RSAC 2026: AI Dominates the Spotlight
Recently concluding in San Francisco, the RSA Conference 2026 (RSAC 2026) emerged as a significant event within the cybersecurity community, with artificial intelligence (AI) taking center stage. The prominence of AI at this year’s conference was anticipated, as organizations globally are accelerating their AI initiatives. With this surge, the associated security implications cannot be overlooked. Research conducted by Omdia, a sector within Informa TechTarget, revealed that a notable 44% of respondents highlighted security, compliance, and regulatory requirements as critical factors in their decision-making regarding AI agents. Meanwhile, an additional 37% considered these aspects very important.
However, as AI security has become a predominant topic of discussion, concerns surrounding fatigue from repetitive conversations on the subject have surfaced. This phenomenon was observed previously with the topics of zero trust and supply chain security, which also dominated discourse at various industry events.
One of the highlights of RSAC 2026 included a session on securing AI agents, jointly presented by the author and esteemed colleague Todd Theimann. Despite over three days packed with AI-focused content, the session garnered substantial attendance, demonstrating an ongoing interest and demand for information on the topic.
AI Adoption: A Complex Landscape
The dialogue surrounding AI and security is intricate and multifaceted. While the expo floor provided vendors with a platform to outline their unique propositions to potential clients, the reality of AI security remains somewhat convoluted. Organizations are left questioning whether vendors are utilizing AI to improve security outcomes, to secure public AI models, or to bolster the protection of internally developed applications that incorporate AI technologies. The multitude of possibilities makes it challenging to achieve clarity on this issue.
In looking forward, one can expect numerous AI security projects to gain momentum in the upcoming year. However, many organizations find themselves in a phase of information-gathering, illustrating the necessity for security teams to prioritize vendors capable of offering a comprehensive view of AI security. Vendors should not only address their own capabilities but also acknowledge various practices external to their offerings; such recognition can enhance partnerships and collaborations across the cybersecurity ecosystem.
While many vendors present essential components to secure AI, the market has yet to identify a single vendor that can furnish a complete end-to-end solution, leaving room for potential innovation and development.
Trends Emerging from RSAC 2026
Aside from the dominant theme of AI, RSAC 2026 showcased several other captivating topics such as enterprise browsers, sovereignty, and platformization.
Enterprise Browsers
The enterprise browser segment is dynamic and evolving, with various approaches being explored to enhance visibility and control over browser activity. A key takeaway from numerous discussions was the high priority buyers place on flexibility. Different organizations may opt for dedicated browsers or incorporate extensions alongside network-based solutions like Secure Access Service Edge (SASE). The fundamental conclusion drawn from this discourse is that having a browser component has transitioned from being a simple differentiator to a crucial requirement within the market.
Sovereignty
Discussions around sovereignty largely revolved around the concepts intertwined with SASE, revealing an increasing need for adaptability. The traditional SASE model, which primarily routed traffic through cloud infrastructure, often disregarded the complexities associated with large enterprises that operate hybrid workforces operating under a variety of regulations and laws. Security teams must deploy inspection points that accommodate public cloud, private cloud, and on-premises solutions based on diverse criteria such as geography, business unit, user, and data type. The challenge of managing this myriad of factors manually can significantly elevate operational complexity, making tools that streamline deployment indispensable for security teams.
Platformization
Particularly relevant to network security, platformization was illustrated through various examples, including hybrid mesh firewall solutions, the expansion of SASE initiatives, and advancements in network detection and response capabilities. These vendors are beginning to broaden their focus to support more extensive observability and posture-related use cases. Encapsulating the overarching theme of the conference, each of these developments carries an AI component, indicating a trend toward integration and evolution.
In conclusion, while platform providers may not have all the answers regarding AI security, they hold significant advantages and existing relationships in the field. As AI continues to proliferate, security teams will likely seek to avoid adding isolated layers of controls that specifically address only a single facet of the environment. Given the significance of AI and the plethora of unresolved questions surrounding it, it is highly probable that AI will maintain its status as the primary discussion point at RSAC 2027.
John Grady serves as a principal analyst at Omdia, focusing on network security, and possesses over 15 years of experience within the IT vendor and analyst landscape. Omdia, as a sector of Informa TechTarget, acknowledges that its analysts maintain business relationships with a variety of technology vendors.