Secnomic

The Rise of AI Agents in Cybersecurity: Insights from RSA Conference 2025

Aviad Chen — Mon, 12 May 2025 19:51:55 +0000

RSA Conference 2025 in San Francisco confirmed that AI agents are rapidly transforming cybersecurity, moving from simple copilots to autonomous systems capable of executing complex, multi-step tasks. This shift is already reshaping how organizations detect, respond to, and manage cyber threats, but the journey toward full automation, where AI can not only identify but also fix issues without human intervention, is still underway.

Fields Where AI Agents Are Shaping Cybersecurity

AI agents are now active across a growing number of cybersecurity domains, each with distinct capabilities and examples from RSA 2025:

1. Security Operations Automation

AI agents are streamlining security operations by handling repetitive tasks, triaging alerts, and automating incident response workflows. For example, several vendors at RSA showcased agents that can autonomously investigate threats, summarize incidents, and escalate only the most critical cases to human analysts, freeing up valuable time for more complex investigations^[1][2][3].

2. Identity and Access Security

With identity-based attacks on the rise, AI agents are now central to monitoring and protecting digital identities, including non-human identities in cloud environments. These agents analyze behavioral patterns to detect anomalies, automate access reviews, and enforce zero trust policies, helping organizations defend against credential theft and privilege misuse^[3][4].

3. Threat Intelligence and Hunting

AI agents are used to aggregate threat intelligence from multiple sources, identify emerging attack patterns, and proactively hunt for threats in enterprise environments. At RSA, new tools demonstrated the ability to correlate threat data in real time, providing analysts with actionable insights and reducing time-to-detection^[1][2].

4. Phishing Defense and Security Awareness

Autonomous agents are replacing static security awareness training with real-time, personalized coaching. For example, Abnormal AI introduced an “AI Phishing Coach” that simulates attacks and provides immediate feedback to users, significantly reducing risky behaviors^[2].

5. Data Security and Compliance Automation

AI agents are increasingly tasked with automating compliance checks, managing security documentation, and ensuring sensitive data is handled according to policy. These agents help organizations surface the right information for audits and streamline security reviews, reducing manual effort and improving transparency^[3].

6. Cross-Platform Orchestration

Some AI agents showcased at RSA can coordinate actions across multiple security tools and platforms, such as triggering responses in IT service management systems or updating firewall rules, enabling a more unified and adaptive defense posture^[1][4].

The Unresolved Challenge: Closing the Remediation Gap

Despite these advances, true end-to-end automation, where AI agents not only detect different types of security findings (software vulnerabilities, cloud misconfigurations, etc.) but also remediate them without human intervention, remains out of reach. Several technical and operational hurdles stand in the way:

Complexity of Real-World Environments: Remediation often involves modifying code, reconfiguring systems, or deploying patches. These tasks require deep contextual understanding, creativity, and the ability to anticipate unintended consequences, capabilities that current AI agents lack^[1][5].
Security and Governance Risks: Autonomous actions by AI agents can introduce new vulnerabilities or disrupt business operations if not properly governed. For example, misconfigured or overly permissive agents could inadvertently escalate privileges or expose sensitive data^[6][5][7]. Proper authentication for AI Agent tools and one-time access are being used to make sure AI Agents are secured by default.
Attack Surface Expansion: AI agents themselves become new targets for attackers, who may exploit vulnerabilities in agent logic, prompt injection, or tool integrations to subvert their behavior or gain unauthorized access^[6][5]. New AI protection vendors and emerging security best practices for AI Agents are focused on addressing this issue.
Integration and Data Quality Issues: Effective remediation often requires seamless integration with development and IT systems, as well as access to high-quality, unified data – something many organizations still struggle to achieve^[3]. The new advantages in AI Agent tooling and MCP can bridge this gap.
Technical Limitations: While existing LLMs can generate or fix code snippets, they often fail when lacking the full context, especially in large codebases. Without a clear understanding of the surrounding logic, dependencies, and security requirements, they are prone to introducing errors or insecure implementations. To effectively address complex security issues, models must be provided with well-scoped context and guided with precise, structured instructions.

