While over 20 providers of Agentic AI-based security officers, apps and platforms have been announced RSAC 2025The most insightful message from the conference is a rare, encouraging trend for security leaders. The effectiveness of cyber security has improved for the primary time in three years.
Skala enterprise partners (SVP) Recently published the published 2025 Cybersecurity Perspectives Report, This announced that the typical effectiveness of cyber security protection improved for the primary time in three years and this 12 months rose from 48% in 2023 to 61% of effectiveness. “70% of the safety managers were most protected against general phishing attacks, whereby only 28% of the businesses reported compromise.”
SVP also found that 77% of the CISOS imagine that the protection of KI/ml models and data pipelines has a priority to enhance their security posture by 2025, in comparison with 55% within the previous 12 months. In view of the influx of recent agents -KI solutions announced at RSAC, 75% of the businesses were involved in using AI to automate SOC examinations that use AI agents to trieline large amounts of security warnings to forestall safety incidents.
The increase in SVP's effectiveness figures will not be accidental. They end in CISOS and their teams that take automation on a scale while successfully consolidating their platforms and enforcing the attackers previously.
“If you might have no complete visibility, the attackers will undergo the cracks between products,” Etay Maor, Senior Director of Security Strategy at Cato Networks, told Venturebeat during RSAC 2025.
The agents -KI quickly moves beyond minimally viable product on platform -dna
Maor's perspective explains why a brand new definition of what a minimally viable product is required for Agent -KI in cyber security. RSAC 2025 revealed how mature agents turn into AI. There is a bunch of providers who use agent AI as a code-based adhesive to mix code base and apps, after which there have been for years, and the Agentic Ai is the core for its code base and architecture.
Cybersecurity providers on this latter group, wherein the Agentic AI is the core of their platform and in lots of cases proceed to double their F&E e-expenses for excelling at Agentic AI. This closes Cato Networks Sasue Cloud platformPresent Cisco ai defenseCrowdstrikes Falcon Single Agent Architecture, Darkrace's cyber ai loopPresent Elastic's Elastic ai AssistantPresent Microsoft Security Copilot and Defender XDR Suite, Palo Alto Networks' Cortex XsiamPresent Sentinelones Singularity platform And The discovery platform of Vectra Ai.
Organizations that depend on integrated AI-controlled detection with automated containment 40%. You are too Almost twice as likely For the neutralization of phishing-based intrusions before the lateral movement. The providers of the show floor continuously based on scenarios for identity and access management in an effort to show how their agents -KI workflows can contribute to trimming the workloads for analysts of security operation (SoC).
“Identity will likely be a critical element of AI throughout its life cycle. AI agents will need identities. You have to grasp Zero Trust and the way can we confirm you? Explicitly manage you,” remarked Microsoft's Corporate Vice President for Security, Vasu Jakalkal, during your keynote. How Jakkal expressed concise:
A typical topic of each agent -KI demo on the exhibition floor was to triangulate attack data, quickly gain insights into the shape of trade art used after which define a containment strategy in real time.
Crowdstrike showed how the Agentic KI can swirl from recognition to real-time measures by a live investigation by a North Korean threat campaign to put Remote DevOps settings into strategic technology corporations within the USA and all around the world. The live demo followed the trade of trade of the DPRKS famous Chollima When it was a distant Devops setting, HR checks and leveraged legitimate tools, including RMM software and VS code, slipped to peel down data quietly. It was a pointy memory that the agent AI still depend on an individual within the loop to acknowledge adaptive threats and fine-off models before the signal is lost within the noise.
The gene-Ai
It is the attacks that nobody, company or nation come which are most devastating and most difficult to contain and overcome. The idea of threats which are so devastating that you could possibly easily complete an influence grid, a payment, banking business or a supply chain system dominates the heads of lots of the smartest and most modern technologies in cybersecurity.
Jeetu Patel from Cisco's Chief Product Officer emphasized the urgency of strengthening cyber security with AI, in order that devastating threats can now be found and neutralized. “AI fundamentally changes all the pieces and cyber security is the main focus. We are not any longer coping with threats on the human scale. These attacks occur on a mechanical scale,” said Patel during his keynote.
Patel emphasized that AI-controlled models will not be deterministic: “They don’t give them the identical answer that introduces unprecedented risks.”
CISOS must understand today's complex risks and threats
“This will not be one other AI talk, I promise that,” joked crowdstrike -CEO George Kurtz when he opened his keynote RSAC 2025. “I used to be asked to offer one and I said,” How about something that is very important to get CISOS a seat on the board table? “
Kurtz published a transparent call in his keynoteIon: “Cyber security is not any longer a proposal. It is a governance mandate. The SEC regulations have modified the sheet of the CISO profession significantly.” Boards will not be only developing; You are forced to expect the cyber risk as a primary business threat.
Kurtz supported his argument with hard numbers: 72% of the boards state that they actively search for cyber security expertise, but only 29% even have it. “It's not only a talent gap,” said Kurtz. “It is a possibility to enhance,” he encouraged the audience.
His roadmap for CISOS to achieve the meeting room was tactical and practical:
- Get up what you are promoting fluid. “Understand where business value is created. If you can’t speak a margin, ARR or a legal risk, you won't take long on the table.”
- Talk to the language of the board. “Each meeting room runs three priorities: time, money and legal risk. If you can’t translate cyber into it, you’ll remain marginally.”
- Build your brand outside the protection bubble. “Board members are in several committees. The path is thru trust and status, not only technical excellence.”
Kurtz followed the trail from the regulatory reform to the meeting room by visiting again how Sarbanes-Oxley converted CFOs into solid session room actors in 2002. He argued that the SEC violations of 2024 do the identical for CISOS. “Threats promote regulation and the composition of the regulation of the board,” he said. “This is our moment.”
His advice was not abstract. He asked CISOS to check proxy statements, discover needs on the committee level and to strategically network with board members who “at all times try to meet roles”. He pointed to Crowdstrike Ciso Adam Zoller, now within the Board of Adventhealth, as a model. Zoller, says Kurtz, is someone who deserves his seat by staying within the room how the board worked and was seen as a more security expert.
Kurtz concluded with a challenge: “I hope to still return with red hair in ten years and the way CFOS CISOS might be seen on 50% of the board. The meeting room will not be waiting for permission. The only query is: Do you would like it?”
“AI will not be a magic – it’s mathematics”
Diana Kelley, CTO of Protect themDrawed probably the most essential early crowds at RSAC 2025 with a blunt message: “AI will not be magical – it’s math. And just as we now have to secure software, we now have to secure the AI life cycle rigoros.” Their keynote provided a solid background that examined Ai Hype and the actual risks for AI models, against which each and every organization has to defend itself, relies on the start of their models. Kelly provided detailed insights into model poisoning, quick injections and hallucinations and called for a whole approach to AI security.
She introduced the Owasp Top 10 for Gen AI and emphasized the necessity to secure AI from the day zero, to work early with CISOS, aggressively treat them with a threat model and input requests, expenses and agent chains as privileged attack areas.
Palo Alto Networks announced His intention to amass Ai Protect Ai On the identical day as Kelleys presentation, one other factor that drives So many conversations about your keynote.
RSAC 2025 shows why it’s time for the agent ski to deliver results
RSAC 2025 made it clear: KI agents enter security workflows, however the boards want them to work. For CISOS under pressure to justify expenses and reduce the chance, the main focus changes from the innovation hype to operational effects. The real victories, including 40% lower dwell time and phishing resilience of 70%, come from the platform consolidation and the automation of alarm triature, that are proven technologies and techniques. The moment of the reality of Agentic AI is here, especially for providers who only enter the market.
