Skip Navigation
Resources Blog 5 reasons to not miss Sonatype at RSAC 2025

5 reasons to not miss Sonatype at RSAC 2025

5 reasons to not miss Sonatype at RSAC 2025
4:09

RSA Conference (RSAC) brings together cybersecurity practitioners from across the globe to learn about the latest cybersecurity defense strategies and tools, connect with industry peers, and share knowledge about the threat landscape.

From real-world research to thought leadership on AI, regulation, and supply chain resilience, here's how you can connect with Sonatype at this year's RSAC.

1. Catch up on the newest Sonatype Repository Firewall enhancements

Open source malware is growing at an exponential rate — and most organizations aren't catching it until it's too late. Sonatype invites RSAC attendees to stop by our booth to see firsthand how our industry-leading malware research and real-time defenses are helping enterprises block malicious packages before they enter the development pipeline.

Learn how attackers are hiding threats in popular ecosystems like npm and PyPI, and explore how Sonatype's AI-powered platform quarantines risky components before they do damage.

2. Chat with Brian Fox, Co-founder and CTO, and get a signed copy of the 10th annual State of the Software Supply Chain® report

For the past decade, Sonatype has provided year-over-year analyses of open source consumption data. Sharing these unparalleled insights has expedited innovation in software development, as well as propelled Sonatype's success in bringing industry-first solutions to market.

Stop by the Sonatype booth on Tuesday, April 29 from 12 - 12:30 PM PDT or Wednesday, April 30 from 2:30 - 3 PM PDT to get your own signed copy of the 10th annual report and catch up with the lead author.

3. Learn about how threat actors leverage PyTorch to deploy malware posing as open source AI

Join Trevor Madge and Andrew Stein from Sonatype on Wednesday, April 30 at 8:30 AM PDT for a deep dive into one of the most pressing new threats: open source AI model malware. In this session, "Unpickling PyTorch: Keeping Malicious AI Out of the Enterprise," Trevor and Andrew will expose how adversaries are sneaking malicious payloads into AI model files — specifically PyTorch pickle files — and why traditional security tools are blind to these threats.

If your team is building with AI, this is a must-attend session for understanding how to safeguard your machine learning (ML) supply chain.

4. Get the latest on "Software Supply Chain Security, AI, and Regulation"

As the pace of innovation accelerates, so does the complexity of governing it. Join Tyler Warden, Sonatype's SVP of Product, and Mitch Ashley, VP and Practice Lead of DevOps and Application Development at The Futurum Group, for an insightful conversation on how software supply chain security intersects with the expanding influence of artificial intelligence and global regulatory shifts. Whether you're a product leader, developer, or security professional, this session will help you navigate the future of secure, compliant software innovation.

5. Test your malware targeting skills at darts

Think you can avoid a malicious package? Step up to the challenge at our booth and test your instincts with our malware dart board. Aim for the right target, and walk away with bragging rights — and some cool swag. It's a fun way to learn about the tactics threat actors are using today, and how Sonatype's tools can help you stay one step ahead.

Connect with Sonatype at RSAC 2025

Missing the conference? Don't worry about missing out — hear from Mitun Zavery, VP at Sonatype, on-demand to learn about how to balance speed with security in the age of AI.

Come meet the Sonatype team, catch our talks, and discover how we're helping enterprises secure every corner of the software supply chain — from open source packages to AI model ingestion.

  • When: April 28 – May 2, 2025

  • Where: Booth #4427, Moscone North Expo Hall

Ready to rethink what's possible in software supply chain security? We'll see you there. Schedule a time to chat with us here.