The RSA conference of 2026 has concluded, marking the end of an eventful week filled with vendor excitement, user concerns, and substantial discussions on cybersecurity.
The streets of San Francisco were bustling with vendor-branded vehicles, though notably absent were Teslas. Instead, there were Escalades and Rivians adorned with various vendor names, while the term “AI-[insert word here like enabled, enhanced, native, powered, etc.]” was omnipresent around Howard Street.
Throughout the week, I engaged with CISOs, cybersecurity experts, technology vendors, and service providers. Here are some insights from my observations.
Understanding the CISO AI Hierarchy
While vendors were enthusiastic about AI opportunities, many cybersecurity professionals expressed a sense of unease. I identified three different CISO archetypes based on my interactions:
The proactive CISO (about 20%): These leaders were informed about the ongoing AI-driven changes in business and technology and came prepared with specific questions relevant to their enterprise. Many included security engineers and architects in their teams. They had a solid grasp of their organization’s AI initiatives and security needs, aiming to compile a list of solutions that align with their strategic goals and support their governance models, policy enforcement, and security technology.
The curious and confused CISO (around 40%): These executives recognized that AI was influencing their organizations but lacked clarity on its specifics. Their primary goal was to gain knowledge about potential risks and the available industry solutions to mitigate them. This group of CISOs was quite eager for assistance.
The blissfully ignorant CISO (approximately 40%): This label might be somewhat harsh as it reflects more on their organizations. It is likely that there are AI developments occurring that neither the CISO nor some executives are aware of. They attended RSA with a relaxed mindset, possibly glossing over the AI discussions while networking with vendors and seeking social events.
I believe that CISOs will rapidly transition through these categories over the next year. Those who are currently blissfully ignorant will soon learn about AI initiatives within their organizations, moving towards curiosity and confusion. However, the leap from confusion to proactivity will be more challenging. These CISOs must evaluate business objectives, ongoing projects, and user activities, and collaborate with executives to create a governance framework, establish policies, implement safeguards, monitor activities, and maintain a flexible model that adapts to ongoing and future business and technical needs. An analogy frequently mentioned at RSA is that organizations must be able to repair the aircraft while in flight.
Legacy Vendors Hold an Advantage in AI – For Now
Regarding AI technology usage in cybersecurity, most CISOs I encountered were open to possibilities but inclined to stick with their current vendors, at least for the near future. This may grant legacy security vendors a temporary advantage, but not for long.
Consider the evolution of cloud technology: we moved from skepticism to “lift and shift” to cloud-native solutions. A similar, albeit faster, transformation is occurring with AI. Simply adding AI to existing tools will only be a short-term solution, likely lasting no more than a year.
Establishing Strong AI Foundations is Crucial
I was heartened to hear vendors discuss their AI transition strategies focused on building a solid foundational infrastructure, including data foundations, context engines, intelligent control planes, execution layers, services, and guardrails, before layering functional agents on top. Cisco and Splunk impressed me with their development strategy and roadmap, while AI startups like Abstract, Crogl, and Sidekick are fully committed to this approach.
AI Code is Making Waves
Many vendors are fully embracing AI development tools and reporting significant outcomes. I learned about accelerated project timelines and reduced staffing needs. The creation of connectors is a case in point. Companies like Axonius and Tenable, recognized for their extensive technology integrations, are leveraging AI to alleviate the burdensome yet essential work, allowing developers to focus on functionality instead.
The Complexity of AI Pricing
Although AI capabilities are integrated into numerous tools, there remains a lack of clarity regarding the pricing of AI services. Some vendors charge per token, others per user, and some by agent count. The market will likely clarify these pricing structures as the year progresses.
Application Security is Undergoing an AI Transformation
The influence of AI on software development is well recognized, and it is evident that application security is experiencing a similar transformation. Anthropic’s Claude Code Security exemplifies this trend, as does the AWS Security Agent, which offers software testing capabilities throughout the software development lifecycle; from design to runtime and red teaming.
I also encountered a company named XBow, specializing in autonomous offensive security powered by AI agents. Given these advancements, the application security landscape will likely look very different by RSA 2027.
Cyber-Adversaries May Bring Unexpected Challenges
There is ongoing discussion within the industry about AI's influence on the threat landscape: are current cybersecurity defenses sufficient, or will AI advantage adversaries?
After attending RSA, I believe both perspectives hold validity. Organizations with robust governance, risk management, asset visibility, modern training, and strong hygiene practices should fare well. Unfortunately, this represents a small fraction of companies. Most organizations lack advanced security skills and sufficient resources, making them vulnerable to adversaries equipped with AI tools and automated processes.
MSSPs are Enhancing AI-Enabled Security Operations Centers
Managed security service providers (MSSPs) and managed detection and response (MDR) firms are pushing the boundaries of AI-enabled security operations centers (SOCs).
Arctic Wolf introduced its Aurora Superintelligence Platform and the Aurora Agentic SOC, which features agents for triage, alerting, investigations, and more. I also spoke with Ontinue, an MSSP that offers services built on Microsoft security solutions like Defender for Endpoint, Defender for Azure, and MS Sentinel. They are leveraging AI to achieve what they term “hyper-contextualization,” gaining comprehensive insights into their clients’ business processes and technology infrastructure to enhance decision-making.
Microsoft Solidifies Its Role
When discussing Microsoft, it is difficult to find another vendor that matches its extensive cybersecurity offerings.
At RSA, Microsoft presented impressive AI metrics and concrete examples from multiple customers who activated its Defender agents, resulting in hundreds of hours saved and improved accuracy and productivity. Microsoft likely possesses many more success stories to share.
Be Wary of Cyber Category Disruptors
Traditionally, cybersecurity has been understood through various product categories; EDR, firewalls, SIEM, CSPM, etc. However, multi-agent AI solutions could potentially handle multiple functions simultaneously, disrupting traditional categorizations and acting as category killers.
CISOs need to prepare for this shift and remain open to changes in organizational structures, processes, and budgets. Additionally, the rise of multi-agent cybersecurity products could signal the end of the Gartner Magic Quadrant and similar vendor evaluation frameworks.
Shifts in Awareness Training
Training methodologies are currently evolving, which is a positive development. Awareness training is being replaced with behavior monitoring and behavioral change initiatives. Human risk management tools from companies like Fable Security, KnowBe4, and Mimecast are tracking user behavior and providing guidance when deviations occur.
In addition to synthetic phishing exercises, some platforms are even offering synthetic deepfake training. Currently, HRM solutions are primarily adopted by progressive organizations, but I anticipate they will become a standard as regulators and cyber-insurance providers recognize their value and support this training evolution.
Security is Taking Charge of Identities
While it is only partial ownership, this marks a positive step forward. I am observing notable advancements in areas such as passwordless authentication; it's surprising that in 2026 we are still reliant on passwords; browser security, non-human identity (NHI) protection, and privileged account management.
Discussions at RSA also revolved around AI-agent access and action control mechanisms; detection, monitoring, and management of shadow agents, alongside strategies like zero-standing privilege. AI will play a significant role in facilitating the challenging process of identity modernization.
As a cryptographer might say, my aim has been to encapsulate the entire RSA event into a singular key. I truly enjoyed my time at RSA 2026 (my 20th visit) and eagerly anticipate next year’s event. I look forward to seeing everyone at the Moscone Center from April 5 to April 8, 2027.
