Reflections on RSAC 2025

I spent some time looking through the coverage of RSAC 2025, and honestly, it felt like the whole security world showed up. There were around 44,000 people there, all trying to figure out where security is heading next.

The biggest thing I noticed was how much AI is taking over the conversation. Not just basic AI, but more advanced ideas where AI can actually act on its own. People seem excited, but also a little nervous. It is clear that AI is both a tool and a threat at the same time.

Another big theme was identity. It feels like identity is now the main security layer, finally! I’ve been screaming for years about this. More identity focused vendors then just same old bunch is good for the industry. I’m also seeing AI Identity vendors as well, which is going to be a HUGE thing.

There was also a strong push around working together. The theme was about community, and it showed up everywhere. People talked about sharing knowledge, building together, and not trying to solve problems alone.

The expo floor sounded wild too. Tons of companies showing new tools, especially around AI and automation. It seems like everyone is racing to build faster detection and response systems.

One thing I liked was that it was not just about big companies. There were students, startups, and researchers all in the mix. That gave it more energy and made it feel less like just another corporate event.

Innovation Sandbox Winner is….

One of my favorite parts of RSAC is the The Innovation Sandbox! This is where startups pitch their ideas, and it is usually a preview of where the industry is going.

The winner this year was ProjectDiscovery. They focus on vulnerability management, but what makes them different is that they are built around open source. Their tools help teams find and fix issues fast, and they automate a lot of the heavy work. (RSAC Conference)

What I found really interesting is that this is not just another closed security product. It is a commercial open source approach. That is not something you see winning big stages like this very often.

To me, that says something important. Open source is not just for hobbyists or side projects anymore. It is becoming a serious part of how companies build and run security programs. Even at the highest level, it is being recognized as a real model.

It also felt like a bit of a reality check. While everyone is talking about AI, a company focused on solving a core problem like vulnerability management still won. That tells me we are not done with the basics yet. (ProjectDiscovery)

Final thoughts and predictions

Overall, RSAC 2025 was pretty exciting to see a sneak peak of the future. Industry wise, I think AI was kind of a last minute add on to products across the spectrum. I think RSAC 2026 might show us more mature integration of AI and deeper. It seems like we’re only at the beginning. Excited to see what next year has in store!