Deepen Desai, CSO, EVP Cyber & AI Initiatives at Zscaler, joins theCUBE hosts at the RSAC 2025 event. In this session, Desai shares insights into the evolving landscape of cybersecurity, emphasizing AI and its dual role as both a solution and a threat.
Desai offers a wealth of expertise to the discussion, focusing on the intersection of AI and cybersecurity. As a seasoned chief information security officer, they provide enlightening commentary on topics such as AI-driven attacks, zero-trust architecture and phishing trends. The conversation delves into deep fakes, hybrid attacks and the balance between enabling AI adoption and maintaining robust security.
Key takeaways from the session include the necessity of embracing zero-trust architecture to mitigate AI-related security threats and the growing commonality of context-driven phishing attacks. According to Desai, leveraging AI in cybersecurity efforts is crucial but should not replace fundamental security measures. The session provides pragmatic insights into how organizations can enhance security practices while embracing digital innovation.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Deepen Desai, Zscaler
Exploring Cybersecurity and AI Trends at RSAC 2025
Deepen Desai, chief security officer and executive vice president of cyber and AI initiatives at Zscaler, joins theCUBE hosts at the RSAC 2025 event. In this session, Desai shares insights into the evolving landscape of cybersecurity, emphasizing AI and its dual role as both a solution and a threat.
Desai offers a wealth of expertise to the discussion, focusing on the intersection of AI and cybersecurity. As a seasoned chief information security officer, they provide enlightening commentary on topics such as AI-driven attacks, zero-trust architecture and phishing trends. The conversation delves into deep fakes, hybrid attacks and the balance between enabling AI adoption and maintaining robust security.
Key takeaways from the session include the necessity of embracing zero-trust architecture to mitigate AI-related security threats and the growing commonality of context-driven phishing attacks. According to Desai, leveraging AI in cybersecurity efforts is crucial but should not replace fundamental security measures. The session provides pragmatic insights into how organizations can enhance security practices while embracing digital innovation.
Deepen Desai, CSO and EVP of cyber and AI engineering at Zscaler, sits down with theCUBE’s Dave Vellante and Jacki McGuire at RSAC 2025 to explore how AI is reshaping both sides of the cybersecurity battlefield. From AI-powered attacks to defensive automation, Desai makes it clear: the conversation is no longer about if AI plays a role, it’s how to stay ahead.
They take a look at the rising tide of context-aware phishing, deepfakes and hybrid threat tactics. While AI unlocks new defenses, it also expands the attack surface, Desai underscores. The key...Read more
exploreKeep Exploring
What are chief security officers concerned about these days?add
What were some of the findings in the recent report regarding phishing attacks?add
What are the potential implications of combining AI-driven content with traditional means in cyber attacks?add
What strategies can be used to defend against AI-driven attacks?add
>> Hi, everybody. Welcome back to Moscone West. This is theCUBE's continuous coverage of RSAC 2025. My name is Dave Vellante. I'm here with Jackie McGuire, John Furrier's in the house, John Oltsik and the entire CUBE team. We're pleased to welcome Deepen Desai. He's the chief security officer. He's got some other parts of his title, EVP. Congratulations... Is that new?
Deepen Desai
>> It is new. Thank you.
Dave Vellante
>> Thank you. Oh, yeah. Thanks for sharing that. That's awesome. EVP of cyber and AI initiatives at Zscaler. That's nice. That's a real testament to the fine work that you've done. Multi-time CUBE guest. So, thanks so much.
Deepen Desai
>> Thank you for inviting me.
Dave Vellante
>> Yeah, you bet. I think last time we talked, I believe was one of our Superclouds and we were talking about how security could be the real blocker to that wonderful vision we have of Supercloud. And it always comes back to security, doesn't it? Which always comes back to data. But you guys have been doing some good work. I'm looking at this 2025 phishing report. But before we get into that, what's on the mind of chief security officers these days?
Deepen Desai
>> AI. How do you protect against AI-driven attacks as well? So, both sides, right? You need to enable your organization with AI adoption securely, but then, you also need to be wary of all the risks surrounding that. And you also have the bad guys who are starting to leverage it to the full potential. And that's some of the things that we've highlighted in our recent report as well, how bad guys are starting to leverage it when they're going after your organization.
