RSA has always been a whirlwind of vendor pitches, keynotes, and after-hours events. But for me, the real value came from the dozens of conversations with security leaders across the ecosystem. From meetups and booth walkthroughs to hallway chats and late-night dinners, I spent most of the week listening. Here are six takeaways that emerged consistently from those discussions: not headlines, but signals of where security is actually heading.
From “More Tools” to “Better Outcomes”
CISOs and security practitioners spoke often about exhaustion; not from lack of innovation, but from the growing complexity of their tool stacks. The question many are now asking isn’t “What does this new product do?” but “What tool am I replacing if I buy it?” There’s a real desire to reduce overlap, minimize operational drag, and re-center the value equation around outcomes, not features. Especially as AI capabilities expand, teams are looking for consolidation not just to cut costs, but to reduce risk by enabling focus on what truly matters.
Autonomy Is Coming! But Enterprise Trust Still Lags
Security executives are actively shaping their AI and agentic security strategies, knowing that the enterprise is under growing pressure to implement more autonomous systems. But across the board, it’s clear: most are still early in the journey. While many of us already trust AI to make life-or-death decisions behind the wheel of a Waymo, it’s still met with caution inside the enterprise. The tension isn’t about rejecting automation, it’s about building the right guardrails around it. Explainability, oversight, and incremental control remain essential. Trust in AI within the enterprise isn’t assumed, it has to be architected.
Smarter Security Starts with Context: The Strategic Role of AI
Security leaders are looking to integrate AI into their programs to improve prioritization, decision-making, and efficiency. The focus is on making alerts actionable, reducing noise, and surfacing what matters. Tools that minimize cognitive load and provide timely context are gaining traction. Efficiency is no longer just about speed, it’s about helping teams work smarter, reduce toil, and get more out of fewer, more integrated tools. This shift is driving AI adoption across a wide range of security domains, including AppSec, GRC, SecOps, vulnerability management, and data security.
Rethinking Code Security in the Age of AI
If AI is writing and fixing code in real time, what does secure coding even look like? There’s a growing sense that the future may lie in enforcing secure architectural patterns and compliance controls up front, not just scanning and patching reactively. We may be shifting from a world where you review every pull request, to one where you review the framework the AI writes within.
TPRM Is Evolving. And So Are Expectations of Vendors
Third-Party Risk Management is becoming more strategic. Pat Opet’s open letter came up more than once, serving as a rallying point for CISOs demanding that software suppliers carry more of the security burden. It’s no longer acceptable for vendors to deliver functionality first and patch later. Security leaders want partners who are accountable, transparent, and architecturally resilient from day one.
Resilience Is Becoming the Real Test of Breach Readiness
The conversation around resilience is shifting from theory to execution. Security leaders are now focused not only on prevention but also on how to remain operational during a cyberattack and ensure a fast recovery. That urgency has been underscored by a series of high-profile ransomware attacks by the group DragonForce, which recently breached three major UK retailers: Marks & Spencer, the Co-op Group, and Harrods.
The impact was especially severe for M&S and Co-op, both of which saw their stock prices drop by around 7%. Marks & Spencer faced a prolonged inability to process online orders, while Co-op experienced a breach that led to widespread delivery delays across the UK and the theft of customer data. According to a Co-op spokesperson, the accessed data included information relating to a significant number of current and past members.
These events highlight the evolving threat landscape, where attacks are becoming more sophisticated, and the cost of downtime is escalating. As a result, recovery speed and continuity are moving to the top of the agenda. Security teams are evaluating how quickly they can restore systems, maintain core operations, and respond effectively in the midst of disruption. The ability to recover well may soon matter just as much as the ability to detect early.
This and more will be discussed and explored at our upcoming CISO Village Summit. It’s a place for security leaders to take a step back from the day-to-day and connect with peers who are thinking through many of the same questions. The most valuable insights often come from shared experiences and honest dialogue; I’m genuinely looking forward to continuing those conversations with many of you there.
Cyber, Data & AI CTO, Team8
