Last month, I spoke at RSAC, the world’s largest cybersecurity conference with over 43,000 attendees, and I can report that agentic AI was a dominant topic of conversation. From keynotes to coffee break discussions, everyone was debating the implications of autonomous AI systems on security operations. The fast rise and hype, a topic I covered in depth in “From Copilot to agent – AI is growing up, and CISOs need to be ready,” was at the top of most participants’ minds.
The explosion of AI agents over the past 12 months shouldn’t surprise anyone who follows the enterprise tech landscape. We are witnessing a fundamental shift in how businesses deploy AI — they’re evolving from more passive co-pilot tools managed by humans to active participants that understand their environment, make decisions and operate autonomously across an organization’s systems.
Market indicators point to massive growth ahead. Research and Markets projects the AI agent market will surge from $5.3 billion today to $216 billion by 2035 — a staggering 40% growth rate. Microsoft’s CTO recently confirmed this trajectory, noting that daily active users of AI agents within their ecosystem have “more than doubled” in the last year.
AI agent marketing was off the charts; integration not so much…
The marketing of AI agents was frankly overwhelming — virtually every vendor at RSAC claimed to offer an agentic AI solution. Whether it was AI management, compliance frameworks, identity mapping for agents or applications we haven’t yet conceived, the exhibition floor was a testament to how quickly this technology is transforming the security landscape.
However, over the past year, CISOs have struggled to integrate AI into security processes, balancing the efficiency promises of AI against rigorous testing requirements and security protocols. The central question remains: Are enterprise security leaders, who last year were just beginning to consider and adopt co-pilots, prepared to deploy autonomous AI systems throughout their environments?
More critically, how do organizations capitalize on the benefits of agentic AI, like automated security incident resolution, while addressing fundamental concerns around securing the agents themselves, establishing proper identity frameworks and maintaining organizational control?
The enterprise AI adoption roadmap
In my RSA presentation, I shared data on the current state of AI adoption in security solutions. While adoption will accelerate over the next 18 months, most organizations are taking a measured approach, elevating their AI capabilities one level at a time.
Rick Grinnell
One slide that I shared with the audience showed the output of a survey of prominent industry CISOs to understand the perceived adoption of AI within enterprise security solutions. The output of this survey demonstrated that enterprises have more AI adoption maturity in solutions including messaging, network and endpoint security. At the opposite end of the spectrum, IoT, risk management, compliance and training have seen less adoption of AI-based solutions. Other categories fall in between. Again, this is where AI-based solutions are perceived to have more adoption in the enterprise, not where AI-based solutions exist.
Opportunities in the AI security landscape abound
With so many potential applications that have yet to achieve adoption maturity, innovative startups have significant opportunities to establish first-mover advantages across several key domains. Some of the areas that were identified in my CISO survey are presented below.
Data loss prevention
Traditional DLP (Data Loss Prevention) approaches have typically been incomplete and are quickly becoming obsolete. Security teams have historically spent countless hours manually creating and updating policies to control access to sensitive data. AI-powered DLP solutions could offer adaptive, intelligent alternatives that provision access and respond to threats more dynamically without constant human intervention.
Identity and access management (IAM)
AI-native tools could revolutionize IAM with more sophisticated, automated and proactive capabilities. Unlike traditional systems, AI-driven IAM would provide enhanced security for human and non-human identities through real-time monitoring, anomaly detection and adaptive authentication – all while reducing false positives. AI could also be used to help identify “fake” candidates and remote employees, another favorite topic of conversation at RSAC.
Dynamic network segmentation
AI would bring transformative capabilities to network segmentation by analyzing traffic patterns, user behavior, device profiles and threat intelligence. Unlike static rule-based approaches, AI-driven systems could automatically adjust segment boundaries based on contextual factors like user roles, device security posture and application requirements, dramatically reducing manual configuration overhead.
Security operations centers
SOC teams are beginning to transition from reactive to proactive postures with AI assistance. By leveraging automation, predictive analytics and adaptive intelligence, AI-based solutions can anticipate threats before they materialize. These systems analyze historical data, threat intelligence feeds and dark web activity to forecast potential attack vectors, enabling security teams to implement defenses before exploitation occurs. In addition, AI can provide tremendous efficiency gains, processing many of the tickets that are not true security threats. For example, a typical SOC analyst may waste hours of their day evaluating employee emails flagged as phishing attacks that are purely spam.
As these AI security solutions mature, forward-thinking CISOs will need to actively evaluate how to augment or replace traditional processes with AI-powered alternatives.
The takeaway
This column started with my impressions of RSAC 2025, and I want to return to it. The overriding impression I found at this year’s RSAC was that organizations want security solutions that:
- Integrate seamlessly into existing systems
- Decrease manual or labor-intensive efforts
- Allow teams more time to focus on high-value initiatives
With the fast-growing use of AI agents, we are getting closer to a new business reality in which AI agents will play a key role in all forms of security workflows by automating repetitive tasks, overcoming the human ‘fatigue factor’ and moving more quickly and with greater precision to stem cybersecurity threats.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
Read More from This Article: AI agents were everywhere at RSAC. What’s next?
Source: News
