RSAC 2025: Agentic AI steals the spotlight, but the real power flex is CISOs earning board seats
Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
While over 20 vendors announced agentic AI-based security agents, apps and platforms at RSAC 2025, the most insightful news from the conference is a rare, encouraging trend for security leaders. For the first time in three years, overall cybersecurity effectiveness has improved.
Scale Venture Partners (SVP) recently released the 2025 Cybersecurity Perspectives Report, which shared that the average effectiveness of cybersecurity protections improved for the first time in three years, increasing to 61% efficacy this year from 48% in 2023. According to the report, “70% of security leaders were most protected against general phishing attacks, with only 28% of firms reporting compromise.”
SVP also found that 77% of CISOs believe protecting AI/ML models and data pipelines is a priority to improve their security posture by 2025, up from 55% last year. Notably, given the influx of new agentic AI solutions announced at RSAC, 75% of firms expressed interest in leveraging AI to automate SOC investigations using AI agents to triage large volumes of security alerts to prevent security incidents.
SVP’s rise in efficacy numbers isn’t accidental; they result from CISOs and their teams adopting automation at scale while successfully consolidating their platforms and reducing gaps attackers had walked through in the past.
“If you don’t have complete visibility, the attackers are going to go through the cracks between products,” Etay Maor, senior director of security strategy at Cato Networks, told VentureBeat during RSAC 2025. “We designed our platform to eliminate those blind spots—bringing security and networking together so nothing escapes our eyes.”
Agentic AI is moving fast beyond minimum viable product to platform DNA
Maor’s perspective explains why a new definition of what a minimum viable product is needed for agentic AI in cybersecurity. RSAC 2025 revealed how mature agentic AI is becoming. There’s a group of vendors using agentic AI as a code-based adhesive to unify code bases and apps together, and then there are the ones who have been at this for years, and agentic AI is core to their code base and architecture.
Cybersecurity providers in this latter group, where agentic AI is core to their platform and, in many cases, continue to double-down their R&D spend on excelling at agentic AI. This includes Cato Networks’ SASE Cloud Platform, Cisco AI Defense, CrowdStrike’s Falcon single agent architecture, Darktrace’s Cyber AI Loop, Elastic’s Elastic AI Assistant, Microsoft’s Security Copilot and Defender XDR Suite, Palo Alto Networks’ Cortex XSIAM, SentinelOne’s Singularity Platform and Vectra AI’s Cognito Platform.
Organizations that are relying on integrated AI-driven detection with automated containment are reducing dwell times by over 40%. They’re also nearly twice as likely to neutralize phishing-based intrusions before lateral movement occurs. Vendors on the show floor often relied on identity and access management scenarios to showcase how their agentic AI workflows could help trim workloads for security operations center (SOC) analysts.
“Identity is going to be a critical element of AI throughout its life cycle. AI agents are going to need identities. They’re going to need to understand zero trust, and how do we verify them? Explicitly manage least privileged access,” noted Microsoft’s Corporate Vice President for Security, Vasu Jakkal, during her keynote. As Jakkal succinctly put it, “AI must first start with security. It’s critical that we evolve our security mechanisms as rapidly as we evolve AI.”
A common theme of every agentic AI demo across the show floor was triangulating attack data, quickly gaining insights into the form of tradecraft being used and then defining a containment strategy all in real time.
CrowdStrike showed how agentic AI can pivot from detection to real-time action through a live investigation of a North Korean threat campaign to place remote DevOps hires in strategic technology companies in the U.S. and around the world. The live demo followed the tradecraft of the DPRK’s Famous Chollima as it impersonated a remote DevOps hire, slipped past HR checks and leveraged legitimate tools, including RMM software and VS Code, to quietly exfiltrate data. It was a sharp reminder that, while powerful, agentic AI still relies on a human in the loop to spot adaptive threats and fine-tune models before the signal gets lost in the noise.
The gen AI goal: discovering nation-state tradecraft and killing it
It’s the attacks that no person, company, or nation sees coming that are the most devastating and challenging to contain and overcome. The thought of threats so devastating that they could easily shut down a power grid, payment, banking, or supply chain system dominates the minds of many of the brightest and most innovative technologies in cybersecurity.
