Skip to main content
  1. Posts/

Three Moves from RSAC: What Actually Matters After 43,500 People Leave San Francisco

·4 mins
Cybersecurity Agentic AI AI Security Conference Debrief Identity Security Posture Management (ISPM) RSAC 2025
Table of Contents

TL;DR #

RSAC 2025 was massive—43,500+ people, 37 keynotes, 650+ exhibitors, two stages (West & YBCA). Amid the noise, three signals stood out: agentic AI moved from slides to real workflows; security‑for‑AI went mainstream; identity (especially non‑human identities) is the new control plane. My favorite hour: Chris Krebs reminded us to balance realism with optimism while navigating geopolitical pressures. Also: the Innovation Sandbox winner ProjectDiscovery reminded everyone that vulnerability management still isn’t solved.

TAKEAWAY #

Community beats complexity. Great conversations + a short Monday plan > chasing every shiny announcement.

WHY IT MATTERS #

Leaders are being pulled in three directions at once: make AI useful safely, tame identity sprawl (too many accounts, keys, and roles across systems), and simplify noisy stacks. RSAC compressed that pressure into four days—and offered a practical path forward grounded in bounded autonomy (clear rules + human oversight), AI guardrails (policies/controls that limit what AI can access, do, or output), and identity‑first controls.

MONDAY PLAN — Three concrete moves #

1) Pilot agentic AI in the SOC #

  • Scope: Tier‑1 alert triage + enrichment only; human‑in‑the‑loop for any action.
  • How: Use what you own—Cortex XSIAM 3.0 / Microsoft Defender XDR / Google SecOps / CrowdStrike Charlotte AI —to wire one playbook: ingest → enrich (threat intel, asset, identity) → propose next step.
  • Guardrails: No credential/policy changes without analyst approval; full audit trail.
  • Metrics (6 weeks): MTTA/MTTR change; analyst minutes saved per alert; false‑positive rate.
  • Why now: RSAC’s strongest theme was agents moving from slideware to practice.

2) Stand up AI security posture and governance #

  • Scope: Inventory LLMs/agents; create model SBOMs; build an eval/red‑team harness; enforce runtime guardrails (prompt/egress); add model change control.
  • How: Borrow patterns from Palo Alto Prisma AIRS and align to NIST AI RMF.
  • Deliverables (60 days): AI use registry; model change log; red‑team playbook; runtime policies; incident runbooks.
  • Why now: Security‑for‑AI became a first‑class category at RSAC.

3) Treat identity as the control plane—especially NHIs (non‑human identities) #

  • Scope: Discover non‑human identities (service accounts, APIs, agents); rotate keys/secrets; enforce least privilege; introduce ISPM; push passwordless (FIDO2 passkeys) for privileged users.
  • How: Centralize lifecycle + telemetry; 90‑day rotations; detect over‑privilege/unused credentials.
  • Metrics (90 days): % NHIs inventoried; secrets older than 90 days; % admins on passkeys; orphaned accounts eliminated.
  • Why now: Identity took center stage at RSAC, with NHIs moving from footnote to front page.

IN PRACTICE (what actually mattered) #

1) Agentic AI arrives #

Open models and platform features pushed agents from demos to SOC workflows. Cisco released an open‑weight 8B security model; vendors leaned into agentic enrichment and investigation. Source: Cisco blog

2) Security for AI #

Palo Alto’s Prisma AIRS framed lifecycle protection for AI apps/agents/models/data—scan, red‑team, runtime guardrails. Expect AI‑SPM patterns to become table stakes. Source: PANW blog

3) Identity is the control plane #

NHIs and ISPM moved from niche to necessary; identity‑centric detection/response and passwordless momentum were consistent across sessions and vendor updates.

4) Fundamentals still win #

ProjectDiscovery won Innovation Sandbox—a reminder that vulnerability/exposure management isn’t solved, even as AI grabs headlines. Translation: fix the basics while you pilot agents. Source: Winner release

FIELD NOTES #

San Francisco, early light. I loved being back. The city’s been through a lot, but a dawn jog along the Embarcadero still feels like possibility with a skyline.

Waymo moments. Watching a driverless car subtly give a cyclist more room was quietly impressive—mundane, even. We’re living in the future, and it’s becoming boring in the best way.

Salesforce Park decompression. After long days, that rooftop garden turned into a rolling salon: peers, unhurried chats, and the right kind of beer.

Ballpark memory. Giants vs. Rockies, May 1 at Oracle Park: electric vibe, colder wind. Nothing clears your head like baseball under fog—the conference noise faded, replaced by something timeless.

MOMENTS #

  • Friends > features. Early‑bird jogs and founder chats matter more than booth demos.
  • Expo sprawl. 650+ exhibitors—impossible to see it all; hotel suites often beat booth noise. Source: RSAC closing release
  • Chris Krebs’ session. “Keep up the good fight” landed differently this year—less rallying cry, more steady reminder that this work matters.

BOTTOM LINE #

Go for the people, leave with a plan. Mine: the agentic pilot (with guardrails), identity hardening (NHIs included), and deliberate platform pruning. The jacket for the ballpark is optional…but recommended.