Agentic AI, Governance, and Identity: RSA Conference 2025 Cyber Roundup

May 7, 2025
Over 650 exhibitors joined a record crowd of nearly 44,000 attendees at RSAC 2025 this April to showcase their game-changing cybersecurity solutions.

RSA Conference (RSAC) 2025 kicked off its 34th showing in San Francisco last week to record crowds, with nearly 44,000 guests marking the convention’s largest attendance ever. Agentic AI, identity, vulnerability management, and the future of governance dominated both the conversation and the show floor, with over 650 exhibitors showcasing their cybersecurity capabilities and 37 keynote presentations.

Exhibitors joined this year’s conversation with new solutions, updates, and even leadership changes to address anxieties about the industry’s uncertain trajectory in the coming years. Below are a few of the new cybersecurity offerings that made their debut at RSAC 2025.

Anomali—Anomali Agentic AI

Anomali announced the integration of agentic AI capabilities into its security operations solution. These agents automate risk response by executing multi-step tasks and making dynamic decisions based on observed threats. The platform also leverages generative AI alongside its agents to combine threat scoring and natural language processing.

AI agents integrate directly into the platform and provide operational support across departments by sharing relevant information based on each user's role. Users can customize their AI agents’ autonomy by defining risk thresholds and aligning them with internal compliance and privacy policies.

AppOmni—AskOmni Model Context Protocol (MCP) Update

AppOmni announced on the show floor that its AI SaaS solution, AskOmni, now functions as a Model Context Protocol (MCP) server, enabling integration with other SIEM, XDR, NDR, SOAR, and IAM security platforms. Organizations can now query SaaS-specific data from AskOmni, granting external tools access to this information.

AppOmni hopes this advancement will improve investigation quality by coordinating context-aware security decisions across platforms.

Armis—Vulnerability Intelligence Database

Announced a week prior to the show, Armis’ free Vulnerability Intelligence Database made its show floor debut at RSAC 2025. The database is designed to serve as a community-centric resource, where contributors can aggregate data on emerging cyber threats, exploited vulnerabilities, and AI threats. Data is sourced from Armis itself and includes its early warning system, Asset Intelligence Engine, and Armis Centrix for VIPR Pro.

Armis also announced its CVE Numbering Authority (CNA) authorization. The company can now assign official CVE IDs to newly discovered vulnerabilities.

BeyondTrust—Sean Malone appointed CISO

BeyondTrust’s RSAC 2025 announcement was a major leadership transition: Sean Malone, a 15-year cybersecurity industry veteran, joined the company as its Chief Information Security Officer (CISO). Malone will leverage his cyber expertise to lead BeyondTrust’s global security strategy as well as its product and service security, threat management, operations, and compliance.

On his appointment to CISO, Malone commented he was “excited to lead the company’s security strategy” and that “security is not just central to BeyondTrust’s mission—BeyondTrust is essential to the broader security mission of the industry.” CEO Janine Seebeck said that Malone’s leadership “will be instrumental in ensuring BeyondTrust sets the standard for security excellence.”

The 2025 Pacific Northwest ORBIE Award winner previously served as CISO at Demandbase and in an executive capacity at Amazon Prime Video, VisibleRisk, and BitSight. He holds a U.S. patent for “Systems and Methods for Assessment of Cyber Resilience.”

Blackpoint Cyber—CompassOne

Blackpoint Cyber launched CompassOne at RSAC this year, a new, unified platform that enables organizations to manage their cybersecurity posture from one interface and reduce reliance on multiple third-party tools.

The platform’s core features cover managed detection and response (MDR), vulnerability management, application control, compliance and audit log management, cloud posture management, and asset visibility. Other capabilities include a security posture letter-grade rating system, client monitoring, and subscription management.

Black Kite—Vulnerability Intelligence Brief (VIB)

Black Kite’s RSAC offering this year was the launch of the Vulnerability Intelligence Brief (VIB), a cybersecurity tool designed to identify and assess third-party risks from vendors, partners, and supply chain software.

