We headed into RSA 2025 with a lot of questions—about AI agents, identity management, the future of SIEMs, and the growing tension between consolidation and innovation. After a week of booth visits, backchannel conversations, and real talk with CISOs and founders, we came away with a clearer view of where things are heading—and where they’re still murky. 

Here’s what stuck with us. 

What We Heard on the Ground 

The Expo floor was loud, and mostly saying the same thing 
There were 656 booths at RSA this year, and if you took the logos off most of them, you’d be hard-pressed to tell one from the next. Across identity, cloud, and application security, the messaging was strikingly similar. 

Even practitioners we talked to said differentiation was hard to spot from a glance. Messaging alone wasn’t cutting it, buyers were relying more on product walkthroughs and seeing how tools integrated into their stacks. 

That said, a few vendors clearly stood out.

As expected, booths for Wiz, Chainguard, and Cribl were consistently buzzing with real practitioner engagement. These are three of the most anticipated players in the space, and they delivered—more a “Yep, still true” than a surprise. Everyone else was fighting for oxygen. 

Cloud security is evolving from visibility to prioritization 
We’ve been thinking a lot about alert fatigue, and CISOs confirmed it: they don’t want more alerts, they want better prioritization, “I have too many alerts, I don’t need more – I need to know what to prioritize and when.” The next evolution of cloud security isn’t just about seeing everything; it’s about knowing what to do first. It feels less like a category shift and more like an evolution of expectations. 

Exposure management is the phrase we kept hearing, and automated remediation, while attractive in theory, is still viewed with some skepticism at scale. 

AppSec and CloudSec are converging 
Application and cloud security have historically been treated as distinct domains. But this year showed signs of convergence. 

Wiz’s launch of Wiz Defend and Upwind’s acquisition of Nyxt point to a growing desire for unified security coverage across layers. A few vendors and practitioners floated the term, Cloud Application Detection & Response (CADR),to describe this merging space. 

It’s still early, but the convergence is worth watching. 

Next-Gen SIEMs are gaining traction, but not as Splunk replacements 
We came in wondering how far the Splunk fatigue had spread. The answer? Pretty far. Big booths from incumbents like Splunk and Elastic were quiet, while newish players like Cribl, Databahn, and Hunters were buzzing. 

Still, most buyers weren’t looking to rip and replace. Instead, the opportunity seems to lie in building around the incumbents. Specifically, tools that make data pipelines cheaper, smarter, and easier to manage, rather than trying to rebuild the whole SIEM. 

Identity management is facing an inflection point 
With AI agents, ephemeral workloads, and non-human users exploding across systems, identity frameworks built for persistent human users are showing their age. There’s no consensus on whether the answer is permissioning agents like apps or treating them like users, but everyone agrees the current approach isn’t built for what’s coming. Not to mention, incumbents will need a fundamental rearchitecture to handle it.  

AI-powered SOCs are the most credible near-term AI use case
While AI was everywhere, the most grounded use case we saw was within Security Operations Centers (SOCs). 

Teams are leaning into AI for triage, alert summarization, and investigation support, not full automation. It’s one of the few areas where AI pitches felt connected to real workflows. 

Platform consolidation is happening — but within categories 
Buyers aren’t necessarily slashing vendors across the board. Instead, they’re consolidating within categories, choosing one strong AppSec platform instead of five point tools, for example. The result: fatigue is pushing buyers toward depth over breadth. 

Agent governance is the next unknown 
How do you manage permissions for agents acting on your behalf? The debate is still wide open. Some teams are leaning toward traditional permissioning; others argue identity-based frameworks are the better model. Startups like Zenity are starting to tackle this head-on, but it’s unclear whether this will be its own category or a feature absorbed by incumbents. 

Security Awareness Training Has Quietly Re-Entered the Chat 
It’s not sexy, but like the Backstreet Boys, it’s back. As threat vectors evolve (especially with AI), more companies are revisiting this category, not just as a compliance check, but as a real layer of defense. 

Questions We’re Still Asking 

• Can exposure management carve out a durable category, or is it just the next feature set? 
• Will identity platforms evolve fast enough to handle ephemeral, Non-Human Identities like Agents , or will they get leapfrogged? 
• What’s the right wedge in SIEM; building smarter around the platform, or trying to replace it outright? 

Final Takeaways 
RSA reminded us that the real insights rarely come from keynote stages or polished demos. This year, they showed up in quiet moments; hallway catch-ups, CISO roundtables, and the unscripted honesty that only happens offstage. 

We co-hosted a CISO Speakeasy with Ridge Ventures and Prompt Security at San Francisco’s prohibition-era House of Shields, a perfect setting for real talk over strong drinks. Our goal? Buy a round for everyone who’s ever watched an employee paste sensitive data into ChatGPT to “polish up that email.” Huge thanks to Banc of California and Allied Advisers for helping us make that happen. 

But in a year dominated by copy-paste messaging and AI buzzwords, what mattered most were the real conversations, especially the ones offstage.  

We came in curious. We left more confident in what deserves a second look. 

This article is for informational purposes only and does not constitute investment advice. Views expressed represent the opinions of Jump Capital. Jump Capital may have investments in or pursue investments in the security technology sectors and companies discussed. References to specific companies do not constitute investment recommendations.