What You Missed on the Expo Floor
Key Application Security Highlights at RSA 2025:
• Veracode showed continued gains in OWASP Top 10 vulnerability reduction
• Manicode, Cato Networks, and Zenity explored AI for automated code remediation
• Palo Alto Cortex XSIAM added app-focused detection and response
• JFrog spotlighted software supply chain risks and tool sprawl
• Virtue Security showcased comprehensive penetration testing
At RSAC 2025, Application Security seemed to be less of a DevSecOps buzzword and more of a board-level priority. Our team sat in on sessions like “Hack-Proof Cloud-Based Applications—Integrate Cloud-Based Protection” and “Lessons from a Founding Application Security Engineer,” and one theme came through loud and clear: Security is now part of the software itself—not something bolted on after release.
Vendors across the show floor showed off tools that didn’t just scan for issues—they remediated and prioritized the issues based on exploitability, and the tools integrated with the workflows developers actually use. There was also a growing focus on governing AI-generated code, securing open source dependencies, and shrinking the window between vulnerability discovery and patch deployment.
Whether it was runtime protection, software supply chain visibility, or defending against prompt injection in GenAI copilots, the message was consistent: AppSec can’t afford to be reactive anymore. It has to move at the speed of code.
Here’s what stood out most from our time on the ground in the AppSec trenches at RSA 2025:
AI and Machine Learning Are Transforming Application Security
AI’s integration into application security was a dominant theme at the show. The RSAC Innovation Showcase featured experts from Manicode Security and Cato Networks discussing how AI and machine learning are revolutionizing vulnerability detection and code remediation. They emphasized the need for solutions that go beyond merely finding issues to actively fixing them.
Veracode’s State of Software Security (SoSS) 2025 report highlighted a notable improvement in addressing OWASP Top 10 vulnerabilities, with a 4% annual improvement over the last five years.
Zenity demonstrated how AI copilots and assistants can be hijacked by attackers to compromise enterprise users and data and how to navigate the complexities of securing and governing AI agents.
Runtime-Based Detection and Automated Remediation
The RSAC Innovation Showcase also shed light on the benefits and challenges of using automated code remediation to address security vulnerabilities. Experts discussed how runtime-based detection and remediation enhance application security by providing real-time insights and fixes.
Palo Alto Networks‘ updates to Cortex XSIAM introduced advanced email security capabilities, including detecting sophisticated phishing and other email-based threats, and automated removal of malicious emails. Virtue Security showcased its penetration testing services, emphasizing its expertise in application, API, and AWS security assessments.
Securing the Software Supply Chain
JFrog’s presence at RSAC 2025 underscored the critical importance of securing the software supply chain. Their insights highlighted concerns about the expanding vendor ecosystem and the risks of over-reliance on third-party tools for critical services. Their Software Supply Chain State of the Union report revealed that 70% of organizations use seven or more tools to secure their software supply chains.
Appdome & Promon showcased their no-code mobile app security platforms, demonstrating how organizations can rapidly deploy security features to protect against threats without altering source code.
What We Heard in the Hallways
“The shift from traditional AppSec to AI-driven solutions is not just a trend; it’s a necessity.”
— Abhinav Singh, Head of Security Research, Normalyze
“Automated remediation is changing the game, allowing us to fix vulnerabilities faster and more efficiently.”
— David Gruber, Principal Security Analyst, Enterprise Strategy Group
Why It Matters
RSAC 2025 highlighted that application security is evolving rapidly, driven by the integration of AI and machine learning. Key takeaways include:
- AI-powered vulnerability detection and remediation are becoming essential tools in the AppSec arsenal.
- Runtime-based detection offers real-time insights, enhancing the ability to respond to threats promptly.
- Securing the software supply chain is more critical than ever, with organizations needing to manage tool sprawl effectively.
- Automated code remediation is shifting the focus from merely identifying issues to actively fixing them, streamlining the development process.
