RSAC 2025: AI Is Changing Everything For Security — Except The Hard Problems

The arrival of software powered by GenAI and agentic technologies will radically transform the way that all organizations will need to approach cybersecurity, the CEOs of Palo Alto Networks and SentinelOne said during keynotes Tuesday.

The massive shift in cybersecurity that will be required in coming years to respond to the arrival of software powered by GenAI and agentic technologies is now coming into view — and there’s no doubt it will be a tall order, the CEOs of Palo Alto Networks and SentinelOne said during keynotes Tuesday.

Palo Alto Networks CEO Nikesh Arora (pictured) spoke during an event held by the vendor just outside the RSA Conference 2025 in San Francisco, while SentinelOne Co-Founder and CEO Tomer Weingarten gave his inaugural RSAC keynote address on stage Tuesday at RSAC 2025.

Both CEOs, with their own distinct angles, sounded a warning about the amount of change that is coming to the cybersecurity space in the next few years as software applications increasingly revolve around GenAI and agentic.

The implications are so significant because, within the next three to five years, “almost every SaaS application that we know today is going to have a different manifestation,” Arora said during Palo Alto Networks’ “Hello Tomorrow” event in San Francisco Tuesday.

“A lot of the UI that we know today as our UI, or our frontend for SaaS, is going to have to morph,” he said. “Some of them will have AI assistants. Some of them will have AI agents that will talk to other agents. A lot of the UI that we know today as our UI, or our frontend for SaaS, is going to have to morph.”

But as that comes about, “that means we’re all going through a large transformation, whether we’re a tech company or we’re not a tech company,” Arora said. “In that transition, we’re going to be looking to see, how do we take the fundamental building blocks of AI and embed them in everything we do?”

As a result, “the whole idea of security will change. [You’ll have to] constantly test those models, test those applications, and make sure they’re not going to go rogue on you in some way, shape or form,” he said. “It’s that kind of thinking that needs to be deployed amongst the entire cybersecurity industry.”

This will require, among other things, the need to figure out how AI will change security products themselves, Arora said. Given that many cybersecurity tools are themselves delivered as SaaS today, “our products will become very different,” he said.

“At the same time, we also have to make sure we understand [that] when our products start building a mind of their own, a brain of their own — how does that impact what we do?” Arora said.

In his keynote on the RSA 2025 stage, Weingarten warned that the infrastructure needed for supporting the next phases of AI is far from being secure enough at this stage.

Even as the industry moves forward at full speed in the direction of agentic, some of the longstanding hard problems in security are not getting the attention they deserve, he said.

“Our infrastructure is still riddled with the same issues that have plagued us for years,” Weingarten said.

And yet, “we’re now onboarding an incredibly powerful technology [onto] those same foundations, in the form of AI,” he said.

“We have to take responsibility. We have to focus on what really matters, rather than the hype,” Weingarten said. “Everybody’s making huge claims. Let’s strip down these claims. Let’s focus on what’s real. There are no magic solutions.”

For instance, this shift to AI is taking place even as the long-running issues around software vulnerabilities have continued to proliferate, leading directly to many of the biggest cyberattacks that continue to impact businesses and consumers, he said.

Ultimately, “that’s what has to change,” Weingarten said. “Our ability to onboard safe technologies is hinging on us making infrastructure more resilient.”

There’s no doubt that organizations cannot ignore longtime, existing security challenges even amid the massive adoption of AI, said Daniel Kendzior, global data and AI security practice leader at Accenture, in an interview with CRN.

“There's this mountain of remediation that's sitting out there — which is going to become something that we know we have to deal with,” said Kendzior, who is also a managing director at Accenture, No. 1 on CRN’s Solution Provider 500. “That can't be something that we just stay idle on.”

At the same time, while the pace of adoption for AI is much faster than prior technology advancements, many of the questions for CISOs around prioritization of security resources are similar, he said.

“What's always challenging whenever there's something new and exciting is, how do I actually prioritize getting that [preexisting work] done — knowing that I need to allocate resources, to innovate, be a business partner on this top end of the stack,” Kendzior said.

The bottom line, he said, is that what’s really needed is a “restructuring of how we think about infrastructure.”