RSAC 2025: Why the AI agent era means more demand for CISOS

While more than 20 sellers announced the security agents, applications and platforms based on AI in RSA 2025, the most insightful news from the conference is a rare and encouraging direction of security leaders. For the first time in three years, the effectiveness of cyberspace in general improved.

Scale Venture Partners (SVP) recently released a 2025 cyber security perspective report, which co -said that the average effectiveness of cybersecurity improved for the first time three years, increased to 61 % of this year’s event from only 48 % in 2023. According to the report, 70 % of security leaders were protected against the general volcano attack.

SVP also found that 77 % of CISOS believe that protecting artificial intelligence models and data pipelines is a priority to improve their security position by 2025, an increase of 55 % last year. It is worth noting that due to the flow of new AI Agence solutions announced in RSAC, 75 % of companies expressed their interest in taking advantage of artificial intelligence to automate the investigations by using artificial intelligence agents to finate large amounts of security alerts to prevent security incidents.

SVP height in effectiveness numbers is not transverse; It is the result of CISO and their teams that adopt automating on a large scale with the unification of their platforms successfully and reduce the gaps that attackers have gone through in the past.

“If you do not have a complete vision, the attackers will go through cracks between the products,” said ETay Maor, director of security strategy at Cato Networks, for Venturebeat during RSA 2025.

Agentic AI moves quickly to no more than the minimum of the vibrant product to the platform DNA

The MAOR perspective explains why there is a new definition of the minimum applicable product of the artificial intelligence agent in cybersecurity. RSA 2025 revealed how AI Agency became mature. There is a group of sellers who use Agency AI as a code -based adhesive to unify the rules and applications of code together, then there are those who have been in this for years, and Agency AI is the essential for their code.

Cyber ​​security provides in this last group, where Agency AI is essential for their platform, and in many cases, they continue to spend R&D on output in Agency AI. This includes the CASE Cloud, Cisco Ai Defeense, Crowdstrike Falcon Single Agrchure, Darktrace’s Cyber ​​Ai Loop, AITANTAL AITAL and Microsoft’s Security Copilot and Defender xdr Suite and Palo Alto Networks Cortex Xsiam, Sendinelone.

Organizations that depend on an integrated detection that depends on AI with automatic containment reduce housing times by more than 40 %. It is also nearly twice the neutralization of hunting -based interventions before the occurrence of side movement. Sellers in the exhibition hall often depend on identity management scenarios and access to show how their work agent can help in trim the work burdens of the security operations center analysts (SOC).

“Identity will be an important component of artificial intelligence throughout its life cycle. Artificial intelligence agents will need identities. They will need to understand zero confidence, and how do we verify it? Jakkal said briefly,” Artificial intelligence must begin first with safety. It is very important to develop our security mechanisms quickly as we develop artificial intelligence. “

https://www.youtube.com/watch?

There was a common topic for every experimental show of artificial intelligence in the exhibition hall is the triangulation of attack data, and quickly gained visions in the form of Tradecraft that are used and then determining the actual time containment strategy.

Crowdstrike explained how the artificial intelligence agent can burn from detection to actual time through a direct investigation into the North Korean threat campaign to put a Devops tenant in strategic technology companies in the United States and around the world. Follow the direct illustration of the famous Chollima in DPRK, where the Devops character declared, and retracted human resource tests and tied legal tools, including the RMM and VS Code, to test the data quietly. It was a sharp reminder, although the strong AI, still depends on the human being in the ring to discover adaptive threats and microblogging models before the signal is lost in the noise.

GEN AI’s goal: discovery of Tradecraft in the nation -state and killing it

They are attacks in which no one, company or nation is coming and which are the most destructive and challenging to contain and overcome them. Thinking about the destructive threats that the power, payment, banking or supply chain can easily close the minds of many of the most creative and most innovative technologies in cybersecurity.

Geto Patel, CICO’s chief product official, stressed the urgency to enhance cybersecurity with artificial intelligence so that destructive threats that may be destroyed can be found as soon as they are now operated and neutralized. “Amnesty International mainly changes everything, and cyber security is at its core. We no longer deal with human scale threats; these attacks occur on the scale of machines,” Patel said during the keynote.

