Hundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference (RSAC) in San Francisco.
To help cut through the clutter, the SecurityWeek team is publishing a daily digest summarizing some of the announcements made by vendors. Here is part three of a roundup of the most important product and service announcements made in the days leading up to the event. You can also read part one and part two of the pre-RSAC roundup.
Action1 adds new features to AEM platform
Action1 has announced major upgrades to its autonomous endpoint management (AEM) platform, including a new feature that enhances autonomous patching, comprehensive vulnerability reporting capabilities and granular role-based access control, and advances in vulnerability analytics and exploit intelligence.
BreachLock unveils Adversarial Exposure Validation (AEV)
BreachLock has launched Adversarial Exposure Validation (AEV), a product designed to help security teams identify and prioritize exposures by simulating how real threat actors would exploit them.
CrowdStrike unveils new AI capabilities
CrowdStrike announced two new major AI capabilities: Charlotte AI Agentic Response, which aims to boost analyst productivity by automatically asking and answering the investigative questions a seasoned security analyst would ask; and Charlotte AI Agentic Workflows, which are drag-and-drop, LLM-powered workflows that enable analysts to insert and activate AI reasoning directly within automated playbooks.
Cycode adds Runtime Protection and Agentic AI Teammates
Cycode has expanded its ASPM platform with runtime protection to enhance the integrity of processes during builds and deployments. It has also launched Agentic AI Teammates, which augment human-led application security with action-oriented agents, allowing them to function as members of a security team rather than as assistants. The agents are tasked with building better workflows, incorporating remediation, risk intelligence, and impact analysis.
Cymulate threat exposure validation research
Cymulate has published its Threat Exposure Validation Impact Report, which shows that 19% of organizations say that running exposure validation monthly can reduce breaches by nearly 20%. In addition, 89% of security teams have already begun to implement AI into their exposure validation processes, and 90% of security leaders apply validation to their exposure management process at least once a month.
Devo partners with Detecteam to automate detection engineering
Security data analytics company Devo has teamed up with Detecteam, the attack simulation and detection lifecycle platform, to provide an integrated solution that enables companies to automatically translate threat intelligence into realistic attack scenarios and deploy new, validated detection rules to proactively strengthen their defenses. It also reduces the time to create, test, and deploy effective detections.
Detectify launches Asset Classification and Scan Recommendations capabilities
A study conducted by application security testing (AST) firm Detectify found that organizations miss deep testing for most of their valuable web applications. To address this, Detectify is launching new intelligent Scan Recommendations and Asset Classification capabilities designed to automatically analyze discovered web assets using attacker-like reconnaissance techniques and provide actionable recommendations on where to apply deep DAST scanning for the most impact, bridging broad and deep testing across the entire attack surface.
LastPass unveils Secure Access Experiences
LastPass has announced Secure Access Experiences, which aims to enhance access management by enabling organizations to securely manage how their employees store and use passwords, ensure that the right people have access to the right apps and data, and gain visibility into app usage. This last capability is the first to be launched. It’s called SaaS Monitoring and it’s expected in mid-May.
Protect AI partnerships and integrations
Protect AI and AWS unveiled the integration of end-to-end security monitoring and audit capabilities into Amazon Bedrock. Guardian and Recon, Protect AI’s security tools that provide zero-trust model scanning and automated red-teaming, have been directly integrated into Amazon Bedrock. This enables AWS customers to scale their gen-AI initiatives with proactive risk mitigation, continuous compliance, and faster time-to-production. Protect AI also announced that it’s working with Leidos to secure US government AI systems from adversarial threats, including those posed by agentic AI models.
Rapid7 launches MDR for Enterprise
Rapid7 has announced the launch of Managed Detection & Response (MDR) for Enterprise, a fully managed and customizable detection and response service. An expansion of Rapid7’s MDR offering, MDR for Enterprise is built on continuous collaboration between the Rapid7 SOC and internal teams within organizations. This new service capability combines Rapid7 MDR’s ability to layer deep, native visibility across endpoint, network, identities, and third-party alert streams with custom coverage that is specially tailored to each enterprise’s unique environment.
Semperis launches Ready1
Identity security and cyber resilience firm Semperis announced the launch of Ready1, an enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. Semperis also published a global study, The State of Enterprise Cyber Crisis Readiness, which shows a gap between perceived readiness and real-world response capabilities.
SplxAI unveils Agentic AI workflow transparency tool
SplxAI has announced enhancements to the SplxAI Platform with the addition of Agentic Radar, an open source tool delivering agentic AI workflow transparency and offering complete visibility into agentic workflows and their vulnerabilities. Agentic Radar maps the dependencies in agentic AI workflows and components using static code analysis to expose missing security measures. Designed to help security teams and AI engineers understand how their AI agents interact with tools, external components, and each other, Agentic Radar enables enterprises to proactively secure their agentic AI systems before they can be exploited.
Stellar Cyber unveils Human-Augmented Autonomous SOC
Stellar Cyber has unveiled the Human-Augmented Autonomous SOC, powered by the company’s Agentic AI framework. The new product leverages AI agents to autonomously triage alerts, build threat narratives, generate case summaries, and continuously evolve based on human input.
StrikeReady introduces Security Command Center v2
StrikeReady has announced version 2 of its Security Command Center platform, which uses AI to enhance security operations. The updated platform provides a consolidated risk view across user identities, assets, and vulnerabilities; risk validation with threat intelligence; and improved efficiency with automated workflows and capabilities.
Veracode adds DAST and EASM capabilities
Application risk management company Veracode announced new capabilities, including new AI-powered functionality in the Dynamic Application Security Testing (DAST) product and an External Attack Surface Management (EASM) capability. They enable security teams to discover the entire attack surface and prioritize the most critical risks to streamline and simplify security scanning.
Zscaler phishing report
Zscaler ThreatLabz has released its 2025 Phishing Report, which shows that phishing is down 32% in the US and 20% globally. Zscaler’s analysis also found that the top platforms for phishing are Telegram, Steam, and Facebook; that phishing-as-a-service and AI deception are increasing; and tech support and job scams have increased with over 159 million hits in 2024.