Looking Ahead: Realizing the Promise of AI Agents in Cybersecurity

RSA 2025 made it clear that the journey toward fully autonomous cybersecurity is still unfolding, but the trajectory is clear. AI agents are no longer theoretical – they are already detecting threats, managing incidents, and offering strategic insights with impressive speed and scale. The next frontier is empowering them to not only identify and triage problems but also solve them by writing secure code, reconfiguring systems, and verifying that fixes are safe and effective. Achieving this vision will require advances in AI reasoning, stronger governance frameworks, and tighter integration between security, engineering, and IT teams.

To get there, we need to think of AI agents not as standalone tools but as collaborators, working alongside security teams and developers. By embedding them directly into development workflows, training them on real-world remediation strategies, and designing them to operate under human oversight, we can begin to bridge the remediation gap safely and effectively.

The future will likely be built on hybrid systems: AI agents that handle the tedious and time-consuming aspects of cybersecurity while humans steer complex decisions and edge cases. With continued investment in agent architecture, safety frameworks, and cross-functional collaboration, we can accelerate toward a world where security is not just reactive but also continuously self-healing.

This vision isn’t science fiction – it’s within reach. The foundation has been laid. This is the frontier that industry leaders and innovators are now racing to reach, as highlighted throughout RSA 2025. Now it’s time to build on it.

References

The post The Rise of AI Agents in Cybersecurity: Insights from RSA Conference 2025 appeared first on Secnomic.

Why Now?

Maor Goldberg — Sun, 30 Mar 2025 06:31:18 +0000

Timing is everything. In sports, a fraction of a second could determine victory or defeat.

The post Why Now? appeared first on Secnomic.

The State of Remediation: Why Security Backlogs Keep Growing

Eran Leib — Sat, 22 Mar 2025 11:52:18 +0000

In the ever-evolving world of cybersecurity, organizations are facing an overwhelming challenge: the growing backlog of unresolved security findings. Despite advances in detection technologies, the gap between identifying security findings and remediating them continues to widen.

Security Findings?

Let’s define what we mean by Security Findings. Sometimes also referred to as vulnerabilities, these security findings are detected by various tools that scan an organization’s code repositories, infrastructure, applications, and cloud environments. Tools like SCA (Software Composition Analysis), SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), CNAPP (Cloud-Native Application Protection Platform), and CIEM (Cloud Infrastructure Entitlement Management) uncover weaknesses such as:

Code vulnerabilities: Flaws in application code or third-party packages that can be exploited by attackers.
Configuration issues: Misconfigurations in cloud environments, servers, or applications that expose systems to unnecessary risk.
Identity-related exposures: Weak credentials or improperly managed permissions that attackers can exploit.
Exposed secrets: Issues that arise when tokens and secrets are exposed in code and configuration or not rotated regularly.

Resolving these findings is critical for maintaining a secure posture, yet they often pile up faster than organizations can address them. Most of the problem lies not in detection but in what happens next.

Security Team’s Catch 22: Responsibility without Ownership

Security teams are responsible for security. They detect, triage and prioritize findings using these tools, but here’s the catch—they don’t own the code, configurations, or infrastructure they’re responsible with securing. Additionally, in most cases, they won’t know how to fix it or what would be the after effect of any of the changes.

Instead, security teams must pass these findings to engineering teams, software developers or platform engineers, who have the authority and knowledge to implement fixes. However, this handoff is fraught with challenges:

Volume Overload: Security tools generate an overwhelming number of findings.
Collaboration Gaps: Security teams often “throw findings over the fence” to engineering teams without clear ownership or actionable context.
Proving Urgency: Security teams must either convince engineering teams to prioritize fixes or justify delays to auditors by downplaying the severity of unresolved issues.

These dynamics create friction between teams and slows down remediation efforts. Most organizations report limited collaboration between security and development teams and some even describe their relationship as counterproductive.

