From the mainstage keynotes to Broadcast Alley, the narrative coming out of RSAC 2026 was clear: We are no longer securing only users. We are starting to govern an autonomous machine workforce.
At the annual Cryptographers’ Panel, Adi Shamir warned of the “explosive proliferation in agents” and said he was “totally terrified by what’s going on.” On the keynote stage, Cisco President and Chief Product Officer Jeetu Patel urged attendees to think of AI agents as your friendly “digital co-workers.”
That juxtaposition summed up the week.
RSAC said the 35th annual conference drew tens of thousands of attendees from more than 100 countries and featured more than 700 speakers, 570-plus sessions and 600-plus exhibitors. Here are the five storylines that cut through the San Francisco expo haze.
1. Securing AI Agents Becomes a Priority
If AI agents were the stars of the show, securing them became the urgent subplot.
As Microsoft Security’s Vasu Jakkal put it from the keynote stage, “We cannot protect what we cannot see,” adding that in the age of agentic AI, organizations will need “an observability control plane.” That line captured the mood at RSAC 2026. The question was no longer what AI can do. It was what enterprises can actually see, govern and stop.
Vendors put real products behind that rhetoric. Cisco introduced AI Defense: Explorer Edition, which it said gives developers self-serve tools to test model and application resilience and “embed robust guardrails into agents before they are deployed.” CrowdStrike rolled out AIDR for Endpoint, which it said provides real-time prompt inspection and detects injection attacks, data leaks, and access and content policy violations across desktop AI apps including ChatGPT, Gemini, Claude and Microsoft Copilot.
Cyera launched Browser Shield, which it said provides prompt-level visibility into managed and unmanaged public AI tools and can alert on or block risky interactions before sensitive data leaves the organization. Security leaders repeatedly said adoption is outpacing guardrails.
In a Cisco blog published during the conference, Patel said 85% of surveyed enterprises already had AI agent pilots underway, but only 5% had moved them into production.
The rise of the agentic SOC
A related subplot was the formal debut of the “agentic SOC.” If 2025 was the year of the copilot, 2026 looked more like the year of the autopilot. This is not just faster automation. It is a shift toward “swarms of experts” — autonomous agents that triage, investigate and remediate threats without waiting for a human to click approve.
The evidence was on full display during Reimagining Security for the Agentic Workforce. In a Cisco blog tied to the keynote, Patel warned: “With a chatbot, the worst case is a wrong answer. With an agent, the worst case is a wrong action — and some actions can’t be undone.
That gave the “agentic SOC” narrative a needed reality check. Mittal and Gupta suggested the real story was less flashy and more useful. The first practical version of the agentic SOC is not a robot analyst riding to the rescue. It is a tightly constrained assistant that helps human analysts move faster, document better and make fewer blind turns.
That also made the product launches easier to read. The product landscape mirrored the rhetoric. Arctic Wolf launched its Aurora Agentic SOC, while CrowdStrike unveiled Agentic MDR, both pitching a move from surfacing data to executing response.
2. The Nonhuman Identity Explosion
These nonhuman identities, or NHIs, are the new shadow IT. They operate at machine speed, carry privileged credentials and often lack a clear human owner. RSAC’s own trends preview captured the shift in a single line: Identity is now the “fundamental security boundary” in distributed, cloud-native and AI-enabled environments.
Security has long been obsessed with proving that a person is who they say they are. RSAC 2026 made the case that this model is now too small.
In “Digital Identity 101,” Paul Simmonds, CEO and CISO of the Global Identity Foundation, argued that “entities have identity, not just people,” and warned that if security teams keep focusing only on users, they will miss the larger shift already underway. His point was simple: Devices, code, processes and AI agents now all seek access, carry risk and need to be governed as first-class identities, not treated as afterthoughts bolted onto a human-centered system.
In the session “It’s Getting Real & Hitting the Fan 2026: Real World AI(dentity) Attacks,” Brian Contos, field CISO at Mitiga, told attendees that “identity is still the number one access factor” and said AI is now amplifying those attacks through scale, speed and accuracy. He described a threat landscape in which attackers increasingly abuse valid credentials, OAuth tokens and connected-app identities rather than smashing through the front door.
In one of the session’s more useful lines, Contos said defenders are now hunting for “legitimate credentials being things that may be suspicious” — a much harder job than spotting a loud, obvious outlier.
Contos also noted that some nonhuman identities carry administrative read-write access, meaning a compromised machine account can do things a normal employee account often cannot.
