The RSA Conference (RSAC) 2025 in San Francisco illuminated the rapid evolution of artificial intelligence (AI) in cybersecurity. As AI has gradually moved from Generative AI (gen AI) to copilots and now Agentic AI, it is reshaping how organizations approach cyber threat detection, response, and overall security management.
Let’s dive into the emerging themes and insights from the conference, focusing on the key topics that will shape the future of cybersecurity in the coming years.
Reach out to discuss this topic in depth.
AI agents in cybersecurity take lead
A significant shift was observed in AI’s role in cybersecurity during RSAC 2025. The latest discussions and announcements revealed that Agentic AI, which performs autonomous decision-making and action-taking, is now taking centre stage with bunch of announcements across different segments of cybersecurity.
For now, AI agents are primed to take over many tasks traditionally handled by Level 1 (L1) analysts in Security Operations Centers (SOCs). From detecting threats to triaging alerts and even responding to incidents, AI-led operations will emerge to be an integral part of enterprise security strategy.
While the potential for these AI agents is immense, trust remains a big leap for AI to conquer. Enterprises are cautiously adopting AI agents in semiautonomous mode, as the journey towards fully autonomous, trusted AI agents is still unfolding. Despite the promise of AI agents, there remains a long road ahead before they can fully replace human intervention in complex decision-making and nuanced contexts.
Role of identity for securing AI agents
With the rise of AI agents comes a new challenge, securing the identities of these non-human entities. As AI becomes increasingly integrated into the security stack, identity management for AI agents has become a crucial area of focus. Providers are exploring various approaches to safeguard AI agents, such as secure authentication, fine-grained access control, and credential management.
Additionally, zero-trust principles are being applied to govern AI agents as privileged autonomous identities. However, no single solution has emerged as the definitive answer. Technology evolution and experimenting with different strategies to manage and secure AI agents, but it’s clear that this will remain a priority as AI systems take on more critical roles.
Doing more with less: The impact of geopolitics and cost-saving measures
Geopolitics and the impact of tariffs on industries was another hot discussion topic. Further, this has impacted enterprise decision making, which remains slow and cost saving measures are again emerging as topmost priority. Many enterprises are facing increased pressure to reduce costs while maintaining security effectiveness. In response, cost-saving measures have become a top priority, with companies targeting a 10-20% year-over-year reduction in cybersecurity spend.
As businesses continue to scale and adopt more advanced technologies, they are being forced to rethink their cybersecurity strategies to get more value from their investments. The need to balance robust security with cost efficiency is driving the adoption of automation and AI-driven solutions.
Services firms scaling cybersecurity portfolios
Cybersecurity services continue to be a big bold growth bet for providers. Companies with a legacy in Business Process Outsourcing (BPO), engineering, and vertical-focused system integrations are investing heavily in expanding their cybersecurity portfolios to better sell their niche services and scale into adjacent areas. These service providers are ramping up leadership hiring, deepening their partnerships with technology providers, and aggressively marketing their cybersecurity services to capture a growing share of the market.
As the cybersecurity landscape becomes more complex and the demand for specialized services increases, enterprises are increasingly relying on service providers with a robust cybersecurity capabilities to navigate the AI-era of technology transformation. The competition for market share in this space is fierce, with players focusing on both horizontal depth and vertical integration to meet the diverse needs of their customers.
The need for Systems of Actions (SoA)
As enterprises scale AI agents across different functions in cybersecurity, to succeed in the AI-era, they will require Systems of Actions, an integrated platform layer that autonomously orchestrates decisions and executes actions across multiple enterprise systems in real time.
Unlike traditional Systems of Record (SoR), which store and manage data, or Systems of Engagement (SoE), which enable interactions with users, SoAs proactively translate insights into tangible automated outcomes.
In the cyber world, security operations for decades have been plagued by challenges such as the evolving nature of threats, talent shortage, high alert volume, alert fatigue, etc. The existing System of Record and System of Engagements have always required a Security Operations Center (SOC) analyst to assist. We see SoAs solving these inherent challenges.
