RSA Conference 2025 Recap: AI Drives Connection and Community in Cybersecurity

The Touchdown PR team just returned from a whirlwind week in San Francisco for RSA Conference 2025 (RSA), April 28-May 1. A whopping 40,000+ cybersecurity community members from around the world gathered to applaud one another’s achievements, share threat intelligence and advice and build new customer and partner relationships.

This year’s theme was ‘Many Voices. One Community,’ which shone through in the celebration of initiatives like DARPA’s AI Cyber Challenge (AIxCC), booths dedicated to cybersecurity startups from international markets like Japan, Korea, Germany and more and a variety of keynote speakers, ranging from professors to threat intelligence heads of big tech companies to government cybersecurity leaders.

We were fortunate enough to represent 11 clients at the show, with nine Touchdown team members attending to spend valuable time with these clients, support press and analyst briefings and conduct on-the-ground research that will be released shortly (stay tuned!). Let’s explore the highlights.

The Vibes

From an RSA vet’s perspective: Alyssa Pallotti

I have attended RSA in person 9 or 10 times (I’ve lost count, honestly), and this is the first show since March 2020, right before the pandemic shut down the world, that felt as energetic as the pre-COVID conferences. You could attribute it to people feeling comfortable enough to be in large crowds, the fact that cybersecurity is finally seeing significant VC investment again (including Touchdown clients Spektion & Sentra), the idea that we are craving human connection in a divided world, a sense of working toward a common goal of fighting AI-driven threats and using AI for good – or perhaps a mix of it all.

No matter the reason(s) behind the shift, everywhere I turned, I saw people smiling, deep in conversation at booths, enjoying presentations, playing vendor-sponsored games or engaged in formal meetings. While on the floor talking to attendees about trends in software supply chain security, agentic AI and more, I encountered more end users than the last few years combined (TikTok, Google Cloud, law firms and more). Hopefully that means it will once again become a real lead generation opportunity for exhibitors, not just a partnership-building show.

From an RSA first timer’s perspective: Katie Kruger

The energy on the show floor at RSA this year was electric. It was a powerful reminder of why in-person events still matter whether you’re a global brand or a stealth-mode startup. Our team had the opportunity to connect with organizations of all sizes, from well-known leaders to emerging innovators, and every conversation provided us with more insight into where the cybersecurity industry is headed. We talked shop, explored new technologies and gained deeper appreciation for the commitment and expertise driving this field forward.

Something that stood out the most to me was the diversity of technologies, stories and people. I had the chance to meet teams from household names like Qualcomm and CrowdStrike and small startups bootstrapping their ideas with passion and expertise. For those of us at Touchdown, RSA offered an element that has been missing for a long time: the chance to put faces to names. Meeting both clients and colleagues in person at the conference provided us with a level of connection you just can’t get virtually. RSA wasn’t just about cybersecurity, it was about community.

Top Trends and Takeaways

Let’s address the eleph[AI]nt in the room.

Yes, AI was omnipresent. But no, it’s no longer just a buzzword – it’s turning into an integral component of effective security tools, as well as a serious threat when wielded by cybercriminals. Last year’s RSA was all about AI hype – is it real? Can it actually be used for good? This year – that’s not a question. Vendors and end users alike are embracing it for efficiency and productivity and are committed to keeping pace with and outsmarting bad actors.

Agentic AI, systems that can make their own decisions and carry out specific actions with limited human intervention, was one of the most prominent topics in speaking sessions, at booths, in press releases from attending companies – signaling a long-needed shift in cybersecurity from reactive defense to proactive operations.

While integrating real AI, not just machine learning, into security products takes time, it’s clear the industry is on top of the latest trends and wants to continue making strides in supporting security teams using the technology.

Perhaps ironically, AI is driving increased human connection and community within cybersecurity, as we work toward common goals to keep the internet safe and protect company and consumer data.

This sense of community was also evident in the DARPA AIxCC immersive, fictional city of Northbridge. In the impressive activation, we took a simulated train journey into the ‘city,’ as cybercriminals actively took hold of Northbridge’s vast critical infrastructure, including its trains, hospitals and water grids. When we arrived, we were escorted from section to section – witnessing the various aspects of the attack on Northbridge. This included seeing real-life examples impacting actual cities projected on TV screens and learning how AI-driven solutions can be used to secure the software supply chain (<–another critical theme we saw throughout the show). The challenge, according to DARPA, “brings together the foremost experts in AI and cybersecurity to safeguard the software critical to all Americans.” It’s an important cause, and we applaud all participating. 

Overall, it’s been interesting to see how the go-to hot topic of the show has evolved year on year – seems ‘zero trust’ and ‘cloud security’ most recently dominated the space where AI now stands. And honestly, we don’t see that changing for awhile. AI, whether you’re a fan or not, is here for the long haul.

