Commentary: San Francisso – After walking through the halls of RSAC 2025 for the past few days and talking to a cloud cybersecurity leader here, three takeaways smack me as the most important thing. First of all, I have a CISOS concern. Takeout: A transition to a preemptive tool to prevent problems before they occur. This contrasts with the focus on last year’s context, allowing SOC teams to find and respond to incidents faster. The context and prioritization remain open wounds and cloud security power of attorney, but the preemptive solution is better as it closes the gaps between the various features. Application security remains at the top of the attack vector list, accounting for 34% of violations. As for identity, many reports show that 70% of attacks use stolen credentials or NHI API keys. The attacker is logged in as saying he has not intruded. The latest Google Cloud Threat Horizons report for the first half of 2025 highlights the most important new threats that organizations must address to protect their cloud environment. The report identifies several vectors that pose serious risks, including service account utilization, identity-based attacks, cloud database vulnerabilities, and diverse attack strategies. These statistics recognize that cybersecurity leaders and many presenters discussed at RSAC are aware that AI and Gen AI need to remove attacks. On the Cyberleader breakfast panel I attended on Tuesday, Checkpoint’s new CEO, Nadav Zafrir, along with Genai, reflects the issue by saying that the attackers are at Disneyland. It has been revealed that the attack is either embedded in the app or forced by hackers using AI to promote attacks. They are usually identified individually. In fact, they are appearing as a single vast stroke trend representing a new threat landscape. Over the past decade, the cloud has become the preferred way to build, host and run apps. However, some of the most popular attacks go beyond the barriers between the apps you use and the cloud infrastructure. Recent attacks such as MoveIT forwarding violations, XZ UTILS backdoors, web application flaws or complex identity, Google Cloud Metadata Exposure via LOG4J, LOG4SHELL. All of these create massive disruption and leverage attack paths that share a common approach. This effectively compromises all layers of modern cloud applications, application workloads and cloud infrastructure. After all, there are plenty of tools. Is there any good news? Applying AI to combat these issues was the forefront and center of RSAC. Applying and maintaining security controls for cloud applications requires months and continuous labor-intensive efforts. A preemptive approach like the purple team test takes months to prepare and months to implement the missing controls. By the time they were finished, the applications and their infrastructure had changed to several times the efforts that were outdated. This makes it essential to find a better, automated way to do these exercises. I ran through the RSA exhibition hall and saw innovative companies getting AI to tackle almost all of these issues. AI and AI agents are ideal for automating manual iterative processes that are the result of a large number of alerts. This can stop operations and prevent effective cloud security. Companies who want to solve these problems should look for preemptive tools that cover the security, identity and AI of their cloud applications. Each contribution has the goal of bringing a unique voice to key cybersecurity topics. We strive to ensure that our content is of the highest quality, objective and non-commercial.
