Your AI intern has full access. Now what? Lessons from RSAC 2026
Security leaders, practitioners, founders and reporters landed in San Francisco this week for the 2026 RSAC Conference, the cybersecurity world’s flagship gathering. Moscone Center was a maze of badges, booths and ambitious product demos; if you tried to just swing by one session, there’s a good chance you resurfaced three halls away holding a tote bag you don’t remember picking up. (But who doesn’t need another tote bag?)
Our team spent the week on the ground running interviews, supporting briefings, bouncing between booth activations and partnering with the Executive House CEO Series alongside William Salvi to spotlight some of the most interesting voices in cybersecurity. (More on that soon!)
Somewhere between the third coffee and the tenth quick catch-up, a clear theme started to emerge: Everyone is trying to figure out how to control AI in the real world.
Here’s what kept coming up.
We’ll say it again: agents
Just like at Nvidia GTC, agentic AI showed up everywhere. These are systems that can take action, from triaging alerts to investigating incidents and responding to threats with increasing independence and speed. Picture an overachieving intern who never sleeps and has full system access, with all the productivity and peril that entails.
Across the show floor, in demos and in conversations with clients and partners, vendors rolled out a steady stream of products focused on securing and managing these agents. The takeaway was consistent: Agents are already embedded in workflows and touching sensitive data.
The tone also felt different this year. Instead of broad predictions, the questions were more practical. What is this doing in production? Where is it helping? Where is it creating risk?
Visibility is improving, but control is harder
Once these systems are in motion, the next obvious question is how you manage them.
There was much discussion of “shadow agents,” which sounds like something out of a spy novel but actually refers to software operating without a clear owner.
Tools for discovery and monitoring are getting better, and that progress showed up across announcements and demos. At the same time, conversations kept coming back to what happens next. Finding agents is one thing, but telling them what they’re allowed to do, and making sure they actually listen, is another.
It’s a fast-moving space, and governance is trying to keep up.
Identity is getting more complex
Identity conversations used to center on people. Now they include agents, services, APIs, and automated workflows, all requesting access and interacting with critical systems.
That creates new challenges around authentication, authorization and accountability. Systems need to track who initiated an action, whether it was a human or an agent acting on their behalf and how permissions apply in each case.
There’s also a growing sense of urgency. The time it takes for a trusted identity to become a compromised one is shrinking, which keeps security teams on their toes.
One question kept surfacing: if an agent does something questionable, who gets the awkward follow-up meeting? That idea of accountability is starting to shape how teams think about identity and access.
In short, optimism and concern are sharing the stage
Walking the floor, you could hear two conversations happening at once.
One focused on progress. AI is helping teams cut through noise, automate repetitive work and operate more efficiently. There’s real momentum here, and people are excited about it.
The other focused on risk. AI is also speeding up attacks and adding new layers of complexity across systems and supply chains.
Those two ideas are often being voiced in the same breath. One minute you’re talking about how much faster teams can move, the next minute you’re talking about how much faster things can go wrong.
In a world where software can act on its own, for better and worse, the focus is shifting from possibility to responsibility.