Current security operations system types
| System type | Examples | Role in cyber threat detection & response | Limitations | How SoA overcomes limitations |
| Systems of Record | SIEMs (Splunk, QRadar), CMDBs, threat intel feeds | Store logs, alerts, and threat indicators | Act as static repositories; high latency; require human interpretation | Convert passive data into active decisions and automated workflows |
| Systems of Engagement | Analyst consoles, SOAR dashboards, incident tickets | Enable investigation and collaboration | Reactive; require manual execution; limited interoperability | Orchestrate responses across systems in real time using AI-driven logic |
There are many potential benefits and up sights arising out of SOAs in cyber threat detection and response
- Autonomous threat detection and response
Traditional security operations, reliant on Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) are often constrained by slow incident response times and high analyst involvement. These tools primarily focus on monitoring and analysing data, leaving the final response to be executed by human analysts. SoAs, in contrast, eliminates manual triage by autonomously executing response actions. For example, once a threat is detected, an SoA system could automatically block malicious traffic, isolate compromised endpoints, or trigger further investigation without waiting for human review. This automation drastically reduces Mean Time to Respond (MTTR), enabling organizations to neutralize threats within seconds rather than hours.
- Dynamic, context-aware workflows
One of the most powerful aspects of SoAs is their ability to create dynamic workflows that adapt to the severity of the threat and the broader business context. Traditional systems follow static, predefined playbooks, which often fail to adjust to the evolving nature of cyberattacks. SoA-enabled workflows, however, are context-aware, meaning that the system can tailor its response based on a range of factors, including the criticality of the affected assets, the type of threat, and the ongoing business activities. This adaptability not only increases the accuracy of responses but also improves operational efficiency by eliminating unnecessary steps or false positives.
- AI-Powered orchestration and triaging
At the heart of SoAs is the integration of artificial intelligence (AI) for continuous threat monitoring, risk scoring, and autonomous decision-making. AI models ingest security telemetry, analyse it for anomalies, and trigger responses according to predefined risk models. This AI-driven orchestration goes beyond rule-based systems by enabling the platform to continuously learn from the environment and adapt to new threat tactics. By embedding AI into the orchestration layer, SoAs can predict and counter sophisticated, evolving attack strategies in real-time, thus enhancing the security posture of an organization.
d) Shifting analyst roles: Governance and oversight
While SoAs promise a high degree of automation, human oversight remains crucial. Analysts no longer have to handle routine tasks like triaging alerts or deciding on initial response actions. Instead, their role shifts to overseeing the AI models, refining workflows, and managing exceptions. This reduces burnout among SOC analyst and ensures that experts can focus on more strategic tasks like threat hunting, forensics, and improving the overall security framework.
In the context of cybersecurity, SoAs would enable organizations to orchestrate decisions and actions across multiple enterprise systems autonomously. This is crucial as the volume of data and the speed of cyber threats continues to increase. By embracing SoAs, enterprises can ensure that AI agents are not just collecting and analyzing data but also taking immediate actions based on insights, thus enhancing security outcomes.
As organizations continue to scale their use of AI agents across cybersecurity functions, the need for a comprehensive SoA platform will only grow further. These systems will allow businesses to keep pace with the evolving threat landscape and stay ahead of emerging risks.
The future of cybersecurity in the age of AI
RSAC 2025 showcased a thrilling glimpse into the future of cybersecurity, driven by the rapid adoption of Agentic AI, a rethinking of identity management, and the evolution of security operations to include autonomous systems.
It’s clear that AI will continue to shape the direction of cybersecurity, offering both tremendous potential and significant challenges.
Stay tuned for more insights as we continue to monitor the progress of AI in cybersecurity and explore how these innovations can be applied to real-world security operations. The journey has only just begun.
If you found this blog interesting, check out our RSAC 2025: A Global Convergence Of Cybersecurity Innovation And Community | Blog – Everest Group, which delves deeper into another topic regarding RSAC 2025.
To continue this discussion or for further questions regarding our takeaways from RSAC 2025 or anything related to AI and cybersecurity, please reach out to Kumar Avijit ([email protected]) and Prabhjyot Kaur ([email protected]).
