Background on this year's theme at RSAC in San Francisco and current cybersecurity trends: the theme of this year's RSAC conference in San Francisco, "The Power of Community," highlights how the cybersecurity community is gaining autonomy and is facing threats from AI. Survey results from Enterprise Technology Research were shared with Unsurfaced.com and demonstrated how, as more organizations move to better hygiene practices and add additional layers of protection to their networks, AI becomes a significant component of the enterprise platform, often at the cost of investing in the cloud. In addition, the survey showed that the rate of adoption for AI-generated agents far exceeds an organization's ability to manage them, and that AI-generated attacks are adding another layer of difficulty to an already complex security landscape.
"This is the first time that we've seen LLMs and gen AI protection as the number one player. For the past couple of years, cloud security was the number one player," according to Erik Bradley, chief strategist and research director at Enterprise Technology Research, in an analysis he did on theCUBE, SiliconAngle Media's online streaming studio. "I believe nobody has the control tower yet. I believe it'll be a combination. That's why I keep saying 'depth of defense.' That's a term we used to say 10–20 years ago; I believe it's more important now than ever."
Industry experts including Bradley and others who speak to identity fragmentation and autonomous threats, along with AI systems, appeared on theCUBE Research's Jon Oltsik, Christophe Bertrand and Dave Vellante during the RSAC 2026 conference to discuss how the shape of enterprise security is changing.
There are three insights that may have gone unnoticed:
- Insight #1: Organizations must rely on the lateral world to defend against an AI-generated attack, and as such cyber resiliency now requires AI-powered defenses running at machine speeds.
- Many of the most devastating cybersecurity attacks occur when a threat actor gains unauthorized access to a poorly defended area of a network and subsequently uses that access to traverse laterally across multiple areas of the IT infrastructure.
- Broadcom Inc. is addressing this risk through a four-step prescriptive deployment framework and controls that reside closer to the workload. As Prashant Gandhi (left), vice president of products for the application networking & security division at Broadcom, stated in an interview with theCUBE:
"If you really look at any AI-generated attack, ultimately what happens is the perimeter is breached, the attacker gets in, lands on a weakly protected asset, then moves laterally." Gandhi added: "That lateral movement is where we come in because we put traps in the lateral world, and that is where we enforce zero trust."
As organizations face an increasing amount of rapid-fire attacks, Google Mandiant's M-Trends 2026 report noted that the median time from when an attacker initially gained access into a network to taking further actions with respect to those networks had decreased from eight hours down to twenty-two seconds. Humans could no longer respond quickly enough.
Francis de Souza, chief operating officer and president of security products at Google Cloud, stated in a discussion with theCUBE:
"Time is measured in seconds and minutes." He continued: "It is impossible to implement a human-only defense mechanism against an AI-generated attack. The older models of relying on humans for defense, or even implementing a human-in-the-loop defense model, must evolve. Today we see primarily an agential defense, utilizing AI to combat AI, allowing organizations to operate at machine speeds and enabling humans to supervise, set boundaries, develop policies and strategy, monitor activity, etc."
Insight #2: The quantum threat is closing in on enterprises and it is time to start investing in built-in protection.
The capability of quantum computers to rapidly break ciphers that have protected critical systems for decades may force enterprises to invest in entirely new preventative measures as early as this year. According to Mark Hughes, global managing partner for cybersecurity services at IBM Corp., the only remaining questions revolve around how long organizations will have prior to needing these new forms of protection.
"My first recommendation would be not to panic, because we already know many things we can do to safely introduce and utilize AI within our organizations. However, while it may be true that we should not panic, we must get moving very quickly," Hughes stated in his discussion with theCUBE. "Similar principles regarding governance and implementation apply to how we deploy AI and bring it into our organizations. We must accelerate, however."
Hughes expressed confidence that a positive outcome from the quantum threat will be for enterprises to begin managing certificates, keys, and all types of cryptographic operations with greater discipline. Additionally, quantum threats can eliminate one of the greatest bottlenecks to AI adoption, namely, that a tremendous amount of work is needed and cannot be accomplished solely by humans.
IBM has developed four quantum-resistant algorithms. The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) has recently published its first three final post-quantum encryption standards for organizations to start implementing.
"It is imperative that organizations organize themselves around cryptography now, not simply due to the quantum threat, though that is obviously an absolute necessity," Hughes stated. "In order to achieve what we describe as 'crypto agility,' moving beyond traditional methods of managing cryptography, which is difficult to implement, organizations need to start developing an agile method of managing cryptography now so we can move forward in today's environment."
Insight #3: AI agents are revolutionizing the identity channel and helping to close the skills gap in cybersecurity.
One of the main tenets behind zero-trust enterprise systems has proven effective in protecting systems when humans are involved in activities related to those systems. However, as AI agents enter mainstream workflow processes, it changes how identity works in that every action taken needs immediate authorization based upon current circumstances.
Ping Identity Inc. has introduced an Identity for AI platform to enhance visibility into agents throughout various environments, ensuring they are functioning within established parameters for any specific task.
"For example, with agents working inside our systems, there isn't an equal measure of consequences for something we consider damaging to the company," Ping Identity founder and CEO Andre Durand stated during his visit on theCUBE. "Therefore, the guardrails need to be much tighter."
While there is a need for increased levels of controls surrounding AI agents, these agents represent solutions for the cybersecurity profession at precisely the right time. Last year, there existed a severe shortage of 3.5–4 million cybersecurity professionals worldwide, per last year's ISC2 Cybersecurity Workforce Study.
"The potential exists for agents to allow security professionals to automate tier-one tasks such as phishing triage, thereby freeing them up from hundreds of hours per month spent on reactive tasks and instead allowing them to pursue proactive and preemptive threats," Scott Woodgate, general manager for threat protection at Microsoft, stated during his visit on theCUBE.
"Agents provide a chance to take automation to a completely different level and essentially upskill employee roles so they can fill the job shortages created by the partnership between people and agents," Woodgate concluded.
To view more of theCUBE's coverage of RSAC 2026, please click here for the complete video playlist.
John Furrier, co-founder of SiliconAngle:
We want you to engage with our community to support our mission to maintain content as open-source and free. Please join theCUBE Alumni Trust Network, where technology leaders connect, exchange knowledge and intelligence, and generate opportunities.
15+ million viewers of videos on theCUBE content, driving conversations across topics including AI, cloud computing, cybersecurity, and more.
More than 11,000 alumni members within theCUBE community, connect with more than 11,400 tech and business leaders who are shaping tomorrow through a one-of-a-kind trust-based network.
