chat
expand_more

Through the Looking Glass: A CISO's Take on RSAC 2025

What did RSAC 2025 reveal about the next wave of cyberthreats—and the AI-powered tools to stop them? Abnormal’s Field CISO shares her top takeaways.
May 9, 2025

Fresh off the show floor at RSAC 2025, I’m still processing the high level of energy—and urgency—of what felt like a pivotal moment in cybersecurity’s evolution. From the keynotes to the expo hall to off-the-cuff conversations, it was clear the industry is in the middle of a major shift. And AI is no longer just part of the conversation—it is the conversation.

Across panels, hallway debates, and impromptu lunches and dinners, CISOs made it clear they’re struggling with the tension between AI’s promise to meet business objectives and its threat to security and privacy. The tremendous excitement about AI’s potential for automation and efficiency is matched by growing anxiety about advanced phishing threats, impersonation, and bad actors using AI to optimize and launch business-crippling attacks, further impacting operational resilience.

Here are a few of my key takeaways from RSAC 2025.

AI Took Over

Conversations about AI completely overshadowed other once-hot topics like quantum computing and vulnerability management. From attack simulation to autonomous response, the focus has shifted to how quickly we can operationalize AI because threat actors are already getting ahead of our defenses. In a private dinner setting, Magic Johnson emphasized the precision required of defenders guarding global systems, drawing a parallel between athletes and cybersecurity professionals who have to anticipate, adapt, and always guard the perimeter.

Identity Is Still the Unsolved Core

CISOs I spoke to consistently ranked identity as one of their top challenges. With generative AI making it easier to mimic internal communications, spoof trusted senders, and exploit supply chain relationships with man-in-the-middle attacks, verifying "who's really on the other end" is no longer just a compliance issue. It has become a board-level topic of conversation and a critical security imperative.

Trust but Verify Has Become the New North Star

With AI now embedded in every layer of the enterprise, we need to balance progress with ethical intent and observable integrity. That means consistently trusting but verifying as we build and expand the use of AI in our systems. RSAC 2025 highlighted the critical need for cybersecurity professionals to deepen their AI knowledge and to use new systems responsibly and effectively. It’s no longer enough to be AI-aware—security teams need to be AI-literate, capable of asking hard questions about model behavior, risk boundaries, and real-world consequences.

The Public Sector Is Watching Closely

In her keynote, Department of Homeland Security Secretary Kristi Noem emphasized efforts to strengthen cybersecurity as a national priority and the commitment to streamline operational support for critical infrastructures. The speech landed with particular resonance given ongoing concerns about the restructuring and downsizing of CISA and its impact on coordinated public-private partnerships to respond and share intelligence.

The Cybersecurity Leadership Forum Delivered

Curated by CISOs for CISOs, this forum stood out for its value, affording the participants a safe space to discuss the challenging topics that don’t always make it into public-facing panels. RSAC reminded me that some of the best insights don’t come from vendor pitches. They come from peers sharing what’s actually working or not working in their organizations.

Experience Matters

RSAC made some impressive updates to the attendee experience this year, with a new mobile app that kept attendees connected to what was happening during the conference. But in true RSAC fashion, the app goes even further to keep you engaged after the event. It features a great section on daily curated news briefs, a library of resources like blog posts, and group chats you can join based on your level of interest. Brilliant!

For me, RSAC 2025 confirmed that we’re standing at a crossroads. The choices we make now—how we adopt AI, how we prioritize humans, and how we build resilient systems that protect workflows from nefarious AI attacks—will define the next decade of cyber defense.

Abnormal's RSAC Presence

I would be remiss if I didn’t give my own company credit for our biggest product announcement to date:

At RSAC 2025, we unveiled AI Phishing Coach, giving organizations a tailored agentic AI security trainer with superhuman knowledge of the specific attacks targeting their workflows. We also introduced AI Data Analyst and announced major free updates to Cloud Email Security—making it easier than ever to choose Abnormal for superior email protection.

The response from security practitioners—especially those who’ve lived through the grind of phishing investigations and BEC cleanups—was electric.

Want a closer look? Request a demo to see how Abnormal’s AI-native platform protects the world’s most targeted inboxes.

Schedule a Demo
Through the Looking Glass: A CISO's Take on RSAC 2025

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Discover How It All Works

See How Abnormal AI Protects Humans

Related Posts

B 1500x1500 Through the Looking Glass RSAC 2026
What did RSAC 2025 reveal about the next wave of cyberthreats—and the AI-powered tools to stop them? Abnormal’s Field CISO shares her top takeaways.
Read More
B 5 8 25 AI Inn
Discover how Abnormal AI accelerates developer velocity with its secure, in-house Model Context Protocol (MCP), integrating tools like GitHub and Jira directly into local environments to streamline workflows without compromising security.
Read More
B SEGROI
Discover the measurable ROI of replacing your SEG with Abnormal—from 91% faster incident response to $703K in productivity savings.
Read More
B 4 24 25 Platform
Tool bloat is an easy win for hackers and a major integration headache for overstretched security teams. Platformisation could be the antidote to cyber complexity, closing the coverage gaps while dramatically easing the management of multiple security tools.
Read More
B Bypassing Safeguards in Leading AI Tools
Can generative AI be manipulated for cybercrime? Our research shows how attackers can bypass safeguards in today’s top AI tools.
Read More
B 1500x1500 BLOG Comprehensive Email Security
Discover the latest AI-powered innovations from Abnormal, including Quarantine Release, Enterprise Remediation Settings, URL Rewriting, and Misdirected Email.
Read More