Dave Vellante
>> This is a weird thing I'm going to say, you know how presidents of countries, they'll do something, if things are not going well and the people aren't happy, they'll do something. I'll give an example that won't offend anybody. So, during the Vietnam War, it wasn't going well. So, Lyndon Johnson flew to Hawaii for a meetup. It didn't work. It didn't distract anybody. But I feel like, okay, AI is like this distraction. What about all the other basic blocking and tackling that we have to do? What happened to that? And so, serious question, what is the state of that? Is it such that everything has to be rethought because of AI or is it know AI is a layer on top?
Deepen Desai
>> Look, good question. You're right. I mean, the fundamental things still applies, and by fundamental things I'm talking about the architecture choices that you make. We're big proponent of zero-trust architecture. So, as long as you're shutting down the vectors, the attack paths that the attackers can take or even AI-driven attacks can take, you're secure. You've simplified your architecture, your network, you remove complexity. So, those fundamental things still apply. But when you start thinking about AI application, the overall threat model changes slightly because you need to now worry about two things. One is all the data that is going to be leveraged to train those models, whatever application that you're trying to build internally. If you're relying on a SaaS vendor, that's your third-party supply chain risk as well, because we're now starting to see ransomware operators go after those SaaS providers, because the downstream impact is tremendous. And then, the other part you need to worry about is where they're going after your models, the outcomes. So, poisoning those applications to result in outcomes that may favor one thing over the other. And there are adversarial attacks that are already starting to happen that targets your application from that perspective. It's better called poisoning attacks.
Jackie McGuire
>> Yeah, poisoning the well. Yeah, absolutely. I actually did a talk at, it may have been RSA last year about it, about common exploits. The other one that's coming up more often now is feature extraction. So, that was something that a year ago I mentioned is that we don't really see this in the wild, but basically, attackers trying to take your features of your AI and figure out what model you're using, but it's started to come up more in the wild recently. Kind of related question. One of the things that I've noticed is that AI is causing security teams to have to be more diplomatic than they've been before. So, one of the things that I've heard a lot is security is always the department of no, right? And they're the department that says no to everything. But I think what security teams are finding is that unless they say, "Let's help get to yes," the AI projects are just going to happen without them knowing about it. So, I think if they want to be aware of what's going on, they're starting to have to be a little bit more... They're having to be diplomats and actually interface with other parts of the organization and make sure they know that security is there to support. I'm wondering if you're seeing the same thing in that security teams are having to be a lot more open to partnership within the organization to maintain some visibility over everything that's happening?
Deepen Desai
>> Yeah. No, good point. Look, in my opinion, right after pandemic, Mr. No security team tags started to fade away because we had to be that business-enabler. How do you support that hybrid workforce? AI, I would call it a similar phenomena, where now we are trying to support business adoption to become more efficient, more prolific. So, it's another way where CISOs will have to team up with CIOs and cross-functional leaders in order to make sure that the organization is doing AI adoption in a secure way. There has to be a governance framework. There has to be a security framework that needs to be adhered to when they're investing in AI adoption. So, yes, I'm seeing that across the board. But now, it's a second stream. After pandemic, we went through one way, where we were already working together. This is for their-
Jackie McGuire
>> Yeah, the explosion of BYOD was insane during the pandemic. Coming from financial services, I spent a lot of years in financial services where I had a Blackberry issued by my... Just the fact that everybody was now on their own devices, it was terrifying to me.
Dave Vellante
>> I was interviewing Lena Smart, who's the CISO over at MongoDB, and I was in a bad mood and I was griping about security. And I said, "What's the answer here?"
Jackie McGuire
>> What?
Dave Vellante
>> I know. Thanks. And she goes, "Look, it's easy. Just don't click on links." And I'm like, "What do you mean?" "I'm serious. Don't click on links."
Jackie McGuire
>> Ever?
Dave Vellante
>> Yeah. I'm like, "How do I get my job done?" She goes, "Don't click on links and you'll be good." So, it brings me to phishing, right? I mean, that's what she was talking about. I'm like, she goes, "Okay, if you really, really trust somebody, but otherwise, don't click on links." So, why the focus on phishing? I think we know the answer to that, but how has it changed? Are attackers getting more precise, more spear phishing, more targeted? What are you guys finding? We can get into some of the findings in your report.
Deepen Desai
>> Yeah, actually that was one of the findings in our recent report where the volume of phishing attacks went down, but the quality of these attacks, as you mentioned, spear phishing, more targeted in nature, more context being brought in when they're going after an organization. And it indicates that these guys are leveraging AI to craft those templates, to bring in that current news context as well. There are a couple of examples that I'll walk you through as well, but that is making those attacks much more believable and increases the chance of success.