Despite ‘zero trust’ fading from vendors’ booth banners, identity security was a rising star at the conference as well. As cyber incidents continue to leverage stolen credentials, protecting digital identities is paramount. Many organizations emphasized the importance of extensive identity and access management (IAM) strategies, noting they are no longer just a ‘nice to have.’ They must be part of companies’ frontline defenses. Attendees noted that this shift requires the implementation of comprehensive IAM solutions with stringent access controls for both human and non-human identities.

The Press and Analyst Landscape

Not only are the ‘big trends’ evolving year on year – the way press and analysts interact with attendees is also changing. In 2025, the list was more tailored, especially from the press side. Our guess as to why? Video calls can occur at any time, anywhere, any day – enabling these influencers to chat and see their sources at a moment’s notice. While seeing one another through a screen doesn’t replace the real thing, it’s more personal than the old email Q&A or faceless phone call.

‘Obviously,’ you say to yourself. ‘So why are they even going then?’ We expect (and have heard directly from many of them) that they want to listen to sessions and panels. This allows them to hear multiple experts riffing off one another live and the audience asking questions they may not have thought of themselves. If they can host 1:1s any day, this is where the higher value for reporting often lies.

When they do carve out that sit-down time, they often want to talk to companies with never-before-seen product or major financial news, new threat findings or something bold to say. Thought leadership is always valuable, but they will likely rely on slower times outside of the show for those discussions and attend onsite sessions to gather that intel. It doesn’t mean booking meetings for clients is impossible. In fact, we hosted dozens, but PR folks and their clients alike must be more thoughtful and targeted in their pitches than ever before.

Analysts, however, seem to still be hungry for those face-to-face interactions. These discussions allow them to gather fresh takes from a variety of vendors in a short period of time. This gives them a pulse on the emerging categories they should keep an eye on and companies entering the market or shifting their focuses to better inform their reporting. They also use the show as valuable catch-up time with paid customers, to record podcasts and to pull insights for their own RSA recap blogs.

We know it’s a busy week for everyone, and we truly appreciate each and every journalist and analyst who met with us, spoke with our clients or covered their news!

Here’s what they’re saying about the show:

“The cybersecurity industry is rushing to confront a new identity crisis — not for people, but for AI agents that act autonomously and now need to be managed like employees.” – Sam Sabin, Axios

“AI agents and assistants, proactive real-time threat detection and management solutions, data security platforms and updates that target AI-driven vulnerabilities, and numerous governance and compliance offerings were RSAC 2025 show floor staples.” – Samantha Schober, SecurityInfoWatch

“With threats growing smarter, companies are fighting back with automation, crowdsourced hacking, and stricter identity controls. The rise of autonomous AI agents signals a shift toward self-learning security systems that can adapt in real time. However, technology alone won’t win this fight. The human element remains both the weakest link and the greatest hope.

While AI can block attacks and automate responses, security awareness, skilled analysts, and proactive threat hunting are irreplaceable.” – Aminu Abdullahi, eSecurity Planet

“Last week at RSAC Conference 2025, the message came through loud and clear: Agentic AI is no longer just a concept. It’s being deployed today. AI-powered agents are streamlining workflows, helping with compliance and aiding in threat detection at scale.” – Brandy Harris, ISMG

The Booths

The creativity of vendor booths and activations reached new heights this year, driving further excitement on the show floor and beyond. A few notable mentions (but really, everyone brought it!):

• Stream.Security’s ‘SOC Museum,’ highlighting literal sock designs based on common security operations center team challenges.

Photo Credit: Stream.Security [https://www.stream.security/soc-museum]

• Orca Security’s outdoor doughnut & ice cream booth, where you could play a bean bag toss game to win swag – which led you to their indoor booth featuring rescue puppies up for adoption!

• Building Lego versions of ourselves adorned in HackerOne attire.
• Having whimsical AI images generated (and great conversation) at tech consultancy Stefanini Group’s booth.

• Sentra’s The Cavalier-based meeting spot, decked out in themed decor.

• Lineaje’s software supply chain security thought leadership gathering.

• Sublime Security’s matching green matcha and colorful networking area.

The list goes on. Well done to all the teams who put in serious work to illustrate their messages in fun, memorable ways.

Conclusion

This year’s RSA Conference was a refreshing experience for attendees across industries and specializations. The Touchdown team found connection within the cybersecurity community with organizations of all sizes, gaining insights on trends from agentic AI and identity security to upcoming announcements and key players to watch. Once again, RSA served as a comprehensive view into the technology our team strives to share with the world. See y’all next year!