IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

RSAC 2023: Generative AI Takes the Cybersecurity Industry by Storm

Yes, generative AI stole the show at RSA Conference 2023 in San Francisco last week. Here’s a roundup of the top news from the biggest cybersecurity conference in the world.

The entrance to a convention center in San Francisco with the RSA Conference 2023 logo above the doors.
Moscone Center, San Francisco
Dan Lohrmann
With almost 50,000 people registered for the latest version of the RSA Conference in San Francisco this past week, the title of largest cyber event in the world was secured for another year.

But what else was secured (pun intended)?

Discussions all week centered around questions like: What new developments were hottest? What technologies kept coming up in conversations? Who were the top speakers? How will cyber trends change our future?


To jump right in, the coverage of RSAC 2023 was predictably huge. Here are some of my favorites:


Security Week:

InfoSecurity Magazine (U.K.): (Note: I love all the #RSAC coverage from Beth Maundrill, but here are some samples):



For those who don’t remember, back in 2006, IBM came out with their famous “pixie dust” commercial:
Fast-forward 17 years and many people now believe that generative AI is “the new pixie dust.”

Axios reported that “Generative AI blitz hits cyber industry’s biggest conference”:

“Generative AI’s impact on cybersecurity is likely to be much bigger than what we’ll see at RSA throughout the week.
  • Generative AI has the potential to enable security products to better detect advanced phishing attacks, proactively scan networks for suspicious activity, and automatically "fight back" against ongoing attacks, Avivah Litan, distinguished vice president analyst at Gartner, told Axios.
  • Most current uses of AI in security are still reactive to threats, rather than offensive, Litan added.

“Yes, but: Gartner and other consulting firms recommend companies hold off on using ChatGPT for code generation, code security scanning and secure code reviews since large language models still struggle to write clean code and are prone to misinformation.
  • ‘You have to treat an AI model as a new vector, so anything going in and out of the model directly needs special toolsets to scan for vulnerabilities,’ Litan said.”

This article does a nice job of describing developments in generative AI in the cyber industry. Here’s an excerpt:

“The cloud computing industry’s growth has led to ample opportunities and challenges. At this week’s RSA Conference in San Francisco, the focus remained on generative artificial intelligence, with some uncertainty about its involvement in recent hacks.

“The technology will likely become increasingly relevant as it develops further, but these tools still need a lot of work, according to Sarbjeet Johal (pictured), founder and chief executive officer of Stackpane.”

On the contrarian side, Jack Poller from TechTarget said this:

“As strange as it may sound, I’ll be wandering the expo halls looking for vendors that do not shout about AI and machine learning, generative AI or chat AI. I’ve complained before about AI washing, and I’ll say it again: Adding AI to your product is not like sprinkling magic pixie dust, and it doesn’t create the perfect solution.

“We have to use the appropriate tools at the appropriate places to do the appropriate things. Adding AI and ML — especially a chat interface — won’t help if they hinder the workflow. Or worse, it can hurt if the AI lies to you, as the current incarnations of ChatGPT sometimes do today.”


The Register described a presentation given by the Acting National Cyber Director Kemba Walden:

“Walden met with reporters at the RSA Conference in San Francisco, and securing cyberspace in outer space was one of the topics of discussion.

“‘We are all aware that the first ‘shot’ in the current Ukraine conflict was a cyberattack against a US space company,’ Walden said, referencing Russia’s attempt to jam SpaceX’s Starlink, which was using its satellite constellation to deliver internet connectivity to Ukraine.

“‘The White House is deeply committed to driving efforts to enhance space systems cybersecurity, recognizing that the incredibly complex and unique space ecosystem requires a very close public-private partnership, given the pace and scale of private-sector innovation,’ Walden continued.

“Cyberthreats against space systems now include nation-state threat actors like China and Russia, and even acts of war, as was evidenced by the Starlink and Viasat cyberattacks. Securing these systems is a multi-faceted challenge that spans domains, components and both public and private organizations. As such, the solution will require a collaborative approach, Walden told reporters.”

For me, the demo provided by Microsoft on their new Security Copilot product was very compelling and impressive. It was also nice to meet the Security Copilot product manager at the booth as well.

IT Pro Today offered this article which describes RSAC Innovation Sandbox finalists: “HiddenLayer, an AI application security startup from Austin, Tex., won RSA Conference 2023’s Innovation Sandbox contest, beating out finalists with solutions for everything from threat detection to privacy compliance and polymorphic encryption.

“HiddenLayer’s machine learning detection and response (MLDR) platform is designed to attack the problems that AI can exacerbate, according to co-founder and CEO Chris Sestito.

“‘Artificial intelligence is the fastest-growing technology the world has ever seen, but unfortunately for us, it’s also the most vulnerable,’ Sestito said. ‘At HiddenLayer, we predict that in less than three years, protecting AI will be a bigger societal need than protecting operating systems.’”


Overall, this was another exhausting and fascinating RSAC event and was another great opportunity to network with industry peers and meet with partners, colleagues, government pros and other clients. I think the opportunity to strengthen and renew relationships is the best part of the show.

I always enjoy public-sector day on Monday. Here’s a picture from that event:
One person standing on a stage at a podium talking into a microphone while looking to their left, where there are three people seated at a table on teh stage with microphones in front of them. Photo taken from the audience.
Publis Sector Day, RSAC 2023
Dan Lohrmann
When I returned to Michigan, I saw an intriguing Wall Street Journal article on Friday entitled, “I Cloned Myself With AI. She Fooled My Bank and My Family.” While the article (and video) shows the current state of online AI scams may still need some work, the scary potential for using AI against us is also clear.

I do think generative AI will be transformative for our cyber industry over the next 12 months. As a nod to that, I decided to allow ChatGPT to write the headline for this article. It’s not too bad.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.