Patel stressed that the models driven by artificial intelligence are not inevitable: “It will not give you the same answer every time, which achieves unprecedented risks.”

https://www.youtube.com/watch?

CISO needs to understand the risks and complex threats today

“I was asked to give one, and said,” What about us are we talking about something that really matters at the present time, like getting a Ciso seat on the plate table? “This line has handed over two things at the same time: comic relief and a sharp axis to the issue specified for the Cyber ​​Security Command in 2025.

In keywords, “CISO Guide to Securing the Board of Directors,” Courtz issued a clear call To workIon: “Cyber ​​security is no longer a proposal to comply. It is an authorization of governance. I have changed the financial council of the Supreme Education Council CISO.” Not only developed paintings; They are forced at the expense of electronic risks as a fundamental threat to business.

Corz supported his argument with difficult numbers: 72 % of the councils say they are actively looking for cybersecurity, but only 29 % have already they have already.. “This is not just a talent gap,” said Kuzz. “It is an opportunity if you are ready to progress,” encouraged the audience.

It was a map of the way for CISOS to reach the tactical and practical meeting hall:

1. Raise your business fluency. “Understanding the place of creating the value of the work. If you cannot talk to the margin, ARR or legal risks, you will not last long on the table.”
2. The language of the council occurs. “Each meeting hall works on three priorities: time, money and legal risks. If you cannot translate the Internet into these, you will remain on the sidelines.”
3. Build your brand outside the safety bubble. “Members of the Board of Directors in multiple councils. The road is through confidence and reputation, not just artistic excellence.”

KURTZ follows the path from organizational reform to the influence of the Board of Directors by reviewing how Sarbanes-oxley converts in 2002 to the financial manager to strong shareholders. He said that SEC’s 2024 reports of SEC did the same for Cisos. “The threats are pushing the organization, and forming the council to pay the organization,” he said. “This is our moment.”

His advice was not abstract. He urged Cisos to study the agent’s data, and to determine the needs at the committee and the network strategically with the members of the Board of Directors “who are always looking to fill the roles.” He referred to Crowdstrike Ciso Adam Zoller, now on the Adventhealth panel, as a model. Zoller says, says Curtz, he is a person who got his seat by staying in the room, learning how the council works and sees as more than a security expert.

Cortz closed with a challenge: “I hope to return within ten years, still with red hair, watching Ciso on 50 % of the panels, just like the financial manager. Don’t wait for the Board of Directors permission. The only question is: Will you be?”

https://www.youtube.com/watch?

“Amnesty International is not magic – it’s mathematics”

Diana Kelly, Cto of Protect AI, one of the most important early crowds in RSA 2025 with a sharp message: “AI is not magic – it’s mathematics. Just as we believe in programs, we must accurately believe in the life cycle of artificial intelligence.” The keyword has provided a healthy background that cut Gen AI slices, highlighting the real risks of artificial intelligence models that each organization needs to defend before starting any work on its models. Kelly presented in -depth visions of typical poisoning, immediate injection and hallucinations, and called for a complete approach to artificial intelligence security.

Owasp Top 10 was presented to Gen AI, focusing on the need to secure artificial intelligence from zero, partner with early Cisos, the threat of power and the treatment of claims, outputs and agents chains as distinctive offensive surfaces.

Palo Alto networks announced She intends to obtain artificial intelligence protection on the same day as Kelly, an other factor that leads Many conversations about her keywords.

RSA 2025 explains the reason for the customer’s connection from artificial intelligence

RSC 2025 explained one thing clear: artificial intelligence agents enter the progress of the security work, but the councils want to prove that they are working. For CISO under pressure to justify spending and reduce risk, the concentration of innovative noise turns into operational effect. The real victory, including 40 % of the time for housing and the flexibility of up to 70 %, came from the standardization of the platform and the automation of the alarm sorting, which are all installed technologies and technologies. The moment of the truth in the customer of artificial intelligence here, especially for the sellers who enter the market.