What You Missed on the Expo Floor
Identity Innovation Highlights at RSA 2025:
- RSA launched ISPM dashboards for hybrid identity risk management
- Okta previewed non-human identity governance for AI agents and service accounts
- Anetac introduced Human Link Pro for managing machine + human identities
- 1Password pushed into the enterprise with secure machine credential vaulting
- Microsoft Entra expanded conditional access into real-time posture-based enforcement
IAM Is the New Security Perimeter—And It’s Moving
At RSA Conference 2025, Identity & Access Management (IAM) wasn’t just part of the security discussion—it was the discussion. Every keynote, panel, and product pitch seemed to orbit the same idea: identity is the new control plane, and the stakes have never been higher.
Our team attended sessions like “Generative AI Meets Identity Governance: Automating the Overlooked” and “From Ideal to Real: Demystifying Passkey Concepts and Implementations”—some with standing-room-only. Across the show floor, vendors were racing to solve for a security reality where human credentials are only part of the problem. Now, it’s also about AI agents, machine identities, ephemeral access, and identity-based lateral movement.
And what came through most clearly? Organizations aren’t just looking for better access controls—they’re looking for intelligent, real-time systems that detect misuse, adapt to context, and automate enforcement before a ticket ever gets created.
“If your IAM system isn’t dynamic, it’s not defending anything—it’s just delaying a breach.”
— Fei Liu, Senior Emerging Tech Researcher, Okta
Here’s what we saw, heard, and learned from the front lines of IAM at RSAC 2025:
Identity Threat Detection Goes Real-Time
Traditional IAM has been reactive—quarterly access reviews, static role definitions. But real-time Identity Threat Detection and Response (ITDR) stole the show this year.
RSA debuted its Identity Security Posture Management (ISPM), with AI-powered dashboards that surface risk indicators like privilege drift, orphaned accounts, and cross-environment entitlements.
Okta showed off its early warning capabilities for anomalous login patterns and suspicious privilege escalations, built into its Workforce Identity Cloud.
Securing the Machines
A huge shift we saw on the floor: IAM is now responsible for non-human identities, too.
Think API tokens, cloud service principals, AI agents, and container roles.
Entro touted their unique NHI and secrets security management platform which exposes unknown vulnerabilities.
Anetac’s Human Link Pro offers unified identity graphs that treat human and machine identities equally—mapping relationships, tracking usage, and flagging outliers.
1Password, long known for consumer security, entered the enterprise scene with strong demos on machine credential lifecycle management, vaulting API keys, secrets, and certificates with granular access logs and automation triggers.
Conditional Access Gets Smarter (and Stricter)
Zero Trust was everywhere, but Microsoft’s Entra team earned attention for evolving beyond static conditional access. The newest iteration evaluates posture signals in real time—device health, location anomalies, behavioral patterns—before granting or denying access.
“It’s not just who you are—it’s where you are, what you’re doing, and what you just did.”
— Angelica Faber, Sr. Security Architect, Microsoft
In addition to announcing $108 million in a Series D round of funding, Veza showcased its Identity Security platform, emphasizing its capability to visualize and control enterprise access.
Incode demonstrated its identity verification technologies, including deepfake detection algorithms achieving over 99% detection rates against advanced tools.
Advancements in Identity Governance
Kron highlighted their PAM and DAM&DDM solutions which help mitigate shadow data, longer breach lifecycles, and increasingly sophisticated attack vectors.
Huntress unveiled its enhanced Managed Identity Threat Detection and Response (ITDR) solution and announced the general availability of its Managed SIEM, offering 24/7 SOC-backed threat detection and response.
Red Canary highlighted the power of the Red Canary Security Data Lake, game-changing new identity capabilities, and exclusive insights from their 2025 Threat Detection Report.
What We Heard in the Hallways
“We’ve built great fences around users. What we need now is smarter gates.”
— Comment at the CISO Roundtable
“The most dangerous account in your environment is probably a service account with no MFA and no owner.”
— Vivin Sathyan, Chief Technology Consultant, ManageEngine
Why It Matters
RSAC 2025 reinforced what most security teams already feel: identity is the foundation of modern security—but it needs a serious upgrade.
The next-gen IAM stack needs to:
- Detect and respond to identity-based attacks in real time
- Govern machine identities with the same rigor as human ones
- Dynamically enforce Zero Trust based on context, not just credentials
- Integrate seamlessly with endpoint, SaaS, and data platforms
If your IAM system is just handing out access—it’s not security. It’s a liability. Check out our vetted list of Identity & Access Management solution providers.
For more insights and detailed discussions from RSA Conference 2025, explore the full agenda and session recordings available on the RSA Conference website.
