RSA 2025: 5 Takeaways on AI, Third‑Party Risk & the Future of Identity

The RSA Conference returned to San Francisco April 28 - May 1 under the banner: “Many Voices. One Community.” After four packed days (thank you to everyone who stopped by the Oasis Security booth!), one theme towered above the Moscone Center expo floor: artificial intelligence now sits at both ends of the security equation. Copilots are hunting threats while adversaries scheme to poison models, proving we’ve entered an era of AI for security and security for AI.

Below are the five trends our team heard echoed across booth conversations, panels, and late‑night hallway chats.

1. AI for Security Goes Mainstream

Microsoft’s announcement that Security Copilot Agents are entering preview and Google’s showcase of Gemini‑powered responders underscored how quickly AI assistance is moving from pilot to production. Security teams no longer ask whether to embed generative AI into the SOC; they ask which workflows come first. Expect triage, investigation summaries, and playbook generation to be fully or partially automated before next year’s RSA.

‍

2. Securing the AI Supply Chain (and Every Third Party)

While vendors raced to embed AI, CISOs quietly shifted budget toward model provenance, data‑poisoning detection, and fine‑tuning controls. Days before RSA, JPMorgan CISO Patrick Opet published an open letter warning suppliers that “convenience can no longer outpace control,” and calling today’s SaaS chains potential single points of systemic failure

Panels on red‑teaming large language models were at capacity, and conversations turned to safeguarding weights, prompts, and embeddings. The lesson: you can’t let the algorithm that defends you become your weakest link.

‍

3. Identity Is the New Control Plane, especially for Non‑Human Identities

Every breach story at RSA started with a compromised identity, and most demos ended with the phrase “identity threat detection and response.” What’s new is the spotlight on service accounts, API keys, and non-human identities in general. As cloud adoption accelerates and gen‑AI tools spin up micro‑services on demand, these identities multiply exponentially. 

Solutions that can discover and classify NHIs, add context, detect threats and anomalies, remediate issues, assign clear ownership, govern the full lifecycle, and right‑size entitlements drew the most with IAM and cloud‑security practitioners. (Missed our sneak peek of Oasis NHI Provisioning? Catch the recap here)

‍

4. Security Turns Into a Team Sport

It is not entirely new but a fresh mood ran through the hallways: “We can’t win alone.” Keynotes urged open sharing of threat data, and Birds‑of‑a‑Feather meet‑ups on healthcare, finance, and public‑sector defense were standing‑room only. Even rival vendors compared playbooks on stage. 

The takeaway: collective intelligence swapping anonymized indicators, incident lessons, and tooling tips now ranks as highly as any single product purchase.

‍

5. People, Not Products, Hold the Advantage

Between sessions, the talk kept drifting to talent: keeping analysts engaged, reskilling teammates for cloud workloads, and guarding against burnout. Career‑development booths were as busy as the tech demos, and several CISOs admitted their biggest 2025 budget line isn’t software, it’s training.

 The consensus? Culture and competence beat shiny tools. Teams that invest in curiosity, collaboration, and clear career paths will out‑maneuver those chasing the next gadget.

‍

The Big Picture

“AI for security” is fast becoming table stakes, while “security for  AI” is turning into a board‑level mandate. Winning programs will treat the two as a flywheel: protected models enable trusted AI assistants, which in turn free humans to tackle the next wave of threats.

Takeaway: Secure models → Trusted AI assistants → Faster defense

Curious how Oasis Security brings order to non-human identities and puts guardrails around your gen-AI ambitions? Request a demo or explore our product page to learn more.