Hundreds of companies are showcasing their products and services next week at the 2025 edition of the RSA Conference (RSAC) in San Francisco.
To help cut through the clutter, the SecurityWeek team is publishing a daily digest summarizing some of the announcements made by vendors. Here is part two of a roundup of the most important product and service announcements made in the days leading up to the event. You can also read part one of the RSAC roundup.
Aryon Security launches Cloud Security Enforcement Platform
Aryon Security has launched a Cloud Security Enforcement Platform designed to prevent cloud risks before they can reach production environments. The platform enables organizations to enforce tailored security policies that minimize human error and misconfigurations. The company emerged from stealth mode last month with $9 million in seed funding.
Axonius releases risk-based vulnerability management product
Axonius has launched Exposures, a solution that enables seamless remediation, tracking and automation for risk-based vulnerability management. Exposures aggregates security gaps across IT and security tools so teams can prioritize, remediate, and track vulnerabilities with precision and automation. Axonius Exposures works with existing security investments to contextualize the risk of vulnerabilities and exposures and provide customized remediation recommendations.
Backslash Security LLM vibe coding research and new capabilities
Application security firm Backslash Security has released new LLM ‘vibe coding’ research, which found that top LLMs generate vulnerable code by default. GPT-4o performed the worst, while Claude 3.7 Sonnet was the best. To address this risk, Backslash is rolling out a suite of new capabilities, including a context-sensitive Model Context Protocol (MCP) server, dynamic policy-based AI rules, and an IDE extension.
Checkmarx releases application security posture management solution
Checkmarx has unveiled a new application security posture management (ASPM) solution as part of Checkmarx One to improve the developer experience. Some key features of the solution include a head of engineering dashboard that gives engineering leaders a single data-driven view to enforce AppSec best practices, pre-commit secrets scanning in the IDE to eliminate redundant fixes and streamline engineering efforts, and JFrog artifactory integration to safeguard proprietary code and ensure compliance.
DataDome unveils intent-based AI models for AI agent protection
Fraud protection firm DataDome unveiled intent-based AI models to enable organizations to control how AI agents access and interact with their digital assets. The latest enhancements provide customers with deeper control over user intent, enabling them to distinguish between legitimate AI-driven use and malicious automation. With expanded intent-based AI models, LLM detection, and new AI agent response policies, DataDome’s AI engine enables the identification, categorization, adaptation, and response to traffic in less than 2 milliseconds.
Entro launches gen-AI engine for NHI security and secrets scanning
Entro Security has unveiled a set of generative AI capabilities that bring more context, clarity and control to exposed secrets and NHI-related risks across enterprise environments. The new engine, powered by LLMs, enriches Entro’s security findings with structured, natural language summaries. Each finding is automatically classified based on metadata and context, making it easy for security teams to understand what each NHI does, where exposed secrets live and what’s at risk.
Prompt Security launches Vulnerable Code Scanner for AI-generated code
Gen-Ai security firm Prompt Security announced the beta launch of Vulnerable Code Scanner, a new static analysis security testing feature that detects vulnerabilities in AI-generated code before it ever reaches a developer. It automatically analyzes AI-generated responses in real time, flags risky code suggestions and provides actionable mitigations to prevent hazardous outputs from tools like ChatGPT, Copilot and more. Prompt also announced support for the Cursor AI code assistant.
PwC releases Cyber Threats 2024 report
PwC released its ‘Cyber Threats 2024: A Year in Retrospect’ report, which revealed that last year was the most active year for cyber threats on record — with ransomware, AI-powered phishing and state-sponsored espionage all reaching new levels of scale and sophistication. PwC found that the number of active ransomware-as-a-service (RaaS) groups doubled in 2024. It also found that critical infrastructure, elections, and supply chains were targeted globally—highlighting the gap between regulation and real-world threat evolution. Even as zero-day use increased, 2024 saw a 31% increase in disclosed vulnerabilities year over year.
“What we’ve seen in 2024 is that AI for threat actors has been more of an evolution than a revolution—amplifying tried-and-true tactics like social engineering and credential theft. At the same time, vulnerability exploitation is way up, often through known flaws in edge devices. At RSA, the focus on resilience is spot on, because in this threat landscape, speed and adaptability are everything,” Allison Wikoff, PwC’s Director and Americas Lead for Global Threat Intelligence, told SecurityWeek.
SafeBreach launches remediation module for Validate BAS
SafeBreach announced an AI-driven Remediation module for its Validate BAS (breach and attack simulation) solution. The new AI Remediation engine automatically suggests tailored remediation steps for missed attack simulations. In addition, SafeBreach announced integrations with ServiceNow workflow automation, enabling organizations to automatically convert SafeBreach findings into actionable ServiceNow incidents.
Skyhawk expands AI-powered Purple Team
Skyhawk Security announced the enhancement of its Cloud Detection and Response (CDR) platform. Specifically, an AI-powered autonomous Purple Team will go beyond cloud infrastructure, allowing businesses to preemptively identify vulnerabilities in custom cloud applications, analyze exploit paths across app and infrastructure layers, and continuously monitor threats — all without agents.
Swimlane unveils Compliance Audit Readiness Solution
Swimlane has unveiled a Compliance Audit Readiness (CAR) solution designed to streamline compliance management and accelerate audit readiness. The CAR solution is powered by the company’s Turbine AI Automation Platform and built on the Secure Controls Framework. It’s designed to automate compliance control mapping, streamline audit evidence gathering, and provide real-time risk-based reporting.
Vanta launches AI Security Assessment
Vanta announced its new AI Security Assessment, a standardized set of questions that helps companies evaluate AI vendor risk and demonstrate their own responsible AI practices. The assessment gives security and compliance teams a practical, scalable tool for demonstrating AI posture proactively, completing questionnaires faster, and evaluating vendor AI risk.
Versa launches MCP Server
Versa announced the release of its Model Context Protocol (MCP) Server, a utility designed to help customers integrate their Agentic AI tools and platforms with the VersaONE Universal SASE Platform. Specifically, the Versa MCP Server allows Claude, ChatGPT, Gemini, Microsoft Copilot, and internally developed copilots to securely query Versa systems through an API, making it easier for teams to get answers to security and network issues.
Vorlon introduces DataMatrix
Vorlon has introduced its patent-pending DataMatrix technology, which enhances the company’s SaaS ecosystem security platform. DataMatrix enables Vorlon to build a live model of the customer’s SaaS environment to power fast, AI-driven remediation. DataMatrix fills the API security logging gaps present in more than 50% of SaaS apps and gives security teams first-time visibility and tools needed to protect the entire interconnected Saas ecosystem.
Zenity expands AI agent security and governance platform
Zenity, a company that has developed a security and governance platform for AI Agents, announced its integration with the ChatGPT Enterprise Compliance API, enabling enterprises to secure and govern how AI Agents are adopted, developed, and used in ChatGPT Enterprise.
ZEST Security unveils Multi-Agent AI System for cloud risk remediation
ZEST Security announced the launch of its Multi-Agent AI System, which delivers fully guided remediation and mitigation for cloud security risks. Designed to extend and enhance security teams, the new system is AI agnostic, meaning various AI Agents and LLMs are employed. Each specialize in specific remediation tasks and work together to evaluate infinite options for resolution to determine the best possible path based on available fixes, remediations and mitigations.
Related: RSA Conference 2025 – Pre-Event Announcements Summary (Part 1)
