Security

RSAC 2025: Key Takeaways From the Year’s Biggest Cybersecurity Event

Organizations are focused on the role of artificial intelligence in security and vice versa.

Bob is the managing editor of BizTech magazine.

The 34th annual RSAC security conference has come to an end, but IT security professionals will spend the rest of the year striving to build on what they learned at the event to protect their networks with better defense systems and smarter security policies.

Here some of the key themes that emerged from the most important cybersecurity event of the year:

It’s All About Artificial Intelligence

If there was one topic that everyone at RSAC was talking about — and that almost every session touched on to one degree or another — it was AI.

“It’s everywhere,” said Hugh Thompson, RSAC’s executive chairman, during the keynote address. “It’s spreading into so many different aspects of cybersecurity. You’ll hear it in almost every session you go to.”

And when it comes to AI, three questions stand out above all for every organization.

How can companies harness AI to defend their networks? How can they defend their networks against AI-powered attacks? And how can they ensure that their own AI models — which they’re building to do everything from assisting workers with repetitive tasks to engaging customers in need of service — do not themselves become entry points for attackers?

Click the banner below to learn why a cyber resilience strategy helps ensure business continuity.

Jeetu Patel, executive vice president and chief product officer of Cisco, often makes this point by saying businesses must focus on “AI for security and security for AI.” He emphasized that again during his portion of the keynote address.

“First, we have to secure AI itself,” Patel said. “And then we have to use AI in our defenses, because human-scale defenses will be insufficient when the attacks are happening at machine scale.”

Patel announced that Cisco had released an AI model “purpose-built for security” on the open-source platform Hugging Face, making the code free for anyone to download. He said that Cisco would soon release the underlying toolset as well, because the security industry has heretofore relied too much on general AI models and needs its own.

RSAC research has found that AI-related topics are of greater importance to the event’s 44,000 attendees than anything else, according to Thompson. Organizations want to better understand how AI will affect their data governance and identity management processes, and how AI will affect security operations centers and the professionals who work in them.

Identity Is Still the Foundation of Security

For all the things that AI has disrupted in the field of security, one thing that has remained the same is how central authenticated identity is to an effective security program. Hackers continue to access networks via stolen or compromised credentials more than any other method, because it remains the most effective.

FIND OUT: A few data governance strategies for AI success.

However, AI is providing cybercriminals with new tools for making their attacks. “Threat actors are now using very advanced AI techniques to break through — to actually impersonate people and target workflows,” said Rohit Ghai, CEO of RSA (the identity security company that shares a name with the event but is not involved in managing it), in an interview. “Not necessarily at the time of authentication, but at other moments in an identity’s lifecycle.”

Using AI techniques, hackers can make phone calls that mimic the voice of an authorized user, or send highly personalized phishing emails or texts at scale, Gai said. “That’s the power of AI, the more perfect impersonation as opposed to just some random person calling.”

Keep this page bookmarked for our coverage and click the banner below to receive related insights.