San Francisco, April 29, 2025: The RSA Conference is renowned for highlighting significant shifts in cybersecurity and risk management. This year, alongside familiar conversations about persistent cybersecurity threats and regulatory pressures, a deeper transformation is occurring: the rise of Autonomous Integrated Risk Management (Autonomous IRM). Vendors at RSAC 2025 are showcasing solutions that go beyond merely automating routine tasks, moving toward independently identifying, assessing, and mitigating risks across enterprise ecosystems without constant human intervention.

Evolution Toward Autonomous IRM

Historically, risk management technologies evolved incrementally, first automating processes like audits, compliance checks, and third-party risk assessments within Governance, Risk, and Compliance (GRC) frameworks. Integrated Risk Management (IRM) furthered these capabilities by enabling continuous monitoring and broader cross-domain visibility. However, even advanced IRM still depended significantly on human oversight.

The RSA 2025 Conference marks a pivotal transition toward full autonomy, driven by sophisticated AI agents capable of executing complex risk management activities across cybersecurity, compliance, operational resilience, and vendor ecosystems independently. This shift represents not merely a technical advancement, but a fundamental realignment of the role of technology in risk management.

While at RSAC 2025, I will be exploring the following three vendors showcasing their new products and partnerships. I will be publishing deep dive articles in our brand new premium subscription research service - The RTJ Bridge. We have rebranded our former premium subscription version of The RiskTech Journal to provide deeper research insights into risktech innovations. But don’t worry, The RiskTech Journal is not going anywhere. In fact, we will be delivering the same quality content with no subscription required.

Look for my first article about Safe Security’s new third-party risk management (TPRM) offering to publish later today. Tomorrow, I’ll be exploring AuditBoard’s move into AI governance and I’ll conclude on Thursday with a deep dive into ServiceNow’s partnership with CIMCOM. See previews below,

Safe Security's Autonomous TPRM: A Case Study in Autonomy

Safe Security’s new TPRM platform offers a clear example of Autonomous IRM in practice. AI agents within the platform independently handle vendor risk evaluations, continuous risk monitoring, and lifecycle management tasks, dramatically reducing administrative efforts. The key question moving forward is whether these autonomous processes can reliably meet stringent internal and regulatory standards for risk assurance and compliance.

Expanding AI Governance: AuditBoard’s Strategic Move

AuditBoard's introduction of AI governance into its Connected Risk suite of tools signals a broader trend where traditional risk management platforms expand their scope to include emerging technological risks, particularly around generative AI models and their governance. This initiative acknowledges increased regulatory expectations and rising board-level concerns, reinforcing the strategic necessity of integrating AI oversight into existing risk management structures.

Addressing Overlooked Risks: ServiceNow & CIMCON Partnership

The collaboration between ServiceNow and CIMCON underscores the importance of managing risks associated with end-user computing assets, such as unmanaged spreadsheets and scripts, which historically bypass formal risk governance. By integrating these assets into structured risk workflows, this partnership highlights the necessity of comprehensive digital risk coverage as enterprises move toward Autonomous IRM.

Introducing The RTJ Bridge: Premium Insights for Risk, Security and Business Leaders

Coinciding with RSAC 2025, Wheelhouse Advisors is launching The RTJ Bridge, the premium version of The RiskTech Journal. Tailored specifically for senior executives navigating complex risk environments, The RTJ Bridge provides:

• In-depth independent vendor evaluations and expert analyses

• Exclusive series, including “The Risk Ignored” with the inside story on the last 25 years of risk management technology development and deep dives into the RSA 2025 Vendor Insights summarized here

• Complete access to the IRM Navigator™ Research Series, including the newly released 2025 Vendor Compass for Technology Risk Management (TRM)

Available now at $6.99/month or $69.99 annually, including a complimentary first-month trial, The RTJ Bridge delivers ongoing strategic value without the high costs of legacy analyst subscriptions.

Subscribe to The RTJ Bridge.

Implications of Product Launches and Partnerships

The move to Autonomous IRM represents a profound shift that goes beyond incremental improvements in efficiency. AI-driven solutions such as Safe Security’s autonomous TPRM platform signify a new era of proactive, adaptive, and predictive risk management. As AuditBoard and ServiceNow's developments show, AI autonomy is swiftly becoming a competitive imperative rather than an optional enhancement.

RSA Conference 2025 thus represents a critical inflection point. Risk, security and business leaders must now decide whether to embrace autonomous capabilities proactively or risk being left behind—less prepared for emerging threats, less agile in their responses, and increasingly challenged by expanding regulatory expectations.

Ori Wellington is reporting live from RSA Conference 2025. For full strategic insights and comprehensive analysis of key vendor announcements, subscribe to The RTJ Bridge.