In my conversation with Greg Nelson, CEO of cybersecurity vendor RSA, he outlined core trends in cybersecurity as enterprises enter an era defined by identity-centric security, passwordless authentication, and challenges around AI deployments.
Nelson explained how RSA is building on its four-decade legacy by focusing on identity as the primary attack surface. He discussed why most breaches now stem from compromised credentials, how organizations should rebalance security budgets toward identity and access management, and why passwordless adoption has lagged despite broad industry consensus.
Nelson also detailed RSA’s approach to AI and agentic security—using AI to improve risk visibility and productivity without introducing new attack vectors. He closed with a candid look at the accelerating threat landscape and an optimism that modern, phishing-resistant technologies can finally catching up to attackers.
Core Themes Driving RSA’s Next Chapter
Passwordless as the new foundation of security: Nelson argues that attackers no longer break in but log in, making passwordless authentication and phishing-resistant credentials essential to stopping breaches at the earliest point in the kill chain.
Identity over perimeter in security budgets: With data now spread across cloud, mobile, and hybrid environments, RSA advises CISOs to follow the attacker’s behavior rather than legacy architectures and to rebalance spending toward identity threat protection.
AI applied thoughtfully, not recklessly: RSA is embedding AI to surface risk, automate decisions, and improve productivity—while deliberately avoiding AI implementations that could introduce new attack surfaces.
High-assurance innovation for the most sensitive environments: RSA continues to serve highly regulated and mission-critical organizations, using AI and identity security posture management to simplify compliance and strengthen assurance.
Key Quotes
“Attackers don’t break in, they log in.”
“If you look at the major breaches over the last two or three years, they didn’t smash through a firewall. It was a compromised credential or identity. That realization forces CISOs to modernize their security posture and move budgets toward passwordless and identity security, because that’s where the attackers are actually operating today.”
“Passwordless can’t just be a login moment.”
“If 30 or 40 percent of your applications still ask for a password after login, people get frustrated and wonder why they even started. End-to-end workforce passwordless means securing the entire stack, not celebrating just the login screen.”
“AI must reduce risk, not create a new threat vector.”
“Ninety-one percent of companies are looking to implement AI, but it has to be done the right way. Our focus is using AI to surface risk and guide action—whether for humans or agents—without introducing new vulnerabilities into identity or data.”
“The technology has finally caught up to the threat.”
“We’re seeing deepfakes, voice cloning, and adversarial AI accelerate at incredible speed. But the optimism comes from the fact that phishing-resistant, passwordless workforce security is real and ready now. The challenge is adoption and continued innovation.”
