Inside a vast data center, revealing the physical backbone of digital infrastructure.
RSAC 2026 Cybersecurity Trends: Focus on Agentic AI, Active Defense, and Identity Security
RSAC 2026 concluded its annual conference in San Francisco on Thursday, March 26, 2026. The event, held at the Moscone Center, highlighted critical advancements and ongoing challenges in the cybersecurity landscape. Discussions focused heavily on agentic AI cybersecurity, identity security, and the urgent need for active defense strategies. These RSAC 2026 cybersecurity trends emerged amidst increasing global cyber threats.
The conference also took place against a backdrop of significant geopolitical events. These included ongoing U.S. military battles in the Middle East and cyber attacks targeting U.S. critical infrastructure. Notably, U.S. federal agencies withdrew from the conference this year.
What Happened
Top themes at RSAC 2026 centered on securing agentic AI, identity security, and physical AI. Experts discussed the exponential rise in cyber threats, often driven by AI agents. High physical security measures were evident throughout the Moscone Center, resembling airport-level scrutiny.
The conference unfolded as U.S. military engagement continued in the Middle East. Simultaneously, several U.S. federal agencies pulled out of RSAC. Persistent cyber attacks on critical infrastructure, specifically mentioning incidents against Stryker, also characterized the period.
Details From Sources
Top Product Launches
New innovations were a key part of RSAC 2026. Some of the top product launches introduced at the conference were detailed in a Help Net Security article published on March 27, 2026.
Identity Security and Next-Gen Authentication
Identity security and next-generation enterprise authentication were prominent themes at RSAC 2026. Biometric Update highlighted these areas, noting the focus on AI agent identity. The discussions emphasized the evolving methods for securing user access.
The Persistence of Phishing
A *PC Magazine* article, drawing from an RSAC session, explored why phishing still works in 2026. The article referenced Daniel Kahneman’s System 1 and System 2 decision-making concepts. Humans often use System 1 (fast, automatic thinking) to conserve energy, making them susceptible to phishing attempts.
Why This Matters
The global rise in cyber threats is significant, increasing exponentially with AI agents. This escalation necessitates a shift to active defense strategies. Threats in the AI era are characterized by their speed, scale, and increasing sophistication.
A critical concern is the drastic reduction in time for threat actors. The period from initial access to a hand-off has dramatically decreased. This rapid progression demands more proactive cybersecurity measures.
Background Context
RSAC 2026 took place amidst several critical global and national events. The U.S. military was engaged in ongoing battles in the Middle East. Domestically, U.S. federal agencies withdrew from the conference, signaling a unique situation.
Moreover, cyber attacks continued to impact U.S. critical infrastructure. Specific incidents included attacks against Stryker, underscoring the persistent threat landscape. These events provided a serious backdrop to the cybersecurity discussions.
Industry Reactions
Reimagining Security for the Agentic Workforce
Jeetu Patel, President and Chief Product Officer at Cisco, discussed the “agentic workforce.” He stated that agents should be considered “digital co-workers.” Patel emphasized that with agents, the primary concern shifts from “wrong answers” to “wrong actions.”
Moving to Active Defense
Sandra Joyce, VP of Google Threat Intelligence at Google Security, advocated for “active defense.” She noted this approach does not involve “hacking back.” Joyce highlighted the collapsing time from initial access to hand-off as a key driver for this shift.
AI vs. AI
Nadir Izrael, CTO and Co-founder of Armis, addressed the role of artificial intelligence in defense. He discussed how AI can reshape protective measures against attackers. This concept, dubbed “AI vs. AI,” suggests a new frontier in cybersecurity.
AI’s Impact on SIEM
Ali Ghodsi, CEO of Databricks, made a bold prediction on CNBC. Speaking live from the RSAC 2026 show floor, Ghodsi stated, “AI will kill the SIEM in 2026.” SIEM, or Security Information and Event Management, systems gather and analyze security data.
Related Data or Statistics
Sandra Joyce of Google Threat Intelligence shared a notable statistic at the conference. She reported that “the time between initial access [from threat actors] to the hand-off has collapsed from eight hours in 2022 to 22 seconds in 2025.” This highlights the accelerating speed of cyber attacks.
Future Implications (SPECULATIVE)
Based on expert opinions and conference discussions, the “agentic workforce” suggests new challenges for cyber defenses. This evolution requires adapting security protocols to manage digital co-workers effectively. The shift towards active defense strategies will likely accelerate, prioritizing proactive threat mitigation over reactive responses.
Databricks CEO Ali Ghodsi’s prediction about AI’s impact on SIEM systems in 2026 points to significant industry transformation. This could lead to new AI-driven security information management solutions. The overall landscape of cybersecurity is poised for substantial changes in the coming year.
Conclusion
RSAC 2026 reinforced the critical role of agentic AI cybersecurity, active defense, and identity security. These central themes dominate an evolving threat landscape. Key takeaways from sessions and industry experts highlighted the escalating speed and sophistication of cyber threats.
The conference underscored an ongoing need for advanced cybersecurity strategies. These measures are essential in response to increasingly complex and rapid attacks. For deeper insights, view the top RSAC 2026 main stage sessions available for free on their YouTube channel.
FAQ
Q1: What were the primary cybersecurity trends highlighted at RSAC 2026?
A1: The primary trends highlighted at RSAC 2026 included securing agentic AI, identity security, physical AI, and the overall rise in global cyber threats.
Q2: How quickly are cyber threats evolving, according to discussions at RSAC 2026?
A2: According to a keynote speaker at RSAC 2026, the time between initial access by threat actors and the hand-off collapsed from eight hours in 2022 to 22 seconds in 2025.
Q3: What was discussed regarding the role of humans in cybersecurity at RSAC 2026?
A3: A session at RSAC 2026, summarized by *PC Magazine*, discussed that phishing still works because humans often operate using “System 1” thinking (fast, automatic), which conserves energy, making them susceptible.
Q4: What was a notable prediction about AI’s impact on SIEM systems at RSAC 2026?
A4: Databricks CEO Ali Ghodsi, speaking live from the RSAC 2026 show floor, predicted that “AI will kill the SIEM in 2026.”