My RSA 2025 Recap

RSA Conference 2025 delivered a clear message: the next frontier in cyber defense—and offense—is Agentic AI.

Okay what is Agentic AI because I feel like there was some quota that every vendor had to meet by mentioning Agentic AI. What is funny, almost evety vendor I spoke to had a bit of a different definition of Agentic AI.

·  Microsoft describes agents as “layers on top of language models that observe and collect information, provide input to the model, and together generate an action plan, communicating it to the user—or even acting on their own if permitted.” Their secret sauce: memory management, fine-grained entitlements, and seamless tool integration.

·  Google Cloud calls them “software systems that pursue goals and complete tasks on behalf of users,” emphasizing reasoning, planning, and continuous feedback loops—so an agent remembers yesterday’s context when tackling today’s challenge.

·  IBM frames Agentic AI as systems that “accomplish specific goals with limited supervision,” often by orchestrating a chain of sub-agents to handle data gathering, analysis, and decision-making in concert.

·  UiPath contrasts Agentic AI with classic RPA as a “probabilistic technology with high adaptability,” capable of inferring patterns, weighing likelihoods, and pivoting workflows on the fly—blurring the line between scripted automation and genuine intelligence.

Arriving at the Moscone Center, I immediately headed for the vendor floor — not for free swag (but I got some cool rubber toy ducks the kids will love), but to dissect gamified CTF booths. CrowdStrike’s threat-hunting arena was a crowd-pleaser, though I questioned whether scripted playbooks translate into live hunts.

As a lifelong Lakers fan, seeing Magic Johnson was super cool. I was surprised how some of the same traits we demand of red-team engagements was similar to his approach of business. His anecdote about chest-bumping a teammate underscored that leadership, like effective security, is about showing up and inspiring trust, not just metrics and slides.

Now onto my favorite talk for the week: Paula Januszkiewicz’s Adventures in the Underland: Uncommon Hacker’s Persistency Methods. Paula stepped beyond registry run keys and scheduled tasks, diving into obscure hijacks of Windows Boot Manager, WMI event consumers, and COM object registrations — all pulled from real incident response cases. I especially enjoyed her demo of a misused Print Spooler entry enabling reboots-without-detection, which dovetails with a blog series I have planned on Windows persistence anti-patterns.

I would say do not miss the BSides talks when they get posted on YouTube in a few weeks, BSides has always been the hacker community’s sandbox for unconventional thinking, and this year’s marquee session—TruffleHog’s “AI Apocalypse”—did not disappoint Rather than the usual cat-and-mouse of malware versus signature, the talk highlighted how generative models could be weaponized to automate credential harvesting and code-repository reconnaissance:

• Adversarial Exfiltration: Imagine a language model that passively ingests git commit histories, identifies API keys or secrets, and packages them for an attacker—no human in the loop.

  
  

• Defender Response: Techniques like adversarial training (injecting poisoned examples during model training) and anomaly detection on outbound API calls become critical first lines of defense.

  
  

The irony? We’ve long warned about “smart” attackers—now the attackers are literally self-learning.

Eva Galperin’s session, cheekily titled “World’s Dumbest Cyber Mercenaries,” exposed the all-too-human flaws of low-tier threat actors.

Key observations:

• Operational Incompetence: Many mercs rely on off-the-shelf tools without understanding their tradecraft, leaving breadcrumbs in logs and metadata.

  
  

• Quick Wins vs. Lasting Impact: These attackers go for high-volume, low-complexity targets—ransomware on unpatched servers—rather than stealthy, strategic intrusions.

  
  

• Defender Takeaway: Embrace deception techniques (honeypots, falsified credentials) to trap the “dumb” mercs, turning incompetence into an advantage.

  
  

Combining these takeaways, the message is clear: adaptation is non-negotiable. Adversarial AI, deepfake forensics, leadership that blends human factors with technical rigor, and unseen persistence vectors — they all demand layered strategies. Here’s what I’m personally doubling down on:

1. Adversarial ML Hardening: Extend model training pipelines with poisoning and red-teaming scenarios.

   
   

2. Dynamic Deepfake Fingerprints: Build a rotating library of codec-based anomalies.

   
   

3. Security Champions as Leaders: Inspired by Magic’s ethos, embed authentic leadership training in my next security champions workshop.

   
   

4. Persistence Hunt Drills: Formalize red-team playbooks around WMI and Boot Manager hooks after Paula’s session.