Big Moves in Endpoint at RSAC 2025:
- CrowdStrike launched Charlotte AI for autonomous endpoint defense
- IBM previewed ATOM (Autonomous Threat Operations Machine) for multi-agent triage
- SentinelOne expanded its Singularity Platform with deeper behavioral AI
- BlackFog focused on anti-data exfiltration to limit blast radius
- Admin By Request rolled out zero-admin endpoint control for hybrid workforces
RSA Conference 2025 proved that endpoint security has become the frontline for innovation in cyber defense. Members of our team spent the week attending AI-focused sessions, exploring product launches on the expo floor, and talking with both emerging vendors and security leaders about how the role of endpoint protection is evolving. From autonomous agents to real-time behavioral analytics, this category is rapidly moving beyond detection—toward intelligent, adaptive defense.
“We’re past the point of just logging events—your endpoints need to think for themselves.”
— Chris Goettl, VP of Product Management, Ivanti
AI Agents Are on the Job
Two standouts this year came from CrowdStrike and IBM.
CrowdStrike’s Charlotte AI marks a leap toward agentic endpoint defense. Charlotte not only detects anomalies, it reasons about them—triaging threats, suggesting context-aware remediation, and escalating only when necessary.
IBM’s ATOM (Autonomous Threat Operations Machine) brings a similar approach to large enterprises, using a team of specialized AI agents to mimic Tier 1 analysts—investigating alerts, determining root cause, and recommending action.
Blast Radius Reduction Is the New Prevention
More vendors leaned into resilience this year—not just detection.
BlackFog’s updates to its Anti-Data Exfiltration (ADX) platform help detect and stop ransomware by blocking outbound data transfer at the endpoint level. This aligns with the “assume breach” posture we heard again and again throughout the week.
SentinelOne focused on autonomous containment, using behavioral context to isolate suspicious processes before damage spreads—no manual triage required.
Local Admin? Not Anymore.
Admin By Request offered a simple but powerful angle: eliminate local admin privileges, and you kill off entire classes of endpoint attacks. Their zero-admin endpoint control system allows just-in-time access without breaking user workflows—something especially relevant for remote and hybrid organizations.
As a Top 10 finalist in the RSAC Innovation Sandbox, Smallstep presented its Device Identity Platform™, which uses hardware-bound credentials to ensure only trusted devices access sensitive resources.
What We Heard in the Hallways
“I don’t need more alerts—I need something to make decisions for me until I can catch up.”
— Comment at CISO Launch Roundtable
“Endpoint tools that don’t speak to identity, network, and cloud? They’re dead weight.”
— Jason Rolleston, Vice President & General Manager, Enterprise Security Group, Broadcom
Why It Matters
RSAC 2025 proved that endpoint security is evolving into something smarter and more strategic.
The best tools on display weren’t just fast—they were context-aware, interoperable, and built to adapt.
Top trends CISOs need to prioritize now:
- Autonomous agents that reduce analyst burden
- Behavioral AI that predicts lateral movement before it starts
- Built-in resilience, not just breach prevention
- Identity-aware enforcement, bridging EDR with IAM and cloud controls
If your endpoint strategy still ends at detection—it’s probably already behind. Check out our vetted list of Endpoint Security solution providers.
For more insights and detailed discussions from RSA Conference 2025, explore the full agenda and session recordings available on the RSA Conference website.
