[RSAC 2025 Sessions] Beyond the Battlefield to SOC: The Duality of Threats and Solutions

Day 3 of RSAC 2025 brought the spotlight to the deeper implications of AI not just as a tool, but as a force actively reshaping global conflict, cybersecurity infrastructure, and threat response capabilities. Sessions ranged from military-grade strategic perspectives to hands-on demonstrations of AI in modern SOC environments. What stood out most was not just the speed of AI’s development, but the complexity and scale of its impact across warfare, enterprise, and the human-machine dynamic.

One great session came from Bob Kenner, a retired U.S. Air Force leader with over 30 years of experience in cybersecurity and network defense. Kenner shared his perspective on the application of AI in asymmetric warfare, offering a high-level analysis rooted in real-world military leadership. Framing his talk through the lens of the “ugly, bad, and good” of AI in war, he avoided technical depth in favor of broader strategic implications.

The center of his message was the concept of asymmetry and how nations like China are using AI to exploit gaps in the international rules-based order, especially in domains such as cyber. While traditional powers invest in scale and infrastructure, asymmetric actors rely on speed, unpredictability, and unconventional approaches. AI fits perfectly into this equation.

Kenner emphasized that the Department of Defense operates the third-largest network infrastructure globally, creating a massive attack surface. Cyber operations, in particular, are now daily engagements. He said that the strategic value of AI lies in economic order optimization, using limited resources more effectively than opponents, regardless of size.

Yet speed, often assumed to be an advantage in AI-driven warfare, was questioned. “Velocity without direction leads nowhere,” he quoted, echoing the military OODA loop (Observe, Orient, Decide, Act). AI can shrink this loop, but without clear intent, speed alone is insufficient.

It was also discussed the J-Curve of AI. This new era in AI is characterized by scale, deception, and integration challenges. As one speaker noted, “The landscape is expanding, not shrinking.” IPv6, IoT, and cloud services are multiplying the attack surface. Without AI, humans simply cannot process the volume or complexity of data needed for effective security.

Yet the risks are real. Hallucinations (called by false or misleading AI outputs) remain a major issue. AI can misidentify students for plagiarism or hallucinate threats where none exist. And on the dark web, the commoditization of AI tools for malware development means that even low-level threat actors now have access to powerful offensive capabilities.

The main message was: it will take AI to fight AI. 

Another session grounded the discussion in SOC operations that stated AI is part of the solution, but not the whole answer.

It shared the evolution of SIEM, from basic logging in 2000 to analytics and orchestration in the 2010s, and now to the era of generative AI. Through a live demo, Elastic showcased how AI can enhance SOC workflows particularly through RAG (retrieval-augmented generation), which injects contextual data into AI models for more accurate, tailored outputs.

Whether on the battlefield or in the SOC, AI is now both a risk and a remedy. Its power lies not in replacing human intuition, but in amplifying scaling decisions, spotting patterns, and guiding action in an environment too complex to manage manually.

Organizations must embrace AI while remaining vigilant about its limitations. Strategic use of AI in asymmetric contexts, smarter SOC integration, and a deeper understanding of identity and trust will define the winners in tomorrow’s cybersecurity battles.