During a recent podcast, Mathieu Gorge, the CEO of Vigitrust, shared insights on significant discussions at RSA 2025 in San Francisco, emphasizing the considerable influence of artificial intelligence (AI) on compliance. He elaborated on how the proliferation of AI in enterprises increases the risk landscape for organizations, while suppliers are pivoting towards a more consultative approach focused on achieving business outcomes.
Key Topics on Data, Storage, and Data Protection at RSA 2025
After attending RSA for nearly two decades, Gorge noted a shift in focus from single trends such as blockchain or AI deployment to a broader discussion of compliance, which was particularly prevalent this year. The atmosphere at the conference buzzed with innovation in compliance solutions, underscoring the heightened importance vendors place on governance, risk, and compliance (GRC) strategies.
Historically, RSA showcased a sales-driven focus, with vendors promoting products like encryption or storage solutions. This year, however, there was a marked change in narrative, highlighting the business benefits of selecting appropriate technologies. Vendors articulated how their products contribute to greater compliance, effective data protection, and streamlined data issue management.
The role of Chief Information Security Officers (CISOs) was a notable topic of discussion. Questions arose regarding whether CISOs should oversee AI governance amidst their existing responsibilities concerning data protection. These conversations explored the necessity of collaboration between CISOs and other roles, such as chief AI officers, to ensure comprehensive governance in light of evolving AI risks.
Vendors’ Focus on Business Outcomes Over Functionality
Gorge observed a shift among vendors towards a more consultative approach, utilizing case studies and whitepapers to illustrate the advantages of effective compliance practices. This contrasted with a previous mindset where compliance was a mandate rather than a value proposition.
With the introduction of AI technologies, the risk surface has significantly expanded, reminiscent of earlier cloud service adoption patterns that often overlooked security and compliance. Vendors are now advocating for responsible AI integration that aligns with existing security measures and encourages the establishment of appropriate governance frameworks for diverse AI applications.
One critical consideration is determining who should manage the risks associated with AI—whether it falls solely on the CISO, a collaboration with chief AI officers, or the need for dedicated roles like chief AI security officers. Given the substantial increase in data generated by AI, organizations are urged to adopt existing AI frameworks to effectively manage these new challenges, actively engaging in industry efforts to simplify compliance and security processes.