The Rise of AI Agents in Cybersecurity: Insights from RSA Conference 2025

RSA Conference 2025 in San Francisco confirmed that AI agents are rapidly transforming cybersecurity, moving from simple copilots to autonomous systems capable of executing complex, multi-step tasks. This shift is already reshaping how organizations detect, respond to, and manage cyber threats, but the journey toward full automation, where AI can not only identify but also fix issues without human intervention, is still underway.

Fields Where AI Agents Are Shaping Cybersecurity

AI agents are now active across a growing number of cybersecurity domains, each with distinct capabilities and examples from RSA 2025:

1. Security Operations Automation

AI agents are streamlining security operations by handling repetitive tasks, triaging alerts, and automating incident response workflows. For example, several vendors at RSA showcased agents that can autonomously investigate threats, summarize incidents, and escalate only the most critical cases to human analysts, freeing up valuable time for more complex investigations^[1][2][3].

2. Identity and Access Security

With identity-based attacks on the rise, AI agents are now central to monitoring and protecting digital identities, including non-human identities in cloud environments. These agents analyze behavioral patterns to detect anomalies, automate access reviews, and enforce zero trust policies, helping organizations defend against credential theft and privilege misuse^[3][4].

3. Threat Intelligence and Hunting

AI agents are used to aggregate threat intelligence from multiple sources, identify emerging attack patterns, and proactively hunt for threats in enterprise environments. At RSA, new tools demonstrated the ability to correlate threat data in real time, providing analysts with actionable insights and reducing time-to-detection^[1][2].

4. Phishing Defense and Security Awareness

Autonomous agents are replacing static security awareness training with real-time, personalized coaching. For example, Abnormal AI introduced an “AI Phishing Coach” that simulates attacks and provides immediate feedback to users, significantly reducing risky behaviors^[2].

5. Data Security and Compliance Automation

AI agents are increasingly tasked with automating compliance checks, managing security documentation, and ensuring sensitive data is handled according to policy. These agents help organizations surface the right information for audits and streamline security reviews, reducing manual effort and improving transparency^[3].

6. Cross-Platform Orchestration

Some AI agents showcased at RSA can coordinate actions across multiple security tools and platforms, such as triggering responses in IT service management systems or updating firewall rules, enabling a more unified and adaptive defense posture^[1][4].

The Unresolved Challenge: Closing the Remediation Gap

Despite these advances, true end-to-end automation, where AI agents not only detect different types of security findings (software vulnerabilities, cloud misconfigurations, etc.) but also remediate them without human intervention, remains out of reach. Several technical and operational hurdles stand in the way:

Complexity of Real-World Environments: Remediation often involves modifying code, reconfiguring systems, or deploying patches. These tasks require deep contextual understanding, creativity, and the ability to anticipate unintended consequences, capabilities that current AI agents lack^[1][5].
Security and Governance Risks: Autonomous actions by AI agents can introduce new vulnerabilities or disrupt business operations if not properly governed. For example, misconfigured or overly permissive agents could inadvertently escalate privileges or expose sensitive data^[6][5][7]. Proper authentication for AI Agent tools and one-time access are being used to make sure AI Agents are secured by default.
Attack Surface Expansion: AI agents themselves become new targets for attackers, who may exploit vulnerabilities in agent logic, prompt injection, or tool integrations to subvert their behavior or gain unauthorized access^[6][5]. New AI protection vendors and emerging security best practices for AI Agents are focused on addressing this issue.
Integration and Data Quality Issues: Effective remediation often requires seamless integration with development and IT systems, as well as access to high-quality, unified data – something many organizations still struggle to achieve^[3]. The new advantages in AI Agent tooling and MCP can bridge this gap.
Technical Limitations: While existing LLMs can generate or fix code snippets, they often fail when lacking the full context, especially in large codebases. Without a clear understanding of the surrounding logic, dependencies, and security requirements, they are prone to introducing errors or insecure implementations. To effectively address complex security issues, models must be provided with well-scoped context and guided with precise, structured instructions.

Looking Ahead: Realizing the Promise of AI Agents in Cybersecurity

RSA 2025 made it clear that the journey toward fully autonomous cybersecurity is still unfolding, but the trajectory is clear. AI agents are no longer theoretical – they are already detecting threats, managing incidents, and offering strategic insights with impressive speed and scale. The next frontier is empowering them to not only identify and triage problems but also solve them by writing secure code, reconfiguring systems, and verifying that fixes are safe and effective. Achieving this vision will require advances in AI reasoning, stronger governance frameworks, and tighter integration between security, engineering, and IT teams.

To get there, we need to think of AI agents not as standalone tools but as collaborators, working alongside security teams and developers. By embedding them directly into development workflows, training them on real-world remediation strategies, and designing them to operate under human oversight, we can begin to bridge the remediation gap safely and effectively.

The future will likely be built on hybrid systems: AI agents that handle the tedious and time-consuming aspects of cybersecurity while humans steer complex decisions and edge cases. With continued investment in agent architecture, safety frameworks, and cross-functional collaboration, we can accelerate toward a world where security is not just reactive but also continuously self-healing.

This vision isn’t science fiction – it’s within reach. The foundation has been laid. This is the frontier that industry leaders and innovators are now racing to reach, as highlighted throughout RSA 2025. Now it’s time to build on it.