Was AI in your RSAC Convention 2025 bingo card? To nobody’s shock, it was the subject of the 12 months on the cybersecurity trade’s large present, which drew to a detailed final week.
Following its emergence because the breakout star of RSAC 2024, AI — and its 2025 buzzphrase companion agentic AI — could not be averted at keynotes, periods and on social media.
It is not surprising. AI adoption is booming. Based on the newest analysis from McKinsey & Co., 78% of organizations use AI in no less than one enterprise operate. Essentially the most cited AI use instances are in IT, advertising, gross sales and repair operations.
But with the adoption growth has come some dire warnings about AI safety. The next roundup highlights Informa TechTarget’s RSAC 2025 AI protection:
Most cyber-resilient organizations aren’t essentially prepared for AI dangers
A report from managed safety service supplier LevelBlue launched at RSAC discovered that whereas cyber-resilient organizations are well-equipped to deal with present threats, many underestimate AI-related dangers.
The report famous that AI adoption is occurring too quick for rules, governance and mature cybersecurity controls to maintain tempo, but solely 30% of survey respondents mentioned they acknowledge AI adoption as a provide chain danger. This represents a serious disconnect — and a priority for future AI-enabled assaults.
Learn the complete story by Arielle Waldman on Darkish Studying.
Fraudulent North Korean IT staff extra prevalent than thought
A panel at RSAC outlined how North Korean IT staff are infiltrating Western firms by posing as distant American workers, producing thousands and thousands for North Korea’s weapons program. A single vendor, CrowdStrike, discovered malicious exercise in additional than 150 organizations in 2024 alone, with half experiencing information theft.
These operatives use stolen identities to safe positions at organizations of all sizes, from Fortune 500 firms to small companies. The panel mentioned pink flags to search for — corresponding to requests for alternate gear supply addresses and suspicious technical behaviors — in addition to how organizations can defend themselves by means of cautious hiring practices and enhanced monitoring.
AI is stopping menace sharing as a consequence of information and privateness rules
Throughout a SANS Institute panel about essentially the most harmful new assault methods, Rob T. Lee, chief of analysis and head of college at SANS Institute, highlighted that the cybersecurity trade is going through important challenges in relation to AI regulation. Specifically, privateness legal guidelines corresponding to GDPR prohibit defenders’ potential to totally use AI for menace detection whereas attackers function with out such constraints.
Lee mentioned these rules forestall organizations from comprehensively analyzing their environments and sharing essential menace intelligence.
Learn the complete story by Becky Bracken on Darkish Studying.
GenAI classes realized emerge after two years with ChatGPT
An RSAC panel defined how, for the reason that launch of ChatGPT in late 2022, generative AI has dramatically remodeled how cybercriminals function. The panel highlighted 4 key classes:
- GenAI hasn’t launched new techniques, but it surely has enhanced attackers’ capabilities, resulting in a 1,000% improve in phishing emails and extra convincing scams.
- Present legal guidelines can be utilized to prosecute AI-enabled crimes, as demonstrated by current instances in opposition to DPRK staff and the Storm-2139 community.
- Important challenges stay, together with information leakage dangers and the necessity for complete AI laws.
- AI safety finest practices are rising.
Learn the complete story by Sharon Shea on SearchSecurity.
Editor’s be aware: Our employees used AI instruments to help within the creation of this information temporary.
Sharon Shea is govt editor of Informa TechTarget’s SearchSecurity website.
