While over 20 suppliers have announced security agents based on AI, applications and platforms in RSAC 2025The most insightful news from the conference is a rare, encouraging trend for security leaders. For the first time in three years, the overall effectiveness of cyber safety has improved.
Venture Scale partners (SVP) Recently released 2025 Report from the perspective of cybersecurity, who shared that the average effectiveness of cyber security protection improved for the first time in three years, increasing this 12 months to 61% efficiency from 48% in 2023. According to the report “70% of security leaders were the most protected against general attacks, with only 28% of companies reporting rooted”.
SVP also stated that 77% CISO believes that the protection of AI/ML models and data pipelines is a priority to enhance security attitude until 2025, in comparison with 55% last 12 months. In particular, taking into account the influx of recent AI AI solutions, announced in RSAC, 75% of firms expressed interest in the use of artificial intelligence to automate SOC research using AI agents to discrepancies of huge amounts of security alerts to forestall security incidents.
The increase in the variety of SVP effectiveness is not accidental; They result from CISO and their teams taking large -scale automation, while effectively consolidating their platforms and reducing the gaps through which the attackers passed.
“If you do not have complete visibility, the attackers will pass cracks between the products,” said Etay Maor, senior director of the security strategy at Cato Networks, said Venturebeat during RSAC 2025. “We designed our platform to eliminate these dead points – combining safety and making contacts, so nothing escapes us.”
Agentic AI quickly goes beyond the minimal profitable product for the DNA platform
The Maor perspective explains why the latest definition of what minimum product is needed for AI in the field of cyber security. RSAC 2025 revealed how mature agent artificial intelligence becomes. There is a group of suppliers using Agentic AI as a code based on code to mix the bases of code and application, and then there are those that have been in it for years, and Agentic AI is the basis of the code and architecture base.
Cybernetic security suppliers in the latter group in which Agentic AI is the basis of their platform, and in many cases they double their research and development of expenditure on excellent in Agentic AI. It includes Sase Networks Cato Networks cloud platformIN Defense of Cisco AIArchitecture of a single Crowdstrike agent, Sokol, Darktrace’s Cyber Ai LoopIN Elastic’s Elastic AssistantIN Microsoft’s Security Copilot and Defender XDR Suite, Kora Xsiam Palo Alto NetworksIN Sentinelone peculiarities platform AND Vectra AI revealing platform.
Organizations that rely on an integrated detection based on AI with automated limitation reduce the time of apartments 40%. They are too almost twice as probable in order to neutralize interference based on phishing before side movement. Sellers in the show hall often relied on the scenarios of identity and access management to indicate how their agent flows of AI work may help reduce loads for security operations analysts (SOC).
“Identity will be a key element of artificial intelligence throughout the whole life cycle. AI agents will need identity. They will have to understand zero trust and how to verify them? He has already clearly managed access to the least privileged,” noted the corporate vice chairman Microsoft for safety, Vas Jakkal, during the keyboard. As he briefly put it, “AI must start with security. It is very important to develop our safety mechanisms as soon as we evolve AI.”
The common topic of every agency demo AI on the show floor was triangulating data on the attack, quickly gaining insight into the type of using Tradecraft, and then defining real -time stop strategy.
Crowdstrike showed how Agentic AI can rotate from detection to real -time actions by investigating a threat to North Korea to position distant employees in technology firms in the United States and around the world. The demo lived through the tradition The famous Chollima of the KRLM When he impersonated the distant employment of Devops, he slipped after HR controls and used legal tools, including RMM software and vs code, to purchase the data quietly. It was a sharp reminder that although powerful, Agentic AI is still based on a man in a loop to see adaptive threats and models of refinement before the signal will disappear in noise.
Gen AI goal: Discovering Tradecraft and killing it
These are attacks that no one, company or nation can see, which are the most destructive and difficult to stop and overcome. The considered such destructive threats that they may easily close the power grid, payment, banking or supply chain system dominates in the minds of many of the most talented and most progressive technologies in the field of cyber security.
