Along with 44,000 other in-person attendees, ABI Research attended RSAC 2025 from April 28 to May 1. In line with its 2025 rebranding from RSA to RSAC, this year’s conference was focused on community, with Hugh Thompson’s opening keynote emphasizing the importance of coordination and collaboration across the cybersecurity community when tackling the consistent stream of new and emerging threats, as well as the evolution of known and established attack vectors. Content, connection, culture, and conversation are the four “Cs” now central to both the RSAC brand and to the cybersecurity community at large. By combining our in-depth conversations with vendors, tracking session attendance, and touring the exhibition booths at RSAC 2025, we have compiled a list of the top six cybersecurity trends we expect to cause the most disruption in the market in the next year.
1. 2025 Is the Year of Quantum: Asset Discovery and Management Technologies Make a Splash, While Digital Identity Solutions Snag Top Spots
The transition to post-quantum and crypto-agility was a primary talking point, with 2025 hailed the year of Post-Quantum Cryptography (PQC). This made for an explosive number of vendors offering cryptographic asset tooling, including inventory and discovery-orientated tools. Digital identity is also expected to be integral to the migratory process, especially in the initial phases. Crypto-agility with regard to key management, Public Key Infrastructure (PKI), and machine identities was championed as a major trend for 2025. Additional quantum-focused events like the Thales PQC Palooza were dominated by vendors in the digital identity and cryptographic asset management, including Keyfactor, Garantir, and Ascertia, indicating the prominent role these players are expected to play in the upcoming post-quantum transition (see this ABI Insight on the Thales PQC Palooza).
In conjunction with the post-quantum transition, the announcement of reduced Transport Layer Socket (TLS) certificate validity periods has added fuel to the fire with regard to automated certificate rotation and Certificate Lifecycle Management (CLM), with vendors highlighting the growing convergence between PKI and CLM services. Certificate outage and key leakage remain substantial issues within the PKI space, and these are only expected to worsen over time as demands for certificate migration and faster updates grow. Yet, while quantum is the priority that is tipping system crypto-agility from an important to an imperative feature in modern systems, operational complexity and data and device sprawl remain critical drivers, as understood by vendors like Entrust, DigiCert, and AppViewX.
Learn the role of PQC in the emerging area of confidential computing by reading the Research Highlight, Hardware-Defined Security: The Evolving Landscape of Confidential Computing.
2. Context Is King
Beyond cryptographic asset discovery and identity management, contextualization of threats and system vulnerabilities is crucial, particularly in the Operational Technology (OT) space. A central struggle in OT remains the language barrier between business-orientated OT operators and OT security teams, and the struggle to frame OT security in terms of its business value and the business implications of breaches or attacks. Remediation and actionable intelligence are key here to help close the gap between knowledge regarding OT operators’ individual business models.
While focusing “left of boom” is increasingly important in OT, to understand the business context and prioritization of asset protection in OT security, “right of boom” remains necessary. Solutions that integrate rationalization and normalization for alert and device management, as well as granular policy controls and add-on compliance modules, are expected to garner the most attention in the security market space. In this regard, top vendors like Nozomi, Armis, Broadcom, and Rockwell Automation are already well-positioned for success.
3. Supply Chain Security as a New Battleground in Cybersecurity
Attendees argued that we are at an inflection point with supply chain attacks, which is leading to shifting cyber norms and impacting physical hardware. Hyper-specialization of technology has led to various branches of responsibility across the supply chain with broad-reaching strategic implications on cyber conflict and warfare. This includes physical infiltration (theft, tempering, physical compromise, product tampering, and service interruption to sales) and virtual (Distributed Denial of Service (DDos), Machine Identity Management (MIM), malware command and control, insider threats, and data infiltration and exfiltration).
With trade fragmentation happening down political fault lines, geopolitics are damaging the trustworthiness of technology, while growing fragmentations in geopolitical relationships produce bifurcated and re-globalized supply chains. This is especially pertinent in the context of the ongoing U.S.-Chinese tariff war with tariffs and export controls impacting supply chains, economic and financial fragmentation engendering new risks, and the resultant risks reshaping cyber norms. For more information on supply chain security in the context of the U.S. tariffs, see this ABI Insight on supply chain software and material handling solutions.
4. Increasing Enmeshment Between the Legal and Cyber Realms
Each year, more and more track sessions zero in on the symbiotic relationship between cybersecurity and cyber regulation. While cyber regulation and standards have been an integral part of Chief Information Security Officers’ (CISOs) agendas for a long time, the importance of interdisciplinary approaches to security is increasingly recognized among cybersecurity experts and vendors in attendance. Growing system interconnectedness requires an understanding of applicable legislative instruments and of the legal implications of cybersecurity that go beyond checklist-orientated compliance. Additionally, mounting geopolitical tensions and both the urbanization and civilianization of armed conflict exposes civilian objects, including critical infrastructure and operational technology, to increased harm. Thus, highlights included how regulation shapes cyber defense and the role of cyber law and OT security in armed conflict.
On the flip side, the practical experience and technical expertise of security professionals is necessary to create enforceable legislation that effectively tackles security gaps without over-legislating or creating complicated legal quagmires. In this vein, the importance of the NIS2 directive and the Cyber Resilience Act (CRA) in OT security was discussed at length, as well as vendors’ difficulties in dealing with various fragmented standards and regulations across regions.
5. From Gen AI to Agentic AI Everything
Artificial Intelligence (AI) has headlined RSA’s sessions and booths for several years, but Agentic AI made its debut this year, signaling the move beyond Generative Artificial Intelligence (Gen AI) chatbots toward Agentic AI agents with regard to emerging trends in cybersecurity. Track sessions were dedicated to Agentic AI security, while vendors rushed to demonstrate how they were incorporating Agentic AI into their existing solutions. Microsoft Security exhibited its use of Agentic AI in is threat investigations, incident reporting, and vulnerability management, while, outside of security, the benefits of Agentic AI in deep research use cases were propounded by vendors.
Yet, there remains some work to be done to ensure that Agentic AI does not simply become another marketing buzzword. Some confusion remained throughout RSAC on what Agentic AI includes, how it can be differentiated from Gen AI chatbots, and how its workflow differs from other AI workflows. Moreover, Agentic AI introduces new security considerations that vendors will need to consider, opening up space for Agentic AI security solutions and services, dedicated to providing access controls and limits in terms of interactivity across agents to protect privacy and prevent data leakage.
6. Platformization Remains the Name of the Game
Convergence is becoming increasingly commonplace, both in terms of the solutions themselves and in the wider security markets. With regard to the former, platformization remains a growing trend across markets. Vendors are offering one-stop shop and comprehensive offerings as a result of acquisitions or expanding capabilities. This includes digital trust powerhouses like Entrust and Fortanix, as well as giants in the Hardware Security Module (HSM) space like Utimaco and Marvell, with converged HSM forecast to be a particularly fast-growing space in the coming year. For more information on platformization as an increasingly popular business model, read this ABI Insight on Palo Alto’s platformization strategy.