RSA 2026 is still weeks away and the hype machine is humming. This year’s theme, “The Power of Community,” is somewhat ironic as the overwhelming chatter at the Moscone Center in San Francisco from March 23 to March 26 will be about AI agents, not humans.
Welcome to the cybersecurity community, agents, automatons, and robots!
While cybersecurity is an extremely diverse area covering everything from humans to critical infrastructure, here are five cybersecurity areas certain to have a starring role at RSA 2026 — and worthy of being on any CISO’s attendance agenda.
The rise of the AI-SOC
In 2026, we are moving beyond AI copilots toward autonomous agents performing traditional security operations center (SOC) activities such as triaging alerts, investigating malicious activity, isolating hosts, and patching software on our behalf. The trend is expected to reshape operations in the SOC even if the early realities haven’t yet fully aligned with agentic expectations.
Still, there’s a lot of innovation happening from established vendors (e.g., Cisco/Splunk, CrowdStrike, Google, Microsoft, etc.) and startups (e.g., Andesite, Crogl, Prophet Security, etc.) alike. While AI-SOCs have potential, security pros remain leery about AI hallucinations and “black box” tools, and agents will succeed or fail based on a foundation of accurate and timely data access — threat intelligence, log files, tools integration, and so on.
For RSA attendees, I recommend cautious optimism. One way or another the AI-SOC is coming — and sooner than you think. But CISOs should come prepared with requirements, lots of questions, and a willingness to cast a wide net rather than simply defaulting to existing tools vendors.
CTEM in the spotlight
In another evolutionary trend, most organizations are moving beyond scanning for software snafus to continuous threat exposure management (CTEM). By doing so, security teams hope to get a full picture of all assets, as well as their configurations, locations, software vulnerabilities, ownership, and business criticality.
Armed with this data, CTEM platforms look at threat intelligence to assess adversary tactics, techniques, and procedures (TTPs), helping organizations prioritize which vulnerable assets represent the highest risks to the business. Some tools can even predict which assets may be most vulnerable to future exploits.
CTEM tools from vendors such as Nucleus Security, ServiceNow (Armis), and Tenable (Vulcan Security) will be front and center at RSA but there’s a confusing cast of thousands in this space. While promising, CTEM done wrong will just add another tool to the security stack.
Before succumbing to the shining objects at RSA, security teams should audit — and clean up — their data, define “crown jewel” assets, create their own risk scoring system, and build a mobilization plan for emergency and day-to-day patching processes between security and IT teams.
Cyber resilience takes center stage
According to Special Publication 800-160, Volume 2, from the National Institute of Standards and Technology (NIST), cyber resilience is defined as: “The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.”
Note the expansive definition. Anticipating threats requires threat intelligence analysis, solid and continuous exposure management, and effective security controls. Withstanding and recovering from threats demands rapid detection, incident response, solid data backup and restoration, and a formal — and tested — business continuity and disaster recovery plan. Adapting involves security technology tuning, detection rules engineering, targeted investments, and CISO leadership.
Obviously, there’s no one product that covers the entire spectrum but that won’t stop some vendors from claiming they are in the cyber-resilience business. Caveat emptor, my cybersecurity friends.
Identity as the ‘new’ security perimeter
Anyone remember the Jericho Forum circa 2004? The group argued that since data was moving outside the corporate network, security should be attached to data and user identity, rather than the physical or logical network location. Twenty-two years later, some vendors have had a similar epiphany about identity management.
Okay, beyond my snark, I’m encouraged by the focus on identity management in areas like improved identity governance (SailPoint, Saviynt), passwordless authentication (Microsoft, Okta, Ping), and identity threat detection and response (Grip Security, Permiso Security).
There is also copious use of AI in the identity space to assess user entitlements, user “liveness,” and identity configuration settings. Great stuff, but I’ve always found that identity and access management (IAM) is an area where everyone has an ownership stake but no one actually owns it. CISOs will have to work with business owners, CIOs, and application developers to address identity risks, making strategic projects lengthy and complex — a difficult environment for security startups.
Everything AI: Future-proofing security operations
All the areas above have an AI component, of course, but it’s worth carving out a discussion on AI across those and other AI cybersecurity categories here.
First, CISOs face a significant challenge in their need to secure the development and usage of AI. This includes buckets of technologies, such as model context protocol (MCP) security, AI firewalling, content sanitation, digital content authenticity, AI security posture management, AI-driven DevSecOps, and so on. These technologies should support an overall business and technology strategy and governance framework around AI.
Next, RSA will be a hotbed of AI threat chatter, with alarming discussions about vulnerability chaining, polymorphic payloads, and security control bypassing — all legitimate topics, but like defenders, adversaries are mostly using AI for research and process automation.
Attendees should focus on relevant threat intelligence while discarding profuse hype. There are too many AI sub-topics to cover, but in my humble opinion, RSA participants should pay special attention to AI-centric skills and training sessions. Given an AI-enabled future, organizations will need security data engineers and AI security specialists, rare skill sets today. And as we supplant Tier-1 analyst functions with AI, we’ll also need to upskill junior cybersecurity specialists to become AI orchestrators who excel at human-agent teaming. AI skills development and training should be a top CISO priority.
Other contenders
Beyond my personal top 5, here are a few honorable mentions for CISO RSA 2026 agendas:
Zero trust. This area rides shotgun with identity management and cyber-resilience strategies. As such, zero trust is still a top priority. CISOs should have an eye out for AI-enabled innovation that could accelerate their ZT implementation.
Cloud security. Between multicloud, SaaS, and AI development, cloud security remains a bear. Organizations need an organic security strategy that grows with their cloud usage. CISOs should use the conference to help hone their growing multi-cloud/SaaS security needs.
Cybersecurity platforms. There is lots of vendor money in this area as well. Security platforms are likely appropriate for most smaller firms but perhaps not for larger enterprises where the business and IT run far faster than cybersecurity. CISOs must weigh the benefits of platform efficiency against tools efficacy and rip-and-replace pain.
*DR. CDR, EDR, and XDR (etc.), oh my! There’s lots of detection and response innovation around the edges of the cloud and network that will likely lead to highly distributed security operations. CISOs should explore how these blending and evolving spaces will impact a future centralized or distributed security operations architecture.
IT and OT security. Yeah, we’ve been talking about this for years, but AI will be a force multiplier for smart devices and edge computing. For example, in the next five years, healthcare will transform based on wearable connected devices for data collection and patient care, so device availability and integrity could equate to life and death situations. Security teams can’t be left behind. Be on the lookout for evolutions in how to further secure IT/OT convergence and purpose-built AI agents for IoT/OT security.
Post quantum cryptography (PQC). To me, this topic is hit or miss. CISOs working for intelligence agencies, defense contractors, or financial services firms should pay attention. Others can probably eschew this area – at least this year.
The power of community. There’s that theme again, but this isn’t hyperbole. Cybersecurity professionals already learn from each other at RSA and Black Hat, and through professional groups like the Information Systems Security Association (ISSA). I’m hoping that agents can join the community in an era of collective defense — where many organizations band together in real-time to protect one another.
One final thought
With the proliferation of AI, this year’s RSA will feature more eye candy than in the past. Vendors pay millions of dollars for the chance to over stimulate users in this way. As always, security professionals should approach RSA with a list of requirements that support business strategy and technical needs. Eschew AI gaga and remember the sage words of Bruce Schneier, “Security is a process, not a product.”
No Responses