SAN FRANCISCO — RSAC 2025 this week promises a packed agenda, with agentic AI, identity access management, application security, and data protection set to dominate the conversation.
True to conference’s theme this year, “
Many Voices. One Community,” RSAC brings together a wide range of diverse experts from cryptographers, AI researchers, policymakers, and business leaders united to act collaboratively against digital threats.
According to
RSAC's Trends Report, more than 40% of the 2,800-plus session submissions for this week's conference focused on AI-related topics. The emergence of autonomous
"agentic AI" systems was a major trend. For the record, of those 2,800 submissions, RSAC lists 651 sessions that made the cut and will fill out a jam-packed week of dozens of keynotes, hundreds of sessions, learning labs and
competitions.
(For Complete Live RSAC 2025 Coverage by SC Media Visit SCWorld.com/RSAC)Sunil Yu, CTO and co-founder of Knostic, said RSAC 2025 will spotlight how cybersecurity is moving beyond AI-enhanced tools to fully autonomous decision-making systems. Sharing his views on the SC Media podcast "
AI at RSAC: The Innovations That Will Shape Cybersecurity’s Future," Yu frames this shift through the
OODA Loop model — Observe, Orient, Decide, Act. He argues that agentic AI is now taking on tasks once reserved for human analysts, including interpreting data and making security decisions.
Yu explains that AI's evolution mirrors the OODA Loop phases: machines can now observe by sensing their environment, orient by analyzing and contextualizing data, decide by selecting the best course of action, and act by implementing a response — without constant human oversight. This raises a pivotal question at RSAC 2025: How much decision-making authority should we delegate to
autonomous agents, and how do we govern these new capabilities?
"We're now seeing the machines do not just the sensing and acting, but also the sense-making," Yu said. "The critical question for us at RSAC this year is about decision-making — are we ready to trust AI to autonomously make security decisions?"
This deeper
integration of agentic AI into cybersecurity is expected to be a major flashpoint throughout the conference. The RSAC show floor will be bustling with vendors showcasing new products that push the boundaries of machine autonomy. Early stage companies and major players alike are showcasing AI-driven platforms for autonomous incident response, machine identity management, and AI-native threat detection.
Tools like AI SOCs (Security Operations Centers), dynamic decision engines for cloud defense, and self-healing applications are beginning to blur the line between human and machine authority. Panels such as "
AI Safety: Where Do We Go From Here" and sessions like "
Security in the Age of Agentic AI" promise to grapple with how to build trust in these autonomous systems, define ethical guardrails, and create governance models to keep pace with rapid innovation.
Identity is the new firewall
Another major storyline is the heightened focus on identity and access management (IAM). Organizations are faced with the growing challenge of verifying and managing both human users and a growing wave of non-human, machine-driven identities fueled by AI.
"Identity is no longer just a security concern — it's a frontline target and critical business priority," said Dave Mahdi, CIO at Transmit Security. He and other experts point to the urgent need for stronger strategies to manage the growing number of machine identities now permeating enterprise systems.
See Also: Identity and Access Management to steal the spotlight at RSAC 2025Answering the identity call are a wave of new products launching this week. LastPass is introducing "Secure Access Experiences" to simplify identity management for small- and mid-sized businesses. CryptoLab debuts "Encrypted Facial Recognition," using homomorphic encryption to defend against quantum threats. X-PHY rolls out a "Deepfake Detector" designed to verify content authenticity at the device level.
Big, little and no government
At RSAC the impact of the
Trump administration’s disruption to U.S. cybersecurity efforts will cast a shadow over discussions.
The firing of top NSA and Cyber Command leaders, cuts to
critical programs like CVE, and the sidelining of federal cyber experts have raised serious concerns about America's cyber resilience. Notably, NSA Cybersecurity Division Director Dave Luber and Cyber Command Executive Director Morgan Adamski were withdrawn from their scheduled RSAC speaking engagements at the conference, a move that underscores the broader uncertainty surrounding federal cyber leadership.
Former officials like Chris Krebs and Jen Easterly — two former heads of the U.S. Cybersecurity and Infrastructure Security Agency — who are scheduled to headline sessions here at RSAC
have expressed past opinions that contrast sharply with the current administration's approach. Expect urgent debates on whether U.S. cyber defenses can withstand internal political upheaval.
Discussions around regulation highlight a major tension: how to balance innovation with oversight in an AI-driven world.
Advocates of government regulation point to a growing patchwork of AI mandates across the United States and internationally. Sessions such as "
The Future of Tech Policy: Balancing Innovation, Security, and Regulation" promise to outline federal efforts — including
Biden’s Executive Order 14110 and the
EU AI Act — pushing for cybersecurity to be baked into AI development, testing, and monitoring.
Those favoring less government argue that heavy-handed oversight could stifle innovation. Speakers will call for agile, business-aligned governance models that can evolve with AI’s rapid development. Meanwhile, proponents of self regulation
are here at RSAC pushing for cross-industry standards, such as
the NIST AI Risk Management Framework, to manage AI risks without waiting for legislation.
Also looming large is the evolving legal backdrop shaped by the Supreme Court's recent
Loper Bright decision, which ended "Chevron deference" — a rule that allowed federal agencies to interpret ambiguous laws. Now, courts must independently decide what the law means, making it harder for regulators to stretch their authority. The session "
How to Navigate Cybersecurity Regulations in a Post-Chevron World" feature general counsels from both industry and government to discuss the legal challenges and policies.
Facing quantum risk before it's too late
Even as practical quantum computing remains years away, RSAC 2025 left no doubt that
preparation must start now. Sessions like "
Crypto-Agility" emphasized the urgent need to build flexible cryptographic systems that can quickly adapt
when quantum threats materialize.Another session titled "
Fast-Track Your Path to Post-Quantum Cryptography" offers strategies to inventory cryptographic assets, test quantum-resistant algorithms, and prepare for migrations. Meanwhile, "
That’s Not My Signature!" explored fail-stop digital signatures designed to detect forgeries even if traditional cryptographic systems break.
The message:
quantum security planning isn’t optional — it’s the new baseline for long-term cyber resilience.
Noted keynoters
The keynote lineup reflects the widening scope of cybersecurity today. Thought leaders like Craigslist founder Craig Newmark, UK AI Security Institute CTO Jade Leung, Special Assistant to the President Alexei Bulazel, CrowdStrike CEO George Kurtz, and cybersecurity technologist
Bruce Schneier will deliver talks ranging from AI ethics to national cyber resilience.
Beyond the technical sessions, voices from arts, sports, and philanthropy — including former Los Angeles Lakers player and businessman Earvin "Magic" Johnson, actor Jamie Foxx, and director Ron Howard — are expected to bring broader human perspectives.
If RSAC 2025 proves anything, it may be that while cybersecurity acronyms may get harder to decipher, the stakes behind them have never been clearer.
For Complete Live RSAC 2025 Coverage by SC Media Visit SCWorld.com/RSAC
