in hybrid cloud environments. The repair? Higher privilege mapping and tighter id controls — areas ripe for GenAI-powered options, if used responsibly.
Equally, id emerged as RSAC’s dominant theme, fueled by Verizon’s newest Information Breach Investigations Report displaying credential abuse stays a high assault vector. Id, as Darren Guccione of Keeper Safety framed it, is the fashionable perimeter. But AI complicates the panorama: it could actually speed up password cracking even because it allows smarter detection. As soon as once more, the takeaway was clear — context, not hype, should drive deployment.
Krebs
In the meantime, the emotional centerpiece of the convention got here from Chris Krebs, the embattled former CISA director. Dealing with political warmth at dwelling, Krebs nonetheless took the stage alongside Jen Easterly and Rob Joyce to replicate on fictional and real-world cyber catastrophes. His name to arms was unflinching: “Cybersecurity is nationwide safety. Each certainly one of you is on the entrance traces of contemporary warfare.”
And he’s proper. As a result of behind the RSAC glitz lies a gnawing fact: complexity has outpaced human capability. AI will be the solely approach defenders can sustain — if regulators permit it, and if we wield it correctly.
Buyer-ready — on the fly
For all of the stage speak about escalating threats, tightening laws, and the pressing have to shore up id defenses, it was the hallway conversations — the unscripted, typically offbeat tales from seasoned professionals — that provided the clearest glimpse of what comes subsequent.
To wit: only a few moments after Mastercard’s Abdullah gave her keynote on the CSA Summit, I occur to run right into a senior gross sales rep from a cell app safety agency, whom I’ve recognized for a number of years. I requested him if he was utilizing GenAI, and he shared how he has educated a private agentic assistant to assist area technical questions from prospects.
This veteran gross sales rep described how he makes use of ChatGPT to synthesize technical solutions and generate customer-ready language on the fly. He advised me he takes his accountability to vet each GenAI output vigorously — particularly when deploying it to provide you with info relayed again to clients with engineering backgrounds. Any trace of a hallucinated response may destroy credibility he’s spent months constructing. So he validates, revises and retrains always. It’s not about chopping corners; it’s about enhancing fluency with out sacrificing integrity, he advised me.
Natively supported GenAI
I additionally had an enlightening dialogue with Tim Eades, CEO of year-old Anetac, a GenAI-native platform centered on real-time id threat, who provided sharp perception into why newer distributors have an inherent edge. Older enterprise techniques, he defined, are like heritage houses that must be placed on stilts earlier than the muse might be changed.
Retrofitting LLMs onto legacy infrastructure is not only costly; it may be futile with out rethinking knowledge pipelines and consumer interfaces from the bottom up. As a result of Anetac was constructed within the GenAI period, Eades advised me, they will natively help real-time knowledge integration, dynamic immediate era, and intuitive user-level customization. This agility doesn’t simply cut back hallucinations — it accelerates significant innovation, Eades asserts.
Curated data units
In the meantime, Jason Keirstead, Co-founder and CTO of Simbian, a GenAI-native platform automating alert triage and menace investigation, walked me by way of how his staff integrates LLMs into safety operations workflows. We met within the close by monetary district, contained in the high-rise workplaces of Cota Capital, certainly one of Simbian’s early traders.
Not like platforms that merely bolt on a chatbot and hope customers will “discuss to the AI,” Simbian embeds agentic AI immediately into workflows—dealing with alert triage, menace looking, and vulnerability prioritization behind the scenes, Keirstead advised me. The consumer by no means interacts with a immediate window. As an alternative, Simbian’s inner RAG (retrieval-augmented era) system, mixed with in depth immediate libraries tuned for cybersecurity use instances, processes every alert and surfaces really helpful actions routinely.
Keirstead didn’t downplay the complexity of constructing this work. Whereas LLMs can nonetheless hallucinate, he emphasised that Simbian avoids generic, open-ended use instances in favor of tightly scoped functions. By combining curated data units, domain-specific tuning, and hands-on collaboration with early adopters, the corporate has engineered a system designed to ship constant, reliable outcomes.
The 100X impact
An analogous dynamic was at play at Corelight, a community detection and response supplier centered on high-fidelity telemetry. I spoke with CEO Brian Dye who underscored how agentic AI is starting to spice up menace detection — however solely when carefully guided. Their staff makes use of LLMs to streamline evaluation of noisy telemetry and floor related insights sooner.