VIBs utilize open-source intelligence (OSINT) to prioritize exploitable issues and extend beyond CVEs (Common Vulnerabilities and Exposures) by providing intelligent context. Features include automated scanning and vendor tagging via Black Kite’s FocusTags, which flags those who recently suffered ransomware attacks or data breaches.

Cequence—Unified API Protection (UAP) Update

Cequence’s Unified API Protection (UAP) platform received a major update in time for RSAC. Following the explosion of agentic AI, the solution’s latest iteration specifically targets agentic AI applications to mitigate data exposure and ensure compliance.

New controls for AI data harvesting prevent external AI agents like ChatGPT from collecting data without authorization and allow organizations to be selective about which AI systems have access. Data leakage in internal and external API application use is monitored for behavior that indicates exfiltration is taking place.

The UAP platform also now detects and classifies APIs tied to agentic AI tools to centralize visibility across APIs, integrates into DevOps workflows to discover internal AI apps, generates OpenAPI specs with authentication and security policies baked in, and monitors bot traffic.

CrowdStrike—Falcon Adversary OverWatch Next-Gen SIEM

CrowdStrike announced Falcon Adversary OverWatch to hunt threats from third-party sources. By integrating third-party data, teams can monitor broader attack surfaces and unprotected infrastructure.

Other features include user and entity behavior analytics (UEBA), case management, workflow automation, ransomware and asset protection readiness assessments, and integrated identity protection. Other available automations include multi-factor authentication enforcement (MFA) and disabling compromised accounts.

Flashpoint—Ignite Update

Ignite, Flashpoint’s flagship threat intelligence platform, received a set of practical updates focused mainly on integrating AI and streamlining data access. One major update was the addition of Sparks, which are short, digestible, expert-validated posts delivered live to the Ignite dashboard. Each Spark contains critical development highlights to reduce noise for security teams.

AI-powered image search, internal onboarding and expansion of Telegram channels, and the creation of structured intelligence profiles are also coming to Ignite. Users can utilize these capabilities to search visual threat data and identify leaks or counterfeit goods, as well as convert technical indicators like IPs and BINs into unified profiles.

Forcepoint—Data Security Cloud

Forcepoint’s RSAC 2025 showcase marked the launch of Data Security Cloud, a unified, cloud-based data protection platform that combines data security posture management (DSPM), data detection and response (DDR), and enterprise data loss prevention (DLP). SaaS, email, and web security are also included in the package.

Data Security Cloud provides automated and manual mitigation responses, data classification and prioritization, adaptive and dynamic security controls, and unified policy management across all data states. The platform is designed to lower costs and streamline operations by promoting tool consolidation and automation.

The company also announced a complimentary data risk assessment, along with limited trial access to its DSPM and DDR solutions.

Google Cloud Security—SOC Modernization with Mandiant, Unified Security Offering

Google Cloud Security’s first RSAC announcement was its new Mandiant services offering designed to modernize the security operations center (SOC). Some of these new services are security posture validation assessment, staff training and upskilling, detection and response migration plan development, and detection/SOAR engineering.

The second was Google Unified Security, Google’s answer to converged security. The solution offers threat visibility and detection, virtual red-teaming, access to the Chrome Enterprise Premium browser and Google Security Operations, and Mandiant expertise. Unified Security is built on Gemini AI, Google’s AI assistant.

GhangorCloud—OEM Array Networks Partnership, Rebrand Announcement

GhangorCloud made two announcements at RSAC, the first of which was an OEM partnership with Array Networks. GhangorCloud’s Information Security Enforcer (ISE) platform will now be bundled with Array Networks’ security stack.

Array customers will now have access to GhangorCloud’s data protection services through Array. These include automated data classification, access and policy enforcement, real-time monitoring, and support for regulations, compliance, and privacy standards.

The company also announced it will be rebranding as GC Cybersecurity starting in Q2 2025, following strong growth in 2024.

Graylog—SIEM Solution Update

Graylog brought the spring 2025 update of its SIEM solution to RSAC this April. The update, building on the platform’s 6.1 patch last fall, adds features that enable security teams to optimize data storage and retrieval and reduce noise with more accurate threat detection. These improvements are designed to speed up response times and promote more effective coverage more efficiently.

