AI is reshaping cybersecurity on three fronts: as something we must protect, a tool we can use for defense, and a capability attackers now weaponize.

1. AI as an asset that must be protected
Enterprises are starting to deploy “agentic AI” systems that independently schedule meetings, analyze data, write code, and make decisions with limited human oversight. Each of these AI agents touches sensitive data and systems, effectively becoming a new type of endpoint.

• CrowdStrike’s president summed it up at RSA: “Every AI agent is an endpoint that must be protected.”
• IBM’s watsonx platform focuses on enterprise compliance and governance for AI.
• Domino Data Lab targets highly regulated industries with deeper compliance controls.
• CrowdStrike extends its identity expertise to AI through Falcon Identity Protection.
• Palo Alto Networks introduced Prisma AIRS to protect AI workloads and plans to acquire Protect AI to strengthen AI application security.
• Startups like CalypsoAI, MIND, and Cyberhaven are building capabilities around AI model safety, AI-focused data loss prevention, insider risk, and visibility into AI tool usage.

2. AI as a defensive force multiplier
Security teams now rely on AI to handle the scale and speed of modern threats. AI-driven tools can:

• Analyze billions of events to detect suspicious patterns.
• Spot unusual behavior and predict likely attack paths.
• Automate incident triage and policy-based responses.

Examples from RSA 2025 include:

• SentinelOne Purple AI Athena, which introduces agentic AI that mimics the decision-making of experienced security analysts.
• Palo Alto Networks’ Charlotte AI, which now automates more of the incident triage process and can trigger policy-driven actions.

3. AI as a weapon for attackers
Threat actors are using AI to:

• Generate highly convincing phishing emails and social engineering content.
• Create deepfakes for scams and fraud.
• Discover vulnerabilities faster.
• Personalize attacks based on an individual’s online behavior.

The most significant shift is that AI democratizes cybercrime—advanced techniques are now accessible to far less skilled attackers. While there is no single, dedicated “AI attack” product category yet, vendors across the ecosystem are enhancing their platforms to better detect and respond to AI-enabled threats.

What this means for your strategy

• Treat AI agents and AI workloads as first-class assets in your security architecture.
• Invest in AI-driven analytics and automation to keep pace with AI-powered attacks.
• Update risk models and training to account for deepfakes, AI-generated phishing, and faster exploit discovery.

Platformization refers to the shift from many disconnected security point tools to more integrated, end-to-end security platforms. At RSA Conference 2025, this trend was front and center as vendors and customers looked to simplify and strengthen their security stacks.

What a cybersecurity platform looks like

Think of a platform as a security “superstore” that brings multiple capabilities into a single environment and interface. Typical benefits include:

• Simplified management via unified dashboards instead of juggling many consoles.
• Better detection because tools can share context and telemetry.
• Lower costs through consolidated licensing and fewer overlapping products.
• Consistent policies across endpoints, networks, cloud, and identities.
• Faster response because analysts can investigate and act in one place.

Who is driving this trend?

• Palo Alto Networks has evolved from a network security vendor into a broad security platform provider, now extending into AI workload protection with Prisma AIRS.
• CrowdStrike has grown from endpoint protection into a full-scale platform with its Falcon offering.
• SentinelOne is reshaping its Singularity solution into a broader platform, adding capabilities like Purple AI Athena.
• Large tech players such as Microsoft, Cisco, and Google are following similar paths, integrating more security services into cohesive platforms.

Why enterprises are moving this way

For security and IT leaders, platformization is a response to complexity and scale:

• Security teams are overwhelmed by tool sprawl and alert fatigue.
• Boards and CFOs are pushing for more efficient, measurable security investments.
• Attackers are exploiting gaps between siloed tools and teams.

By consolidating onto fewer, more integrated platforms, organizations aim to:

• Reduce operational overhead and training requirements.
• Improve visibility across on-prem, cloud, and edge environments.
• Align security more closely with business risk and compliance needs.

How to approach platformization in your organization

• Start by mapping your current tools and identifying overlaps and gaps.
• Prioritize platforms that integrate well with your existing infrastructure and data sources.
• Plan a phased consolidation to avoid disruption, focusing first on high-friction areas like endpoint, identity, and cloud security.

RSA Conference 2025 highlighted two related shifts: security is being embedded directly into the data path, and more attention is going to operational technology (OT) and the industrial edge.

1. Security embedded in the data path

Traditionally, cybersecurity acted like a wall around data and systems. The emerging model builds protection directly into the systems that store and move data. This “in-line” approach continuously monitors and safeguards data as it is accessed, moved, and stored.

Examples from the storage and data ecosystem include:

• NetApp integrates real-time malware scanning into its storage systems, checking files whenever they are saved or accessed—without separate security software or noticeable delays.
• IBM offers similar embedded protection across its storage portfolio.
• Infinidat, the only storage vendor exhibiting at RSAC this year, goes further by offering guarantees around data recovery after a cyberattack, including financial backing and specific recovery time objectives.
• Pure Storage supports immutable snapshots and provides comprehensive SLAs for ransomware recovery in its Evergreen One storage-as-a-service offering.
• Hewlett-Packard Enterprise (HPE) recently announced similar capabilities for its B10000 Alletra storage systems.

For enterprises, this shift means:

• Ransomware and data integrity protections are increasingly built into core infrastructure.
• Recovery objectives (RTOs/RPOs) become a shared responsibility between security and infrastructure teams.
• Procurement decisions for storage and data platforms now have a direct security dimension.

2. OT and industrial edge as a new security frontier

Operational Technology (OT) covers the hardware and software that control physical processes—power plants, water treatment, manufacturing lines, oil refineries, and transportation networks. Historically, these systems were “air gapped” from the internet, but that isolation is rapidly disappearing as facilities connect OT to corporate networks and cloud services.

This creates new risks:

• Attack surfaces expand from IT systems into physical operations.
• Consequences move beyond data loss to potential real-world safety and availability impacts.

To address this, organizations are focusing on:

• Asset visibility: discovering and monitoring all industrial devices and systems.
• OT-specific security: using tools designed for industrial protocols and constraints.
• Network segmentation: isolating OT zones so attackers cannot easily move from IT to critical operations.
• Supply chain security: managing risks in complex equipment and software supply chains.

Vendors highlighted at RSA 2025 include:

• Cisco with its Industrial Threat Platform, which integrates threat intelligence from Cisco Vulnerability Management and adds new industrial zone protections via Cisco Cyber Vision and Secure Firewall.
• TXOne Networks, a startup focused on OT protection, with its Stellar endpoint protection solution that supports AI-powered threat detection, zero-trust segmentation, and real-time behavioral monitoring for OT environments.

What this means for your roadmap

• When evaluating storage and data platforms, treat embedded security and recovery guarantees as core requirements, not add-ons.
• If you operate industrial or critical infrastructure, build a dedicated OT security program rather than extending IT controls by default.
• Align security, infrastructure, and operations teams around shared objectives for resilience, uptime, and safety.