But Dye cautioned that merely injecting a chatbot doesn’t reduce it; analysts nonetheless want area experience to steer the software, validate outcomes, and preserve it from introducing blind spots. It’s the human-machine combo, he emphasised, that delivers actual worth.
In the meantime, John DiLullo, CEO of Deepwatch, a managed detection and response agency centered on high-fidelity safety operations, framed GenAI as a dialog accelerator — however solely when harnessed with readability and intent. He described how top-tier cybersecurity veterans are utilizing it to not substitute judgment however to distill technical nuance for broader audiences. This aligns with what some are calling the ‘100x impact’ — skilled practitioners utilizing GenAI to not automate away their judgment, however to scale their experience and pace of execution.
Should have ability: immediate engineering
Jamison Utter, safety evangelist at A10 Networks, a provider of community efficiency and DDoS protection applied sciences, was particularly candid. He defined how attackers are already utilizing LLMs to put in writing customized malware, simulate assaults, and bypass conventional defenses — at pace and scale. On protection, A10 has begun tapping GenAI to investigate DDoS telemetry in actual time, dramatically decreasing time-to-insight. The payoff? Analysts who know the best way to immediate successfully are seeing positive factors, however solely after substantial trial-and-error. His backside line: immediate engineering is now a frontline ability.
Akela
Anand Akela, CMO of Alcavio, a deception-driven menace detection firm, sketched out a distinct angle: utilizing AI to not interpret threats, however to camouflage essential property. Alcavio blends conventional deception tech with AI-powered customization — producing sensible honeypots, honeytokens, and decoy credentials at scale. The thought is to make use of AI’s generative muscle to outwit AI-generated threats. Akela admitted they don’t depend on full-blown LLMs but, however stated their roadmap contains utilizing GenAI to tailor decoy methods dynamically, primarily based on evolving assault vectors.
Guided pace, frequent sense
At Cyware, a cyber fusion platform unifying menace intelligence and incident response, Patrick Vandenberg, Senior Director of Product Advertising and marketing, emphasised pace. Their menace intelligence chatbot reduces days of handbook triage to seconds, surfacing related patterns and flagging threats for human evaluate.
However it’s not autopilot. The system solely works effectively when guided by seasoned analysts who perceive what to ask for — and the best way to interpret the outcomes. It’s the basic augmentation mannequin: the AI expands attain and effectivity, however the analyst nonetheless holds the reins.
Willy Leichter, CMO of PointGuard AI, startup centered on visibility and threat governance for GenAI use, captured the unease many really feel. His agency helps corporations uncover and govern shadow AI tasks — particularly open-source instruments and rogue fashions flowing into manufacturing. The market, he stated, hasn’t had its “SolarWinds second” for GenAI misuse but, however everybody’s bracing for it. His message to anxious CISOs: begin with visibility, then layer on threat scoring and utilization controls. And don’t let urgency erase frequent sense.
Driving resilience — not threat
Throughout every of those conversations, a standard thread emerged: we’re past the purpose of deciding whether or not to make use of GenAI. The query now’s the best way to use it effectively. The reply appears to hinge not on the fashions themselves, however on the context through which they’re deployed, the readability of the prompts, and the vigilance of the people overseeing them.
Agentic AI is right here to remain. It’s versatile, highly effective, and quickly evolving. Agentic AI doesn’t wait to be prompted — it’s goal-driven, context-aware, and constructed to behave. However like every high-performance engine, it calls for an attentive driver. With out cautious prompting, fixed tuning, and relentless validation, even probably the most promising assistants can steer us astray. That rigidity — highly effective augmentation versus potential misfire — outlined the convention.
RSAC 2025 didn’t simply showcase agentic AI’s momentum; it clarified the mandate. This isn’t about chasing silver bullets. It’s about embracing a software that calls for human vigilance at each flip.
If we wish AI to drive resilience — not threat — we’ll want to remain firmly within the driver’s seat. I’ll preserve watch and preserve reporting.
Acohido
Pulitzer Prize-winning enterprise journalist Byron V. Acohido is devoted to fostering public consciousness about the best way to make the Web as non-public and safe because it should be.
(Editor’s observe: A machine assisted in creating this content material. I used ChatGPT-4o to speed up analysis, to scale correlations, to distill advanced observations and to tighten construction, grammar, and syntax. The evaluation and conclusions are solely my very own—drawn from lived expertise and editorial judgment honed over a long time of investigative reporting.)
