As RSAC 2025 recedes within the rearview mirror, I needed to share among the identification safety and knowledge safety insights I gained from hanging out with round 44,000 of my closest cybersecurity associates in San Francisco. It was 4 days of chatting with safety practitioners, distributors, traders and different business analysts to achieve perception on efficient methods to cope with sprawling identities and knowledge.
Following are the themes and noteworthy improvements in identification safety on the huge present. Should you could not attend, here is a taste of the deluge of cybersecurity innovation showcased at RSAC.
Id safety continues to garner curiosity and funding
Id safety has many unsolved issues and loads of room for effectivity positive aspects, and traders are powering innovation to ship higher identification safety outcomes.
Id continues to draw vital enterprise funding. Take a look at current funding highlights: Persona obtained $200 million for identification verification, Push Safety $30 million for identification menace detection and response (ITDR) and Veza $108 million for identification governance and administration.
As current analysis from Enterprise Technique Group, now a part of Omdia, has proven, identification safety know-how investments proceed to develop relative to different areas of cybersecurity funding.
Safety for agentic AI: The rising problem
The buzzword at RSAC was agentic AI — a type of nonhuman identification through which brokers can motive, plan, study and adapt.
And if you do not know the acronym MCP, you are not a part of the cool children membership. (For many who missed it, MCP stands for Mannequin Context Protocol, a protocol that offers a common means to securely join and work together with exterior knowledge sources, instruments and environments.)
Distributors had been speaking about agentic AI for safety — making use of brokers to make their merchandise higher — and safety for agentic AI — guaranteeing brokers function securely. Making use of agentic AI to enhance safety streamlines processes and permits safety groups to do extra work.
At RSAC, many substantive makes use of of AI brokers to enhance safety had been highlighted, together with Microsoft’s Safety Copilot brokers and Google Cloud AI safety brokers.
One matter that emerged on the present was that though agentic AI is a multilayered problem, it’s initially an identification drawback.
Agentic AI protocols are evolving at an amazingly quick tempo. Anthropic launched MCP in November 2024, Cisco-supported AGNTCY.org arrived in March 2025 and Google’s Agent2Agent arrived in April 2025.
Protocol adoption is transferring rapidly as companies see a possibility for effectivity and progress. An agentic AI world could have brokers calling brokers calling brokers. Normal protocols are important to interoperability throughout instruments, platforms and suppliers.
In case you are working inside one vendor’s walled backyard — for instance, Salesforce Agentforce or Microsoft Safety Copilot brokers — the safety is comparatively locked down, and authentication and authorization are well-understood. Issues get attention-grabbing from an identification safety perspective when crossing boundaries exterior of walled gardens. That is the place I count on the enterprise worth from agentic AI shall be unlocked. However if you begin transferring and dealing with precious data, the chance arises for fraud and knowledge compromise with out guardrails and fine-grained authorization.
Orchestrating the AI agent ecosystem is a quickly evolving house. Gamers are coming on the agentic AI identification safety drawback from many angles, together with the next:
- AI agent entry administration — for instance, Natoma Labs and Silverfort.
- Id governance and administration for AI brokers — for instance, ConductorOne, Lumos, SailPoint Applied sciences, Saviynt and Veza.
- Securing AI and MCP server infrastructure — for instance, CyberArk and Teleport.
Enterprises are below strain to point out worth from their generative AI investments, and agentic AI affords a transparent path to worth. The protocols are nonetheless being developed, and the threats will finally materialize, however safety leaders ought to be taking part in enterprise conversations with their compliance, CIO and line-of-business colleagues to remain forward of agentic AI safety and deploy brokers in a safe and compliant vogue.
Convergence and platforms: The lengthy sport
Resolution convergence is prevalent throughout many domains in cybersecurity the place there are clear facilities of gravity, together with endpoint, community safety and cloud safety. Id safety, specifically, has been a comparatively fragmented house.
Most enterprises have a number of merchandise in every of the areas that comprise identification safety: identification governance and administration (IGA), entry administration, privileged entry administration, ITDR, identification safety posture administration (ISPM) and NHI safety.
That is altering as distributors develop or purchase adjoining performance. For instance, CyberArk acquired Zilla for IGA, Saviynt added ISPM at RSAC, Okta and Microsoft rolled out IGA merchandise, and lots of distributors have a component of NHI safety of their merchandise.
In chatting with practitioners at RSAC, it grew to become clear that the convergence story is a protracted sport. Practitioners have a heterogeneous identification stack right now that has collected for a lot of causes. Most practitioners wish to make sure they’ve the perfect identification know-how stack doable now and sooner or later. The oldsters I spoke with mentioned they had been keen to think about converging with their current distributors, however the prerequisite was having best-in-class performance that will make it value the price of switching out an current product. Such adjustments do not occur in a single day — they take years.
The identification know-how convergence story being instructed is compelling, however it is going to take time to see fruition as identification groups methodically enhance and evolve their identification know-how stacks to resolve right now’s and tomorrow’s challenges.
Whereas convergence rolls ahead, the continued flux between platforms and best-of-breed continues. Progressive startups are specializing in vital identification issues. For instance, Silverfort, Push Safety, Breez, and Permiso Safety with ITDR or Passbolt with safe collaboration and credential sharing. Such merchandise will thrive by filling particular gaps that converged merchandise cowl inadequately or in no way.
Remaining ideas
RSAC 2025 noticed an enormous quantity of bulletins, improvements and attention-grabbing talks. My analysis space consists of each identification safety and knowledge safety, however identification safety noticed a lot motion at RSAC that I centered this text completely on that matter. I spotlight RSAC 2025 knowledge safety improvements in a separate article.
One thing caught your eye at RSAC? Are you a vendor with an attention-grabbing product? Attain out to me on LinkedIn.
Todd Thiemann is a principal analyst masking identification entry administration and knowledge safety for Enterprise Technique Group, now a part of Omdia. He has greater than 20 years of expertise in cybersecurity advertising and technique.
Enterprise Technique Group is a part of Omdia. Its analysts have enterprise relationships with know-how distributors.
