#1. SaaS platforms need to be secure by design

One of the biggest takeaways at RSA for Andrew Becherer, CISO at Sublime Security and advisor to Mondoo, is how making SaaS secure by design was an important subject highlighted during RSA 2025, and one that the entire industry should take note of.

Andrew Becherer talks about Patrick Opet’s open letter to the SaaS industry

Despite five decades of progress in cybersecurity, attackers continue to outpace defenders — and time is running out to shift the balance. That was the stark message delivered by Veracode founder Chris Wysopal and Columbia University’s Jason Healey during their RSA Conference 2025 session, “Secure by Design: Are We Winning?” 

A week before RSA, Patrick Opet, CISO at JPMorgan Chase, expressed a similar opinion in an open letter emphasizing the urgent need for security by design in the development of SaaS applications. In his letter, Opet challenges both software vendors and enterprise customers to move beyond reactive security models and embrace a more proactive, embedded approach. His message is clear: as financial institutions and other critical sectors become increasingly reliant on SaaS platforms, the onus is on the tech industry to raise the bar for secure design—before threats materialize.

As a SaaS vendor ourselves, Mondoo takes this topic very seriously and security is top of mind in everything we build and do.

#2. Model Context Protocol (MCP) is quickly gaining traction

Even though MCP was released by Anthropic in August last year, it was initially focused on creating more intelligent LLMs. This was when AI agents weren’t in the picture yet. With the introduction of agentic AI and the vast possibilities it unlocks, MCP has recently gained enormous traction. Using MCP, users of LLMs and AI agents can interact with applications and utilize their data and functions to automate processes and auto-learning.

At RSA, some cybersecurity vendors unveiled their MCP servers, including Mondoo. With the Mondoo MCP server, you can now use your favorite AI assistant, such as ChatGPT, Anthropic's Claude or GitHub Copilot to access Mondoo security data for real-time answers and faster vulnerability resolution. Imagine asking your favorite LLM to find and fix critical security findings. With Mondoo's MCP, this is now a reality.

Watch Mondoo Ansible automation through GitHub Copilot

Mondoo MCP Server is available for private preview for Mondoo customers, please contact your customer success manager if you’d like to try it out.

#3. AI is increasingly getting ‘real’

While last year AI was just a buzzword in cybersecurity — at RSA 2025 we can see how it is now evolving into a mature, operational component of modern security platforms. Across the show floor and in keynote presentations, vendors showcased AI-driven tools that are moving beyond basic anomaly detection into more sophisticated use cases like autonomous threat hunting, intelligent prioritization of alerts, AI generated remediation guidance, and AI assistants. 

And, as Andrew Becherer, CISO at Sublime Security and advisor to Mondoo, said, perhaps the biggest difference is that at RSA 2025 vendors are moving beyond just theory and optimized demos, and that Gen AI implementations are actually getting real.

Andrew Becherer compares current state of AI with last year’s RSA

Unlike earlier iterations, today's AI models are trained on richer, domain-specific datasets and are showing tangible improvements in accuracy, context-awareness, and speed. CISOs and practitioners alike expressed a growing confidence in these capabilities, not as replacements for human analysts, but as powerful force multipliers that can reduce response times and enhance decision-making in high-stakes environments.

# 4. Exposure management and self healing systems

At RSA 2025, Enterprise Strategy Group (ESG) Principal Analysts Dave Gruber and Tyler Shields presented on AI-driven exposure management and the path to self-healing systems. They shared recent research on the topic, and what is needed to get to secure and accurate self-healing systems that would dramatically increase the state of our cybersecurity today.

An exposure management platform highlights all exposures in your IT infrastructure in a single unified platform, and then prioritizes each finding according to the actual risk it poses. The advantages of having a unified platform instead of 10-15 siloed solutions isn’t just efficiency and cost, but also offers better prioritization across the board and avoids blind spots.

A lot of the detection, triage, and prioritization can be automated. But what about remediation? Yes, we can automate the process as much as possible, but currently humans are still needed for many of the required actions. What if we could actually have autonomous, self-healing agents to detect, diagnose, and automatically remediate security issues without any human intervention? Agents could fix issues by restoring files, changing settings, or isolating affected systems. 

Of course, remediation automation, also known as Security Orchestration, Automation, and Response (SOAR), can have disastrous consequences if not done right. But with the case of agentic AI, humans can actually help train self-healing agents since they can learn from past incidents and adapt to new threats.

#5. Security data fabric and agentic AI

As expected, agentic AI was the talk of the town at RSA since it opens up so many possibilities.  Agentic AI reduces the burden on security teams by autonomously handling routine and complex security tasks such as threat detection, alert triage, and incident investigation. It proactively monitors systems, filters out false positives, and responds to credible threats in real time, significantly reducing alert fatigue. Agentic AI also enables faster, more accurate decision-making and allows security professionals to focus on other higher-value tasks.

To perform meaningful actions, AI agents need access to quality data. The less siloed and complete the data is, the better the agents can achieve desired results. This is where security data fabric comes in: Security data fabric is a modern architectural framework that unifies and integrates security data from diverse sources—such as cloud platforms, endpoints, and network devices—into a centralized, scalable system. By breaking down data silos and streamlining access, a security data fabric enhances an organization’s ability to detect, investigate, and respond to threats more efficiently.

Mondoo offers a complete security data fabric, that inventories and assesses cloud assets, on-prem, SaaS platforms, endpoints, and source code - and prioritizes each finding based on 40+ risk factors (which are also customizable). This Mondoo security data fabric serves as the backbone for modern AI solutions and security teams. 

#6. Deepfake detection

A new type of security offering that is gaining traction and was prominently featured at RSA 2025 is Deepfake detection. With the rise of Gen AI, it’s become increasingly simple to create realistic-looking manipulated content, such as replacing faces, changing facial expressions, or adding or removing objects. 

Deepfake detection is the process of identifying these fake videos or images created using deep learning techniques, specifically those that manipulate or replace parts of an original video or image, such as faces. 

But how can Deepfake detection spot the fakes? Here are a few techniques:

• Provenance-based detection: Examines the metadata of the content, looking for inconsistencies like altered timestamps, editing history, or discrepancies in GPS coordinates. 
• Inference-based detection: Analyzes the video or image itself for subtle artifacts or inconsistencies that are indicative of manipulation or synthetic generation.
• Computer Vision Techniques: Uses computer vision principles, such as feature extraction, pattern recognition, and anomaly detection.
• Spectral Artifact Analysis: Focuses on identifying inconsistencies in the frequency spectrum of the image, which can be a telltale sign of deepfake manipulation.
• Photoplethysmography (PPG) analysis: Analyzes changes in color (blood flow) on the face, as these changes are often disrupted by deepfake generation. 

With the rise of AI, we can expect these types of platforms to evolve from being a nice-to-have to being a necessity to protect individuals and corporations.

About Mondoo

Mondoo is an exposure management platform that identifies, prioritizes, and addresses vulnerabilities and misconfigurations in your entire IT infrastructure and SDLC from a single interface — covering on-prem, cloud, SaaS, and endpoints. Unlike siloed approaches, Mondoo enables you to quickly understand your most urgent risks and initiate fast remediation, ensuring optimized security efforts and significantly improving security posture. 

To learn more about the Mondoo platform, please contact us.

‍