The director of the Cisco product, Jettu Patel, emphasized the urgency of strengthening cyber security with artificial intelligence, due to which threats lurking that might be destroying after starting, could now be found and neutralized. “AI basically changes everything, and cyber security is at the root. We are no longer dealing with threats on a scale of people; these attacks occur on a machine scale,” said the pan during his speech.
The pan emphasized that AI -based models are not deterministic: “They don’t give you the same answer every time, introducing an unprecedented risk.”
Ciso must understand today’s complex risk and threats
“This is not another AI conversation, I promise,” joked Crowdstrike General, George Kurtz, opening my key to RSAC 2025. “I was asked to pass, and I said:” Or perhaps we are talking about something that actually matters, for example, getting a yew at the table behind the board? ” This punch line provided two things at the same time: comical relief and sharp turn to determining the problem of leadership in the field of cyber security in 2025.
In his speech, Kurtz released a clear phoneIon: “Cybersecurity is no longer a suggestion of compliance. It is a management mandate. The SEC provisions have significantly changed the Ciso’s career arch.” Advice not only evolves; They are forced to reckon with cyber risk as the important business threat.
Kurtz supported his argument with hard numbers: 72% of boards claim that he is actively looking for specialist knowledge in the field of cyber security, but only 29% is. “It’s not just a talent gap,” said Kurtz. “This is an opportunity if you are ready to speed up,” the audience encouraged.
His road map for Ciso to achieve the conference room was tactical and practical:
- Align the liquidity of your small business. “Understand where the business value is created. If you can’t speak a margin, ARR or legal risk, you won’t be long at the table long.”
- Speak in the language of the board. “Each conference room has three priorities: time, money and legal risk. If you can’t postpone cyber criminals, you’ll stay on your side.”
- Build your brand outside the safety bubble. “Members of the board are on many boards. They return to trust and reputation, not just technical perfection.”
Kurtz traced the path from the regulatory reform to an impact on the conference room, visiting the way Sarbanes-oxley transformed CFO into solid colleagues in 2002. He argued that the SEC violation mandate in 2024 appears to be the same for Ciso. “Threats drive regulations and the regulations drive the composition of the board,” he said. “This is our moment.”
His advice was not abstract. He called Ciso to check substitute statements, discover needs at the Committee level and a strategic network with members of the board who “always want to play roles.” He pointed to Crowdstrike Ciso Adam Zoller, currently on the board of Adventhealth, as a model. Zoller, as Kurtz says, is someone who has gained a place, remaining in the room, learning how the board acted and perceived as a security expert.
Kurtz ended the challenge: “I hope I will come back in ten years, still with red hair and see Ciso at 50% of the boards, just like CFO. The conference room is not waiting for permission. The only question is: is this you?”
“AI is not magic – mathematics”
Diana Kelley, Cto Protect youHe drew one of the most significant early crowds on RSAc 2025 with a blunt message: “AI is not magic – it’s mathematics. And as we secure the software, we must rigorously secure the life cycle of AI.” Its speech was a sound background that the AI Hype gene cut, which surprises a real risk for AI models, before which each organization must defend against starting any work on its models. Kelly provided an in -depth insight into the model’s intoxication, quick injections and hallucinations, calling for a full stack of the AI safety approach.
She introduced OWASP TOP 10 for the AI gene, emphasizing the must secure AI from scratch, cooperation with early, aggressively and treats monitors, results and chains of agents as privileged surfaces of the attack.
Palo Alto Networks was announced Is going to amass artificial intelligence On the same day as Kelley’s presentation, one other driving factor So many conversations about her important speech.
RSAC 2025 shows why it is time for agent artificial intelligence to supply results
RSAC 2025 explained one thing: AI agents are introducing safety of security, but the boards want proof that they work. In the case of CISO, under the pressure of the justification of expenses and reduction of risk, the progressive noise was focused on the operational influence. Real winnings, including 40% lower apartments and phishing resistance, reaching 70%, got here from the consolidation of the platform and the automation of segregation of warnings, which are proven technologies and techniques. The moment of Agentic AI truth is here, especially for suppliers entering the market.