That is what makes nonhuman identities so dangerous. They are fast, privileged and often poorly understood.
The old identity model assumed people at keyboards. RSAC 2026 made clear that the bigger problem now is everything else with a token, a task and too much trust.
The industry response was swift. 1Password announced Unified Access, a platform aimed at securing AI agents and automated workflows, while BeyondTrust rolled out what it called a unified privileged identity approach for AI agent coworkers and workloads. The perimeter is no longer just a firewall. Increasingly, it is an identity tag.
A related warning came from a Cloud Security Alliance survey released during the show: 73% of organizations expect AI agents to become vital within a year, yet 68% said they still cannot clearly distinguish human activity from agent activity.
3. Innovation Sandbox: The Triumph of the Agent Watcher
The RSAC Innovation Sandbox remains the industry’s kingmaker contest. This year, the judges rewarded pragmatism by naming Geordie AI “Most Innovative Startup 2026.”
RSAC said Geordie won for an AI governance platform that gives enterprises a deep, real-time understanding of their “agentic footprint” and the ability to observe agent posture and behavior. In the winner announcement, co-founder and CEO Henry Comfort said, “It means the world to us. It’s great validation for the problem we are solving.”
A separate release said the company was founded in 2025 by cybersecurity leaders from Snyk, Veracode and Darktrace, is backed by Ten Eleven Ventures and General Catalyst and had grown revenue tenfold in the previous two months.
The win suggested the market is already moving past AI novelty and toward governance, visibility and restraint. Finalists leaned heavily into AI, automation and identity, mirroring the conference’s broader themes.
4. Post-quantum Cryptography: No More ‘Wait and See’
Quantum computing has long been treated as a someday problem. At RSAC 2026, it felt more like a procurement problem moving in slow motion.
RSAC said the annual Cryptographers’ Panel drew a packed audience and focused in part on “preparing for a quantum future.” Outside coverage sharpened the point. GovInfoSecurity reported from the conference that investors and enterprises are starting to treat Q-Day — the point at which quantum computers could break widely used encryption — as a near-term risk, forcing changes in key management, PKI and cryptographic standards.
The conversations were direct. Data encrypted today may still matter a decade or two from now. That is why “harvest now, decrypt later” remains such a potent phrase. Security teams may not know exactly when quantum risk will fully arrive, but they know the migration clock has already started.
Walt Powell, lead field CISO at CDW, warned that many organizations still do not see quantum as a current problem, even though “it’s a today problem, not a future problem, as implementing and deploying quantum-safe solutions takes years.” He also pointed to the central risk: Quantum computers will eventually threaten today’s public-key cryptography, while Grover’s algorithm could weaken symmetric encryption enough to require larger key sizes.
The standards picture is no longer theoretical. NIST says three post-quantum cryptography standards are ready to implement now and that organizations should begin migrating before quantum computers put current encryption at risk.
During the conference, Google said it was setting a 2029 timeline for post-quantum cryptography migration, citing progress in quantum computing and the present-day risk of “store-now-decrypt-later” attacks. Google said the goal was to provide the “clarity and urgency needed to accelerate digital transitions” across the industry.
5. The Human Element and the Leadership Squeeze
For all the talk of autonomous swarms, the conference’s emotional core remained stubbornly human. The “Power of Our Community” theme highlighted the 66% of CISOs who say they feel at risk of burnout.
RSAC’s theme this year was “The Power of Our Community,” and the agenda kept returning to burnout, empathy and the pressure on security leaders.
Day 2’s Empathetic Leadership keynote brought former New Zealand Prime Minister Jacinda Ardern to the stage to talk about trust and values-driven leadership. Day 3’s The Evolution of Cyber War: Inside the Making of ‘Midnight in the War Room promised an “unvarnished look” at the human struggle behind cyber conflict. Even the CISO Boot Camp made room for a session titled “Is Your Leadership Style Burning You Out?”
While vendors raced to sell speed, the conference kept circling back to stamina.
Jen Easterly, the former CISA director and frequent RSAC headliner, offered the week’s clearest correction to the “AI will save us” narrative. In her session on software quality, Easterly said, “We don’t have a cybersecurity problem; we have a software quality problem.”
She argued that the security industry exists because software vendors have been allowed to ship “defective, insecure, flawed” products for decades. The industry, she said, needs to focus less on high-speed agentic hype and “cool new tools” and more on “basic product liability.”
