in Uncategorized

12 cyber industry trends revealed at RSAC 2026

on Share

The 2026 RSA circus is over. The tents are packed and the elephants have been loaded onto the train.

Nevertheless, it was an eventful week. There were fleets of vehicles — Escalades, Rivians, trucks but curiously, no Teslas — strewn with vendor names and tag lines, and you couldn’t walk anywhere near Howard Street in San Franciso without seeing, “AI-[insert word here like enabled, enhanced, native, powered, etc., etc., etc.]”

I spent the week speaking with CISOs, cybersecurity professionals, technology vendors, and service providers. Here are a few of my takeaways.

The CISO AI hierarchy is real

While every vendor communicated AI opportunity gaga, cybersecurity professionals’ mood was one of trepidation. In fact, I came away with a profile of three distinct CISO archetypes:

The proactive CISO (approximately 20%): These security leaders were well aware of the AI-driven business and technology changes afoot and came armed with a list of questions tailored to their specific enterprise requirements. Many of these executives brought along security engineers and architects — an action-oriented team. These CISOs had a decent understanding about their organization’s AI business initiatives, as well as their own security needs. The goal? Develop a shopping list that aligns with their organization’s strategy and supports their governance models, policy enforcement controls, and security technology stacks.

The curious and confused CISO (approximately 40%): These executives know something is happening with AI in their organization, but they aren’t sure what, where, or how much is going on. Their goal was education —  what risks they face, what risk mitigation steps they should take, and what’s available from the industry to help them stop the bleeding. CISOs in this category are somewhat desperate for help.

The blissfully ignorant CISO (approximately 40%): Okay, this one is a bit unfair to CISOs as it’s more about their organizations. There’s likely AI development and usage the CISO and probably some executives are unaware of. They approached RSA believing time was on their side, so they probably skimmed through the AI rhetoric, shmoozed with vendors, and looked for the best cocktail parties.

In my humble opinion, CISOs will cycle through this hierarchy quickly over the next year. Blissfully ignorant CISOs will get wind of AI projects at their organization and move on to curiosity and confusion. This won’t take long. Proceeding from curious and confused to proactive will be the more difficult transition. These CISOs must assess business objectives, active projects, and user activities, then work with executives to develop a governance framework, create policies, implement guardrails, monitor activities, and manage a flexible model that keeps up with current and future business and technical requirements. A common analogy heard at RSA is that companies must be able to fix the plane while it’s in flight.

Legacy security vendors have the inside track on AI — for now

As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors — at least in the short term. This may buy legacy security vendors a bit, but not much time.

Remember what happened in the cloud as we progressed from a lack of cloud trust, to “lift and shift,” to cloud-native? The same thing is happening with AI, only even faster than the cloud. Bolting AI to existing tools won’t work for long, a year at most.

You’ve got to get the AI foundations right

I was encouraged to hear vendors describe how they started their AI transition by building an infrastructural foundation — data foundation/context engine, intelligent control plane, execution layer, services, guardrails, etc. — and then adding functional agents on top of this foundation. Cisco/Splunk impressed me with its development approach and roadmap, while AI-based startups such as Abstract, Crogl, and Sidekick are betting the farm on this methodology.

AI code is making an impact

Vendors are also all-in on using AI-development tools and seeing strong results. I heard about project acceleration along with staff reduction. Building connectors is a good example. Axonius and Tenable, both known for broad technology integration, are using AI to offload a lot of this tedious but necessary work, freeing developers to work on functionality rather than plumbing.

AI pricing remains a mess

While AI capabilities appear to be baked into many tools, I found that no one knows how to price their AI services. Some are doing so by the token, some by the number of users, and some are charging by the agent. The market will flush this out over the rest of the year.

Application security is getting its AI makeover

We all know the impact of AI on software development. It’s clear to me after RSA that the same thing is happening to application security. Anthropic’s Claude Code Security is one example, but I also got a view of the AWS Security Agent, which provides software testing capabilities across the software development lifecycle — from design, to development, to runtime, to red teaming.

Likewise, I met with a company named XBow that focuses on autonomous offensive security based on AI agents. Based on these developments, we will see a very different application security market at RSA 2027.

Few may be prepared for what comes next from cyber-adversaries

There’s active debate in the industry about the impact of AI within the threat landscape: Are existing cybersecurity defenses adequate or will AI tilt the battlefield toward adversaries?

After RSA, I believe both premises are true. Sophisticated firms with strong governance, risk management, asset visibility, modern training, and sound hygiene and posture management should be okay. Alarmingly, this is a small percentage of organizations. Most others lack advanced security skills and adequate resources. Adversaries armed with AI tools and automated workflows will have a field day here.

Managed providers are advancing the AI SOC

Managed security service providers (MSSPs) and managed detection and response (MDR) vendors are pushing the envelope on the AI-enabled security operations center (SOC).

Arctic Wolf unveiled its Aurora Superintelligence Platform and the Aurora Agentic SOC, which includes agents for triage, alerting, investigations, and more. I also met with Ontinue, an MSSP that provides services on top of Microsoft security tools such as Defender for Endpoint, Defender for Azure, and MS Sentinel. It is using AI to establish what it calls “hyper-contextualization” to understand all it can about its customers’ business processes and technology infrastructure so it can improve decision-making.

Microsoft cements its position

Speaking of Microsoft, it’s hard to point to any other vendor that can match its cybersecurity coverage.

Unlike others, Microsoft came to RSA armed with AI metrics and proof points. For example, Microsoft provided specific metrics from several customers that turned on its Defender agents and saved hundreds of hours of work while improving accuracy and productivity. I’m sure Microsoft has many examples to share.

Beware the cyber category killers

We’ve always viewed cybersecurity through the lens of security product categories — EDR, firewalls, SIEM, CSPM, etc. But multi-agent AI products could take on many of these tasks simultaneously, breaking down traditional product buckets and acting as category killers.

CISOs must anticipate this and be open to organizational, process, and budgetary changes. Also, will multi-agent cybersecurity products mean the death of the Gartner Magic Quadrant and all other me-too vendor mapping products?

Awareness training gradually transforms

Training is in transition. I’m pleased with this development. Awareness training is being replaced by behavior monitoring and change. Human risk management (HRM) tools from Fable Security, KnowBe4, and Mimecast, among others, watch over users and provide a nudge when they go astray.

Beyond synthetic phishing, some tools even provide synthetic deepfake training. HRM sales are limited today to progressive organizations, but I believe they will become a de facto standard as regulators and cyber-insurance companies see the light and support this training renaissance.

Security claims ownership of identities

Well, partial ownership, but this is a step in the right direction. I’m seeing interesting advancements in areas such as passwordless authentication (I can’t believe it’s 2026 and we’re still using passwords), browser security, non-human identity (NHI) security, and privileged account management.

RSA also pushed discussions about AI-agent access and action control — detection, monitoring, control of shadow agents, zero-standing privilege, etc. AI will be a big player, helping to ease the painful identity modernization process.

As a cryptographer might say, with this article, I’ve tried to hash the entire RSA event into a single key. I really enjoyed RSA 2026 (my 20th) and look forward to next year. See you at the Moscone Center from April 5 through April 8, 2027.

You May Also Like

Uncategorized

Microsoft warns MSMQ may fail after update, breaking apps

View Post
Uncategorized

Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative

View Post
Uncategorized

Ten career-ending mistakes CISOs make and how to avoid them

View Post