Let’s cut through the hype. If you’re heading to RSA this year, brace yourself for two unavoidable topics dominating every hallway conversation, afterparty rant, and vendor pitch: Wiz’s cloud power play and the slow-motion implosion of Generative AI’s security promises. Oh, and enough free socks to clothe half of San Francisco. Here’s what matters—and what nobody else will say outright.
1. Wiz vs. The Multi-Cloud Reality: A CNAPP Reckoning
Let’s start with the elephant in the Moscone Center. Wiz’s meteoric rise is hitting its first real friction—and it’s not just about feature gaps. The open secret? If you’re all-in on Google Cloud (GCP), life’s peachy. But for the 83% of enterprises juggling multiple cloud environments, the cracks are showing.
- The GCP-or-Bust Pressure: Expect Wiz to double down on pushing customers toward deeper GCP commitments. Translation: discounts tied to consolidating workloads (and spend) on Google’s platform. If you’re multi-cloud, this means diluted support and a harder ROI sell.
- CNAPP’s Window of Opportunity: This is the year vendors like Palo Alto, CrowdStrike, and Lacework (if they survive the week) will scream “CLOUD AGNOSTIC!” from every banner. But independence alone won’t cut it. Watch for pricing wars as customers revolt against bloated CNAPP costs—especially when most tools still dump endless alerts into teams already drowning in tickets.
Why this matters: Security leaders aren’t just tired of paying premium prices for half-baked remediation. They’re done playing whack-a-mole with risks. At Gomboc AI, our RSA meetings are already packed with teams demanding deterministic fixes—not another dashboard to stare at.
2. Generative AI: The Security Honeymoon Is Over
Let’s be blunt: ChatGPT-for-everything is hitting its “trough of disillusionment” in engineering and security. Yes, GenAI can write a passable haiku about your firewall rules. But ask it to untangle a legacy AWS CloudFormation mess without breaking prod? Good luck.
- The Hallucination Problem: Teams are waking up to the risks of AI-generated code fixes that look right but explode in runtime. (Ask the Fortune 500 CISO who quietly rolled back a GenAI “remediation” tool after it nearly took down their payment gateway.)
- Deterministic AI’s Moment: This is where the rubber meets the road. Tools like ours that combine AI with context-aware, rule-based automation are seeing surges in adoption. Why? Because they eliminate risks—not just find them. Example: One customer slashed their mean time to remediate (MTTR) from 14 days to 4 hours by letting AI auto-fix IaC misconfigurations before deployment.
The bottom line: RSA’s AI pavilion will be a circus of chatbots and “AI-powered” buzzwords. Look for vendors who can answer: “How do you guarantee accuracy?” Spoiler: Most can’t.
3. The Swag Apocalypse (and How to Do Good)
Let’s not pretend we’re not all here for the tchotchkes. But this year, skip the 14th branded backpack. Instead:
- Donate Strategically: Partner with local SF orgs like Lava Mae to turn vendor swag into care kits for unhoused communities. (Pro tip: Those USB drives? Pre-load them with job training resources.)
- The Only Freebie Worth Grabbing: Noise-canceling headphones. You’ll need them to survive the startup shouting matches on the expo floor.
RSA 2025: The Quiet Shift
Behind the hype, a pivot is happening. CISOs aren’t just buying tools—they’re buying outcomes. Whether it’s escaping cloud lock-in, automating away toil, or turning AI from a liability into an asset, the winners this year will be vendors who deliver results, not just reports.
P.S. If you’re at RSA and want to see deterministic AI in action (or just vent about Wiz), book a demo. We’ll have real engineers—not chatbots—on hand. And yes, we’ll donate your swag for you.
