Third day at RSAC Conference: Exploring AI for resource optimization and combating novel attack strategies

Third day at RSAC Conference: Exploring AI for resource optimization and combating novel attack strategies

In 2025, Kevin Mandia, renowned cybersecurity expert and Mandiant founder, foresees a grim economic landscape influenced by geopolitical turmoil, leading CEOs to tighten their belts. At the RSAC Conference, Mandia underscored the need for businesses to do more with less, emphasizing the importance of the AI race.

During his cybersecurity year-in-review keynote, Mandia echoed the AI focus that dominated the security conference in San Francisco. Discussions across the conference, including Tom Gillis' keynote speak, delved into emerging attack techniques and problems, AI-related and otherwise.

Gillis brought up the "Volt Typhoon" attacks, which raised questions about attacker motivation. "Attacks against new attack surfaces, such as switches, routers, and firewalls, are on the rise," Gillis highlighted. The goal is no longer just to steal credit card information; the attackers aim to infiltrate systems and disrupt operations when needed.

Joshua Wright, a SANS Institute faculty fellow, warned about a dangerous new technique called authorization sprawl. Adversaries are exploiting centralized authentication processes through single sign-on, personal access tokens, and sample tokens to access various resources. This technique has been observed not only during personal penetration tests but also used by well-known threat actors like the 'Scattered Spider' team.

Another security researcher on the same SANS Institute panel raised concerns about the speed advantage AI-based attackers have over defenders. According to MIT research, adversarial AI agents can execute attack sequences 47 times faster than human operators. Defenders, who often rely on privacy laws like GDPR, CCPA, and EU AI and data regulations, face obstacles in analyzing sensitive data for threat detection and mitigation.

To tackle this challenge, the researcher called for cybersecurity safe harbor legislation that would allow organizations to analyze sensitive data for threat detection and mitigation purposes. The legislation would help level the playing field, enabling defenders to keep pace with increasingly sophisticated AI-driven attacks.

In the midst of their cybersecurity year-in-review keynotes, Kevin Mandia and Tom Gillis both emphasized the significance of AI in the digital defense landscape. With AI-based attackers executing attacks 47 times faster than human operators, there's a growing concern about the speed advantage these adversaries hold. To counter this, Mandia, Gillis, and other panelists at the SANS Institute have called for cybersecurity safe harbor legislation, aiming to level the playing field and enable defenders to keep pace with increasingly sophisticated AI-driven attacks, thereby strengthening the cybersecurity infrastructure of businesses.

Read also: