AI looms large on the RSA Conference agenda

Thousands of delegates (41,000 attended in 2024) and around 600 exhibitors are in San Francisco to hear talks on the use of generative AI technologies in threat detection, automated vulnerability management, and the ethics of AI in security, among other topics.

Application security will also feature prominently with sessions on software supply chain, API security, software composition analysis, and secure development. Identity and access management will also feature in both conference tracks and the vendor expo sides of the conference. The conference will also host an innovation sandbox, highlighting the work of the most promising security startups.

AI driving industry disruption

Speaking ahead of the conference, Deloitte US cyber lead Adnan Amjad told CSO that the rise of AI-driven cyber threats, complex IT environments, and stricter regulations are making secure modernization essential.

Amjad said that the latest wave of innovation is focused on AI as app (or agentic AI), adding that disruption is coming whether enterprises like it or not.

“Businesses need to move even though the technology may look different in six months,” Amjad said.

Enterprises currently have too many security tools — offering stove-pipe solutions — so enterprises need to move away from this approach to develop a blueprint for how AI technologies can be deployed to offer greater integration and improved productivity, according to Amjad.

For example, routine tasks in security operations centers can be carried out by AI agents, freeing up analysts to work on more strategic tasks.

“Enterprises need to think about how to build greater resiliency from a business perspective,” said Amjad, who added that businesses should look toward security platform consolidation.

Rise of the machines

Charlie Lewis, a partner at management consulting firm McKinsey & Co., similarly predicted that consolidation in cloud security and security operations were key industry trends likely to be showcased during the RSA Conference.

“Enterprises need to integrate security into their software development practices,” Lewis told CSO. Enterprises need to deploy AI-based technologies to stay ahead of phishing threats — especially since criminals are making greater use of gen AI tools to craft phishing lures.

AI technologies also have a role in vulnerability remediation and in reducing the mean time to respond against security threats. “There’s a risk for companies in not deploying AI technologies,” Lewis said, adding that how AI projects improve business metrics will be important in gauging the success of their deployments.

Although better known for keynote presentations by industry luminaries such as Chris Krebs and Bruce Schneier, as well as senior executives from Google and Microsoft, the RSA Conference also offers a chance for CSOs to talk to a variety of vendors in support of planning a project. There’s also the opportunity for delegates to network with their peers. CSO’s Jon Oltsik offers 10 key questions CSOs should ask as they soak in conference presentations and conversations.

AI guardrails come tumbling down

Some research is also due to be presented at the conference.

For example, AI security testing firm Mindgard is presenting new research on bypassing AI guardrails using novel methods like emoji and Unicode smuggling.

Mindgard’s research team has identified vulnerabilities across the guardrails designed to protect large language models (LLMs).

The study found that character injection methods and algorithmic adversarial machine learning (AML) evasion techniques can successfully and reliably bypass six of the most prominent AI guardrails systems, including Microsoft’s Azure Prompt Shield, Meta’s Prompt Guard, Nvidia’s NeMo Guard, and Protect AI.

The research — which was disclosed to the affected parties prior to its publication — highlights the need for more robust guardrail systems, according to Mindgard.