The 3 Things 43,000 Security Pros at RSAC 2026 Agreed On About Agentic AI

The 3 Things 43000 Security Pros At Rsac 2026 Agreed On About Agentic Ai
Jordan Sprogis

Writer: Jordan Sprogis

Jordan Sprogis

Jordan Sprogis, Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

See Full Bio »
Close
Lillian Castro

Editor: Lillian Castro

Lillian Castro

Lillian Castro, Senior Editor

Lillian Castro brings more than 30 years of editing and journalism experience to our team. She has written and edited for major news organizations, including The Atlanta Journal-Constitution and the New York Times, and she previously served as an adjunct instructor at the University of Florida. Today, she edits HostingAdvice content for clarity, accuracy, and reader engagement.

See Full Bio »
Close
Cristian Lopez

Reviewer: Cristian Lopez

Cristian Lopez

Cristian Lopez, News Manager

Cristian Lopez uses his Business Marketing background from the University of Illinois at Chicago to create comfortable environments for customers, clients, and colleagues to share their thoughts and ideas openly. From interviewing tech leaders to conducting UX market research projects, Cristian knows the importance of storytelling — a key variable for innovation and inspiration. His goal at HostingAdvice is to wow readers on the ever-evolving nature of the tech industry and bring his audience the most reliable and exciting content on all things hosting.

See Full Bio »
Close
Updated:
Follow the HostingAdvice team for a daily dose of tech news, trending IT discussions, and interviews with the web's most innovative technologists.
Follow Us:
1k
1k

Key Takeaways

When 43,000 security professionals descended on San Francisco’s Moscone Center last week for the 35th annual RSA Conference, they agreed — as they do every time — that this is the year everything changes.

Every year, they’re right. And every year, they leave with a little more urgency than they arrived with.

Attendees, speakers, vendors, analysts, and a conspicuous number of people in branded hoodies all agreed on one thing: AI had evolved in the past year, and people were eager to catch up and talk about it.

RSA 2026 attendees walking outside Moscone Center in San Francisco
RSAC 2026. Source: RSAC™ Conference Flickr

The direction, though, was a bit more…damage-controlling.

“The industry is converging on a new model: autonomous attackers, agentic defenses, and unified platforms that integrate detection, response, and remediation,” said Kara Sprague, the CEO of HackerOne.

Has the human, once the irreplaceable checkpoint in every workflow, been promoted out of the process altogether? Whether the industry fully intended this is debatable.

(Although the most celebrated startup of the week was a tool built to monitor other tools — so make of that what you will.)

Eight Hours to 22 Seconds

Ask Richard Bird from Singulr AI, an AI data governance platform, and he will say this concern all comes down to a lack of control over AI. In fact, research from IBM found that about 13% of organizations have already experienced an AI-related data breach.

“Most teams still can’t answer basic questions about how AI is being used, what data it’s touching, or who is ultimately responsible for its actions,” Bird said. “We’re seeing the conversation continue to shift from ‘should we use AI’ to ‘how do we stay in control of it.'”

Two RSA 2026 attendees talking in the conference lounge area at Moscone Center
RSAC 2026. Source: RSAC™ Conference Flickr

At the conference, even Google’s Sandra Joyce talked about exactly this. Apparently, the time between initial attacker access and hand-off has collapsed from eight hours in 2022 to 22 seconds in 2025.

That’s a big difference. But it’s also as David Stuart from Sentra explained it: “AI does not create new risk. It amplifies existing exposure and access problems at scale.”

A year ago, AI was the eager intern: flagging alerts, suggesting fixes, waiting patiently for a human to press the button. Go back further and it was recommending what to watch on Netflix, nudging your Amazon cart, a mirror for your own preferences.

Basically, it looked like:

notice behavior > recommend fix > user decides what to do

Now, it’s:

notice behavior > fix behavior without user

Not to say that this means AI will start buying stuff for you on Amazon, but it’s quite a stark awakening when you realize everybody suddenly has their personal assistants that are smarter than them.

The Case for the Human in the Loop

The gap between how quickly agentic AI is being adopted and how well companies can secure it is, to put it plainly, a mishap waiting to happen — like the Titanic’s bow pointing skyward before the inevitable.

Jay Bavisi from EC-Council, the cybersecurity certification body behind the Certified Ethical Hacker program, described AI as inviting something that influences decisions without understanding what will happen.

“Security teams cannot rely on legacy thinking,” Bavisi said. “This moment calls for a more deliberate approach: One that looks at how AI is brought into the organization.”

Attendees crowding the expo floor at RSA 2026, many holding up phones to photograph a demonstration
RSAC 2026. Source: RSAC™ Conference Flickr

Deliberate thinking may look like something with a human touch, suggests Jay Martin of cloud service provider Blue Mantis. We’ve heard this time and again, and anyone who says it isn’t wrong; the human touch is, in fact, still very necessary and needed when it comes to working with AI.

HackerOne’s own research says that humans remain the first, last, and every line of defense in between: Security testers using AI assistance consistently surfaced more legitimate vulnerabilities than either humans or AI working alone.

It is the best of both worlds, Martin suggested: “It leads to an AI-informed, human-led approach to security, using AI to enhance insight and speed while keeping humans firmly in the loop and in charge of judgment and accountability.”

Though the conference only lasted three days, the event closed out with a massive 35th anniversary celebration — featuring the one and only Hugh Jackman, who joined the stage with RSAC Executive Chairman, Dr. Hugh Thompson.

Two Hughs, one stage, 43,000 security professionals. Some things, at least, remain unpredictable.

About the Author

Jordan Sprogis
Jordan Sprogis
Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

View Jordan Sprogis's Full Profile »