Adversary campaign intelligence, automated response guidance, selective data restoration and data lake previewing, and threat coverage analysis are the four most significant capabilities announced in this update. Graylog also announced support for Sigma 2.0, enabling the incorporation of compatible detection rules.

Legit Security—AI-Powered ASPM Update

Legit Security’s application security posture management (ASPM) platform has added several AI-powered features to its roster. These enhancements focus on reducing the time and cost required to effectively manage vulnerabilities and provide comprehensive lifecycle coverage.

This addition enables code-to-cloud discovery, improves visibility into malicious or unsecured AI models, assesses and ranks security risks, and provides informed suggestions. Legit’s AI integrates directly into developer workflows, allowing users to customize its features to better align with organizational policies.

Lumifi—ShieldVision Updates

Lumifi’s ShieldVision platform received multiple updates in April designed to reduce nuisance alerts, accelerate remediation, and improve efficiency. The multi-tenant solution’s new investigation and automation tools are designed to speed up threat response without having to hire additional personnel.

ShieldVision is available now, with Lumifi hinting toward the steady release of new updates on an ongoing basis.

Menlo Security—Secure Enterprise Browser Update

Menlo Security brought browser security to the forefront with updates to its Secure Enterprise Browser, motivated by the proliferation of AI threats. A timeline-based forensic tool for browser usage analysis and an application access monitoring dashboard are the two key updates on show at RSAC 2025.

The application access dashboard provides data on user activity, like uploads and downloads, and supports continuous monitoring for zero trust policies. Secure Enterprise Browser’s new forensic timeline allows teams to view user activity chronologically. Using session IDs, the tool provides context for user behavior by correlating incidents.

Netskope—Netskope One Update

Netskope introduced new capabilities to Netskope One to improve AI security and cover more use cases. The platform is adopting a narrower focus on controlling LLM data exposure and monitoring AI tool usage across environments. Shadow AI management detects personal AI accounts and redirects users toward approved tools. Employee AI app usage is monitored across environments, leveraging the company’s Cloud Confidence Index to identify risks unique to specific apps.

Improvements to Netskope One’s policy enforcement were also announced. Expanded DSPM flags sensitive and regulated data to prevent AI models from training on it, and the AI Risk Assessment feature helps security teams align with regulatory requirements. Policy automation allows users to set up rules based on data type, source, and usage. Netskope One controls range from blocking specific actions, like uploads or prompts, to toggling access for individual AI data flows.

Palo Alto Networks—Cortex XSIAM 3.0

Palo Alto Networks brought the 3.0 update of its Cortex XSIAM platform to the show floor. The core of this update lies in its two new features: Exposure Management and Advanced Email Security. These updates broaden the platform’s scope to include proactive threat management and will be generally available in Q4 2025.

Cortex Exposure Management shelves compliance standards to prioritize actual risk. It also leverages multiple data sources, including third-party information, and automates remediation processes to minimize nuisance alerts.

The Cortex Email Security feature uses large language model (LLM) analytics to spot email-based threats, like phishing emails or emails with suspicious links. Automated responses include email removal, endpoint isolation, and compromised account disabling.

Rockwell Automation—Security Monitoring and Response

Rockwell Automation’s new Security Monitoring and Response service for OT environments provides continuous monitoring, threat detection, and incident response. This release targets the industrial sector, which faces unique cybersecurity challenges, and offers a modular, customizable approach for organizations’ differing needs.

Integrated into existing OT systems, Security Monitoring and Response offers alert identification and prioritization via analytics tools. The company’s OT security experts then offer step-by-step support to quickly remediate issues. Users are provided with monthly and quarterly reviews and summaries.

Saviynt—Identity Cloud Integration with ISPM

The integration of Saviynt’s new Identity Security Posture Management (ISPM) solution with its Identity Cloud platform was the company’s RSAC 2025 headliner. ISPM offers centralized identity risk visibility, audit and compliance support, governance process optimization, and improved data hygiene to reduce identity vulnerabilities and improve governance controls in hybrid security ecosystems.