Why Backlogs Keep Growing

AI-Powered Threats

The rise of AI-driven cyberattacks has exacerbated the problem. Malicious actors now use AI agents to automate vulnerabilities and weaknesses discovery at an unprecedented scale:

AI tools identify new vulnerabilities, weaknesses and exploits faster. Just 2 years ago the rate was 2000 a month – now it’s closer to 3000.
AI tools start leveraging and combining these findings together, crafting sophisticated exploits that would be harder to evade.

This surge further outpaces human capacity for remediation. As attackers get faster and smarter, organizations fall further behind.

More Security Tools Highlight The Paradox of Progress

Security vendors employ skilled researchers and analysts to uncover new findings and exploits, which is undeniably beneficial for advancing cybersecurity. However, this constant discovery process feeds into an ever-expanding list of issues that organizations must address:

Each new finding adds to the pile, making it harder for security teams to prioritize and remediate effectively.
The result is a cycle where the tools meant to protect systems also amplify the remediation burden often resulting in analysis/paralysis.

Working Around Remediation: The Management Overhead

Even before actual remediation actually starts, security teams often find themselves bogged down by management overhead, which diverts time and energy away from actually resolving findings.

Triaging Alerts: Security teams spend considerable time reviewing and categorizing alerts to determine their validity and priority. This process is often manual due to lack of trust in the tools’ judgement.
Identifying Issue Owners: A significant challenge in many organizations is identifying who owns the responsibility for fixing specific issues. This lack of clear ownership leads to delays as teams spend valuable time determining who should address each issue.

Remediating Findings: A Treacherous Road

Remediation is a high-stakes balancing act between security and stability. Fixing findings isn’t just about bumping versions or a simple configuration change. It is about navigating dependencies, handling breaking changes and their consequences, and ensuring business continuity. Any single fix can cascade into failures across interconnected systems.

Validating fixes adds another layer of complexity. Ensuring that fixes effectively address findings without introducing new issues or breaking functionality. This often involves rigorous testing (hopefully) across multiple environments, which is time-consuming, resource-intensive and in most cases involves a lot of failures along the way.

Prioritization – A False Sense of Security

Prioritization is often introduced as the solution to managing the overwhelming number of security findings that organizations struggle to address. However, prioritization doesn’t solve the problem—it exacerbates it. It blindsides many vulnerabilities by pushing them down the list, ignoring critical context and leaving organizations exposed to risks that aren’t immediately visible or that are simple and easy to solve.

The Numbers Game: Overwhelmed by Volume

Organizations now face thousands—or even millions—of findings annually. This avalanche of data is the growing backlog that teams cannot feasibly remediate within their current capacity (and probably never will). Despite automation efforts and prioritization frameworks, the backlog continues to grow because prioritization addresses symptoms rather than the root cause.

So Why False Sense of Security?

A false sense of security emerges when organizations focus exclusively on a small number of prioritized findings while ignoring the larger backlog. With an overwhelming number of issues identified, prioritization often narrows attention to the most critical findings. While resolving these provides a sense of progress, it masks the reality that the majority of findings remain unaddressed. This selective approach can create an illusion of safety—“We’ve fixed the important ones, so we’re fine”—when, in truth, the broader attack surface is still exposed. The sheer scale of unresolved findings means attackers have plenty of opportunities to exploit weaknesses that were deprioritized.

Why a Growing Backlog is Detrimental

Resource and Risk Implications

Resource Drain: Managing backlogs diverts resources from strategic initiatives, leading to firefighting rather than proactive security.

Increased Risk: Unaddressed findings broaden the attack surface, complicating remediation and increasing compliance risks.

In summary, inaction on security backlogs leads to financial, operational, and reputational consequences, ultimately increasing vulnerability to cyber threats and impacting business resilience.

The Cost

Direct Costs: Breaches average $7.29 million, covering investigation, legal, and notification expenses.

Indirect Costs: They harm reputation and revenue, disrupt operations, and can incur major regulatory fines (e.g., GDPR).

