How Cybersecurity is Evolving in the AI Era

Baird’s Cybersecurity Investment Banking team recently attended the 2025 RSA Conference in San Francisco. The event brings together leaders and practitioners from across the cybersecurity industry, creating an exceptional forum for connection and discussion. Our team started the week with a CEO dinner Sunday night – an evening defined by thoughtful conversation among CEO peers – followed by meetings with various CEOs, industry experts and private equity professionals throughout the rest of the conference.

We were struck by the expo floor’s clear focus on differentiation this year, with game shows, demos, goats, and AI all present. We saw the full spectrum of tactics at play – everything from Wiz’s cloud-themed gameboards, to demos of the latest agentic AI capabilities, to Kiteworks’ live (!) goats in the mix as well. All in all, there were some memorable booths (and large marketing spend) at this year’s event.

Key Themes:

1. How Do You Secure AI? Experiments in “vibe coding” and Palo Alto’s acquisition of Protect AI started the week with plenty of headlines to talk about related to AI’s impact on code security. Most businesses seem to be in agreement that this is an issue best tackled collectively and in partnerships (e.g., Cisco/Splunk’s partnership with ServiceNow to streamline secure AI adoption at scale).
2. Unique Data: With AI enhancing workflows, becoming L1 agents and quickly analyzing and triaging data, the most interesting companies are not necessarily those with the best UI or workflow, but the ones with unique, hard-to-commoditize data sets. As we continue to see further proliferation of ready-made workflows and bespoke AI models, unique and important underlying data sets are the fuel to the AI fire.
3. Data Resilience and Identity: Every company has data and identities to protect. Thus, data and identity are two big pockets that go hand in hand with cyber, expanding the aperture for investors looking to play in the space. Code data, cloud data, customer data, proprietary data, etc. all need protection. Similarly, both human and non-human identities (like bots and APIs) are core to defenses, especially in hybrid environments. Hence, we expect to see continued momentum and convergence in these areas within the broader cyber stack.
4. “Sticky” Services: X-as-a-Service is back in style, but software isn’t always the X. Sticky cyber services wrapped around a known ecosystem (particularly the cloud environments: Google, Microsoft, Oracle, Amazon, etc.) or product family (Microsoft Defender, SentinelOne, Crowdstrike, Palo Alto, etc.) or certification standard (SOC 2, HITRUST, ISO 27001, etc.) are all piquing the interest of investors and tech acquirers.
5. Tempering Hot Tempers: While cybersecurity remains a core federal government focus and personnel cuts don’t necessarily filter through to certain cyber line items, the current US administration’s priorities have affected procurement offices and their ability to close deals. While the impact has been somewhat benign at this point, we could see a bigger impact during the federal government’s typical Q4 budget flush. This uncertainty is impacting how investors approach the space. 
6. Regulatory Environment Creating Additional Opportunities: The regulatory environment is influencing certain activities and investments, making compliance with standards like SOC 2 crucial for businesses looking to attract investment and grow in the current market. This environment is a key theme that investors can build a thesis around.
7. What Is “Good Growth” in Today’s Cyber Market?  While certain subsectors have spawned truly disruptive technologies that still enable hyper-growth in excess of 50%, what is the new normal for the majority of cyber companies – is it 20% or 30%? This question is central to understanding market dynamics and setting realistic valuation expectations.
8. Revenues, Wedges and Budgets: Financial focus is on delivering strategic ROI to customers and channel partners. The ability to meet CISO needs and to help them to defend the spend in board meetings are key. We are seeing players making moves in consolidation – playing across identifying, defending, protecting and remediating – a further attestation that the platform is still king in cyber. For point solution vendors, there is a recurring question around, “What are the cost line items that the product(s) I am selling are taking from?” and therefore, “What additional cost line items are available?” This brainstorming exercise is starting to form the go-to-market strategy for businesses and build out from single point solutions into multi-product companies.
9. The Human Element: We have seen a substantial increase in the capabilities of autonomous AI technologies across the entire cybersecurity stack, such as blocking attacks, automating responses, identifying deepfakes, etc. However, humans remain the weakest link and the main target for the most dangerous cyberattacks. Continuous training of skilled IT teams and security analysts, augmenting and personalizing Human Risk Management with AI capabilities (e,g., Abnormal AI’s new AI Phishing Coach, breach coaches), and proactive threat hunting remain absolutely critical and a valid investment thesis.

Baird’s Cybersecurity team has extensive experience advising across the sector. Our sector expertise covers network and endpoint security, security operations, identity and access management, security awareness training, threat intelligence, data security, application security and managed security services. We welcome the opportunity to discuss these themes and how they may impact your business or future strategy.

Connect with Baird’s Cybersecurity Team

Sebastian Daumueller Managing Director

View Profile

Matt Russell Managing Director

View Profile

Chelsea Smith Director

View Profile