RSA Recap: A Look at AI in Security
The RSA Conference felt like a zoo this year…literally puppies and goats could be found on the expo show floor. What else could be found throughout the show? AI. Nearly every aisle had some vendor displaying their unique vision of AI and security: Agentic AI, AI SOC analysts, Security for AI, AI for pentesting, AI for forensics, AI GRC; heck there was an ice cream truck offering AI scoops! Anything and everything was AI-something.
Which leads us to this question, has AI become over-hyped?
This reminds me of a line from the Incredibles, “When everybody is super, no one will be.” When everyone is claiming AI as a technology marketing differentiator, then no one is unique, creating confusion, distrust and dismissal.
Here’s a breakdown of six dominant AI-in-Security themes that emerged from the show, and what to consider when looking at AI-based security solutions.
1. Agentic AI: The Rise of Autonomous Agents
Agentic AI refers to systems and/or models of systems that can take initiative, plan multi-step tasks and adapt as environmental inputs change. For SecOp purposes, AI agents can be used to accelerate alert triage and investigation. In turn, this reduces the volume of false positives, enabling response teams to perform more strategic functions.
What to ask: Agentic AI certainly stands to increase efficiency as well as efficacy, but one should ask when evaluating these solutions, how do they come to their conclusions? Are these agents truly explainable?
2. AI SOC Analysts: Smart Assistants in the Security Operations Center
Many AI SOC analyst solutions are geared to provide assistance to SOC analysts when investigating alerts. These can be used to summarize alerts, correlate events, and to some degree suggest remediation options.
What to ask: To what level can AI SOC solutions assist analysts? Is the AI SOC a co-pilot or autonomous? How long do they take to be trained for your environment?
3. Security for AI: Defending the Model
Securing AI models has always been important, but with generative AI being incorporated in most work environments, it’s now front and center for security teams. Generally, this includes defending against:
- Prompt injection
- Data poisoning
- Model theft
- Adversarial inputs
At RSA, emerging solutions like AI firewalls, LLM security assessments and watermarking tools stood out.
What to ask: What are my safeguards for protecting AI as an attack surface? Do I have adequate protections for my AI input and training sources like my vector databases, training datasets, etc.?
4. AI for Pentesting: Using AI for Offense
Automated pentesting has been an industry desire for some time. By simulating cyberattacks, and probing for vulnerabilities, AI stands to augment today’s pentesters’ toolbox. For example, generative AI is being used to create more realistic (and effective) phishing and social engineering campaigns.
What to ask: How autonomous is the pentesting solution? How well can these solutions incorporate business context? Will AI-driven pentests satisfy your cyber insurance requirements?
5. AI in Forensics: Speed Meets Scale
AI has a promising role in forensics by accelerating triage, log analysis, timeline reconstruction, and even malware classification. As an assistant, it can comb through terabytes of data in seconds, saving hours.
What to ask: What limitations exist to the extent of coverage? How does it deal with new attack and persistence techniques? Can I audit resulting conclusions?
6. AI in GRC: Simplifying Governance, Risk and Compliance
AI appears to have a bright future for GRC professionals. Whether it’s mapping controls to frameworks, running risk analysis scenarios, or generating industry compliance reports, AI stands to reduce the time required to process these things. AI won’t replace risk managers, but it will help them keep pace with today’s ever-changing compliance landscape.
What to ask: What additional context and training do they need to succeed in my environment? Can they evaluate documentation and proof of evidence automatically?
Final Thoughts
The hype around AI is tangeable. To cut through this, Embed has published a white paper, “Understanding Agentic Security: Beyond the Hype” – a must read for anyone interested in understanding how AI agents improve alert investigation accuracy and analyst productivity. What’s clear from RSA this year is that not all AI solutions are equal. There are a myriad of things to consider when implementing AI in your security operations. Embed is here to help.
