Insights from leaders like CISOs are a vital part of threat intelligence, important for organizations to follow in order to maintain effective defenses against an ever-shifting landscape of threats. The RSAC Conference recently released a report, RSAC Cybersecurity Insights & Futures, Volume 3, to provide insight into CISO priorities in 2025-26. The report combines the results of Q2 2025 studies of CISOs to look toward the future of cybersecurity. In upcoming years, issues like AI, autonomy, and data governance are going to remain central to shaping global cybersecurity as organizations continue investing in emerging and evolving technologies.
The Rise of Autonomous Defense
One major trend seen in modern security strategies is a shift toward autonomous defenses, with many organizations transitioning from traditional reactive protection to self-healing, self-learning cybersecurity ecosystems. Organizations are increasingly relying on AI-empowered tools and agents to manage security tasks and processes that may be tedious, repetitive, or overwhelming if done by human teams, such as analyzing and responding to massive volumes of security alerts.
When effectively implemented and managed, this can help organizations save resources and allow human security experts to focus on vital tasks rather than being overwhelmed by tedious and repetitive processes. AI-driven SOCs and autonomous threat response are redefining speed, accuracy, and trust by enabling effective AI-empowered security actions.
The Fragmented Internet: Data as Diplomacy
When it comes to international relations and interactions, the digital landscape is somewhat contradictory—while the global economy and the internet are increasingly interconnected, they are not fully unified. The emergence of geopolitical “data blocs” and competing regulatory ecosystems has led to a more fragmented environment, making it difficult to effectively defend global systems.
This could have far-reaching implications for global supply chains, digital sovereignty, and interoperability. Without the means for smoother relationships and integrations across geographical divides, systems located in different regions may have trouble managing relationships and establishing governance and responsibility.
The Identity Crisis: Humans, Machines, and Trust
The shift toward non-human identities—such as service accounts, digital twins, and IoT entities—is a significant trend in the future of cybersecurity priorities. These identities widen the attack surface and may operate autonomously, as in the case of agentic AI tools. Non-human identities must be protected and managed differently from existing human identities, requiring updated approaches and solutions. Almost one in four CISOs in the RSAC report cite identity and access management as the primary area of investment in the coming year, highlighting the significance of identity as a threat vector.
Identity governance has become the new perimeter of cybersecurity as organizations increasingly incorporate non-human identities and threat actors continue to leverage identity in high-profile and high-impact cyberattacks. “In the past few years, the scope and scale of the identity landscape have shifted considerably as Non-Human Identities (NHI) have exploded,” says Diana Kelley, Chief Information Security Officer at Noma Security, a New York City-based unified AI security and governance platform. “The imminent advent of autonomous AI agents that can ‘reason’ and act through connected tools will accelerate that growth.”
AI as Adversary and Architect
The growth of AI tools in recent years and their widespread adoption in enterprise environments is a <href="#risks">double-edged sword, bringing with it advantages as well as emerging and evolving risks. The rapidly accelerating technological capabilities of AI-powered tools fuel innovation both in sophisticated attacks and in advanced defenses. While AI-enhanced security tools enable quick, accurate, and adaptable protection, AI-empowered threat tactics enable bad actors to industrialize and automate their attacks.
This dual nature of AI emphasizes the rising need for algorithmic transparency, ethical AI policies, and human oversight of AI operations. With the potential for AI-based risks both from ostensibly legitimate tools used internally and malicious uses by threat actors, it is more important than ever to ensure that AI usage is managed and secured effectively.
The Societal Reckoning
Concerning technological innovations and widespread AI adoption, it is vital to consider the impact on public trust, particularly with the huge surge in misinformation and deceptive content in recent years. AI-empowered tools provide the opportunity for significant deception that could lead to potentially catastrophic consequences. Organizations should ensure that their use of these tools is properly supervised and managed to avoid the ethical pitfalls of autonomy in decision-making systems.
The AI explosion is also creating a widening digital divide between AI-capable nations and those left behind. Only 32 nations in the world, predominantly located in the northern hemisphere, have AI-specific data centers. The United States alone possesses 26 data centers, surpassing 25 in all of Asia and closely competing with 28 in the entire European Union.
This discrepancy and growing divide in technological capability highlight the need for resilient systems for national security. With the significant centering of the digital sphere in geopolitical operations, the importance of cyber resilience is being reframed as a pillar of national security and economic stability. It is more important than ever to maintain intelligent data infrastructure and cross-sector collaboration.
Building the Future We Can Trust
Enterprises, policymakers, and citizens should look to reports like RSAC’s Cybersecurity Insights & Futures for insight into the future of the cybersecurity landscape. Trends in cybersecurity budgeting, employee turnover, and defense priorities are crucial to get a good understanding of the state of cybersecurity now and moving forward. It is imperative to build governance frameworks and establish much-needed security measures before autonomy outpaces accountability.
