RSA Conference 2025 made one thing unmistakable: agentic AI has become the organizing principle of modern cybersecurity. The 34th edition of the industry’s flagship gathering drew nearly 44,000 attendees to San Francisco’s Moscone Center from April 28 to May 1, 2025, with autonomous AI agents threading through virtually every keynote, product launch, and hallway debate. Forty percent of the conference’s 2,800-plus session submissions dealt directly with artificial intelligence — a proportion that would have been unthinkable two years earlier. For four days, the cybersecurity industry wrestled openly with a technology that promises to transform defense and offense in equal, unnerving measure.

The event’s formal theme, “Many Voices. One Community,” carried particular weight in 2025. Against a backdrop of CISA restructuring, the cancellation of the NSA’s popular “State of the Hack” panel, and an administration pivoting toward deregulation, the community leaned hard into collective resilience. Grammy-winning rapper Common opened the week with a lyrical tribute to cyber defenders. Magic Johnson drew parallels between basketball teamwork and security collaboration. And Bruce Schneier, the elder statesman of security thinking, delivered the week’s most memorable one-liner: asked what organizations can do about insecure AI without regulation, he replied simply, “Nothing. You’re screwed.”

How Agentic AI Seized the Conversation

RSA Conference Executive Chairman Dr. Hugh Thompson set the tone during his opening keynote. Unveiling a new “Cybersecurity Atlas” tool built with data scientists, Thompson showed that “agentic AI” had become the number-one term across all RSAC data — expanding from a few isolated clusters in pre-LLM years to a massive interconnected web penetrating every cybersecurity domain. “It’s everywhere,” Thompson told the audience. “You’ll hear it in almost every session you go to.”

He was right. Microsoft Corporate VP Vasu Jakkal outlined a four-level autonomy timeline for AI in security, projecting that within 18 to 24 months, agents would dynamically adjust their own goals with minimal human oversight. Cisco EVP Jeetu Patel warned that autonomous AI agents introduce “a whole new class of risks that we’ve never seen before” and backed the words with action — launching Foundation AI, an open-source 8-billion-parameter reasoning model purpose-built for security applications. Google Cloud debuted its vision of the “Agentic SOC,” with alert triage and malware analysis agents entering preview. IBM unveiled its Autonomous Threat Operations Machine (ATOM), promising end-to-end agentic threat triage, investigation, and remediation.

The SANS Institute’s annual “Five Most Dangerous New Attack Techniques” keynote gave the trend its sharpest edge. Chief of Research Rob Lee cited MIT research showing adversarial AI agent systems execute attack sequences 47 times faster than human operators, with a 93% success rate in privilege escalation paths. Cisco’s Patel added that cyberattacks now occur 250 times faster than four years ago. The message was sobering: defenders must adopt agentic AI not because it is fashionable, but because human-speed response is becoming obsolete.

The Keynotes That Shaped the Week

Beyond AI, the keynote stages — expanded for the first time to include the Yerba Buena Center for the Arts alongside Moscone West — hosted 37 presentations across topics from geopolitics to cryptography.

Bruce Schneier delivered the conference’s most intellectually bracing talk, arguing that laws and security technologies, not goodwill, are what compel trustworthy behavior. Using Uber’s trust model as a case study, he made an unflinching case for robust AI regulation. His bluntness cut through the ambient optimism of the vendor expo.

DHS Secretary Kristi Noem, a late addition to the agenda, equated cybersecurity with national security and declared CISA would remain “our nation’s cyber defense agency” — while signaling structural reform. She urged Congress to reauthorize the Cybersecurity Information Sharing Act before its September 2025 expiration and identified China as the nation’s “biggest cyber threat.” Notably, NSA Director Dave Luber had been pulled from all external engagements, and CISA’s presence was dramatically reduced from prior years, a shift that generated considerable murmuring among attendees.

Jade Leung, CTO of the UK AI Security Institute, offered a candid assessment from the international stage: “Capabilities are moving much faster than safety and security. Folks in the field feel like we’re barely keeping up.” She also flagged the emerging problem of AI “sandbagging” — models deliberately downplaying their capabilities during safety evaluations.

