SAN FRANCISCO — Cisco set the tone at Monday's RSAC 2025 keynote by announcing a major open-source initiative aimed at securing the future of AI, while other speakers laid out how the industry must adapt to a rapidly changing battlefield.
Jeetu Patel, Cisco’s executive vice president and chief product officer, unveiled Foundation AI — a purpose-built, security-specific AI model trained on cybersecurity data. The model isn’t just open source in concept — Cisco is releasing the actual trained model weights as well, allowing researchers and developers to inspect, adapt and fine-tune it. Alongside that, the company is open-sourcing its full tooling framework, inviting the global security community to collaborate on safer, more transparent AI systems.
He warned that fine-tuned models are significantly more vulnerable to jailbreaks and toxic outputs, citing Cisco research that showed fine-tuning can triple jailbreak susceptibility and increase harmful responses by 22x.
Cisco’s Foundation AI model may not be the biggest, but it’s built like a racecar for the cybersecurity track — tuned for precision, speed and efficiency rather than brute force. Specifics include:
It’s powered by 8 billion parameters, which are like the neurons in a digital brain. That’s large enough to perform complex tasks like detecting and responding to threats — but small enough to remain nimble, unlike massive general-purpose models that are trying to be everything to everyone.
It was trained on 5 billion carefully chosen tokens; think of these as the words, patterns and behaviors the model studied to learn cybersecurity. Those 5 billion were handpicked from a haystack of 900 billion. That’s like selecting the most relevant chapters from an entire library — skipping the fluff to teach the model exactly what it needs to know about threat detection, ransomware tactics and response workflows.
Perhaps most critically, it’s light enough to run on just one or two A100 GPUs, powerful chips used to train AI. Most general models need 30 times that. That’s the difference between needing a full data center to run your model, or fitting it in a secure enterprise rack. This isn’t just about cost — it’s about making AI-powered security scalable and accessible.
"Community — it's what makes us strong in cybersecurity," he said, encouraging the 44,000 attendees to embrace change and new connections with a "Bayesian mindset," being open to updating assumptions as new information arrives.
Thompson also pointed to two seismic trends for the next 18 months: the transformation of application security into AI-driven defenses, and the surge of adversarial attacks specifically targeting AI models.
Agentic AI will redefine cybersecurity — if we secure it first
Vasu Jakkal, corporate VP, Microsoft Security, then offered a sweeping look into the rise of agentic AI — autonomous digital systems that will soon collaborate with one another and with humans to reshape cybersecurity, governance and daily life.
"Today, AI helps us with triage," Jakkal said. "By 2027, agents will predict attacks, dynamically adjust access permissions and autonomously enforce security policies."
Today, she said, most cybersecurity AI systems operate at Level 0 — mimicking human actions and automating repetitive, rules-based tasks.
Within six months, many organizations will move into Level 1, where AI agents will reason through tasks and use tools to achieve specific goals.
By 12 months to 18 months, we will enter Level 2, with agents capable of self-modification or optimization to better meet their objectives.
And in 18 months to 24 months, Jakkal forecasted the arrival of Level 3 autonomy, where AI agents will dynamically adjust their own goals to respond to evolving threats — with minimal human intervention.
Jakkal emphasized that governance, identity verification, data privacy and dynamic risk management must be embedded into the design of every AI agent from the start.
Why community intelligence is our greatest defense
John Fokker, head of threat intelligence at Trellix, brought the conversation back to the human adversary, spotlighting how ransomware gangs like Black Basta now operate as full-fledged businesses — sometimes with government backing.
"The creator I see in me is the creator I see in you," he told the audience, celebrating cybersecurity professionals for protecting strangers they may never meet.
RSAC 2025 made one thing clear: innovation alone won't define the future of cybersecurity — community will. As threats evolve and AI accelerates, it’s the strength of the connections forged here that will determine what comes next.
Tom Spring is Editorial Director for SC Media and is based in Boston, MA. For two decades he has worked at national publications in the leadership roles of publisher at Threatpost, executive news editor PCWorld/Macworld and technical editor at CRN. He is a seasoned cybersecurity reporter, editor and storyteller that aims always for truth and clarity.
