{"id":7686,"date":"2026-04-03T09:01:00","date_gmt":"2026-04-03T09:01:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=7686"},"modified":"2026-04-03T09:01:00","modified_gmt":"2026-04-03T09:01:00","slug":"12-cyber-industry-trends-revealed-at-rsac-2026","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=7686","title":{"rendered":"12 cyber industry trends revealed at RSAC 2026"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The 2026 RSA circus is over. The tents are packed and the elephants have been loaded onto the train.<\/p>\n

Nevertheless, it was an eventful week. There were fleets of vehicles \u2014 Escalades, Rivians, trucks but curiously, no Teslas \u2014 strewn with vendor names and tag lines, and you couldn\u2019t walk anywhere near Howard Street in San Franciso without seeing, \u201cAI-[insert word here like enabled, enhanced, native, powered, etc., etc., etc.]\u201d<\/p>\n

I spent the week speaking with CISOs, cybersecurity professionals, technology vendors, and service providers. Here are a few of my takeaways.<\/p>\n

The CISO AI hierarchy is real<\/h2>\n

While every vendor communicated AI opportunity gaga, cybersecurity professionals\u2019 mood was one of trepidation. In fact, I came away with a profile of three distinct CISO archetypes:<\/p>\n

The proactive CISO (approximately 20%):<\/strong> These security leaders were well aware of the AI-driven business and technology changes afoot and came armed with a list of questions tailored to their specific enterprise requirements. Many of these executives brought along security engineers and architects \u2014 an action-oriented team. These CISOs had a decent understanding about their organization\u2019s AI business initiatives, as well as their own security needs. The goal? Develop a shopping list that aligns with their organization\u2019s strategy and supports their governance models, policy enforcement controls, and security technology stacks.<\/p>\n

The curious and confused CISO (approximately 40%)<\/strong>: These executives know something is happening with AI in their organization, but they aren\u2019t sure what, where, or how much is going on. Their goal was education \u2014 \u00a0what risks they face, what risk mitigation steps they should take, and what\u2019s available from the industry to help them stop the bleeding. CISOs in this category are somewhat desperate for help.<\/p>\n

The blissfully ignorant CISO (approximately 40%):<\/strong> Okay, this one is a bit unfair to CISOs as it\u2019s more about their organizations. There\u2019s likely AI development and usage the CISO and probably some executives are unaware of. They approached RSA believing time was on their side, so they probably skimmed through the AI rhetoric, shmoozed with vendors, and looked for the best cocktail parties.<\/p>\n

In my humble opinion, CISOs will cycle through this hierarchy quickly over the next year. Blissfully ignorant CISOs will get wind of AI projects at their organization and move on to curiosity and confusion. This won\u2019t take long. Proceeding from curious and confused to proactive will be the more difficult transition. These CISOs must assess business objectives, active projects, and user activities, then work with executives to develop a governance framework, create policies, implement guardrails, monitor activities, and manage a flexible model that keeps up with current and future business and technical requirements. A common analogy heard at RSA is that companies must be able to fix the plane while it\u2019s in flight.<\/p>\n

Legacy security vendors have the inside track on AI \u2014 for now<\/h2>\n

As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors \u2014 at least in the short term. This may buy legacy security vendors a bit, but not much time.<\/p>\n

Remember what happened in the cloud as we progressed from a lack of cloud trust, to \u201clift and shift,\u201d to cloud-native? The same thing is happening with AI, only even faster than the cloud. Bolting AI to existing tools won\u2019t work for long, a year at most.<\/p>\n

You\u2019ve got to get the AI foundations right<\/h2>\n

I was encouraged to hear vendors describe how they started their AI transition by building an infrastructural foundation \u2014 data foundation\/context engine, intelligent control plane, execution layer, services, guardrails, etc. \u2014 and then adding functional agents on top of this foundation. Cisco\/Splunk impressed me with its development approach and roadmap, while AI-based startups such as Abstract, Crogl, and Sidekick are betting the farm on this methodology.<\/p>\n

AI code is making an impact<\/h2>\n

Vendors are also all-in on using AI-development tools and seeing strong results. I heard about project acceleration along with staff reduction. Building connectors is a good example. Axonius and Tenable, both known for broad technology integration, are using AI to offload a lot of this tedious but necessary work, freeing developers to work on functionality rather than plumbing.<\/p>\n

AI pricing remains a mess<\/h2>\n

While AI capabilities appear to be baked into many tools, I found that no one knows how to price their AI services. Some are doing so by the token, some by the number of users, and some are charging by the agent. The market will flush this out over the rest of the year.<\/p>\n

