RSA Conference 2026 made something very clear very quickly: AI is no longer just a theme in cybersecurity, it’s the environment within which everything operates. AI agents are making more and more autonomous decisions across the enterprise. They’re even now embedded into threat detection and response. From a defensive perspective, the good news is that there is alignment on the value of AI. The bad news is that there’s far less alignment on AI governance and security.
AI is the new foundation of… everything.
Unsurprisingly, AI was everywhere at RSA. Across the conference, vendors introduced AI-driven platforms, copilots, and workflows. AI now shapes both sides of the security equation: Attackers are using it to scale social engineering, generate convincing content, and automate entire attack operations. Defenders are using it to try to keep up with this volume and complexity.
This shift is happening quickly. But very often, confidence in these systems is ahead of an enterprise’s ability to justify that trust.
The result is a new contradiction: Agentic AI is becoming faster, more powerful, and more opaque at the same time.
AI governance is still playing catch-up to adoption.
Another consistent theme across RSA was the focus on AI governance.
AI adoption is far outpacing security guardrails. Agentic systems are already handling workloads that teams cannot manage manually and automating tasks so humans can focus elsewhere.
Increasingly, security teams are being asked to rely on AI-powered systems that can interpret signals, make decisions, and take action all on their own. Security leaders are being called upon to answer new questions, and discovering that they often cannot find the answers:
- Can we explain how an AI’s decisions are made?
- Can we audit those decisions after the fact?
- Can we enforce policy across both human and non-human actors?
This creates a dangerous gap: Agentic AI deployments are being scaled before guardrails are even fully defined, let alone implemented.
Identity is emerging as the control plane for AI.
Identity showed up everywhere at RSA 2026. In many cases it was an explicit focus area, while in other cases it was the foundational theme underlying everything else. Countless conversations, vendor sessions, and briefings discussed:
- Non-human identities
- Service accounts and API access
- Agent authentication
- Session and token abuse
All of these conversations pointed to the same underlying issue:
Security is no longer centered on devices or networks. It’s now centered on which AI agent is acting, on whose behalf, and whether a real, verified person authorized that action.
The industry is converging on identity as the core challenge in AI security, but the thinking still hasn’t caught up. The locus of trust remains fragile, both with human and non-human identities.
The foundational problem is that many agentic identity models still rely on an assumption that possession of credentials is a reliable proxy for a person’s identity. In practice,that assumption is increasingly difficult to rely on. We live in a world where credential-based authentication is so easily bypassed, intercepted, or exploited.
The result is AI agents who grant themselves access, approve payments, and modify data without a strong guarantee that a real, verified, authorized human approved those actions.
What comes next?
RSA 2026 showed an industry aligning around the right problems.
AI will continue to shape how security systems operate. Automation will continue to expand. The number of identities and actors in the system will continue to grow. And progress will depend on how trust is established and maintained across those systems. Without that foundation, speed and automation increase risk along with efficiency.
The next phase of AI security will be defined by how well we can answer a simple question: Who is acting, and can we trust them right now?
