RSAC 2025 - Key Trends from 100s of ‘Hackers & Threats’ Talk Submissions

Just before the end of 2024, the Hackers & Threats Program Committee met to review hundreds of submissions for the track for RSAC 2025 Conference.

I want to first thank all of those who submitted their amazing ideas; between regular and advanced we have to get hundreds of submissions down to just a couple dozen sessions. The cut is harsh, but there really were so many great submissions, it truly is a privilege to read them all.

So, what were all of these amazing minds predicting will be the next key hacks and threats?

Big focus on AI

There is little surprise that AI and more pertinently generative AI (Large Language Models - LLMs) were dominant across so many of this year's submissions. The scope of these submissions scales across these main categories:

  • Compromising LLMs and their data: Some examples included prompt injection techniques, jailbreaking methodologies, guard rail bypasses, and of course how to stop them. How to leverage/create biases in the data models, how to use no or low code so that you can gain access to the data, how to poison the data.
  • Using LLMs to attack: These included deepfake generative tools and how they are becoming a part of broader compromise strategies, LLM jacking in the cloud, how LLMs can enable access to sensitive data through their public interfaces, how LLMs can gather statistical data that can be used for extortion, and of course, how LLMs are being used to create a new iteration of malware generating toolkit.
  • How cybersecurity tools and experts are leveraging LLMs to prevent cyberattacks: Examples of these looked at how to help detect malware binaries, APTs, command and control traffic, or engaging with adversaries in honeypots to gather intel on the threat actors.

Thankfully as much as AI & Generative AI are becoming ubiquitous, we had plenty of submissions that weren’t centered on the topic. So, what else was topical for 2025?

Vulnerabilities

As always, there were many submissions around vulnerabilities, but a few areas showed increased focus:

  • While cloud, DevOps, and API vulnerabilities continue to be areas of focus, this year there was a clear double down on Kubernetes.
  • There’s a renewed focus on OT and IoT vulnerabilities which continue to expose homes, smart offices, and industrial control systems as traditional pen testing techniques may not be fit for this space.
  • There is no great surprise that there were a number of submissions around the use of User versus Kernel mode following the Crowdstrike incident. These submissions, and more generally businesses, are challenging the minimally viable or right level of permissions required for security products and the contingency plans when errors occur both from a security vendor and customers perspective.
  • Finally, and not surprisingly, the committee saw a strong focus on identity and authentication, leveraging both human and non-human vulnerabilities. Examples include residential proxies, OAuth, DMARC, and the latest versions of Entra ID, among others.

Threats

Interestingly, while the volume of submissions discussing ransomware innovations decreased, there was plenty focusing on ways to mitigate it. Maybe I’ve been in the industry too long, but the submissions didn’t really show any major shifts in techniques. Instead, submissions focused on evolutions in the threats and techniques we have been seeing for the last few years and how they can be adapted for newer or different technology platforms. This spanned from cloud attacks, APTs, InfoStealers, nation state attacks, network edge attacks, voice/deepfake attacks, supply chain, GitHub/DevOps, Identity, and of course mobile and IoT/OT attacks. Within these were both some very rich technical deep dive sessions and a lot of great research all of which I know will leave us with some great sessions for attendees to enjoy.


Takeaways & Actions

I don’t think I have ever seen more acronyms in the submissions than we had this year which makes me wonder how many were edited by GenAI tools?

Also interesting was the ongoing discussions around boundaries, just how far should offensive cybersecurity go, should citizens actively engage in such practices?

If I were to try and identify just one theme that stood out across both the threats and vulnerabilities space it would come down to various identity-based exploits. Exploiting human and non-human credentials and how they are managed, as well as how to hunt for such exploits was a big theme this year. From traditional account takeover attacks, more complex cloud manipulation, through IT/OT and mobile-based identity attacks to the actual IDAM tools themselves, it’s clear we still have a long way to go when it comes to improving authentication and identity management.

Like it or not AI is becoming a part of everything we do, and as such I would suggest that we are still at the infancy of how it can be used, how the adversary will find ways to exploit it, and of course how cybersecurity tools and techniques can identify and subvert such attacks.

If I can give one action for 2025 it would be to review how AI is being leveraged in your businesses, understand the impact this has on your cyber risk profile. From a strategy and capabilities stance, ensure you get under the hood, whilst AI has been around now for many years, take the time to understand how and why a security capability is claiming to use AI. Any good cybersecurity capability is probably using multiple layers of AI, and the innovation in this space will likely continue to be the biggest shift in our industry for the years to come. I’m sure the annual Innovation Sandbox contest, which is always one of my personal favorites at RSAC, will include capabilities that all are claiming to leverage innovative new AI capabilities.

Whether you are new to the industry or a veteran, RSAC is one of the best ways to get educated on all that's happening in the cybersecurity world, as the content spans from 101 basics to some very rich technical deep dives.

As a committee member I will be there, do come and find me at the Cybereason booth, I would welcome your feedback on the sessions. Follow me on LinkedIn and other social media channels to hear more both before and during RSAC. I really hope you get to attend; it’s one of my favorite events for the year. If you haven’t submitted to speak before, do consider submitting for RSAC 2026. Everyone has some amazing insights to share, and we all learn through collaboration and exchanging knowledge!

Greg Day
About the Author

Greg Day

Greg Day is a Vice President and Global Field CISO for Cybereason in EMEA. Prior to joining Cybereason, Greg held CSO and CTO positions with Palo Alto Networks, FireEye and Symantec. A respected thought leader and long-time advocate for stronger, more proactive cybersecurity, Greg has helped many law enforcement agencies improve detection of cybercriminal behavior. In addition, he previously taught malware forensics to agencies around the world and has worked in advisory capacities for the Council of Europe on cybercrime and the UK National Crime Agency. He currently serves on the Europol cyber security industry advisory board.