Analyst(s): Fernando Montenegro
Publication Date: April 9, 2025
RSAC has announced the 10 finalists for its 20th annual Innovation Sandbox contest, set to take place on April 28, 2025, at the RSA Conference in San Francisco. Each startup will present a live pitch and participate in a Q&A session before a panel of expert judges. The 2025 finalists include companies tackling AI in multiple forms, data protection, and attack surface management – key themes also reflected in The Futurum Group’s 2025 cybersecurity predictions.
What is Covered in this Article:
- RSAC reveals Top 10 finalists for the 2025 Innovation Sandbox contest
- Security for AI, AI for security, and data protection emerge as core innovation themes
- RSAC launches new initiative to fund each finalist with $5 million
- Finalist selections align with The Futurum Group’s 2025 security outlook
- RSAC Innovation Sandbox’s historical track record of high-value exits
The News: RSA Conference has named the Top 10 Finalists for the 20th annual RSAC Innovation Sandbox. The event, part of the RSAC Innovation series and now a key component of the overall RSA Conference, gives emerging cybersecurity startups a chance to pitch their offerings live on April 28, 2025, in San Francisco. New this year is that finalists will have accepted a SAFE (simple agreement for future equity) investment of $5 million. More than 200 startups applied, with a 40% increase in submissions over last year. Previous finalists include companies like SentinelOne, Wiz, and Talon, among others.
RSA Conference Innovation Sandbox Announces 2025 Finalists
Analyst Take: Now in its 20th year, the RSAC Innovation Sandbox remains an important indicator of new trends in cybersecurity. The 2025 group includes various companies working on issues like AI regulation, data protection, attack surface tracking, and infrastructure safety.
Increased Capital Support for Startups
The RSA Conference was acquired by Crosspoint Capital Partners in 2022, and this new $5M SAFE investment aspect is one of the more visible changes. The move to provide direct funding changes the role of the conference – from just organizing the contest to more actively helping these finalists grow. Instead of only offering exposure, Sandbox now gives startups another type of support they need to make a difference early on. For young companies, this kind of resource injection early in their life can help them get noticed or get more funding, though it does introduce new elements to the startups’ cap table for later investment rounds. This does not appear to have affected overall interest, as the 40% rise in applications and the over 200 submissions demonstrates.
Dual Focus on Securing and Using AI
Notably, half of the finalists are explicitly working on both using AI to improve security and securing AI itself. Companies like CalypsoAI and Knostic are creating tools to handle risks from large language models and generative AI, while EQTY Lab is focused on applying cryptography to manage AI agents. Aurascape is working on ways to safely enable AI in enterprise environments. These themes show that AI safety is an undisputable factor in security programs. We had previously included this as one of the key themes for 2025, and this large proportion of AI-centered startups provides further evidence of that theme.
Practical Offerings to Longstanding Security Gaps
Other startups are working on problems that companies have faced for years. MIND is adding automation to insider risk and data loss prevention. Smallstep is improving how devices are identified in Zero Trust environments. Metalware is focused on testing firmware security, while ProjectDiscovery monitors attack surfaces using open-source tools. Together, these offerings aim to be practical, scalable, and ready for use in enterprise environments.
Validation from Historical Successes
While “correlation is not causation,” the Innovation Sandbox contest has a good track record of finding successful startups. Previous finalists include SentinelOne, Wiz, and Axonius – companies that have gone public, reached high valuations, and more. Wiz, a 2021 finalist, is now potentially being acquired by Alphabet for $32 billion, which, should it close, will be the largest pure-play cybersecurity deal in history. Other big moves include Talon Cyber Security being bought by Palo Alto Networks for $625 million and Dazz being acquired by Wiz for $450 million. All of this supports the idea that RSAC Innovation Sandbox is a valuable signal of which startups are ready to grow fast and scale in the market.
What to Watch:
- Will the infusion of resources from the new SAFE investment change how these companies perform in the market?
- Finalists operating in AI and LLM security may find early demand among enterprises building internal GenAI capabilities, including agentic AI implementations.
- How does the ongoing “platforms versus point products” discussion impact these vendors’ positioning and go-to-market strategy?
- While winning the competition outright is a worthy goal, the visibility from being a finalist may already be a material signal of future success regarding mindshare and/or exits.
For more information, see the complete article on the 2025 RSAC Innovation Sandbox Finalists.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other insights from The Futurum Group:
Futurum Research 2025: Key Issues and Predictions
How Will Cybersecurity Reach $288B by 2029? Futurum Unveils New Insights
Alphabet’s Proposed Acquisition of Wiz Shifts Cloud Security Landscape
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
