What to look out for at RSAC Conference 2025

RSA Conference 2025 is just days away from kicking off, with attendees from around the world gathering to share information on cybersecurity trends, the latest attack methodologies, and collaborative efforts to protect organizations from hackers.

ITPro will be covering the four-day event, including live blogs from all three keynotes and detailed reports on expert-led panels.

As we count down the days to the conference itself, here are my top three predictions for notable topics at RSA Conference 2025.

AI agents take the spotlight

AI inevitably dominates the talking points at tech events these days, with every major vendor invested in the technology to some extent. While AI is being used for productivity gains by companies such as Microsoft, cybersecurity may be the area where it can deliver on its potential the most.

Automated threat responses have long been a cybersecurity mainstay, and generative AI and advanced machine learning models have turned this up a notch. In particular, AI agents can help cybersecurity workers automate tasks and continuously monitor enterprise networks for potential threats.

AI agents are sure to come up throughout RSAC Conference 2025, but the key session to watch out for here is ‘Security in the Age of Agentic AI’ led by Vasu Jakkal, Corporate Vice President, Microsoft Security.

Security AI agents can benefit greatly from access to detailed, real-time threat data, typically available via proper integration within one’s public cloud environment. Microsoft is already making good use of this with agents across its platforms, including Sentinel, Entra, and Intune, working to track endpoint and identity threats and prevent them from escalating.

Though there are many potential benefits of AI for security teams, recent research suggests that analysts aren’t as optimistic about it as executives. More detail on the use cases of AI agents for security teams, particularly features that can be purchased today, rather than anything theoretical, could help sway more cynical attendees.

AI regulation, risks, benefits

Despite regular AI Safety summits since the first in 2023, there’s still a great deal of regulatory uncertainty around AI, and this is holding some firms back.

Legislation such as the EU AI Act takes a ‘risk-based approach’ to AI models, with the security and trustworthiness of specific AI models central to the region’s approach to AI adoption.

This will be covered in detail in the day two keynote session ‘AI Safety: Where Do We Go From Here?’, in which experts from the UK AI Security Institute, Nvidia, Google DeepMind, and Microsoft will discuss how businesses can approach AI safety.

While the experts may well focus on tangible issues such as AI hallucinations, I’ll also be looking for broader guidance on responsible AI adoption and how AI model deployment can be done in a secure manner.

How to keep AI systems safe from would-be attackers is also likely to feature on the agenda and could prove valuable for leaders looking to reassure their security teams that AI adoption in 2025 can be done without compromising safety.

I’ll be listening closely to the views expressed by Jade Leung, CTO at the UK AI Security Institute. The government organization, which rebranded in February to shift its focus from the concept of AI safety to the most serious risks associated with AI, is now focused on tangible threats such as AI-powered cyber attacks rather than AI bias or ethical AI.

Of course, even in a system with perfect laws on AI, attackers will still try to circumvent the technology or harness it for their own aims. To find out how the technology is being used for both good and bad, we can turn to the day three keynote session, ‘Cybersecurity Year-in-Review and The Future Ahead’.

Here, audiences are set to hear from Kevin Mandia, general partner at Ballistic Ventures and former CEO and founder at Mandiant. He’ll be joined by cybersecurity author and former cyber reporter Nicole Perlroth to discuss the overall cybersecurity landscape.

We can expect some harsh truths here and a likely focus on the need for resilient AI adoption to stay ahead of the latest attack types.

In February, Mandiant appeared on the ITPro Podcast, Mandia was clear that defense teams still have the advantage when it comes to using AI, rather than hackers using it for malicious purposes. That said, this is a changing field, and Mandia said hackers will continue to innovate.

“If you create a web application, you can make an assumption there's going to be an artificial intelligence coming at your web app just looking for any way to exploit it, which just means you're going to have to have some kind of automated way to secure it,” Mandia said.

In his keynote conversation, we’re also sure to hear some specific examples of attacks that took place throughout 2024 and get more detail on where Mandia thinks AI cybersecurity is headed.

Novel threats and a call for collaboration

Though AI for security will be front and center at RSAC Conference 2025, it can’t be the only topic of discussion.

On a daily basis, cybersecurity teams are still plagued by rising ransomware attacks, novel threats such as malware-free attacks, which have been adopted by most threat actors, and pre-positioning attacks. While for-profit threat groups take advantage of these methods and more to compromise businesses, state-sponsored cyber attacks also continue to bite.

Against this fearsome backdrop, speakers throughout RSAC Conference 2025 will call for everyone in the industry to keep working hard and make improvements where necessary We’ll hear where organizations are making the most mistakes, what CISOs and others can do to better shore up their defenses, and to show the immense efforts of security professionals behind the scenes to stop attacks before they ever reach businesses.

We’re also likely to hear more calls for collaboration, similar to a recent plea by the former director of GCHQ. Events like RSAC Conference 2025 are a rare opportunity to bring some of the best minds in cybersecurity together to share information with peers and business leaders that can collectively improve the global cybersecurity landscape.

From the first moment of the event, attendees will be shown the best and worst of the tech world, from the defenders keeping the lights on and customer data safe to the hackers looking to steal, extort, and destroy around the clock. The technologies and techniques we take away from RSAC Conference 2025 will paint a clear picture for the coming year of cybersecurity.

ITPro's Rory Bathgate will be providing live coverage of the RSAC Conference throughout the event. Keep tabs on all the latest news, updates, and announcements via our live blog.