Chainloop at RSAC 2025: SDLC Governance, Quantum Leaps, and AI Waves!

We just came back from an incredible week in San Francisco for BSides and RSAC 2025! This year was special for us—it was our first time exhibiting at the Early Stage Expo and hosting a side event with new and old friends from the DevSecOps space.

Showcasing our automated Software Delivery Lifecycle (SDLC) Governance platform was an amazing experience. To everyone who swung by our booth, said hello, and shared your insights – a massive THANK YOU!

Several key themes emerged from our countless conversations, and we wanted to share some of the highlights:

The New GRC Frontier: Data You Can Trust

One of the hottest topics was the increasing demand for new and updated compliance frameworks, like FedRAMP

It’s clear that meeting these rigorous standards requires more than just ticking boxes. The consensus is a growing need for a stronger data foundation—one built on signed, verifiable data that you can inherently trust. Discussions revolved around the necessity for real-time, continuous evidence gathering throughout the software development lifecycle (SDLC) to make compliance an ongoing, automated process rather than a last-minute scramble.

This is exactly where we believe automated SDLC governance plays a pivotal role.

Are Your Algorithms Quantum-Ready?

The shadow of post-quantum cryptography loomed large in many discussions. We were fascinated by the number of people asking about the transition to quantum-resistant algorithms.

A key question that kept coming up was, “How can we ensure our development teams are actually using the approved, quantum-resistant cryptographic algorithms and not inadvertently introducing vulnerabilities with older ones?” This highlighted a critical need for tools and processes that can provide visibility and enforce cryptographic policies within the SDLC, a challenge we’re keen to address.

We are really happy to have Keyfactor as partner to enable post-quantum PKI in the Chainloop evidence store and guide us and our customers through the transition.

All Eyes on the Cyber Resilience Act (CRA)

The European Union’s Cyber Resilience Act (CRA) was another frequent topic of conversation. With its impending enforcement, many are grappling with its implications for software development, vulnerability management, and secure-by-design principles.

The CRA’s focus on the security of “products with digital elements” throughout their lifecycle resonates deeply with our mission of automating governance and ensuring security is baked in from the start. We had some fantastic discussions about how to proactively prepare and integrate CRA requirements into existing development workflows.

We are working on providing automated controls for CRA in Chainloop. To stay up to date, take a look at our reference documentation.

What About AI in the SDLC?

And of course, no tech conference in 2025 would be complete without extensive discussions about Artificial Intelligence.

We were frequently asked about our approach to AI and how it intersects with SDLC governance. We were happy to point people to our recent thoughts on this, particularly regarding the importance of securing the AI data pipeline itself. If you missed it, you can check out our blog post: AI Data Pipeline.

The conversations at RSAC reinforced our belief that as AI becomes more integrated into development, governing its lifecycle will be paramount.

Looking Ahead

Our first time exhibiting at the Early Stage Expo was an energizing and validating experience. The challenges discussed are complex, but the drive for innovation and collaboration within the cybersecurity community is truly inspiring. We’re more committed than ever to empowering organizations with the tools they need for robust, automated SDLC governance.

Thanks again to everyone who made our RSAC debut a success. We’re already looking forward to next year!

Want to continue the conversation or learn more about how we can help you automate your SDLC governance? Get in touch with us!