Episode #2

RSA 2025 was full of AI claims – but what were security leaders really worried about?

Eliot is joined by ⁠Noora Ahmed-Moshe⁠ (VP of Strategy, Hoxhunt) for a no-spin debrief on RSA 2025. With AI hype at full volume and booth gimmicks ranging from goats to deepfake demos, it’s easy to miss the real signals in the noise. Eliot and Noora cut through the chaos to unpack what security leaders were actually focused on – and what it means for your strategy.

Drawing from hundreds of in-person conversations across the conference floor, they surface the real fears, needs, and shifts happening in the security community. This isn't a recap of vendor taglines – it's a pulse check on how defenders are thinking, what they're struggling with, and where the field is heading next.

Here’s what you’ll learn in this episode:

• How agentic AI is shifting from abstract risk to tactical threat – fast
• Why vishing and deepfake audio are already operational threats, not future hypotheticals
• What CISOs are really saying about the limitations of checkbox security awareness
• How governments are quietly moving beyond compliance toward measurable risk reduction
• Why “AI-powered” marketing claims are falling flat—and how real buyers are filtering signal from fluff

Timestamps:

• (00:24) Overview of RSA 2025

• (00:51) Hoxhunt Cyber News Roundup

• (02:02) Verizon DBIR 2025 Insights

• (03:12) Generative AI Risks and Third-Party Vulnerabilities

• (03:52) NIST 2 Directive in the EU

• (04:57) Experiences at RSA 2025

• (05:48) The Human Element at RSA

• (06:50) AI Dominates RSA Conversations

• (09:04) Challenges and Themes in Cybersecurity

• (12:44) Agentic AI and Its Implications

• (15:13) Deepfakes and Vishing Concerns

• (16:38) Omnichannel Phishing Threats

• (17:21) Positive Conversations at RSA

• (18:46) Surprising Trends and Insights

• (27:04) Conclusion and Final Thoughts

To get future episodes and the latest threats sent straight to your inbox, join the All Things Human Risk Management Newsletter:⁠⁠ https://hoxhunt.com/all-things-human-risk⁠⁠

Resources:

• Our research on AI phishing vs human red teams: https://hoxhunt.com/blog/ai-powered-phishing-vs-humans

• Guide to deepfake phishing: https://hoxhunt.com/blog/deepfake-attacks

Host links:

Eliot Baker:⁠https://www.linkedin.com/in/eliotebaker/⁠

Noora Ahmed-Moshe:⁠https://linkedin.com/in/noora-ahmed-moshe

****

All Things Human Risk Management is a Hoxhunt Original Podcast.

Hoxhunt⁠ is the Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk.

Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love.

Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.