As RSAC 2025 recedes within the rearview mirror, I needed to share a number of the id safety and information safety insights I gained from hanging out with round 44,000 of my closest cybersecurity associates in San Francisco. It was 4 days of talking to safety practitioners, distributors, traders and different trade analysts to realize perception on efficient methods to cope with sprawling identities and information.
Following are the themes and noteworthy improvements in id safety on the large present. Should you could not attend, this is a taste of the deluge of cybersecurity innovation showcased at RSAC.
Id safety continues to garner curiosity and funding
Id safety has many unsolved issues and loads of room for effectivity beneficial properties, and traders are powering innovation to ship higher id safety outcomes.
Id continues to draw vital enterprise funding. Take a look at latest funding highlights: Persona acquired $200 million for id verification, Push Safety $30 million for id risk detection and response (ITDR) and Veza $108 million for id governance and administration.
As latest analysis from Enterprise Technique Group, now a part of Omdia, has proven, id safety know-how investments proceed to develop relative to different areas of cybersecurity funding.
Safety for agentic AI: The rising problem
The buzzword at RSAC was agentic AI — a type of nonhuman id through which brokers can cause, plan, be taught and adapt.
And if you do not know the acronym MCP, you are not a part of the cool children membership. (For many who missed it, MCP stands for Mannequin Context Protocol, a protocol that gives a common means to securely join and work together with exterior information sources, instruments and environments.)
Distributors have been speaking about agentic AI for safety — making use of brokers to make their merchandise higher — and safety for agentic AI — making certain brokers function securely. Making use of agentic AI to enhance safety streamlines processes and permits safety groups to do extra work.
At RSAC, many substantive makes use of of AI brokers to enhance safety have been highlighted, together with Microsoft’s Safety Copilot brokers and Google Cloud AI safety brokers.
One matter that emerged on the present was that despite the fact that agentic AI is a multilayered problem, it’s at the beginning an id drawback.
Agentic AI protocols are evolving at an amazingly quick tempo. Anthropic launched MCP in November 2024, Cisco-supported AGNTCY.org arrived in March 2025 and Google’s Agent2Agent arrived in April 2025.
Protocol adoption is shifting shortly as companies see a possibility for effectivity and development. An agentic AI world may have brokers calling brokers calling brokers. Commonplace protocols are important to interoperability throughout instruments, platforms and suppliers.
If you’re working inside one vendor’s walled backyard — for instance, Salesforce Agentforce or Microsoft Safety Copilot brokers — the safety is comparatively locked down, and authentication and authorization are well-understood. Issues get attention-grabbing from an id safety perspective when crossing boundaries exterior of walled gardens. That is the place I anticipate the enterprise worth from agentic AI shall be unlocked. However if you begin shifting and dealing with invaluable data, the chance arises for fraud and information compromise with out guardrails and fine-grained authorization.
Orchestrating the AI agent ecosystem is a quickly evolving area. Gamers are coming on the agentic AI id safety drawback from many angles, together with the next:
- AI agent entry administration — for instance, Natoma Labs and Silverfort.
- Id governance and administration for AI brokers — for instance, ConductorOne, Lumos, SailPoint Applied sciences, Saviynt and Veza.
- Securing AI and MCP server infrastructure — for instance, CyberArk and Teleport.
Enterprises are below stress to indicate worth from their generative AI investments, and agentic AI gives a transparent path to worth. The protocols are nonetheless being developed, and the threats will finally materialize, however safety leaders must be taking part in enterprise conversations with their compliance, CIO and line-of-business colleagues to remain forward of agentic AI safety and deploy brokers in a safe and compliant trend.
Convergence and platforms: The lengthy recreation
Answer convergence is prevalent throughout many domains in cybersecurity the place there are clear facilities of gravity, together with endpoint, community safety and cloud safety. Id safety, particularly, has been a comparatively fragmented area.
Most enterprises have a number of merchandise in every of the areas that comprise id safety: id governance and administration (IGA), entry administration, privileged entry administration, ITDR, id safety posture administration (ISPM) and NHI safety.
That is altering as distributors develop or purchase adjoining performance. For instance, CyberArk acquired Zilla for IGA, Saviynt added ISPM at RSAC, Okta and Microsoft rolled out IGA merchandise, and lots of distributors have a component of NHI safety of their merchandise.
In talking to practitioners at RSAC, it grew to become clear that the convergence story is an extended recreation. Practitioners have a heterogeneous id stack immediately that has collected for a lot of causes. Most practitioners need to make sure they’ve one of the best id know-how stack doable now and sooner or later. The oldsters I spoke with mentioned they have been prepared to think about converging with their present distributors, however the prerequisite was having best-in-class performance that may make it price the price of switching out an present product. Such adjustments do not occur in a single day — they take years.
The id know-how convergence story being advised is compelling, however it is going to take time to see fruition as id groups methodically enhance and evolve their id know-how stacks to unravel immediately’s and tomorrow’s challenges.
Whereas convergence rolls ahead, the continued flux between platforms and best-of-breed continues. Progressive startups are specializing in vital id issues. For instance, Silverfort, Push Safety, Breez, and Permiso Safety with ITDR or Passbolt with safe collaboration and credential sharing. Such merchandise will thrive by filling particular gaps that converged merchandise cowl inadequately or by no means.
Remaining ideas
RSAC 2025 noticed an enormous quantity of bulletins, improvements and attention-grabbing talks. My analysis space consists of each id safety and information safety, however id safety noticed a lot motion at RSAC that I targeted this text solely on that matter. I spotlight RSAC 2025 information safety improvements in a separate article.
One thing caught your eye at RSAC? Are you a vendor with an attention-grabbing product? Attain out to me on LinkedIn.
Todd Thiemann is a principal analyst protecting id entry administration and information safety for Enterprise Technique Group, now a part of Omdia. He has greater than 20 years of expertise in cybersecurity advertising and marketing and technique.
Enterprise Technique Group is a part of Omdia. Its analysts have enterprise relationships with know-how distributors.