Cisco’s Chief Product Officer Jeetu Patel emphasized the urgency of strengthening cybersecurity with AI so that threats lurking that may be devastating once triggered can be found now and neutralized. “AI is fundamentally changing everything, and cybersecurity is at the heart of it. We’re no longer dealing with human-scale threats; these attacks are occurring at machine scale,” Patel said during his keynote.
Patel emphasized that AI-driven models are not deterministic: “They won’t give you the same answer every single time, introducing unprecedented risks.”
CISOs need to understand today’s complex risks and threats
“This isn’t another AI talk, I promise,” CrowdStrike CEO George Kurtz joked as he opened his RSAC 2025 keynote. “I was asked to give one, and I said, ‘How about we talk about something that actually matters right now, like getting CISOs a seat at the board table?’” That punchline delivered two things at once: comic relief and a sharp pivot to the defining issue of cybersecurity leadership in 2025.
In his keynote, “The CISO’s Guide to Securing a Board Seat,” Kurtz issued a clear call to action: “Cybersecurity is no longer a compliance suggestion. It’s a governance mandate. The SEC regulations have materially changed the arc of the CISO’s career.” Boards aren’t just evolving; they’re being forced to reckon with cyber risk as a primary business threat.
Kurtz backed his argument with hard numbers: 72% of boards say they’re actively seeking cybersecurity expertise, but only 29% actually have it. “That’s not just a talent gap,” Kurtz said. “It’s an opportunity if you’re ready to step up,” he encouraged the audience.
His roadmap for CISOs to reach the boardroom was tactical and hands-on:
- Level up your business fluency. “Understand where business value is created. If you can’t speak margin, ARR, or legal risk, you won’t last long at the table.”
- Speak the board’s language. “Every boardroom runs on three priorities: time, money, and legal risk. If you can’t translate cyber into those, you’ll stay on the sidelines.”
- Build your brand outside the security bubble. “Board members are on multiple boards. The way in is through trust and reputation, not just technical excellence.”
Kurtz traced the path from regulatory reform to boardroom impact by revisiting how Sarbanes-Oxley in 2002 transformed CFOs into solid boardroom contributors. He argued that the SEC’s 2024 breach reporting mandate does the same for CISOs. “Threats drive regulation, and regulation drives board composition,” he said. “This is our moment.”
His advice wasn’t abstract. He urged CISOs to study proxy statements, identify committee-level needs and network strategically with board members who are “always looking to fill roles.” He pointed to CrowdStrike CISO Adam Zoller, now on the board of AdventHealth, as a model. Zoller, Kurtz says, is someone who earned his seat by staying in the room, learning how the board operated and being seen as more than a security expert.
Kurtz closed with a challenge: “I hope to come back in ten years, still with red hair, and see CISOs on 50% of boards, just like CFOs. The boardroom’s not waiting for permission. The only question is: will it be you?”
“AI isn’t magic—It’s math”
Diana Kelley, CTO of Protect AI, drew one of the most significant early crowds at RSAC 2025 with a blunt message: “AI isn’t magic—it’s math. And just as we secure software, we must rigorously secure the AI lifecycle.” Her keynote provided a sound background that sliced through gen AI hype, spotlighting the real risks to AI models that every organization needs to defend against before beginning any work on their models. Kelly provided in-depth insights into model poisoning, prompt injections and hallucinations, calling for a full-stack approach to AI security.
She introduced the OWASP Top 10 for gen AI, emphasizing the need to secure AI from day zero, partner with CISOs early, threat-model aggressively and treat prompts, outputs and agent chains as privileged attack surfaces.
Palo Alto Networks announced its intent to acquire Protect AI the same day as Kelley’s presentation, another factor driving so many conversations about her keynote.
RSAC 2025 shows why it’s time for agentic AI to deliver results
RSAC 2025 made one thing clear: AI agents are entering security workflows, but boards want proof they work. For CISOs under pressure to justify spending and reduce risk, the focus is shifting from innovation hype to operational impact. The real wins, including 40% lower dwell time and phishing resilience reaching 70%, came from platform consolidation and automating alert triage, which are all proven technologies and techniques. Agentic AI’s moment of truth is here, especially for vendors just entering the market.