Application security is getting its AI makeover<\/h2>\n

We all know the impact of AI on software development. It\u2019s clear to me after RSA that the same thing is happening to application security. Anthropic\u2019s Claude Code Security<\/a> is one example, but I also got a view of the AWS Security Agent, which provides software testing capabilities across the software development lifecycle \u2014 from design, to development, to runtime, to red teaming.<\/p>\n

Likewise, I met with a company named XBow that focuses on autonomous offensive security based on AI agents. Based on these developments, we will see a very different application security market at RSA 2027.<\/p>\n

Few may be prepared for what comes next from cyber-adversaries<\/h2>\n

There\u2019s active debate in the industry about the impact of AI within the threat landscape: Are existing cybersecurity defenses adequate or will AI tilt the battlefield toward adversaries?<\/p>\n

After RSA, I believe both premises are true. Sophisticated firms with strong governance, risk management, asset visibility, modern training, and sound hygiene and posture management should be okay. Alarmingly, this is a small percentage of organizations. Most others lack advanced security skills and adequate resources. Adversaries armed with AI tools and automated workflows will have a field day here.<\/p>\n

Managed providers are advancing the AI SOC<\/h2>\n

Managed security service providers (MSSPs) and managed detection and response (MDR) vendors are pushing the envelope on the AI-enabled security operations center (SOC).<\/p>\n

Arctic Wolf unveiled its Aurora Superintelligence Platform and the Aurora Agentic SOC, which includes agents for triage, alerting, investigations, and more. I also met with Ontinue, an MSSP that provides services on top of Microsoft security tools such as Defender for Endpoint, Defender for Azure, and MS Sentinel. It is using AI to establish what it calls \u201chyper-contextualization\u201d to understand all it can about its customers\u2019 business processes and technology infrastructure so it can improve decision-making.<\/p>\n

Microsoft cements its position<\/h2>\n

Speaking of Microsoft, it\u2019s hard to point to any other vendor that can match its cybersecurity coverage.<\/p>\n

Unlike others, Microsoft came to RSA armed with AI metrics and proof points. For example, Microsoft provided specific metrics from several customers that turned on its Defender agents and saved hundreds of hours of work while improving accuracy and productivity. I\u2019m sure Microsoft has many examples to share.<\/p>\n

Beware the cyber category killers<\/h2>\n

We\u2019ve always viewed cybersecurity through the lens of security product categories \u2014 EDR, firewalls, SIEM, CSPM, etc. But multi-agent AI products could take on many of these tasks simultaneously, breaking down traditional product buckets and acting as category killers.<\/p>\n

CISOs must anticipate this and be open to organizational, process, and budgetary changes. Also, will multi-agent cybersecurity products mean the death of the Gartner Magic Quadrant and all other me-too vendor mapping products?<\/p>\n

Awareness training gradually transforms<\/h2>\n

Training is in transition. I\u2019m pleased with this development. Awareness training<\/a> is being replaced by behavior monitoring and change. Human risk management (HRM)<\/a> tools from Fable Security, KnowBe4, and Mimecast, among others, watch over users and provide a nudge when they go astray.<\/p>\n

Beyond synthetic phishing, some tools even provide synthetic deepfake training. HRM sales are limited today to progressive organizations, but I believe they will become a de facto standard as regulators and cyber-insurance companies see the light and support this training renaissance.<\/p>\n

Security claims ownership of identities<\/h2>\n

Well, partial ownership, but this is a step in the right direction. I\u2019m seeing interesting advancements in areas such as passwordless authentication (I can\u2019t believe it\u2019s 2026 and we\u2019re still using passwords<\/a>), browser security, non-human identity (NHI) security, and privileged account management.<\/p>\n

RSA also pushed discussions about AI-agent access and action control \u2014 detection, monitoring, control of shadow agents, zero-standing privilege, etc. AI will be a big player, helping to ease the painful identity modernization process.<\/p>\n

As a cryptographer might say, with this article, I\u2019ve tried to hash the entire RSA event into a single key. I really enjoyed RSA 2026 (my 20th) and look forward to next year. See you at the Moscone Center from April 5 through April 8, 2027.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The 2026 RSA circus is over. The tents are packed and the elephants have been loaded onto the train. Nevertheless, it was an eventful week. There were fleets of vehicles \u2014 Escalades, Rivians, trucks but curiously, no Teslas \u2014 strewn with vendor names and tag lines, and you couldn\u2019t walk anywhere near Howard Street in […]<\/p>\n","protected":false},"author":0,"featured_media":7687,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-7686","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7686"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7686"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7686\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/7687"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}