RSAC 2023 Spotlight: AI, Innovation Sandbox, Top New Attack Techniques and More

  • Spiceworks brings you four key takeaways from the RSA Conference 2023, which concluded yesterday.
  • The four-day event spotlighted AI as THE next big thing in cybersecurity.
  • Meanwhile, Austin, TX-based HiddenLayer beat nine other finalists to win the 18th RSAC Innovation Sandbox at the RSA Conference 2023.
  • Also, check out the five most dangerous new attack techniques and security products announced at the event.

The RSA Conference wrapped up yesterday, giving attendees, as well as those watching from afar, a chance to ponder this year’s theme, i.e., stronger together. RSA Conference 2023, the second in-person edition of the event since the onset of the COVID-19 pandemic, was visibly bigger than last year.

Six hundred and fifty-two speakers, over 400 sessions, 500+ exhibitors, and 25 tracks later, Spiceworks brings you the top four takeaways from one of the largest security events in the industry.

Top Four Takeaways From the RSA Conference 2023

1. AI is the unofficial theme of the week

AI in cybersecurity took center stage at the RSA Conference or RSAC 2023. The prominence of AI was highlighted across the multi-dozen companies announcing respective AI-driven cybersecurity products.

AI, more specifically, the use of AI in cybersecurity, seemed to be in its nascent stage earlier this year. However, companies’ hesitancy to integrate AI tech, including generative AI such as ChatGPT, into respective product and service offerings is fading away, first with Microsoft announcing Security CoPilot.

The trend is shaping up well, with Cisco, Google, IBM, Tenable, Armorblox, NextDLP, and dozens of other companies announcing their AI-integrated cybersecurity products. Besides ChatGPT, other AI products the cybersecurity industry is looking to adopt include DALL-E, Stabe Diffusion, Keras, GitHub CoPilot, TensorFlow, PyTorch, and more.

AI’s importance was underscored by several industry leaders, including RSA Security CEO Rohit Ghai, who went so far as to proclaim that zero trust has no chance of adoption without AI powering it.

Speaking with Infosecurity, M.K. Palmore, cybersecurity strategic advisor and board member at GoogleCloud and Cyversity, said, “I do not believe we have seen everything that is going to be changed and impacted, and as usual as those things evolve, we’ll all have to pivot to accommodate this new paradigm of having these large language models (LLMs) and AI available to us.”

Read more about it here.

See More: Five Cybersecurity Simulations to Reduce the Risk of a Painful Data Breach

2. Most innovative startup

With AI taking over as the shiny new technology that everyone wants to defend with, this year’s RSAC Innovation Sandbox winner is a no-brainer. The Austin, TX-based HiddenLayer beat nine other finalists to win the 18th RSAC Innovation Sandbox at the RSA Conference 2023.

HiddenLayer co-founder and CEO Chris Sestito highlighted that AI/ML systems are vulnerable to cyberattacks as the tech is set to create a $15.7 trillion market (PwC) and replace 300 million jobs by 2030 (Goldman Sachs). “At HiddenLayer, we predict that in less than three years, protecting AI will be a bigger societal need than protecting operating systems.”

HiddenLayer borrowed the concept of endpoint detection and response (EDR) and applied it to develop a machine-learning security platform, an MLDR platform, according to Sestito, which is delivered over the cloud.

HiddenLayer is basically eliminating the interdependence of data scientists and cybersecurity professionals on each other and creating an avenue for both to access AI models in a secure environment securely.

Other finalists in the RSAC Innovation Sandbox contest include AnChain.AI, Astrix Security, Dazz, Endor Labs, Pangea, Relyance AI, SafeBase, Valence Security, and Zama. RSAC Innovation Sandbox contest’s top 10 finalists have collectively been acquired more than 75 times and have raised over $12.5 billion.

See More: Cybersecurity Challenges 2023: What Keeps CISOs Awake at Night?

3. Latest attack techniques

Moderated by Ed Skoudis, president of SANS Technology Institute, The Five Most Dangerous New Attack Techniques session featured cybersecurity experts detailing, as the name suggests, five new attack techniques that pose a grave security risk to organizations. These are:

  • Living off the cloud – SEO attacks
  • Malvertising
  • Attacks against developers
  • ChatGPT in malware (ransomware) development
  • Generative AI in phishing, social engineering

Katie Nickels, a certified instructor at SANS Institute and director of intelligence at Red Canary, highlighted the increasing prevalence of cyber intrusion attempts through search engine optimization poisoning and malvertising injected through the cloud.

In SEO attacks, threat actors inject malware or malicious URLs into the top search results, often paid, to gain initial access to company networks. Malvertising also made it to the MITRE ATTACK framework’s list of common threat vectors.

“What’s new here is the levels to which the use of cloud services has risen,” Nickels said. “So why do adversaries do this? Why do they use the cloud? Why do they live off the cloud? Well, the same reason many of us use the cloud. It’s simple, it’s easy, it’s cheap, and it’s convenient to set up infrastructure.”

Dr. Johannes Ullrich, dean of research at SANS Institute, highlighted increased cyberattacks against developers. “We talk a lot about dependencies and malicious components. The first individual in your organization exposed to these malicious components is the developer, and we have had components that specifically attacked developers,” Ullrich said.

Stephen Sims, offensive operations curriculum lead and fellow, SANS Institute, called attention to the use of ChatGPT by adversaries. A recent studyOpens a new window revealed that the code developed by ChatGPT wasn’t as secure as it should be, indicating that the malicious code it generates couldn’t be up to the mark.

Moreover, ChatGPT refused to develop code for ransomware when prompted by Sims. However, the generative AI did write code for individual ransomware components, which Sims could later integrate.

The risk from ChatGPT is also inherent to developing socially engineered phishing emails to extract sensitive information or direct the target to a malicious link, according to Heather Mahalik, DFIR curriculum lead and senior director of Digital Intelligence, SANS Institute and Cellebrite.

See More: Understanding the Cybersecurity Implications of ChatGPT

4. New products and services announced at the RSA Conference 2023

Here’s a consolidated list of Spiceworks’ picks of important product and service announcements made at the RSA Conference 2023.


Product Company Product Company Product
AWS Amazon GuardDuty updates Torq Security hyperautomation platform BlackBerry

Expansion of Cylance cybersecurity portfolio


New XDR solution Trellix Endpoint Security Suite Eclypsium Supply chain security platform
Google Cloud Security AI Workbench Google Cloud Security AI Workbench CrowdStrike CrowdStream for XDR, log management and AI-based analytics Panorays

Risk Insights and Response Portal for supply chain risks


QRadar Security Suite Palo Alto Networks Expansion of the Unit 42 Digital Forensics and Incident Response Service SecurityScorecard OpenAI’s GPT-4-integrated security ratings platform
(ISC)² Official Self-Paced CISSP Readiness Education Proofpoint Aegis Threat Protection, Identity Threat Defense and Sigma Information Protection platforms SentinelOne

Singularity Security DataLake


Unified Defense SIEM platform Recorded Future Intelligence Cloud Thales SafeNet eToken Fusion series
SentinelOne AI-based threat-hunting platform Akamai Prolexic Network Cloud Firewall Tessian

Tessian Respond for email threats

What was your highlight of RSAC 2023? Share your thoughts with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!

Image source: Shutterstock