From Buzzwords to Business Value: What Really Mattered at RSA 2025
By Cara Sloman
Every year, some folks declare that RSA Conference is “over.” While it is certainly not the same show it was ten years ago – let alone five years ago – this annual gathering of who’s who in cybersecurity has stood the test of the time. This year, organizers were expecting more than 600 exhibitors and over 40,000 attendees to fill San Francisco’s Moscone Center. This year’s event also came amid a backdrop of economic concerns, continued media consolidation and several other factors that were more extreme than ever in 2025.
Now that the dust has settled, here are my takeaways from this year’s RSAC.
The surprising quiet on Agentic AI
Given the hype on AI over the past few years, many observers predicted that Agentic AI would be the booth buzzword of RSAC 2025. (Longtime cybersecurity reporter Jessica Lyons even predicted it would win the RSAC buzzword bingo.) Leading into the show, it was true: AI agents and copilots were the headlines of several big vendor product announcement. However, while AI agents were well-represented, and featured in several of the speaking sessions, the reality didn’t quite match the hype.
So, why was the Agentic AI/AI hype less than expected? It’s possible that some companies are reining in their messaging so they aren’t accused of AI-washing. Was it a fear of jumping on the bandwagon? It’s not clear, but if this marks a move toward a vendor ecosystem that takes a more nuanced, cautious and focused approach to positioning and messaging, we’re all for it.
Sounding the alarm on identity security
The biggest theme that stood out to us this year was identity security. Given how digital identities are proliferating – and the level of damage bad actors can do with PII – this makes a lot of sense. Omdia analysts estimate the number of non-human identities that already exist within the average organization is between 20 and 50 times that of human identities. Human identities remain a huge target for bad actors, too; the latest Verizon Data Breach Incident Report revealed that 22% of exploits resulted from stolen credentials.
In the coming months, identity security will keep heating up, and there will be no shortage of vendors touting their unique approach. In fact, we saw more focus than ever this year on securing the human factor. Systems need to be protected, but ultimately, they need to be protected for people. Data breaches impact real people’s lives, and humans are infallible, so security conversations need to be human-centric.
The who’s who… and the who wasn’t
Noticeably absent this year were representatives from the nation’s top security organizations like CISA, NSA and the U.S. Cyber Command. The popular annual State of the Hack panel held by the NSA was cancelled in the weeks before the show. The FBI made a strong showing, or maybe just appeared stronger in contrast to their missing colleagues. Alexei Bulazel, the top cyber official on the National Security Council, delivered a keynote on Thursday.
Given the recent controversies over Signalgate, and questions about the future of CISA, seeing fewer federal participants wasn’t shocking. That said, Department of Homeland Security Secretary Kristi Noem made a last-minute appearance to talk about the direction of CISA, promising a return to a focus on things like critical infrastructure security and a move away from investigations into misinformation and disinformation.
As expected, Noem’s talk drew a lot of media attention, especially given the contrast with former CISA directors Chris Krebs and Jen Easterly, who spoke out openly against the current administration’s approach to cybersecurity in their keynotes. The recent controversy around Krebs, now with SentinelOne, elevated interest in his session.
The changing media landscape
We’ve seen a trend over the past several years of fewer media attending and a shift toward paid engagements with outlets that do attend. Several reporters have said it’s too pricy for them to justify, especially for freelancers. For international reporters, concerned about visa issues, traveling to the U.S. wasn’t worth the hassle.
Shrinking mastheads and media consolidation continue rapidly. Informa recently took over Cybersecurity Dive and the Dive family of publications, adding to a network that now includes the TechTarget properties, Dark Reading, InformationWeek and analyst firms Enterprise Strategy Group and Omdia. Cyber Risk Alliance has SC Media, MSSP Alert, Security Weekly and Channele2e. Investment company Regent purchased TechCrunch earlier this year. This all means fewer reporters covering more stories, which further puts the onus on vendors to really impress media with newsworthy announcements, instead of mediocre product enhancements.
Dark Reading and SC Media pushed their paid video opportunities hard at Broadcast Alley this year, and of course, Silicon Angle’s The Cube and ISMG did, too. Long-time IT reporter Sean Michael Kerner posted on LinkedIn that in his heyday, he’d do 80 vendor briefings during the show until one year, he switched to sessions only and found that more valuable.
He’s not alone. A few reporters told us they weren’t taking any vendor briefings this year, focusing instead on keynotes and panels. What we also saw: more content creators than ever. More reporters leaving traditional outlets to go out on their own with podcasts and Substacks. It can be difficult to gauge the value of these newer entities without the established KPIs of UVMs and listenership – so the value is really on the cachet of these folks. Getting in with their new ventures early can pay off later. That said, it’s frustrating sometimes to meet with a blogger at RSA who then turns around and tries to sell you advertising, but we have some sympathy; everyone needs to make a living. It’s just a matter of being savvier than ever.
Off the show floor
We used to tell our clients to avoid asking reporters to meet them at their hotel suites rather than at Moscone, and while for journalists and analysts, we still recommend sticking to that guidance, it’s another story for partners, customers and prospects. In our increasingly remote work world, one of the best parts about RSA is meeting in person.
Vendors held many events off the show floor, from happy hours to dinners to concerts. For the city of San Francisco, whose business community has struggled since the pandemic, it’s a boon. Restaurants and hotels around the area were fully booked. Just a regular attendee trying to find breakfast nearby? You might have found your options limited. That also meant some companies had to look farther afield, resulting in longer walks or more expensive commutes.
Looking ahead
I still recall the eerie feeling of RSA 2020, full of empty booths and signs warning against handshakes, held just weeks before the world shut down thanks to COVID-19. Last year and this year felt like a return to previous times. It was bigger and noisier than ever. There were more opportunities, but that comes with more challenges. It’s no longer paid or earned media; organizations need a balanced strategy that included paid, earned and owned media.
Today, influence lies as much in partner-packed hotel lobbies and creator-led podcasts as it does in the keynote hall – so the need for solid, simple messaging that delivers your key points clearly and accurately is imperative. Clarity and simplicity go a long way in all that noise.