Saviynt ISPM creates enterprise-wide inventories for identity-related assets, cleans up orphaned and duplicate accounts, reduces manual reviewing of certifications, and offers tools for evidence collection and continuous compliance monitoring.

For those who are less technically inclined, ISPM features specialized dashboards and tools to simplify the interpretation of identity data and the generation of reports.

SentinelOne—Purple AI Athena

Purple AI, SentinelOne’s AI security solution, is now the next-generation Purple AI Athena. The Athena update brings several autonomous decision-making capabilities and expands SentinelOne’s reach to third-party data platforms.

Purple AI Athena’s AI agents are designed to replicate the investigative, response, and remediation capabilities of real security analysts. Auto triage and investigation, rule creation and report generation, and threat hunting can be done autonomously, though human analysts can refine and supervise those decisions.

 The platform also introduces full-loop remediation using Singularity Hyperautomation, SentinelOne’s codeless automation framework.

Silent Push—Feed Scanner for Threat Management Interface

Silent Push released a new module for its Threat Management Interface: Feed Scanner. Feed Scanner boosts access to the company’s DNS and web content while enabling preemptive cyber threat identification.

Users can search threat feed data and then save and share their search results within their organizations. Feed Scanner also includes Indicators of Future Attack (IOFA) data for proactive cyber threat management, allows for the creation of custom intelligence feeds, and provides detailed intelligence reports on known adversaries, vulnerabilities, and attack methods.

Silverfort—Identity Security for NHIs

Silverfort announced expansions to its identity security platform to include full protection for NHIs, or non-human identities, both in the cloud and on-prem. The solution works across hybrid environments, cloud infrastructure, and SaaS applications.

New capabilities include discovery and ownership mapping, security posture management, and real-time threat prevention. The Silverfort platform now automatically detects NHIs, maps them to their human owners, and analyzes permissions and usage patterns. Excessive permissions, misconfigurations, and potentially risky credentials are identified and presented to users with recommended actions.

Other features include behavior-based policy enforcement and 'virtual fencing' to impose limits on service accounts. The solution integrates with Active Directory, Entra ID, AWS, Azure, GitHub, and Snowflake for cross-platform defense.

SkyHigh Security—SSE Support for Microsoft Copilot 365 and ChatGPT Enterprise

SkyHigh Security has announced support for Microsoft Copilot for 365 and ChatGPT Enterprise in its Security Service Edge (SSE) platform. These new DSPM capabilities cover data monitoring, content scanning, device/platform coverage, behavioral monitoring, and threat analysis.

The platform, which works on mobile and desktop, utilizes User and Entity Behavior Analytics (UEBA) to catch abnormal user patterns that may indicate a more serious threat is underway. It also inspects information uploaded to ChatGPT Enterprise, including uploaded files, to ensure no sensitive data is shared.

SOCRadar—Copilot AI Assistant

SOCRadar Copilot made its debut at RSAC this year. The new AI assistant provides real-time support and intelligent task automation, compiling threat intelligence summaries, guidance, and recommendations. The platform’s AI agents also assist with workflow efficiency by assisting with custom workflow configuration, reducing nuisance alarms while prioritizing advanced threats, and reducing manual oversight.

Two versions of SOCRadar Copilot will be made available this month. The Copilot Light edition is free with basic assistance and training. Copilot Pro is a paid service that grants access to specialized AI agents and the platform’s more advanced capabilities.

Trellix—Security Platform Enhancements, Phishing Attack Simulator

Trellix’s new platform updates target the rising sophistication of cyberattacks.

The first strengthens controls for AirDrop, AI interfaces, apps, and browsers; prevents data loss from unstructured sources, such as images and PDFs; and introduces optical character recognition (OCR) for endpoints.

Other capabilities aim to improve user insights. The platform’s interface has been redesigned for ease of use, and a comprehensive threat library has been added. AI executive reporting removes another layer of manual response.

Trellix also announced its Phishing Attack Simulator, available through Trellix Email Security. The tool uses threat data and AI/ML models to educate employees and reduce internal compromise by simulating phishing attacks in real time.

About the Author

Samantha Schober | Associate Editor

Samantha Schober is associate editor of SecurityInfoWatch.com.