Dave Vellante
>> What's interesting, what the top 20 brands most frequently imitated in phishing scams, Microsoft, Google, Netflix, Facebook, DHL, HSBC, WhatsApp, FedEx, Adobe. I'm surprised Apple's not on here.
Jackie McGuire
>> I just got a smishing text from A-hyphen-P-P-L-E this morning and it was the first Apple one I'd seen.
Dave Vellante
>> that's funny, but that's some really interesting data. And you got some other examples, right?
Deepen Desai
>> No, the brands that you see... Again, this is all enterprise data, so these are enterprise employees being targeted, but you will see a mix of both enterprise and consumer brands being leveraged as the lowers because there are a lot of the cases where the employee will do certain things on their work laptop, and if they're able to phish and get an identity compromised, they're able to then leverage it to move around, especially if they're reusing certain credentials, or if they're able to phish and deploy a payload on that work laptop, then again, it provides them the beachhead to discover what else is reachable from that. You mentioned about a couple of examples, I'll give you-
Dave Vellante
>> Yeah, tactics are changing.
Deepen Desai
>> Tactics are changing. I completely agree with what Lena mentioned about not clicking links.
Jackie McGuire
>> Everybody needs a sandbox. Everybody needs a sandbox.
Deepen Desai
>> Unfortunately, since last couple years, we've started seeing many of these threat actors pick up the phone and call your privileged users. IT help desk was in the news, I'm sure you guys saw that, where Scattered Spider was calling them. A few months later, there were other gangs that started leveraging the same tactic. They were pretending to be part of a security team. They would call IT help desk, "Hey, we saw an infection on your computer. Can you do A, B and C, just to investigate whether it's a true positive or false positive?" It will always turn out to be a false positive. But then, at the end of it, they will send them a survey link, which is a link, and if they click it, then that's how they're able to get in.
Jackie McGuire
>> From whatever ports they just opened during their testing.
Deepen Desai
>> Exactly. Yes.
Jackie McGuire
>> Yeah.
Deepen Desai
>> And then. the most recent one-
Dave Vellante
>> Oh, That's clever.
Deepen Desai
>> Yeah, the most recent one, again, this has resulted in many successful ransomware attacks over the past nine to 12 months, they will identify three or four privileged users in an organization. They will then send spam messages, whether it's SMS, email, large volume of it. And within five minutes of that, they will call all those employees at once and they'll say, "Hey, I'm part of your security team. There was a failure in one of the controls that resulted in spam passing through. Let me help you." And then, the playbook basically results in them taking over the-
Dave Vellante
>> it's like getting into the department... somebody's going to open it up, right? Wow.
Deepen Desai
>> SO, they're getting more and more clever in the tactics and they keep evolving because when the IT help desk phone calls were happening, "Oh, don't reset MFA, don't reset password, unless the manager approves it." The playbook on IT help desk evolved, so then they evolved their playbook on how do we get in? So, we're going to see more and more of this. Traditional emails will still be there, but these context-driven phishing attacks, we are-
Jackie McGuire
>> Yeah, and it's happening fast. I was actually just talking about that in a previous interview and that when I joined theCUBE, within 24 hours of information about me being put on LinkedIn, I was getting phishing emails from John, from Dave, from-
Dave Vellante
>> Oh, yeah.
Jackie McGuire
>> Yeah, and I messaged them and I was like, "Hey, this is a crazy volume, given the fact that I've been here a couple of days." And it's the open source intelligence, it's getting easier to automate the process of collecting it to create those spears.
Dave Vellante
>> So, your world, you folks who hang out with, the SecOps teams, you must be thinking about, "Okay, how would I create some phishing scam or-"
Jackie McGuire
>> Art of War.
Dave Vellante
>> Art of war, right. And so, what gamification is going on in the community to anticipate what's coming? Hard to predict, but any insight you can give us on what threats are coming in the future?
Deepen Desai
>> So, we're going to see a combination of things that I just spoke about. But imagine... And this actually happened as well. You're aware of it where CEO's voice was used. Now, video deepfakes are also a thing, but when you combine two to three of these traditional channels with this new channel, the attack becomes even more believable. So, we're going to see hybrid attacks where both AI-driven content and the traditional means are combined. An example I can give you, this happened in the last three to four months. During our appraisal cycle, and this was seen across multiple other technology industry verticals, during our appraisal cycle, there was an email claiming to grant CEO equity that went to a few targeted employees. This was a real attack and that has happened across the board. Now, fun fact over there, our CEO, Jay also received that, which was an absolute failure on the AI side, but they're going to bring in this context when they go after organizations and it won't be just one channel. They will use multiple channels to make it more and more believable.
