RSAC, the San Francisco tech conference that brings together cybersecurity professionals from around the world, is a time for the industry to reflect on what works and to look toward what’s coming next.
Hugh Thompson, RSAC executive chairman and conference program committee chair, said in his keynote address on Apr. 28 that the event was coming at a moment of major upheaval and opportunity in the cybersecurity space.
“So much is changing—the way that attackers operate is changing dramatically, the pervasive use of AI, the rapid adoption of AI, the security implications of that, massive changes to what we do and how we might do it,” Thompson said.
When IT Brew was on the ground at RSAC, the two things we heard most about were agentic AI and security education. Here’s what experts told us.
Secret agent. Agentic AI, AI that acts autonomously as an “agent” interfacing with users and takes on limited decision making, was a hot topic at the conference. As the tech accelerates and more organizations adopt it for various use cases, the threat surface expands too.
“We need to be aware that threat actors have access to agentic AI as well, and that’s something that’s going to be quite a game changer for them,” RSA Security CEO Rohit Ghai told IT Brew.
Agentic AI also introduces issues around data governance, CrowdStrike Field CTO Cristian Rodriguez said. The models are based on retrieval augmented generation systems that fetch and deploy data in interactions with users, meaning that you need to make sure the information is correct.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“Even when it comes to what we capture on the platform, the endpoint is the source of truth—you’re not manipulating that data,” Rodriguez said.
Learning time. Education in security was another hot topic. It’s not enough just to solve the problem—at this year’s RSAC, vendors and experts alike were talking about how they could provide users the ability to solve the problems at home before going out for help.
That’s what Debbie Gordon, CEO of Cloud Range, is aiming to provide, she told IT Brew. Her service, a pentest simulation, helps users to figure out what it might look like when they’re under attack.
“They’ll want to go back and explore, when they know what was going on, and do a little investigating,” Gordon said.
Ghai agreed, telling IT Brew that education is part of the equation and something that requires investing time and energy. Cybersecurity can’t just be a question of making sure that the problem is solved in the moment, it’s a longer term fix, he said.
“Educating the human in the equation is so important,” Ghai said. “The realization has risen to that, and as such, there is a lot more investment.”