Each year, the RSA Conference brings together tens of thousands of cybersecurity professionals from around the world—and 2025 was no exception. Held at the Moscone Center in San Francisco, the event attracted over 40,000 attendees and featured hundreds of sessions, workshops and vendor showcases. From Fortune 500 CISOs to early-stage startups, the conference served as a dynamic hub for security conversations, innovation launches and strategic partnerships.
This year’s theme—”The Art of Possible“—highlighted the transformative power of technology in shaping the future of cybersecurity. Artificial intelligence, threat intelligence automation and regulatory compliance topped the agenda. Speakers and exhibitors emphasized the urgency of adapting to a rapidly changing digital landscape where adversaries are faster, threats are smarter and organizations must evolve or be left behind.
Amid the buzz of AI and automation, however, one area remained noticeably underrepresented: mobile application security. Despite the growing importance of mobile-first user experiences, few vendors have highlighted mobile-specific vulnerabilities or defenses. As DoveRunner’s team engaged with attendees and vendors from the show floor, it became increasingly clear that mobile security—particularly at the application layer—continues to be one of the most overlooked priorities in today’s enterprise security strategy.
The AI surge, and what it’s leaving behind
Artificial intelligence dominated RSA 2025. From enhanced threat detection to automated incident response, nearly every major vendor showcased how they’re using AI to outpace evolving attack vectors. Topics such as synthetic fraud, non-human identities and machine-generated traffic were featured prominently across sessions, reflecting the rapid integration of AI into the cybersecurity ecosystem.
But amid all the buzz, one critical area remained underrepresented: mobile application security. Despite the central role mobile apps now play in digital experiences, very few vendors addressed threats specific to this layer of the stack. According to DoveRunner’s 2025 Mobile App Threat Landscape Report, mobile malware attacks rose by 13% year-over-year—yet mobile-specific solutions were sparse on the show floor.
Many organizations assume that securing the device, network or backend API is enough. However, mobile apps are often the primary entry point to enterprise systems, and attackers are aware of this. Techniques such as reverse engineering, credential stuffing and AI-driven bot activity are increasingly targeting mobile apps as entry points.
The core message for security leaders is clear: mobile apps remain one of the weakest links in the modern enterprise. If they’re left unprotected, no amount of backend security will be enough. As threats evolve and AI reshapes the landscape, mobile security must become a strategic priority, not an afterthought.
Bots and non-human traffic are the next mobile threat
As attackers grow more sophisticated, a new category of risk is taking shape on mobile platforms: non-human traffic. Bots that mimic human behavior can now execute credential stuffing attacks, scrape sensitive data or manipulate app functionality—often without detection.
These bots are becoming increasingly intelligent, thanks to the advancements in AI. Many now simulate user interaction with uncanny accuracy, thereby bypassing traditional defenses such as CAPTCHA or rate limiting. And this activity is no longer confined to web environments; mobile apps are quickly becoming a preferred target.
Security leaders must begin asking tougher questions: How do we differentiate between legitimate users and AI-generated interactions? How do we prevent automation from compromising mobile experiences or collecting customer data en masse? As mobile-based threats evolve, detecting behavioral anomalies in real time will become a critical capability.
Why mobile threats are a business—and regulatory—risk
As companies push AI models directly to mobile devices, a new vulnerability is emerging that few are addressing. These models, often expensive and proprietary, are deployed to endpoints with little to no protection. That leaves them exposed to reverse engineering, theft and repurposing by malicious actors.
The implications go beyond intellectual property loss. In regions governed by laws such as the EU AI Act or California’s CCPA, unauthorized access to sensitive models or data can result in significant compliance violations. If regulators determine that data was collected or misused, companies may be forced to retrain models or delete them entirely, potentially losing millions in investment.
At the same time, mobile app compliance requirements are intensifying across jurisdictions. Latin America, Asia-Pacific and the EU have all strengthened mobile data protection mandates, and more countries are following suit. Falling behind not only increases the risk of breaches but also fines, bans, and reputational damage.
Security leaders can’t afford to treat mobile app security as optional. In today’s regulatory and threat landscape, it’s foundational to risk management, business continuity and long-term viability.
A new wave of developer training startups
One positive trend from the event: the emergence of startups focused on security training for developers. Unlike traditional players, these new entrants offer more accessible and scalable approaches to integrating secure coding practices early in the development lifecycle. As mobile security shifts left, these training platforms could play a pivotal role in improving app protection at the source.
The core message for mobile-focused security leaders
If there’s one message RSA 2025 sent to security leaders focused on mobile, it’s this: mobile apps remain the weakest link in the security chain. They are the gateway to customer data, internal systems and backend APIs. If that gateway isn’t protected, other security investments may not be enough.
Mobile security must become a higher priority—especially as threat actors evolve their techniques, regulations tighten and AI becomes both a tool and a threat. Organizations that recognize this and invest accordingly will be better positioned to defend their digital assets in the years ahead.Want to explore how DoveRunner is helping organizations secure their mobile apps from bots, AI threats and emerging compliance risks? Contact us to learn more or request a demo.
