RSAC 2025, held at the Moscone Center in San Francisco from April 28th to May 1st, brought together industry leaders under the central theme of operating with purpose amid uncertainty. This theme resonated deeply, reflecting a cybersecurity landscape marked by rapid technological evolution, particularly in Artificial Intelligence, and the growing complexity of software supply chains. For ActiveState, the event provided a crucial platform to demonstrate how our Open Source Security Posture Management (OSPM) platform empowers organizations to tackle these very challenges head-on.

The conference highlighted several key themes that align directly with the core capabilities of the ActiveState Platform, particularly our focus on enabling secure, compliant, and efficient use of open source software.

The AI Revolution and the Rise of Agentic AI

A major focus at RSAC 2025 was the practical application of AI in cybersecurity, extending to the concept of autonomous “agentic AI” capable of threat detection and response. While acknowledging the risks, the potential for AI to enhance security operations was a significant discussion point.

ActiveState incorporates AI to transform security operations. Our Risk Prioritization Copilot leverages AI-powered analysis to detect breaking changes and automatically prioritize critical issues. This moves security teams from alert overload to action, helping them make smarter, informed decisions that balance risk mitigation with resource allocation without sacrificing speed. The Copilot helps teams cut through noise and focus on what truly matters. Looking ahead, our 2025 roadmap includes AIBOM and AI/ML Asset Management capabilities to manage and track LLMs and AI service integrations, further demonstrating our commitment to securing AI assets. The platform already includes support for securing AI assets as part of its covered ecosystems.

The Primacy of Identity-Based Security

The move towards identity-based security models was a clear trend at RSAC, emphasizing user identity, device attributes, and behavior for access control and Zero Trust.

ActiveState’s platform supports an identity-aware security posture for open source components by providing granular organizational impact controls and detailed insights into open source usage across the organization, including user details and deployment locations. Our centralized policy management system allows organizations to define and enforce rules for open source consumption, which can be tied to specific teams or individuals, aligning with the principle of identity-based governance.

The Essential Role of Microsegmentation

Microsegmentation was highlighted as critical for protecting critical systems. While ActiveState doesn’t perform network microsegmentation, our platform plays a vital role in securing the software components that are deployed within these segmented environments.

By providing hardened, minimal-base containers and ensuring reproducible builds from source, ActiveState helps guarantee the integrity and reduced attack surface of the deployed units. This supports microsegmentation efforts by ensuring that the fundamental software components are secure and consistent across development, testing, and production environments, thereby limiting the potential impact of a breach within a segment.

Security for AI

A specific area of discussion at RSAC was the need to secure AI models themselves. As previously mentioned, ActiveState’s inclusion of AI assets within our covered ecosystems and the planned AIBOM/AI/ML Asset Management feature on our 2025 roadmap directly addresses this emerging need. We enable organizations to discover, track, manage, and secure the open source components that form the foundation of their AI/ML applications, ensuring their integrity and reducing associated risks.

Addressing the “Last Mile” of Vulnerability Management

A persistent challenge noted at RSAC and in the sources is the struggle organizations face in converting vulnerability alerts into deployed fixes, creating a gap in software supply chain security. Security tools often stop at detection, leaving teams with manual tasks. A vulnerability isn’t truly remediated until the fix is deployed in production.

ActiveState is purpose-built to address this “last mile”. Our platform delivers solutions, not suggestions, automatically implementing recommended fixes with secure build generation and seamless integration into existing workflows. We deliver tested remediation fixes directly into your existing toolchain.

Our three core pillars—Vulnerability Blast Radius, Risk Prioritization Copilot, and Precision Remediation Pipeline—work together to provide a comprehensive solution. The Vulnerability Blast Radius provides deep visibility beyond surface-level scans, while the Risk Prioritization Copilot, using AI, helps teams focus on the most critical risks. Finally, the Precision Remediation Pipeline automates applying fixes at the component level, generates secure builds, and integrates with existing CI/CD pipelines to shrink remediation cycles from months to hours.

RSAC 2025 reinforced the increasing complexity and criticality of open source security. ActiveState’s OSPM platform directly addresses the themes and challenges discussed at the conference, from leveraging AI responsibly to securing the full software supply chain and achieving true remediation. By providing deep dependency intelligence, AI-powered prioritization, and automated remediation, ActiveState empowers Developers, DevOps, and Security teams to operate with purpose, secure their applications at scale, and drive innovation safely in an uncertain world.

Watch our new Product video or book a demo to learn more!