Listen to this Post
In a year dominated by agentic artificial intelligence, a vulnerability detection startup stole the show at one of cybersecurity’s most anticipated startup competitions. Project Discovery emerged as the winner of the 2025 RSA Conference Innovation Sandbox, pushing back against the buzz surrounding agentic AI with a more grounded and actionable cybersecurity solution. While futuristic AI agents captured imaginations, the reality of securing today’s software environments still matters—and Project Discovery proved that with precision and scale, vulnerability detection can still lead innovation.
This year’s RSAC competition spotlighted a transformative shift in cybersecurity thinking, where AI agents are not just augmenting traditional defenses but actively reshaping them. Most of the finalists built their solutions either around securing these autonomous agents or using them to perform tasks humans traditionally handled. However, it was Project Discovery, with its roots in the open-source Nuclei community, that walked away with the top prize—proving that even in the age of hyper-intelligent agents, real-time vulnerability detection still reigns supreme.
Agentic AI vs. Classic Security: A 30-Line Breakdown
Project Discovery claimed first place at RSAC
The tool is based on Nuclei, a powerful open-source community, boasting over a million users contributing vulnerability definitions.
It offers dynamic analysis rather than simple version checks, making it more effective at identifying complex threats.
This win underscores growing concern over gaps in the CVE database and the need for agile, real-time detection.
Despite Project Discovery’s win, the overwhelming trend among finalists focused on agentic AI technologies.
Agentic frameworks leverage LLMs as their core, enabling software agents to execute scripts, click UIs, and call APIs autonomously.
OpenAI and Anthropic protocols have standardized aspects of AI agent behavior, improving control and auditability.
Finalist EQTY Labs showcased traceable AI agents with tamper-proof cryptographic logs.
Calypso AI, the runner-up, demonstrated a dual-agent system—one to find model vulnerabilities, the other to patch them in real-time.
Aurascape focused on protecting AI applications, building sandboxed environments to monitor and secure AI behaviors.
Their agents detect new or updated AI apps online daily and then autonomously craft defenses.
Knostic stood out by approaching AI security from a knowledge management lens—facilitating safe “need-to-know” access through AI.
AI agents were not seen as human replacements but as tireless assistants to analysts.
Finalist Cmd Zero enhances SOC performance, presenting not just results but clear reasoning paths.
Cmd Zero even logs failed hypotheses—showcasing transparency in automated investigations.
Twine, another finalist, delivered a human-like agent capable of identity investigations, visualizing threats with charts and conversational interaction.
Twine positions itself as an agentic company rather than an identity firm, hinting at broader ambitions.
MIND, representing DLP innovation, demonstrated advanced LLMs to reduce false positives.
Smallstep brought hardware-based zero-trust networking to the fore, aligning with Google’s ACME initiative.
Metalware applied fuzzing to firmware, a niche but increasingly critical domain in IoT security.
The diversity of finalist approaches reveals cybersecurity’s shifting landscape—where traditional and futuristic methods collide.
Startups demonstrated autonomous threat detection, mitigation, and operations—minimizing human fatigue.
Agentic AI systems hinted at the possibility of reducing “zero-day” gaps to “zero-hour” response times.
However, many firms refrained from giving agents full remediation authority—human oversight still matters.
While agentic AI dominated the narrative, Project
Innovation Sandbox remains a crucible where disruptive cybersecurity solutions take shape.
The competition reflects broader trends: agentification, automation, and AI-native security.
Yet, the victory of vulnerability detection reaffirms the cybersecurity fundamentals.
Real-world threat detection and actionable intelligence continue to drive enterprise trust.
Agentic systems promise speed, but reliability and precision still win.
Project Discovery’s rise proves that open-source collaboration can outpace venture capital flash.
As agentic AI grows, hybrid approaches blending human expertise with machine speed may become the gold standard.
What Undercode Say:
The 2025 RSA Innovation Sandbox paints a compelling picture of two powerful currents in cybersecurity: the urgent need for practical, scalable vulnerability detection and the futuristic potential of agentic AI systems. Project Discovery’s win wasn’t just symbolic—it highlighted a market need for immediately usable, high-fidelity security tooling that adapts in real time. This is especially notable in an era where CVE databases struggle to keep up with evolving threat landscapes.
While startups like EQTY, Calypso AI, and Aurascape chase the bleeding edge of AI autonomy, there’s still a clear hesitance to fully trust AI agents with remediation tasks. Their capabilities are impressive—scanning, sandboxing, even coding patches—but the absence of AI-directed execution reveals a sobering reality: we’re not quite ready to surrender full operational control to autonomous systems. And that’s smart.
Agentic AI is undoubtedly transforming how we understand digital defense, creating a future where AI doesn’t just assist but anticipates and acts. Yet, that future hinges on two things: explainability and governance. Cmd Zero and Twine exemplify this with transparency, visualizations, and human-like interactions. Their systems don’t just output data—they justify it.
The broader trend here is convergence. Startups are blending AI autonomy with human oversight, sandboxing unknown
References:
Reported By: www.darkreading.com
Extra Source Hub:
https://www.quora.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
