The Rise of AI in Cybersecurity: Insights from RSAC Conference 2026
At the recent RSAC Conference 2026, an assembly of over 40,000 cybersecurity professionals, including Chief Information Security Officers (CISOs), practitioners, and vendor leaders, highlighted the growing trend of artificial intelligence (AI) agents in the field. The prevalent theme focused not only on the use of AI but also on its implications for identity and data security across various applications. The discussions underscored how adversaries are exploiting AI technology, the importance of securing AI agents themselves, and the potential for AI to enhance cybersecurity tools.
Increasing Threat Velocity: The AI-Driven Challenge
The conference opened with significant presentations from industry giants such as Microsoft and Google, who conveyed a pressing message: adversaries are increasingly harnessing AI to escalate the volume, speed, and sophistication of their cyberattacks. The term "adversaries" refers to malicious actors utilizing advanced technology to refine their tactics, ultimately leading to more effective and widespread attacks. Current attacks may not yet feature groundbreaking sophistication but are characterized by more convincing phishing schemes and other deceptive strategies. Experts warn that as these attackers gain experience and further access to AI tools, the scenarios will likely evolve into far more dangerous threats.
While the insights presented emphasized existing vulnerabilities, it was noted that actual compromises causing significant harm to businesses have been limited. As companies actively adopt AI agents for various operations, experts believe it is only a matter of time before they encounter significant attacks or incidents. Therefore, the rise of AI-powered attacks necessitates a corresponding acceleration in defensive strategies, also powered by AI. Attendees of the conference were particularly focused on how defenders can leverage AI to enhance their cybersecurity measures and mitigate potential threats.
Distinguishing Value Amidst Marketing Noise
From a cybersecurity defense perspective, the conference presented a paradox: the need for clarity amid the overwhelming marketing messages surrounding AI security. Claims of “security for AI agents” were prevalent, yet the complexity of actual solutions was often obscured. A well-rounded AI security stack should encompass various layers, including AI security posture management, data security—which comprises data posture and loss prevention—and robust identity security mechanisms, such as governance, access control, and lifecycle management.
Given that the development of AI agents is a relatively nascent phenomenon, the complete landscape of security solutions needed to protect these entities has yet to be fully understood. Different technology providers tackle the issue from diverse angles, resulting in varied interpretations of what effective identity security for AI agents should look like. Three distinct approaches emerged as dominant themes during discussions:
-
Cybersecurity Platform Players: Major cybersecurity firms are adopting a broad approach to resolve the challenges posed by AI agents. This comprehensive stance includes strategies to combat prompt injection attacks, model poisoning, and identity governance. Companies like Cisco, Microsoft, CrowdStrike, and Palo Alto Networks are leading this charge by providing extensive solutions.
-
Identity Platform Players: Many organizations have made significant investments in identity governance and administration, privileged access management, and related security frameworks. Companies specializing in these areas can naturally extend their services to manage AI agent identities, thus ensuring security for both human and nonhuman identities. Notable players in this field include Delinea and SailPoint Technologies.
- AI Agent Identity Management Players: Some entities focus solely on the specific challenges tied to AI agent identity security. These specialized solutions are provided by companies such as Astrix Security and Barndoor AI.
As the varying strategies unfold in the market, identity and security teams must strive to maximize the utility of their existing technology stacks. Organizations that find their current solutions lacking are open to exploring niche tools that effectively meet their unique needs.
Shifting Budget Dynamics for AI Initiatives
Amid these discussions, the conference revealed an interesting trend regarding budget allocations for AI projects. While traditional roles like CISOs and CIOs manage cybersecurity budgets, the emergence of AI often leads to separate budget lines, sometimes overseen by executives like Chief Data Officers (CDOs) or Chief Technology Officers (CTOs). This shift complicates how cybersecurity and identity teams communicate the value of security measures necessary for the effective deployment of AI agents.
Identity security professionals recognize the ongoing compliance obligations tied to AI and the necessity for established governance processes. They must aid enterprise leaders in appreciating the importance of solid security and identity management frameworks, which are essential for deploying AI agents efficiently and securely.
As the AI landscape evolves, those involved in security must remain adaptable and proactive, ready to address emerging challenges. The dynamism within the cybersecurity field can be daunting, yet it also presents exciting opportunities for innovation. If any technology providers are developing new solutions oriented toward identity or data security, they are encouraged to share their insights for the benefit of the wider community.
In conclusion, Todd Thiemann, a principal analyst at Omdia with over two decades of experience in cybersecurity, emphasizes the current remarkable period for security discourse and innovation. As the lines between identity management and AI technology continue to blur, stakeholders must remain vigilant, informed, and collaborative in navigating the complexities ahead.