RSAC Conference day three: using AI to do more with less and facing new attack techniques

Kevin Mandia sees the tit-for-tat global tariff escalations and general economic uncertainty related to geopolitical tensions leading directly to belt tightening by CEOs in 2025.
For the security audience he addressed on the third day of RSAC Conference in his recurring cybersecurity year-in-review keynote, the Mandiant founder said the message is clear.
“If there's any theme in RSA right now based on current events, [it’s] ‘How do we do more with less and more with the same?” Mandia said. “If you have to operate doing more with less, the AI race is on.”
Mandia’s key point aligned with the AI focus that has dominated all week at the security conference in San Francisco.
Many of the other keynote stage discussions on day three of the conference were dedicated to emerging attack techniques and problems, AI-related and otherwise.
Tom Gillis, senior vice president and general manager of the infrastructure and security group at Cisco, made reference to the “Volt Typhoon” attacks, whose motivation was a source of much debate at RSAC Conference.
“This year we saw attacks against a new attack surface. Switches, routers, and firewalls themselves are being attacked, and the goal of the attackers is not to steal credit card information,” Gillis said. “The goal of the attackers is to get in and stay in so they could turn the lights out when the time comes. So the stakes are pretty high.”
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Joshua Wright, a faculty fellow with the SANS Institute, presented on a dangerous new technique called authorization sprawl.
“We're creating scenarios where adversaries are leveraging that centralized authentication process through single sign on, personal access tokens, sample tokens and the like, to be able to exploit how they're able to access different resources,” Wright said.
“This is something that we're seeing in our personal penetration tests, but we're also seeing it used by threat actors as well,” he said, identifying the ‘Scattered Spider’ team as a well-known threat actor using authorization sprawl.
“Their tactics aren't that sophisticated. They use their initial access and then they use all the resources available to them to be able to pivot throughout the network. And the thing that's so amazing about this is that their number one tool is just a browser,” Wright said.
Another security researcher on the same SANS Institute panel identified an emerging challenge related to the speed advantage AI-based attackers have over defenders and called for a legislative fix.
To establish the speed of adversarial AI agents, Rob T Lee, chief of research at the SANS Institute, cited MIT research showing that those agent systems can execute attack sequences 47 times faster than human operators.
“Speed is no longer the metric. It is the decisive weapon,” Lee said.
Even with AI to assist them, Lee contended, defenders are currently hampered by privacy laws, such as GDPR, CCPA and new European Union legislation governing AI and data.
“On the network analysis side, you can now ingest all the network analysis data into an LLM,” Lee explained. However, he noted, “This literally requires access to private data, emails, browsing history, [and] logs."
"Organizations must sanitize up to 78 percent of raw security data, taking seven to 12 minutes before that data action takes place that allows for analysis to then occur," he added.
Lee called for cybersecurity safe harbor legislation that would allow for organizations to analyze sensitive data strictly for threat detection and mitigation.
Scott Bekker is an analyst with ActualTech Media. For 20 years, Scott edited and reported for technology magazines focused on enterprise technologies and the IT channel.
-
KnowBe4 names Bryan Palma as president and CEO
News The cybersecurity veteran succeeds Stu Sjouwerman, who becomes the company’s executive chairman
-
What are digital nomads and how easy is it for businesses to cater for them?
Explainer Employees and freelancers working remotely while traveling the world is a growing trend – but what does it mean for the tech industry?
-
"There needs to be an order of magnitude more effort": AI security experts call for focused evaluation of frontier models and agentic systems
News Evaluating the risks of dynamic, evolving AI networks is slow work for cybersecurity analysts
-
Cyber defenders need to remember their adversaries are human, says Trellix research head
There's a growing overlap between nation-state actors and cybercriminals, but these attackers are real people who make mistakes
-
RSAC Conference day two: A focus on what attackers are doing
From quantum to AI, experts discussed how new and experimental technologies could be used by hackers to access and decrypt sensitive data
-
RSAC Conference Day One: Vibe Is 'All In' on AI for Security
News Artificial intelligence took center stage as RSAC Conference looks at how the discussion has moved from generative AI to agentic AI
-
RSAC Conference 2025 live: All the latest from day three
Live blog ITPro is covering RSAC Conference 2025 live – find out all the day-three news right here
-
Cisco takes aim at AI security at RSAC with ServiceNow partnership
News The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
-
What to look out for at RSAC Conference 2025
Analysis Convincing attendees that AI can revolutionize security will be the first point of order at next week’s RSA Conference – but traditional threats will be a constant undercurrent
-
'You need your own bots' to wage war against rogue AI, warns Varonis VP
News Infosec pros are urged to get serious about data access control and automation to thwart AI breaches