RSAC 2026: Five Observations From the Floor

I attended RSAC 2026 in San Francisco this week and spent time in meetings and briefings, as well as in many conversations with buyers including CISOs and CIOs, along with security leaders across the industry. Events such as RSAC are useful because they bring together enough vendors, customers, partners, and practitioners to make broader market patterns easier to spot. This year’s event again offered a strong snapshot of where enterprise security is headed.

1. AI security is becoming more operational

One of the clearest shifts at RSAC 2026 was how much more concrete the AI security conversation felt. The market is spending less time on general AI potential and more time on how to govern AI, monitor it, test it, and contain risk once agents and AI-enabled workflows are in use. Vendors announced and positioned capabilities around runtime guardrails, AI red teaming, lifecycle controls, policy enforcement, and monitoring for AI systems. That reflects a market moving closer to operational reality.

2. The agentic SOC is emerging, but meanings still vary

Interest in the agentic SOC came through clearly in buyer conversations. Security leaders want faster triage, stronger investigations, less swivel-chair work, and better context carried across the workflow. The challenge is that vendors are using the same terms to describe different architectures and operating models. Some are emphasizing AI-assisted triage and investigation. Others are leaning more heavily into autonomous workflows, reasoning engines, or agent frameworks that can coordinate actions across tools. Buyers will need to look closely at what is actually autonomous, what still requires human approval, what data the system reasons across, and how much of the workflow is truly integrated.

3. Identity is expanding beyond human users

Identity was one of the strongest recurring themes in my conversations. The scope, however, is expanding. The issue now includes not only human identity, but also non-human identities, agent identities, and the challenge of understanding which autonomous systems are acting in the environment and under whose authority. Vendors positioned capabilities around identity posture, adaptive access, risk-based controls, and autonomous identity threat detection. That matters because more security risk now sits in what can authenticate, request access, invoke tools, and move laterally.

4. Trust in autonomy still depends on governance

A recurring pattern in buyer conversations was caution. There is real interest in autonomous and semi-autonomous security operations, but little appetite for blind trust. Security teams want to know where AI is showing up, which agents are active, what data they can access, what actions they can take, and how policy is enforced when those systems operate at machine speed. That is why so many announcements focused on inventories, dashboards, shadow AI discovery, monitoring, and policy controls. The demand for governance and observability is growing alongside the interest in automation.

5. Platform claims still need proof of integration

Another clear theme was platform expansion for the AI era. Vendors are trying to show that they can bring together AI security, agent governance, identity, cloud, data, and SOC operations into broader architectures. The direction makes sense because these problems increasingly overlap. Buyers, however, still need to ask hard questions about integration depth, operational handoffs, coverage across environments, and whether cross-domain visibility is native or assembled through partnerships and packaging. Broad platform positioning is easy to present at an event. Proving it in production is a different standard.

RSAC 2026 made one thing clear: the conversation has moved well past curiosity about AI and agents. Buyers are now focused on harder questions around how these technologies fit into day-to-day security operations, governance, and accountability.

What I will be watching from here is which vendors can turn strong RSAC messaging into repeatable customer outcomes, especially around the agentic SOC and agent governance. I am also looking forward to seeing how quickly buyer expectations sharpen around control, proof, and operational accountability.