In this podcast, we chat with Mathieu Gorge, CEO of Vigitrust, about key insights from RSA 2025 in San Francisco.
Mathieu emphasizes the massive impact of artificial intelligence (AI) on compliance. He shares how AI is spreading across organizations and what that means for potential risks. He also points out that suppliers are shifting toward a more consultative approach that focuses more on business outcomes.
The discussion turns to the role of the CISO, or Chief Information Security Officer. With the rising risks tied to AI, there’s a real debate about whether CISOs should handle all the responsibility for compliance and data security.
Mathieu has been attending RSA for about 20 years. He’s noticed that every year there’s typically a standout topic, whether it’s been blockchain, orchestration, or AI. This year felt different—there wasn’t just one defining trend. He notes that compliance is more important than ever, with companies buzzing about innovation in this area. The vendor landscape is saturated with those specializing in governance, risk, and compliance (GRC) as well as specific data protection solutions.
He highlights a shift in the vendor narrative. In previous years, conversations revolved around product features and sales pitches like “buy my encryption” or “here’s our storage solution.” But this year, the focus was on the business outcomes of using these products. Vendors are emphasizing the benefits: showing compliance, demonstrating effective data protection, and quickly identifying data issues.
Mathieu also touches on the complexities surrounding CISOs. Are they the right people to lead AI adoption, or are they already stretched too thin managing data protection? Should there be a dedicated chief AI officer or chief AI security officer? These are pressing questions that came up at RSA, particularly concerning compliance and data protection amidst AI’s presence.
He explains how vendors are shifting their messaging. They’re adopting a more consultative approach, backed by case studies and whitepapers illustrating the benefits of proper compliance. Instead of telling companies they have to comply or else, they’re making a case for doing compliance effectively.
Mathieu draws parallels to cloud services, where the risk landscape expanded as companies bypassed security measures. He observes a similar trend with AI, where the risk surface is only increasing. Vendors and speakers at the conference pushed for the responsible adoption of AI without compromising existing security measures.
That raises the question of governance: Who really should oversee AI adoption? Is it the CISO alone, or should it involve other roles? The industry faces a significant challenge. With AI creating more data and less oversight, it’s vital to have effective frameworks in place. Many existing AI frameworks aren’t well-known, even to some CISOs.
As an industry, we need to simplify this process, helping organizations navigate the complexities. The risk landscape is definitely growing, and it’s crucial to manage it effectively.
