Next week will take place the RSA Conference, from April 28 until May 1, 2025. And hundreds of vendors will flood the Moscone Center in San Francisco.
To help you get ahead of this event, I’ve sifted through the noise to give you a clear, honest peek at what matters most.
So let’s break it down. No fluff—just the key takeaways that could impact your cybersecurity posture today.
1. Cloud and AI Are the Battlefield
Aryon Security popped out of stealth with a Cloud Security Enforcement Platform. Think of it as a guardrail system for your cloud infrastructure—preventing misconfigurations before they ever make it to production. If you’re worried about human error (who isn’t?), this is one to watch.
ZEST Security is taking cloud risk management to another level with a Multi-Agent AI System. It uses multiple AI agents working together to find the best fix, not just any fix. And the best part? It’s AI-agnostic—meaning it can work with your Claude, ChatGPT, Gemini, or whoever else you’ve got in your stack.
Orca Security is also making moves, launching agentless static reachability analysis to help pinpoint which vulnerabilities actually matter in your live environment. That’s a game-changer if you’re drowning in alerts and need to prioritize fast.
2. LLMs: Powerful, but Risky
Let’s talk about the elephant in every IT room—AI-generated code.
Backslash Security did the research, and here’s the shocker: GPT-4o (yes, that GPT) had the worst performance when it came to generating secure code. Their new Model Context Protocol and IDE extensions are built to reduce those risks in real time.
Prompt Security isn’t pulling any punches either—they’ve launched a Vulnerable Code Scanner for AI-generated code. It plugs right into tools like ChatGPT and GitHub Copilot, flags insecure suggestions as they happen, and gives you ways to fix them.
Zenity also deserves a mention—they’re integrating with the ChatGPT Enterprise Compliance API to give businesses better control over how AI agents are used inside your walls.
3. Identity Is the New Perimeter
CrowdStrike’s Falcon Privileged Access stood out to me. It’s now protecting identities across hybrid environments, using behavioral analysis and real-time intelligence to detect abuse and revoke access instantly. This is big if you’ve ever dealt with a compromised admin account (or fear the day you will).
Rubrik is also hitting this hard with Identity Resilience, which monitors identity changes continuously and cuts off the most common attack vectors before they become breaches.
4. Deepfake Defense Is Here
If you haven’t started planning for deepfake threats, now’s the time. Several vendors are jumping in:
- IRONSCALES is adding deepfake detection to email protection.
- Netarx uses a tool called Flurp (yes, really) to warn users in real-time about fake voice/video content.
- X-PHY launched a real-time deepfake detector that works entirely offline, even on laptops. No cloud dependency—just plug and play.
This feels like the start of something big. As deepfakes become more convincing, I think this is a layer of protection we’ll all need sooner than we think.
5. Compliance and Governance—Simplified
Swimlane’s Compliance Audit Readiness solution really caught my eye. It automates mapping to frameworks and collects audit evidence—perfect for SMBs who don’t have an army of compliance folks.
LogicGate added automated control gap analysis to its GRC platform, making it way easier to figure out what’s missing and how to fix it. I love anything that simplifies governance without requiring five new tools.
6. Real Threat Intel, Right Now
PwC dropped a sobering report: 2024 was the most active year on record for cyberattacks—ransomware, phishing, nation-state actors, you name it. Vulnerabilities jumped 31% year over year. And RaaS (ransomware-as-a-service) groups? Doubled.
The takeaway? We can’t wait for perfect. We need real-time visibility, automated response, and resilient identity systems—yesterday.
What This Means for You
If you’re leading cybersecurity at an SMB or enterprise, here’s the short version:
- Prioritize identity-first security – The perimeter is porous. Identities are the real attack surface.
- Scrutinize your AI tools – Most enterprise AI use isn’t safe yet. Choose vendors who help you govern and secure it.
- Don’t ignore deepfakes – The tools are out there now. Start experimenting.
- Automate what you can – From compliance to remediation, automation is your new best friend.
- Cloud security needs to be proactive – Preventing misconfigurations and closing the SaaS blind spots should be at the top of your list.
I’ll be following RSA closely and sharing more as it unfolds. If you’re heading to the event or watching from the sidelines, keep your eyes peeled for demos and real-world case studies. Tech is cool—but practical application is what makes it worth investing in.
Leave a Reply