RSAC™ Conference 2026 has come and gone. Gone, too, are the petting zoos of yester year, replaced this year by  —  of all things — pop-up tattoo parlors. Or, as one attendee observed “We’ve traded livestock for live needles.” This year’s attendance of 43,500+ was flat compared to 2025 but sessions and the exhibit floor were packed , demonstrating that RSAC still matters and this year’s theme “Power of Community” was quite fitting. The number of exhibitors was down slightly perhaps because, in an effort to get above the noise of the main expo hall, many vendors opted for outside locations and parallel programming (offering attendees a chance to get away from the noise of the exhibit floor).

The combined anxiety from AI-powered threats and the optimism surrounding AI-powered defense make AI vs. AI feel like the new Spy vs. Spy but, of course, there is much more to unpack.

It’s the end of the (cyber) world as we know it, and vendors seem fine

One presenter accidentally concluded their pre-event session with “Have a great RSAC 2006!” and — given the overall nature of the messages on the mainstage and elsewhere — one could be forgiven for thinking it wasn’t a mistake at all. Agentic AI was everywhere, but felt pasted into messages like “you need good identity governance” and “data security is critical” that could have been from 2023, 2018, or… 2006.

The advice in the main keynotes and other sessions often boiled down to “You have to secure AI!” Even Microsoft’s CISO panel about transformative AI journeys ended up being about cloud migration and hypothetical future AI scenarios. It wasn’t all retreads, however. As we canvassed the conference, we noticed:

  • Anthropic was the belle of the ball. As the frontier lab that is the most visibly active in the cybersecurity domain, it’s no surprise that vendors were quick to talk about their partnerships, despite Anthropic’s designation by the United States government as a supply chain risk.
  • Traditional cybersecurity vendors finally getting serious about identity security. The RSAC Conference has never been identity-focused in terms of either session topics or exhibitors. That has been slowly changing over the last few years as organizations realize that, because so many breaches are caused by identity-related issues (default or easy-to-guess passwords, stolen credentials, systems with no passwords, etc.), they need to invest more in identity-related controls. This in turn leads cybersecurity vendors to invest more in identity security both via M&A (like PANW acquiring CyberArk for $25B) and via organic development from traditional IAM firms. This manifested at RSAC Conference 2026 in multiple keynotes as well as on the show floor with a lot of discussion on the importance of identity security in the AI Age. Just don’t let anyone fool you into thinking that “identity is the new perimeter” is a new concept: most IAM pure-play vendors have been talking about this concept for nearly two decades.
  • The Agentic SOC is ascendant. If it wasn’t booth messages about AI security, it was messages about the agentic SOC. Most every SecOps vendor now talks about or offers an agentic SOC which, at this point, has less to do with Forrester’s definition of agentic (AI agents interacting with one another) and more to do with having AI agents in general. Still, it can be difficult to differentiate between these capabilities — both at an architectural level (what models are being used, how cost is optimized, etc.) and an implementation level (where AI agents surface in the offering and how the user can interact with them). When evaluating these tools, Forrester recommends prioritizing utility, trust, and cost.
  • Staffing shortages have been eclipsed by a shortage of open positions. The lack of available talent was a perennial theme at cybersecurity conferences. This year, it’s almost exactly the opposite. Unlike non-tech sectors, vendors are still hiring early-career practitioners albeit in fewer numbers. They are also concerned that mid- and senior-level employees won’t embrace AI in the way they need to. They don’t have an answer to the potential “five-year problem” but are hedging their bets against an unknown future.

Topics not getting the attention they deserve

As more than six hundred vendors clamored to either secure AI or proclaim their products as AI-powered, there were several critical issues that were absent from the expo floor. Some of these were covered in track sessions, but weren’t strongly messaged in the vendor hall. Some underrepresented topics included:

  • Current geopolitics and the impact on security posture. It’s three weeks into the Iran war and there was a hardly a mention of the attacks on medical device manufacturer Stryker or even the attacks in the region that led to several data center outages. Like the controversial Fawlty Tower episode, the prevailing wisdom seemed to be “Don’t mention the war.” While sessions covered geopolitics in general, they didn’t cover the current hot war taking place (and CFP deadlines likely made this impossible). Anyone in the defense industrial base, critical infrastructure, and the ecosystems that support them need to be thinking about increased cyber and kinetic attacks from politically-motivated threat actors.
  • Pressure on security budgets and rising energy costs. Even before the outbreak of the Iran war, security budgets were coming under scrutiny as companies worry about the global economy and their spending on AI. With the price of oil skyrocketing, costs will rise, and the economy will inevitably suffer, putting further pressure on already-tightening budgets.
  • Looming deadlines for the deployment of quantum-safe encryption. If you know, you know — and by now, everyone should know — about the upcoming quantum disruption and need for PQC migration. The topic of quantum security and PQC migration was on the fringes of the Expo last year. This year, the chatter was still muted, with a few startups in the Expo, and mentions towards middle of the floor by big tech vendors like IBM, Keyfactor, and Entrust, as well as services providers like Accenture. Even so, you had to look for it. Entrust and IBM both had track sessions and tied PQC migration efforts to existing top-of-mind concerns like certificate management for shorter cert lifecycle requirements and AI security. Palo Alto Networks also announced new certificate lifecycle management and PQC capabilities. Thales held its fourth annual PQC Palooza in the evening on March 25. The biggest change is that this year we heard from various vendors on the show floor that they were getting asked about their PQC migration plans at RSAC. This is great, as understanding your vendors and partners migration plans is an important part of your own migration plan.

