Recap: RSAC 2025 brings more questions than answers

Since the Confidencial team returned from the 2025 RSAC, not much in the tech and security world has changed. The AI hype cycle remains intense, as organizations seek those killer use cases, and risk teams quietly hope everything goes smoothly.

We began the conference by discussing the convergence of two worlds: AI and security. Data is increasingly where they overlap. It’s probably no surprise, then, that data remains the persistent challenge underlying everything else, especially in making the AI moment meaningful to businesses.

Here are the biggest insights we gleaned at RSAC 2025.

1. Cloud providers still offer no clear path to data security.

Very little new this time around from the MSFT, AWS, and GCP teams. Their value proposition remains relatively simple: we’ll choose the LLM, you provide us with your data, and good (and secure) things will happen. In the AI era, customers are lining up for GPU compute, but they also need trust and transparency---not black-box promises around data security. Best practices and security leadership aren’t enough to change the fact that customers need to build and control their AI data pipelines.

LLM and AIaaS providers will only get smarter about security, but in the meantime, attackers are working overtime too. Confidencial adds a layer of portable, selective data encryption that protects information and demonstrates the importance of trust and transparency.

2. Lots of data compliance point solutions, still somehow missing the point.

As busy as security teams are preparing for AI, governance and compliance teams are probably working even harder. Many of those killer use cases depend on the data that these stakeholders are tasked with protecting. RSAC 2025 showcased numerous tools (data monitoring, leak detection, etc.) all aimed at the same root cause: organizations don’t know where their sensitive data is, or where it goes when it moves.

This is why the Confidencial approach brings so much simplicity and peace of mind to the stack. No matter what touches or takes the data, selective encryption enables both usability and security.

3. Everybody seems to be fighting the last security battle.

Ironically, many of the major cloud-native security providers and large platform vendors appeared somewhat out of touch this year. Like many security and risk teams, even technology builders are still trying to solve a next-generation ecosystem challenge with tools designed for traditional network and application security.

There’s always a risk of forgetting how the race to the cloud drove security teams crazy, as they tried to keep up with the rapid changes. The result was a lot of half-measures ineffectively applied. AI ecosystems need to be secured from the ground up on their own terms.

This means, of course, taking a step back to ensure that data classification and security are absolutely rock-solid. Confidencial does wonders here---no matter what comes next, that fundamental data protection remains in place.

4. Underwriters are working as hard as regulators.

Cyber insurance is now an essential component of the integrated risk strategy for many organizations; however, this coverage comes at a price. Not only are businesses paying high premiums, but cyber insurance providers are also dramatically increasing expectations around security minimums.

Organizations seeking to mitigate the cost and likelihood of risk must move beyond bare minimums with innovations like selective encryption. It’s one of those advanced encryption best practices that regulators love (and attackers absolutely can’t stand).

5. Persistent buzz around data automation

While it didn’t happen at RSAC, the March 2025 release of Markitdown 1.1 made life a whole lot easier for AI users and agentic workflows, providing developers with an easy way to enable the translation of over 30 file formats into a lightweight Markdown language that can be used by LLMs.

It’s a significant step forward for the industry, but it’s also big news for Confidencial. The move makes the hard work of getting unstructured files into LLM-readable format much more manageable and enables you to achieve powerful, Confidencial, selective tokenization and encryption faster.

6. Going forward: what’s next for DSPM as a verb and a noun?

RSAC closed as it opened, with the world caught between excitement and apprehension about the AI moment. Organizations are laser-focused on finding ways to create value while still keeping secure assets defended.

Before AI, security meant high walls and strong locks. But today, data is the perimeter—and it's constantly moving. DSPM (as a noun) promised visibility. DSPM (as a verb) now demands action: not just discovering sensitive data, but securing it, governing its use, and enabling responsible AI adoption.

The leaders won’t just monitor data risk. They’ll reduce it proactively, persistently, and at scale. Ask any SOC team or compliance officer – they don’t want more information, they want to be empowered to take action with the least clicks.

Legacy labelling and classification platforms can’t do this. Confidencial can.

Confidencial is the missing piece in your wobbly legacy data protection stack.

You’ve already labeled your sensitive data, but labeling alone isn’t protection. That’s where Confidencial comes in. Confidencial picks up where DSPMs leave off, providing you with two paths to more comprehensive (and streamlined) data protection. Your current architecture alone won’t get you there, but adding Confidencial will.

Easy Mode: fast and complete

Confidencial uses your existing data labels to automatically protect sensitive documents—no analysis, no delays. Data stays protected at rest, in transit, and during AI use. It’s the quickest way to turn your tagging into real peace of mind.

Advanced Mode: granular and intelligent

When you're ready to take protection (and AI-readiness) to the next level, Confidencial goes deeper. We treat your labels as a signal, then analyze flagged files to understand exactly what’s sensitive inside. From there, we apply field-level encryption to the data that matters most. It’s the smartest way to protect what you and your AI rely on, while keeping files usable and collaboration intact.

The conversation has started – let’s keep it going

What’s the answer now? All signs point to data protection. Confidencial helps you find some of the most important missing pieces of a next-gen strategy to secure your data while keeping it AI-ready.

Ready to learn how? We're ready to show you what Confidencial can do.