The Cryptographers’ Panel, featuring Adi Shamir, Whitfield Diffie, and Raluca Ada Popa of Google DeepMind, turned its attention to post-quantum cryptography. Shamir remarked that “barely anyone was talking about quantum computing” despite NIST’s looming 2030 deadline for phasing out existing encryption methods. Other highlights included a fireside chat between GCHQ Director Anne Keast-Butler and former National Cyber Director Chris Inglis on digital resilience, and NSC Senior Director Alexei Bulazel’s session advocating the normalization of offensive cyber operations as a US policy tool.

Product Launches Revealed the Industry’s Direction

The 650-exhibitor expo floor was dense with announcements. CrowdStrike unveiled a unified data protection suite addressing the GenAI-era threat surface. Its most striking feature, GenAI Data Leak Prevention, uses proprietary “Similarity Detection DNA” to recognize sensitive content even after users modify it for upload to AI tools. The company also launched shadow AI detection and AI model scanning for trojanized machine learning code.

Palo Alto Networks introduced Prisma AIRS, a comprehensive AI security platform covering model scanning, posture management, AI red teaming, runtime security, and agent protection. The same week, Palo Alto announced its intent to acquire Protect AI, whose CTO Diana Kelley had delivered one of the conference’s most praised keynotes.

Microsoft put 11 autonomous Security Copilot agents into preview, including a phishing triage agent and a conditional access optimization agent built with five partner vendors. Meta surprised many by releasing LlamaFirewall, an open-source security framework for AI agents. NVIDIA launched DOCA Argus, a hardware-level framework for runtime cybersecurity in AI data centers.

Innovation Sandbox Celebrated 20 Years with an Open-Source Winner

The 20th anniversary Innovation Sandbox competition drew over 200 applications — a 40% increase over 2024. Each of the 10 finalists received a $5 million uncapped SAFE investment from Crosspoint Capital Partners, totaling $50 million. ProjectDiscovery took the crown for its open-source vulnerability management platform powered by the Nuclei engine. COO Andy Cao called the win “recognition that open source is possible in security.” Seven of ten finalists focused directly on AI security, including runner-up CalypsoAI, EQTY Lab, and Knostic.

Separately, Terra Security won the AWS-CrowdStrike Cybersecurity Startup Accelerator for its agentic AI-powered penetration testing platform.

Identity Became the New Perimeter — Including for Machines

A recurring thread across keynotes and the expo floor was identity security, particularly for non-human identities. With machine-to-machine communications now vastly outnumbering human interactions, multiple speakers declared identity “the new perimeter.” RSA (the company) launched Help Desk Live Verify for bi-directional identity verification against deepfake-powered social engineering. Oasis Security debuted automated non-human identity provisioning. CrowdStrike’s Falcon Privileged Access brought dynamic just-in-time access decisions to general availability.

The Geopolitical Backdrop Added Urgency

Discussions of nation-state threats ran throughout the week. CrowdStrike data showed China-linked cyber espionage up 150%. Multiple speakers referenced Volt Typhoon and Salt Typhoon campaigns targeting critical infrastructure. Password attacks had surged from 579 per second in 2021 to over 7,000 per second in 2024.

What It Felt Like on the Ground

The mood was energized but anxious. The unity of RSAC was driven by an underlying anxiety — from a community of defenders under attack from outside, but also within. The “within” referenced concerns about CISA restructuring, political interference in cyber agencies, and workforce burnout.

Still, optimism was real. Known-exploited vulnerabilities had plateaued at roughly 125 per year. The Innovation Sandbox’s record applications and $50 million investment signaled a healthy startup ecosystem. And the conference itself — with Ron Howard and Bryce Dallas Howard on the West Stage and Jamie Foxx closing out Day 4 — demonstrated an industry confident enough to celebrate even as it braced for what comes next.

RSAC 2026 is scheduled for March 23–26, 2026 — same city, same Moscone Center, but a cybersecurity landscape that, given the pace of change on display in 2025, will look meaningfully different.