The NightDragon team was on the ground last week at the 2025 RSA Conference, an annual cybersecurity event that brought together 44,000+ cybersecurity leaders in San Francisco to learn and share insights. Throughout the week, we hosted over 1,500 individuals at our events and connected with hundreds of CISOs, founders, and industry leaders. These interactions provided invaluable insights into the evolving cybersecurity landscape.
Based on our observations and conversations at RSA 2025, here are seven key trends shaping the future of cybersecurity:
1. AI’s Expanding Role in Cybersecurity
Last year at RSA, the conversations around AI were robust, but largely theoretical in terms of the impact the technology could have on cybersecurity. This year, that tone changed, with a transition from theoretical discussions to more practical applications within cybersecurity for AI, including deployments of AI-driven SOCs, utilizing machine learning for malware analysis, and automating incident response processes. Moreover, the emergence of “agentic” AI—autonomous agents capable of making decisions—introduces new security opportunities.
Ultimately, we are seeing Security for AI emerging to be as broad of a category as “cloud” has become. Just as there are now dozens of categories beneath the cloud umbrella, we expect to see the same emerge within the AI sector. The main security categories we know today will each go through their own AI disruption, with companies born in AI seeing fast growth and cyber titans such as Palo Alto Networks, Check Point Software, CrowdStrike, Zscaler and others potentially making acquisitions in the sector (see Palo Alto’s acquisition of Protect AI last week as one example of this).
2. Preparing for the Quantum Era
Quantum computing poses a significant threat to current encryption standards. While practical quantum computers capable of breaking encryption are still years away, the concept of “harvest now, decrypt later” has prompted organizations to begin transitioning to post-quantum cryptographic algorithms. Agencies like CISA are urging critical infrastructure sectors to prepare for this shift, as one example. Enterprises are focusing on becoming ‘quantum ready’ today, and a major part of this is the development and implementation of post-quantum cryptographic algorithms. This proactive approach aims to safeguard sensitive data against future quantum threats. Enterprises are gearing up towards migration of applications on classical computers to quantum infrastructure as the space continues to see huge momentum. Stay tuned for an exciting announcement on this next week.
3. Embracing Predictive Security
CISOs are increasingly prioritizing predictive security to proactively defend against fast-evolving threats. Leveraging AI and machine learning, including agentic AI, organizations can now identify vulnerabilities and attack vectors before adversaries exploit them. This shift toward predictive approaches enables security teams to respond with greater speed and precision—transforming cyber defense from reactive to anticipatory.
As digital environments grow more complex, predictive security tools like these are becoming essential for managing constant change. By integrating real-time data, autonomous analysis, and intelligent decision support, enterprises are better equipped to stay ahead of threats—rather than simply reacting to them.
4. Adoption of Agent-Based Security Approaches
The rise of agent-based cybersecurity solutions reflects a shift towards more dynamic and adaptive defense mechanisms. These agents can autonomously monitor systems, detect anomalies, and respond to threats in real-time. CISOs are showing a strong willingness to test and deploy these approaches, recognizing their potential to enhance security posture.
A prime example is Dataminr’s recent launch of Intel Agents, the company’s first agentic AI capability. These AI agents autonomously generate critical real-time context as threats and risks unfold—empowering users to rapidly understand and respond to unexpected events. Intel Agents mark a new generation of AI-powered threat intelligence, enabling both public and private sector organizations to navigate crises with enhanced clarity and agility.
5. Identity Remains Biggest Security Problem Not Yet Solved
Identity is both the foundation and the Achilles’ heel of modern cybersecurity. Despite ongoing advancements in identity and access management, identity-related breaches remain alarmingly common and damaging. As the digital identity landscape expands, the risks and attack surface grow with it—underscoring that identity remains the most persistent and unresolved problem in cybersecurity. The 2025 RSA ID IQ Report revealed that 44% of organizations experienced identity-based breaches in the past year, and these incidents are, on average, more costly and more complex to remediate than other types of attacks.
This challenge is only growing in our current era of AI. Organizations must now manage identities across on-prem systems, multi-cloud environments, SaaS platforms, IoT devices, and increasingly, AI agents. This complexity introduces new attack vectors and makes it harder to enforce consistent policies. The rise of non-human identities—such as agentic AI and machine-to-machine communications—adds an entirely new dimension, requiring identity solutions that go beyond the traditional user-password paradigm.
6. Evolution of Application Security
The rise of agentic infrastructure and AI-powered development is democratizing app creation, enabling anyone to build hyper-personalized applications through natural language prompts. While empowering, this shift dramatically expands the attack surface, as more apps are created beyond the purview of traditional IT and security teams.
To keep pace, application security must evolve. “Secure by Design” principles and adaptable security protocols are essential for safeguarding this decentralized development ecosystem. Organizations must implement flexible frameworks and foster secure coding practices across a broader, more diverse pool of developers.
7. Sustained Government Engagement in Cybersecurity
Despite political shifts, government involvement in cybersecurity remains robust. While there was initially some concern that new government leadership around national security and cybersecurity would show up at the event, there ultimately was a robust presence at the event from both U.S. and international cybersecurity leadership. For instance, Homeland Security Secretary Kristi Noam keynoted the main conference, and nominee for National Cyber Director Sean Cairncross attended to meet with industry. Continued collaboration between government entities and private sector organizations is essential to develop comprehensive cybersecurity strategies and respond effectively to emerging threats.
The insights gained from RSA 2025 reaffirm NightDragon’s belief in the immense opportunities within the cybersecurity sector. The convergence of AI, quantum computing, and evolving threat landscapes presents both challenges and avenues for innovation. Our portfolio companies are well-positioned to address these developments, offering cutting-edge solutions that meet the demands of today’s security environment.