RSAC 2026: The Trends Shaping the Cybersecurity Agenda

That’s a wrap on another RSAC Conference! This one felt bigger and more energizing than ever, and marked a new era as the first conference under newly appointed CEO Jen Easterly. She brought a relentless optimism for what’s next and challenged the community to move past the “soulless cycle of patching” toward a future where AI is used to write more secure and resilient code.

‍

Unsurprisingly, AI agents were the heartbeat of the event. But the conversation has changed from talking about LLMs to talking about autonomy. The industry is racing to establish control and governance over agents already embedded across the enterprise. Nearly every major vendor announcement was something tied to agentic AI, AI governance, or runtime enforcement. The competition to win the AI security race was palpable.

‍

The competition at RSAC to win the AI security race was palpable.

‍

Here are some highlights:

‍

AI Agents and Identity 3.0

• What’s changed: AI agents are no longer experimental tools. They’re autonomous actors with credentials, privileges, and access to sensitive systems. RSAC made clear that the security industry now views agents as non-human identities that must be governed like humans.
• Why it matters: Identity is the control plane for AI. The perimeter is no longer just users and devices—it now includes autonomous software.‍
• Who’s driving the conversation: Rubrik, Lumos, Cisco

‍

Closing the Confidence Gap in Shadow AI

• What’s changed: Research released at RSAC showed a widening gap between perceived AI control and reality. Enterprises believe they have visibility, but shadow AI agents, AI-generated code vulnerabilities, and SaaS ecosystem incidents tell a different story.
• Why it matters: Shadow AI is quickly becoming as urgent—and as invisible—as shadow IT once was, as underscored by Geordie AI’s win at the Innovation Sandbox.
• Who’s driving the conversation: WitnessAI, ArmorCode, Snyk

‍

Security is Moving Down the Stack to Runtime 

• What’s changed: The industry is moving beyond prompt filtering and LLM guardrails. Vendors are shifting enforcement directly into the runtime, infrastructure, identity, and network layers.
• Why it matters: AI security is becoming a systems problem, not just a model problem. By embedding security into the infrastructure and identity fabric, organizations can enforce context-aware authorization and lateral movement controls, preventing agents from impacting other critical systems. ‍
• Who’s driving the conversation: Nvidia, Wiz, Illumio

‍

The Agentic SOC Has Arrived

• What’s changed: AI in the SOC has evolved from assistance to autonomy. Vendors are now launching AI agents that can hunt threats, validate exploits, generate detections, and orchestrate responses with minimal human intervention. 
• Why it matters: The debate is shifting from “Should we use AI in the SOC?” to “How much authority do we give it?”
• Who’s driving the conversation: Google Cloud Security, Dataminr, Arctic Wolf

‍

Security Is Every Business’s Problem

• What’s changed: RSAC 2026 saw an uptick in non-security brands like ServiceNow, Databricks, and JPMorgan Chase announcing products, speaking in keynotes, and hosting booths.
• Why it matters: As Jen Easterly noted, we don’t just have a cybersecurity problem; we have an expanding software quality problem. When every company becomes a software—and AI—company, security shifts from a specialized silo to a shared business responsibility.

‍

When every company becomes a software—and AI—company, security shifts from a specialized silo to a shared business responsibility.

‍

‍The AI Gold Rush: Fighting for Marketshare 

• What’s changed: 2026 saw an increase in total conference coverage and a 92% spike in vendor-driven coverage, driven by new AI security features and products.
• Why it matters: Companies don’t want to get left behind and are racing to release new products, features, and research that validate their position in the AI race.

‍

Closing thoughts

RSAC Conference is an agenda setting moment for the cybersecurity industry. The trends that emerged last week will shape headlines, investment priorities, and security strategies for months to come—and this year, the stakes felt higher than ever. The mix of optimism, urgency, uncertainty, and ambition across conversations signaled a true inflection point. As AI reshapes the threat landscape and security stack alike, it’s never been more critical for this community to come together and define what comes next.