Last year, I watched the RSAC Conference unfold from home while welcoming my first child. This year, I am looking forward to being on the ground in San Francisco, reconnecting with clients, journalists, analysts, and security leaders at what is shaping up to be one of the most substantive RSACs in years.
As the cybersecurity community gathers at The Moscone Center for the 35th year, the tone has shifted. The industry is moving past experimentation and hype and toward proof, accountability, and measurable outcomes.
That shift is not accidental.
An intentional shift toward operational depth
Ahead of the show, we connected with Britta Glade, Vice President of Content and Curation for RSAC, who shared that this year’s focus is not just on big ideas, but on meaningful, actionable ones.
“We have an amazing group of more than 150 experts from across disciplines,” Glade noted. “But there’s an even greater urgency this year to really dig in, share learnings (good, bad, and ugly) and work together as a community on some pretty urgent issues.”
Glade also noted an increase in submissions that were still in the “responsible disclosure” phase at the time of acceptance, meaning attendees can expect newly uncovered vulnerabilities and technical findings to be shared publicly. That emphasis on real-time research is matched by a stronger practitioner presence, with more CISOs and enterprise leaders taking the stage to share firsthand operational lessons. Combined with broader international representation than ever before, the program reflects both the urgency and the global scale of the challenges the industry faces today.
With that context in mind, what’s clear as we head to the show is that this is not a year for abstract conversations. It is a year for operational ones, where clarity and differentiation matter more than ever.
To understand how that shift is being interpreted beyond the agenda, we also spoke with journalists and analysts about what will define the most meaningful discussions this year.
From buzzwords to differentiation
For years, security marketing has leaned on familiar language. Lou Covey, Chief Editor of Cyber Protection Magazine, argues that security marketing has created a landscape where many companies sound indistinguishable.
“The past few years have been dominated by buzzwords like AI and zero trust, fear mongering, and efforts to consolidate services under single banners,” Covey said. “None of them have resonated outside of marketing committees. As a result, everyone sounds the same. There is no differentiation between companies focused on wildly different efforts.”
In a more disciplined market, sameness is a liability. The companies that stand out will be those that clearly define who they serve, how they differ, and why it matters.
That scrutiny is especially visible in conversations around AI.
AI moves from promise to proof
Unsurprisingly, agentic AI is expected to dominate conversations this year. What is changing is the standard. The question is no longer how AI will transform security, but whether it is delivering measurable value today within cybersecurity operations.
We are seeing this play out as media, analysts, investors, and buyers ask tougher questions. Credibility now depends on outcomes, not ambition. Covey notes that vendors lose trust when they don’t speak plainly about what their technology can and cannot do. At RSAC, that will translate into more disciplined discussions about tradeoffs, impact, and operational results.
Glade also pointed to more advanced conversations emerging around AI governance, shaped by geopolitical pressures, corporate structures, board oversight, and ethical considerations. As AI systems move from experimentation into production, the focus is expanding beyond technical capability to how these systems are governed and controlled at scale.
Once AI becomes operational, accountability follows.
Identity and accountability in an agentic world
As AI systems begin acting on behalf of individuals and organizations, capability is no longer the primary concern. Control is. That tension surfaced recently with the launch of OpenClaw, formerly known as Moltbot, which quickly dominated the news cycle and reignited debate around how autonomous systems are governed once deployed and who bears responsibility when they act unpredictably.
Joan Goodchild, contributing editor with Dark Reading and CSOonline, sees accountability as the defining question heading into RSAC.
“The real conversation this year isn’t about whether we can use AI securely, but about who’s accountable when AI systems start acting on our behalf.”
As autonomy increases, identity and access shift from governance concepts to operational controls. Security teams must determine who or what is authorized to act, under what conditions, and with clear traceability.
Echoing Goodchild’s emphasis on accountability, Will Townsend, Chief Analyst at LoneStar Advisory & Research, expects identity and access management solutions to undergo significant change to keep pace with AI-driven threats and the complexity of agentic permissioning. He notes that platform approaches that weave in identity governance and integrate substantial telemetry for ongoing refinement stand to win as organizations adapt to more autonomous systems.
How to maximize your time at RSAC
In a year defined by operational accountability, how you show up matters.
Across media and analyst conversations, honesty, specificity, and humility resonate more than polished perfection. Goodchild notes that leaders want to hear how peers are making decisions without perfect information, what did not work, and what they are still figuring out.
That expectation aligns with Glade’s emphasis on meaningful conversations. As she shared ahead of the show, the goal is to “make it matter, make it meaningful, and give attendees guidance on what to do as a result.”
For attendees, that means approaching AI claims with healthy skepticism and insisting on measurable impact. Listen for how companies manage control, not just capability.
For vendors, credibility will matter more than category ambition. Lead with proof, not positioning. Tie innovation to real operational outcomes. In a more disciplined market, specificity builds trust faster than ambition.
In this environment, your story is not just about visibility. It is about credibility. And credibility is demonstrated, not declared.
Orchestra will be on the ground throughout the week. If you are evaluating how to shape your narrative for maximum impact in today’s evolving cyber and AI landscape, book a meeting with our team and see how we’ve done it on behalf of others, here.