Why Existing Remediation Approaches Fall Short

While many organizations have implemented various remediation strategies, these approaches often fail to address the root causes of the growing security backlog. Here’s why current solutions just don’t cut it:

Process Management: A Band-Aid Solution

Many remediation approaches focus on managing the remediation process itself. While this can improve efficiency to some degree, it fails to address the fundamental issues of volume and velocity.

Process management alone cannot keep pace with the exponential growth of security findings, especially given the rise of AI-powered threats.

Generic Solutions Lack Trust, Adoption and Velocity

Existing remediation tools often suggest fixes, but these solutions frequently fall short for two key reasons:

Lack of Specificity: Generic solutions fail to account for the unique aspects of an organization’s infrastructure and codebase. This one-size-fits-all approach often leads to:

Incompatibility with existing systems
Potential introduction of new findings
Resistance from engineering teams who understand their systems better

Insufficient Explanation: Many tools provide fixes without adequate context or reasoning. This lack of transparency:

Erodes trust between security and engineering teams
Fails to educate engineers on security best practices
Leads to reluctance in implementing suggested changes

Low Velocity: Existing remediation processes are often too slow because they rely heavily on manual work. This manual approach leads to:

Inability to Scale
Human Error and Inconsistency
Inability to handle the volume

Will It Break?

A critical shortcoming of current remediation approaches is their inability to guarantee operational continuity:

No existing solution provides a robust way to verify that systems will continue functioning without interruption after implementing security fixes.
This lack of assurance leads to:
- Hesitation in applying patches, especially for critical systems.
- Increased dwell time for vulnerabilities as teams conduct manual testing.
- Potential for unexpected downtime or performance issues post-remediation.

These limitations highlight the need for a more comprehensive, trust-building approach to remediation that addresses not just the symptoms but the underlying causes of the growing security backlog. Future solutions must focus on fostering collaboration between security and engineering teams, providing context-aware fixes, and ensuring operational stability throughout the remediation process.

A New Era of Security: Autonomous Remediation

The current state of remediation is unsustainable. Security backlogs grow daily, fueled by detection tools that outpace manual processes. Prioritization, while helpful, fails to address the root problem: the inability to act at scale. The solution lies in autonomous remediation—a transformative approach that bridges the gap between detection and action.
Secnomic’s AI-powered agents embody this shift, automating the resolution of vulnerabilities with speed, precision, context-awareness and verification. These agents don’t just prioritize—they fix. By implementing verified code and configuration changes autonomously, Secnomic eliminates backlogs, reduces exposure windows, and scales effortlessly to meet the demands of modern environments.
Autonomous remediation isn’t just a technological leap; it’s a strategic necessity. It turns security from reactive firefighting into proactive resilience. With Secnomic leading the way, organizations can finally close the loop on remediation, ensuring robust defenses while empowering teams to focus on growth and innovation. The future of security starts here.

The post The State of Remediation: Why Security Backlogs Keep Growing appeared first on Secnomic.

CrowdStrike and AWS Select 36 Startups for 2025 Cybersecurity Accelerator, with Support from NVIDIA

Barak — Mon, 24 Feb 2025 06:43:12 +0000

The post CrowdStrike and AWS Select 36 Startups for 2025 Cybersecurity Accelerator, with Support from NVIDIA appeared first on Secnomic.

Secnomic Tackles Enterprise Security Backlogs With AI

Barak — Wed, 05 Feb 2025 06:24:18 +0000

The security startup's autonomous security remediation platform uses off-the-shelf large language models (LLMs) to analyze security alerts and apply the fixes.

The post Secnomic Tackles Enterprise Security Backlogs With AI appeared first on Secnomic.

Secnomic automatically remediates security vulnerabilities

Frederic Lardinois — Thu, 30 Jan 2025 14:45:00 +0000

Secnomic, a new security startup that uses AI agents to automatically remediate security vulnerabilities, is coming out of stealth with a $9 million seed round led by StageOne Ventures.

The post Secnomic automatically remediates security vulnerabilities appeared first on Secnomic.