In my opinion, RSA Conference is becoming a showcase for the application of modern AI within cybersecurity. Last year, the resounding theme for the event was generative AI. It came as no surprise, then, that this year’s event focused on agentic AI.
In this RSAC wrap-up, I will provide my thoughts on both the transformative power and the challenges of employing agentic AI within cybersecurity protection suites. I will also highlight a handful of announcements that I found noteworthy and share Six Five Media video conversations I had with Cisco and Cohesity that explore several important topics related to modern AI. Let’s get started.
Agentic AI’s Promise And Challenge
Many pundits, including myself, speak to the dichotomy of security for AI and AI for security. In other words, there is both a need for securing the use of AI applications and workloads, and a need for leveraging the power of AI to reduce analyst friction and fortify cyber defenses. Given RSAC’s heavy focus this year on agentic AI and its potential impact to fortify cybersecurity, two things are very apparent to me.
First, the solution providers that avoid AI hype, carefully listen to customer needs and educate in the short term stand to benefit as trusted advisors — and reap commercial rewards in the longer term. Second, a radical evolution in identity access management will be required to manage the permissions, delegation and hierarchy of agents and super-agents. First movers that crack the code for that complexity stand to benefit immensely.
The speed at which modern AI applications are moving is exciting to watch, and there is great potential to tip the scales toward defenders. AI is decidedly a double-edged sword, but agentic AI plus automation has great promise to combat the current use of generative AI by bad actors who use it to dramatically improve phishing and lateral movement schemes.
RSAC Announcement Highlights And Insights
As in years past, RSAC 2025 served as a stage for many cybersecurity infrastructure provider announcements. Four stood out as noteworthy for me:
Cisco — Cisco announced new functionality tied to its XDR platform, including instant attack verification, improved forensics and a storyboard feature that more clearly visualizes complex attack chains. I like the maturity of the company’s endpoint protection suite, and I think that the additional enhancements for supply chain and industrial IoT threat defense have great promise. Furthermore, from my perspective, Cisco’s acquisition of Robust Intelligence may be one of its best buys in recent years. It provides the automated red-teaming capability in the company’s AI Defense platform, and it supports the newly launched Foundation AI open-source reasoning model that is purpose-built for enhancing security applications.
Hewlett Packard Enterprise — HPE announced enhanced network access control features, an OpsRamp integration for more granular network observability and new SSE mesh connectivity — all designed to improve reliability, ensure resiliency and harden security. I like the deeper level of automation and dynamic routing capabilities that are designed to ease both network and security operations. However, there is an opportunity for HPE to use its HP Labs research team to dive deeper into security, providing threat intelligence research like Cisco Talos.
Microsoft — On the Sunday before RSAC’s official opening, I attended Microsoft’s pre-day for a second year, plus I met with executive management during the event. I continue to be impressed with the company’s continued focus on its Secure Future Initiative. Microsoft claims that it now employs over 34,000 engineers engaged in cybersecurity application refinement and innovation. That level of technical resource dedication is mind-blowing and speaks to the company’s commitment to security. In talking with a handful of smaller security solution providers, I also learned that Microsoft Defender is benefiting from the company’s security focus, making significant gains in its ability to provide AI workload alerting, endpoint protection and cyber remediation.
Palo Alto Networks — Palo Alto Networks’ activity at RSAC was significant. This included its announced intent to acquire Protect AI to further its modern AI security ambitions, as well as enhancements to its AI Cortex exposure management and email security. The company has also seen growing adoption of its secure enterprise browser, which provides layered protection. My conversations with executive management also made it clear that Prisma AIRS is one of the most anticipated cybersecurity solution suites in the company’s history; it includes model scanning, posture management, AI red-teaming, runtime security and agent security. I can understand Palo Alto Networks’ enthusiasm, because I believe the company has one of the broadest and deepest AI security suites.
Deep-Dive Conversations With Cisco And Cohesity
At RSAC this year, I had the opportunity to conduct Six Five Media video interviews with Cisco and Cohesity. The first was with Cisco’s Tom Gillis, who leads the company’s datacenter infrastructure and security businesses. We discussed the company’s announcements at RSAC as well as Gillis’s vision for the integration of agentic AI and its potential impact for driving improved security outcomes.
The second interview was with Vasu Murthy, who leads all of product development for Cohesity. We discussed the company’s new RecoveryAgent, which is infused with intellectual property from its Veritas acquisition, along with Murthy’s longer-term vision for the product portfolio, as well as how Cohesity protects 100-plus exabytes of enterprise data globally using a zero-trust security architecture, enhanced multi-factor authentication, ML-based ransomware detection and more.
Companies To Watch
At RSAC, I also had the opportunity to spend time with a handful of companies for the first time, including Forescout, InfoSec Global and Swissbit. Forescout provides cyber risk, compliance and threat mitigation capabilities, enabled through asset intelligence, continuous assessment and ongoing control across IT and OT environments. I like it that the company employs an open platform that integrates with more than 100 security and IT products. Forescout Research – Vedere Labs also provides deep device intelligence and curates both its unique telemetry and other threat intelligence feeds to enrich its platform.
As a pioneer and leader in cryptographic posture management, InfoSec Global aims to secure enterprise digital infrastructure by enabling organizations to discover, inventory, remediate and manage cryptographic assets. Its AgileSec platform orchestrates agile cryptography management through centralized policy enforcement across cloud and on-premises environments — even during the transition from traditional to post-quantum cryptography. The company told me that global financial institutions, large technology companies and government agencies rely on its own capabilities and integrations with third parties to ensure compliance, strengthen resilience and achieve post-quantum readiness. Crypto posture management is somewhat nascent, but the future risks that are associated with breaking encryption using quantum computing certainly warrant closer scrutiny.
Swissbit is a security solution provider that combines its strengths in flash memory and embedded IoT device design to enable digital identity authentication and physical access control. The Swissbit iShield Key provides these capabilities in a simple and flexible USB key form factor that actively protects users from online attacks, such as phishing, social engineering and account takeover. Its latest product iteration, iShield Key 2, is the first FIDO security key to be FIPS 140-3 Level 3 certified, ensuring hardened security for demanding applications. I like its flexibility, akin to a Swiss Army knife (pun intended) to address a host of use cases including badge access, device authentication and more.
The Power Of The Platform
In the bigger picture, cybersecurity solution providers are doubling down on the power of the platform to deliver ease of management and hardened security. Tool sprawl is untenable, especially as bad actors weaponize the use of generative and eventually agentic AI to attack organizations. Platform approaches can go far to deliver higher levels of value and improved protection through a suite of solutions that work better together. From my perspective, RSAC 2025 did a lot to demonstrate the value of security platforms, and although the hype cycle is now squarely focused on agentic AI, it does have great long-term promise.
Moor Insights & Strategy provides or has provided paid services to technology companies, like all tech industry research and analyst firms. These services include research, analysis, advising, consulting, benchmarking, acquisition matchmaking and video and speaking sponsorships. Of the companies mentioned in this article, Moor Insights & Strategy currently has (or has had) a paid business relationship with Cisco, Cohesity, HPE, Microsoft and Palo Alto Networks.