Lessons learned at the lectern

This year, Forrester analysts presented talks on our AEGIS framework for securing agentic architectures,  insider risk management, security platforms, and the EU Cyber Resilience Act as part of the main conference program. The Q&A section of these sessions offered a unique view into attendees’ top concerns in these areas. Based on the discussions we had, we learned that:

  • Understanding intent matters but how vendors define it varies. We heard “intent” across many AI security conversations during the week, whether it was related to user prompts or AI agent actions. There’s a common notion that it’s related to detecting and responding to drift of behaviors, or malicious actions that redirect AI agent actions. In Forrester’s view, that’s only half the definition. In the AEGIS: Guardrails for Securing Agentic AI in the Enterprise session at RSAC, we stressed that securing intent is where we assess what the agent is trying to do versus what the user asked for, what we know about the data, access, and operations involved to produce an outcome. With different paths to achieve an objective, we need to understand why the agent is doing what it’s doing and start classifying intent.
  • IAM for AI agents is top of mind for AI security. After presenting an overview of AEGIS, attendee questions honed in on the IAM domain — one of six — in the framework. For this domain, we emphasized three key things during the session: 1) how agentic identities are neither human or non-human, but something different due to AI agent autonomy and nondeterministic actions; 2) the importance of just-in-time and temporal credentialing; and 3) the need to operate with least agency, mandating dynamic and contextual policies. While organizations still start with IAM principles, there are now specific changes for how to approach AI agent governance, authentication, authorization, and built-in processes to support AI agent rollouts as identity becomes a control plane for agentic systems.
  • Practitioners want to thread the insider risk management needle. Managing insider risk is a balancing act, and attendees wanted to know what insider risk management looks like when done right. They also wanted to know how to defend against insider threats and detect insider incidents without inciting paranoia in their users. Just because employees may be warned that they have no expectation of privacy doesn’t mean that security teams want to take on the role of Big Brother unnecessarily, either. And should an insider risk turn into an insider incident, we advised attendees that insider incidents can’t be handled like external attacks. Effective insider incident response hinges on understanding intent, preserving employee privacy, and coordinating early with HR and legal to drive the right outcome, not just technical containment. After the session, several attendees shared their organizations’ responses to a specific insider threat we highlighted in our talk: DPRK fake tech workers.
  • Attendees worry about the need for multiple security platforms. Security platforms are an inevitability but still deserve scrutiny. Serving as what our RSAC session host called, “industry truth tellers,” we cautioned attendees against buying into the security platform narrative unless a vendor can prove it’s more than a bundled suite. By that we meant a truly unified UI, shared data model, and real ecosystem integrations that shift integration work off their teams. We also warned that consolidation doesn’t eliminate tools, skills, or complexity, and that ignoring long‑term cost, roadmap alignment, and exit risk is how platform decisions become harder and more expensive over time. In addition to concerns about the number of security platforms needed in their enterprises, attendees asked where point solutions still made sense.
  • Operational continuity keeps end users up at night. Attendees were less concerned about the Cyber Resilience Act’s legal text than its actual impact on continuity, mandatory updates, and supply chain. The biggest questions are: will current hardware, IoT devices and software still pass muster by 2027 and will vendors stick around to support them or quietly walk away? Mandatory security updates worry OT teams most, where unplanned change risks downtime in round-the-clock operations. The possibility of vendors dropping out of the European market adds a real supply chain headache. There is also a risk of a vendor failing its cyber resilience act obligations and customers suffering a breach, which could cause end users to face exposure under NIS2 and DORA.
  • AI Bills of Materials (AI-BOM) are still finding their place. Software supply chain security sessions focused on recent attacks where malicious actors exploited trust within the supply chain to publish harmful packages and tools, often originating from reputable sources. The supply chain attack — disclosed on the first day of the conference — involving Aqua Security’s open-source scanner Trivy sent shockwaves through the event and became a focal point of conversation. Software Bills of Materials (SBOMs) have emerged as a fundamental element application security testing, their importance underscored by regulatory initiatives like the EU Cyber Resilience Act (CRA). AI Bills of Materials were notably less prominent but not entirely absent. AI-SPM vendors showcase the AI BOM within their products primarily from inventory and governance perspective rather than a tool for software choosers to gain transparency into supply chain risk or to align with standards such as the EU AI ACT. Attendee questions centered around clarifying the differences between AI-BOMs and other AI-centric inventory tools like model cards and appropriate uses of each.
  • Vendors can be sensitive about difficult topics… when they want to be. Although geopolitical issues were far from centerstage, vendors understand their customers’ concerns and expressed genuine interest in how they could help during this period of profound uncertainty without coming across like ambulance-chasers. We counseled them to share the threat intelligence they have as openly as they can, outside the context of a sales pitch and to provide actionable advice that doesn’t involve a purchase order.

Like every year, the 35th annual RSAC contained multitudes. For a deeper dive on key conference themes and insights or to get one-on-one guidance on any of the topics, we presented, Forrester clients can schedule a Guidance Session.