RSA 2025 Recap: AI Security, Third-Party Risk & The Rise of Non-Human Identity Management

Read full article here: https://www.oasis.security/blog/rsa-2025-5-takeaways-on-ai-third-party-risk-the-future-of-identity/?source=nhimg

At RSA Conference 2025, artificial intelligence was more than a buzzword—it dominated every discussion on both sides of the security equation. From Security Copilots to data poisoning countermeasures, one thing became clear: AI for security is here, and security for AI is now critical.

Oasis Security’s team spent four days immersed in panels, product demos, and cross-industry conversations at Moscone Center. Across all of them, five key trends stood out:

1. AI for Security Is Going Mainstream:
   SOCs are already embedding generative AI into daily workflows, moving beyond pilots toward real-world automation in triage and incident response.

2. Third-Party and AI Supply Chain Risk Is Rising:
   CISOs are now prioritizing model provenance, fine-tuning governance, and threat modeling for LLMs and third-party SaaS dependencies—recognizing them as potential single points of failure.

3. Non-Human Identities Take Center Stage:
   Every breach starts with a compromised identity, but now the industry spotlight is shifting toward the explosive growth of NHIs—API keys, service accounts, AI agents. Discovery, classification, threat detection, ownership, and lifecycle governance of these identities are now must-have capabilities.

4. Security Is a Team Sport Again:
   The spirit of collaboration was strong, with open sharing of threat intelligence, cross-sector defense strategies, and even product comparisons between competitors. The value of community is rising alongside tech innovation.

5. People Are Still the Strongest Asset:
   CISOs echoed a clear theme: tools are vital, but culture, skill-building, and human curiosity are what win. Investment in talent, not just tech, is the defining trait of high-performing security teams.

Final Insight

RSA 2025 proved that trusted AI depends on secure AI. Organizations that secure their non-human identities, model inputs, and automation workflows will be best positioned to leverage GenAI, safely and at scale.