RSA Takeaways on AI, Exposure Management, and Execution

As I’m heading back from RSA, I’ve had a little time to decompress and think about what stood out most from the week.

Like every RSA, it was full. Booth conversations, customer meetings, partner catchups, walking too much, talking too much, and trying to make sense of where this market is actually headed underneath all the noise.

There was a lot of energy this year. A lot of interest. A lot of big claims.

And, of course, a lot of AI.

That part wasn’t surprising. What was more interesting was how much the conversation has matured. The better discussions this year were not about whether AI matters. That answer is pretty clear. The better discussions were about where it actually helps, where it creates more noise, and what security teams need in order to trust it enough to use it in real workflows.

That’s what stuck with me most coming out of RSA.

We spent the week talking with people about exposure management, pentest execution, prioritization, reporting, remediation, and where AI can actually make those workflows better. We also showed some of the ways PlexTrac is evolving in that direction — including MCP, new visual ways to explore risk like heatmaps and dashboards, and even a refreshed brand look that reflects where the platform is headed. You may have noticed the updated logo and color palette across our RSA presence and newer materials. That wasn’t just cosmetic. It reflects a broader evolution in the company and the product.

Here are my biggest takeaways.

AI is no longer the headline. Utility is.

AI was everywhere at RSA, but what stood out to me was that the conversation is getting more practical.

A year ago, a lot of the energy was about possibility. This year, people wanted to know what the product actually does. Does it save time? Does it improve clarity? Does it help teams prioritize? Does it reduce friction? Does it preserve trust?

That’s a good shift.

Security teams are not looking for AI as decoration. They are looking for AI that helps them move faster without losing context or control. That might mean generating an executive summary from live findings, surfacing trends across reports, or helping teams understand which assets and exposures matter most. It might also mean enabling users to query their security data in natural language instead of manually stitching together exports, dashboards, and one-off presentations. Those are the kinds of use cases that feel real right now.

That’s also why I’m encouraged by more open approaches to AI. One of the recent things we introduced is PlexTrac MCP — a read-only way to connect live PlexTrac data to external AI tools like Claude, ChatGPT, Copilot, and Cursor. The point is not to force users into one closed assistant. The point is to let them work with live findings, assets, risk scores, and remediation timelines in the tools they already prefer, while maintaining control over the underlying data.

To me, that’s where this goes next. Less AI theater. More useful access to live context.

Exposure management keeps getting more relevant, but context is still the difference

Exposure management was another major theme all week, and I think that’s a healthy sign.

The market is continuing to move beyond raw discovery and toward a more operational question: once you have all this data, how do you decide what matters and what to do next?

That’s where a lot of teams are still stuck. They don’t need more disconnected findings. They need better ways to unify offensive and defensive data, apply context, and turn risk into action. The most valuable conversations we had at RSA were not about collecting more data. They were about how to reduce ambiguity once the data already exists.

That includes better prioritization. Better storytelling. Better views for different audiences. Better ways to separate the exposures that are theoretically important from the ones that are actually driving risk in the environment.

Visuals matter here more than people sometimes admit. One of the things I’ve been thinking more about is how much faster teams can align when risk is presented in ways that are immediately understandable. Heatmaps, dashboard views, and cross-client or portfolio-level visuals are not just nice-to-have presentation layers. When done right, they help teams see concentration, trend, and business impact faster than a flat list ever could. MCP examples we’ve been showing, like “show me a risk heatmap across all clients,” get at exactly that point.

Execution is still the real bottleneck

If there was one theme that kept coming up underneath almost every other conversation, it was execution.

Security teams already have plenty of tools that generate output. Findings. Alerts. reports. Scores. Charts. The problem is what happens after that output is created.

That’s where context gets dropped. Ownership gets fuzzy. Priorities get debated. Engineering gets one version of the story, leadership gets another, and the work slows down across handoffs.

I still believe this is one of the biggest structural problems in security operations today.

The report is not the finish line. Discovery is not the outcome. Visibility alone is not value.

What matters is whether a team can take validated findings, preserve the right context around them, communicate them clearly, prioritize them intelligently, and move them toward remediation without rebuilding the story from scratch every step of the way.

That’s why I continue to think the industry needs fewer static artifacts and more connected workflows. The organizations making the most progress are not the ones producing the most output. They are the ones that have figured out how to carry security work forward into action.

Product evolution should feel practical

One thing I appreciated about RSA this year was that people were very direct about what they care about. They want products that help them do the work better. They want less friction, not more abstraction. They want flexibility without chaos. They want innovation that actually lands in the day-to-day workflow.

That’s a mindset I agree with.

It’s also how I think about recent product progress at PlexTrac. MCP is one example. So are the newer visual workflows around dashboards and heatmaps that make it easier to understand exposure and communicate it clearly. These aren’t separate ideas. They are part of the same direction: helping teams move from raw data to usable context to action faster. MCP materials we’ve been using describe this as turning live data into dashboards, narratives, visuals, executive summaries, and portfolio insights — which is exactly the kind of workflow compression I think matters.

Even the refreshed logo and updated brand colors tie back to that broader shift. The brand should reflect the company we are becoming, not just the company we were. We started with a strong foundation in pentest reporting. That’s still core to who we are. But the platform has expanded, the use cases have expanded, and the market expectations have expanded with it. The visual identity should evolve too. The current site and RSA materials both reflect that more modern, purple-forward system.

What I’m leaving RSA thinking about

Coming out of this year’s RSA, a few things feel clearer to me.

AI is moving from hype to expectation, which means the useful implementations will separate themselves quickly.

Exposure management is becoming more operational, which is good, but only if teams can bring the right context to the data.

Execution is still the bottleneck in most security programs, and the vendors that help reduce that bottleneck will matter more and more.

And finally, the best security products will not just help teams find more issues. They will help teams understand them faster, communicate them better, and act on them with less friction.

That’s what I kept hearing in the halls. And honestly, that’s what I’m most excited about.

Thanks to everyone who stopped by, challenged our thinking, shared what’s working, and told us where the pain still is. Those conversations are always the best part.

Until next time, RSA.

Dan DeCloss PlexTrac Founder/CTO Dan has over 15 years of experience in cybersecurity. Dan started his career in the Department of Defense and then moved on to consulting where he worked for various companies. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program. Dan has a master’s degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally, Dan holds the OSCP and CISSP certifications.