Jackie McGuire
>> Well, yeah, because I was just thinking about that and I'm like, yeah, if you go on Blind, the employee review app, you can probably figure out by people's comments and posts when review cycle is because people will post that they're unhappy about their reviews. So, you referenced zero-trust earlier. Before we started recording, we were talking about lateral movement and how the nature of compromise has changed. And you mentioned that everybody should be using a zero-trust architecture. I was hoping you can go into that a little bit more. So, what we were talking about before we started recording is that, I said, "We used to have all these services that existed in vacuums and the cloud tied them all together." And you were saying, "Yes, that's true, but also that we've moved from, you had to be at the office to access it."
So, can you talk a little bit more about how the nature of the threat has evolved with an ever-more-connected enterprise, and then how zero-trust helps break that interconnected nature if you need it to? It's kind of the firewall. It's the non-firewall firewall, right?
Deepen Desai
>> Sure. Yeah. So, the way I would explain this, and over the past five years, this has become even more obvious. Anything that is exposed to the internet is your attack surface, whether it's VPN, firewall, VDI, whatever it may be. And there are certain things that you need exposed to the internet for business reasons, but you need to protect that. Attackers will target those assets to get inside your environment. This is where VPNs are being targeted over and over again. So, when we were discussing, "Hey, why is zero-trust now such a big deal? Why is it so important for organizations to adopt that?"
A lot of these legacy technology, when the attackers are able to successfully exploit a vulnerability, whether it's remote code execution, authentication, bypass, and you will see a plethora of them over the past two years, they're essentially getting a beachhead into a relatively flat network. They're basically bringing users or the attacker on a network, and then they're able to use automation, post-exploitation tools to move within that environment and get to crown jewel applications, which is where the data is, which is where their target is. Back in the day when everyone was in the office, the thing was, "Oh, I'll build a castle over here and you need to be here to access anything within this castle, otherwise you don't have access to it." That world is gone, right? The users are anywhere. They could be home, traveling. Your apps have moved to the cloud, so the apps are also no longer in the castle. And then, you have data centers, you have emerging technologies, like AI, where you're relying on several SaaS vendors. So, you need to have zero-trust architecture followed. One last thing I'll mention on this front is to fight AI-driven attacks, you need to leverage AI. But AI is not at a stage where it can solve everything from threat detection, prevention perspective. It can make humans more efficient, it can improve the efficacy of the platform. So, you should leverage that for becoming more efficient and higher efficacy.
Jackie McGuire
>> Keyword being leverage, not rely.
Deepen Desai
>> Not rely on it. Exactly. But then, you must simplify your network. You must reduce complexity. You should prioritize zero-trust architecture, which will ensure that any path that the attackers, be it AI attacker or a human adversary, any path that they're able to take are closed because you've implemented a true zero-trust solution.
Dave Vellante
>> At your event last night, there was a tagline... I can't remember. It was zero-trust-
Deepen Desai
>> Everywhere....
Dave Vellante
>> everywhere or anywhere. It was everywhere, right?
Deepen Desai
>> Yeah.
Dave Vellante
>> So, I mean, that seems to be your war cry, if you will.
Deepen Desai
>> Zero-trust everywhere with AI-enabled platform, yes.
Dave Vellante
>> We'll give you the last word. What's happening at the show? What's the conversation like with your CISO peers? And what's the key message you want to leave everybody with?
Deepen Desai
>> A lot of agentic AI discussions, as expected. Yeah, CISOs, like I said, that is top of mind for everyone. How can they enable the business to adopt some of these things more securely? But then, there is a lot of fluff as well out there, where vendors are claiming to do A, B, and C, but it's not even doing A properly, right?
Dave Vellante
>> Yeah, yeah, yeah Uh-oh.
Deepen Desai
>> So, there is a lot of that discussion between us, CISOs, like, "Is this really doing what it's claiming to do?" There's room for a lot of these technologies to mature, and next year is going to be exciting though. I mean, there is potential, but a lot of these technologies are early in their stage.
Dave Vellante
>> Well, thank you for being vigilant and the good work that you do. We appreciate your coming on theCUBE.
Deepen Desai
>> Thank you. Pleasure.
Dave Vellante
>> Okay. For Jackie McGuire, this is Dave Vellante and you're watching theCUBE's coverage RSAC 2025. We'll be right back right after this short break. See you then.
Dave Vellante
Jackie McGuire