Sectors
Capabilities
Specialisms
This year’s RSA Conference made one thing very clear: artificial intelligence isn’t just part of the conversation – it is the conversation. Nearly every keynote, product launch, and side discussion came back to AI in some form. What stood out in particular was the rise of agentic AI, a phrase that was repeated across sessions to describe a new class of systems that don’t just automate tasks, but act and make decisions with minimal human input.
A number of companies leaned into this trend. I saw tools from Securonix, Vectra AI, Cisco, and Cyberhaven that embedded these AI agents directly into existing security workflows. The idea is to hand over repetitive or high-volume tasks – like alert triage or summarizing incidents – to autonomous systems that can respond in real time. Some demos were genuinely impressive. Others felt more like early experiments, but the direction of travel was obvious.
Keynotes from Microsoft, Google, and Cisco echoed that sentiment. They talked about how this new wave of AI is already reshaping how SOCs function, and how humans and machines will likely work together in the months and years to come. You got the sense that this wasn’t hypothetical anymore, it’s already happening.
In conversations I had throughout the week, a few recurring themes kept coming up. One of them was fatigue – not with the tech itself, but with the conference format. Several attendees told me directly that they didn’t plan to come back next year. That’s not entirely new, of course. RSA has always been an investment, and people have long debated whether it’s worth the cost.
But this time, the hesitation felt broader.
Part of that had to do with what was happening – or perhaps not happening – on the show floor. Quite a few booths were staffed by friendly people who could scan badges and deliver high-level talking points, but struggled when asked more detailed questions. In some cases, they directed visitors to a single technical lead who was clearly stretched thin. One person I spoke to even admitted they’d been brought in just for the event and didn’t actually work for the company. That’s not inherently a problem, but it did raise quiet questions about where vendors are putting their resources – and why.
There were also noticeable gaps. Communications teams, for example, seemed largely absent from the floor. Instead, many appeared to be holding meetings offsite with media contacts, which makes strategic sense, but also reinforced the feeling that the most meaningful interactions weren’t necessarily happening at the booths.
While AI dominated almost every surface, another theme started to poke through. Quantum.
You had to look a little harder for it, but it was there. Some vendors had early messaging around being “quantum-ready,” and there were a few mentions in keynote remarks and printed materials. One government speaker brought up the upcoming Quantum Innovation Summit, signaling that some countries are clearly thinking about this on a national scale.
To be clear, most companies don’t seem entirely sure what their quantum strategy looks like yet. But there’s definitely a desire to appear ready. IBM’s recent $150 billion investment in quantum and national security innovation only added fuel to the narrative. It seems that, much like the early days of AI, vendors are eager to position themselves for the next wave – even if it’s not fully formed yet.
RSA 2025 gave us a compelling glimpse of where security technology is headed. Agentic AI isn’t on the horizon anymore, it’s already in play. At the same time, there were signs that the format of the conference itself may not be evolving at the same pace. For some, the value of being there just didn’t add up.
Between the cost of participation, the increasing number of offsite meetings, and the often-surface-level conversations on the show floor, it’s fair to ask whether RSA is still delivering what its audience is looking for. That doesn’t mean the event is obsolete. Far from it. But it may be time to rethink how it supports meaningful dialogue. Not just between buyers and sellers, but between peers who are genuinely trying to solve the same problems.
Increasingly, the most effective comms aren’t happening in crowded halls or flashy booths. They’re happening through targeted, well-timed conversations, whether that’s curated journalist briefings, smaller roundtables with practitioners, or exclusive analyst sessions that go deeper than a deck.
Brief, high-value insights delivered through direct channels like newsletters, podcast interviews, or tightly edited op-eds seem to resonate more than broad show-floor messaging. There’s also a growing appetite for content that explains and not just announces. The brands that cut through tend to be the ones offering clarity versus those offering just claims.
RSA still offers a platform. But in a market that prizes trust, relevance, and expertise, it’s what’s happening around the big events and the way it’s approached that may end up making a bigger impact and providing a stronger return on investment.
See all