CyberRiskTV Live Coverage from RSAC 2025 Day 2

Adrian Sanabria, host of Enterprise Security Weekly podcast, and Doug White, host of Security Weekly News podcast, kick-off our Day 2 CyberRisk TV livestream from RSAC Conference 2025! Tune in for the hosts top picks of what to do and see on Tuesday at RSAC!

Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis’ new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities.

This segment is sponsored by Ready1, powered by Semperis. Visit https://securityweekly.com/ready1rsac to learn more about them!

Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet’s FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders.

Read the full report at https://securityweekly.com/fortinetrsac

In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI).

While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems.

Key Takeaways: - genAI creates unique security challenges: SaaS-based models limit patching control, while self-hosted LLMs require full replacement rather than traditional patching. - The pace of genAI innovation is outstripping security readiness, with data science teams often lacking secure development practices. - Familiar vulnerabilities like SQL injection and data leakage are resurfacing in genAI implementations due to rushed deployment. - Industry-wide, median time to resolve vulnerabilities has improved thanks to earlier security testing, executive buy-in, and a shift to programmatic pentesting. - Cobalt advises organizations to plan, validate, and test genAI systems thoroughly, adopt consultative pentesting, and partner with experts who understand AI-specific risks.

Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz

This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them!

At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io’s solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization’s entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control.

This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo!

The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges.

1. CERT Water Management Case Study: https://assets.ctfassets.net/zcd9ovevodsf/5Jwwt9aPexcyJQA6Yv11pb/4a8b736a9c3bbc776009325996ab372b/CywareCERT-WMCase_Study.pdf
2. Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog: https://www.cyware.com/blog/cybersecurity-alert-fatigue-how-threat-intelligence-can-turn-data-overload
3. Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report: https://go.cyware.com/frost-sullivan-2024-threat-intelligence-platforms-report?gl=1*dclage*gcl_au*NzkyNTM2NDg2LjE3NDQwNDcyNzk.
4. 2025 TIP Buyer’s Guide: https://cyware.drift.click/2025-TIP-Buyers-Guide

This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo!

Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic’s Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps.

Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations https://www.sumologic.com/press-release/sumo-logic-unifies-security-to-deliver-intelligent-security-operations/

Blog: RSAC 2025 Intelligent Security Operations https://www.sumologic.com/blog/rsac-intelligent-security-operations/

Brief: Sumo Logic Threat Intelligence https://www.sumologic.com/brief/threat-intelligence/

Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world https://www.sumologic.com/blog/threat-hunting-hybrid-cloud-environment/

LinkedIn Live: Implications of AI in a modern defense strategy https://www.linkedin.com/events/7192254270237278208/comments/

This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them!

With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale.

This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them!

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats.

This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them!

Fortra is successfully reducing the unauthorized use of Cobalt Strike among cybercriminals through partnerships with Microsoft, Operation MORPHEUS, and the Pall Mall Process, among others. Since 2023 specifically, Fortra’s collaborations have resulted in an 80% drop in Cobalt Strike misuse in the wild. Additionally, the time between detecting cracked copies and mitigation has been reduced to less than one week in the United States and less than two weeks worldwide.

Segment Resources: https://www.cobaltstrike.com/blog/update-stopping-cybercriminals-from-abusing-cobalt-strike

This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them!

In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company’s data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe.

To learn more about the road to being quantum ready, stop by Keyfactor’s booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac

Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/

Uncover how organizations are building business confidence through cyber resilience, how alignment of cybersecurity and business goals impacts business, how collaboration creates a proactive culture, and how emerging attacks are evolving.

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluersac to learn more about them!

ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into the ArmorCode ASPM Platform and backed by 25B findings, 285+ integrations, natural language intelligence, and role-aware insights, Anya turns complexity into clarity, helping teams scale securely and close the security skills gap.

Anya is now generally available and included as part of the ArmorCode ASPM Platform. Visit https://securityweekly.com/armorcodersac to request a demo!

Generative AI is having a transformative effect across almost every industry, but arguably the area it has had the most significant impact is cybercrime. Deepfake videos, voice phishing calls and insidious generative phishing emails are giving bad actors a dangerous suite of tools to exploit individuals, businesses, and governments at a new speed and scale. Fighting back against criminal enterprises leveraging generative AI requires an equally forceful response. After initially being used purely for email filtering, discriminative AI can now learn to recognize what constitutes normal communication patterns — internally between staff and externally between employees and other stakeholders — so anything out of the ordinary can be flagged. AI is also enabling human security analysts to automate the triage of reported emails, to rapidly identify false positives and keep up with emerging cybercriminal tactics. And in latest advances, specialized Small Language Models (SLMs) using neural networks are able to analyze and comprehend the semantic intent of the message - no matter what words are used, how many misspellings are introduced, or what language is used. To stay secure in in today’s fast-changing AI battleground, organizations must leverage AI in multiple ways as part of a layered security system.

This segment is sponsored by Libraesva. Visit https://securityweekly.com/libraesvarsac to learn more about them!

Mandy Logan, host of Paul's Security Weekly, and Mike Shema, host of Application Security Weekly, recap the fun happenings of RSAC Conference 2025 Day 2!