SAN FRANCISCO — Walking the halls of the Moscone Center at RSAC this year, it’s clear the industry has split between two very different views of the future.On one side, there’s a legitimate sense of progress. For the first time, we’re seeing security tools that don't just react to problems, but actually help us get ahead of them. This side of the RSAC 2026 expo floor was focused on results: like using a new generation of AI agents to cut through the noise so that human defenders can stop playing catch-up and start focusing on high-level strategy and creative problem-solving. There’s a real belief here that we are finally building a defense that can scale at the same speed as the digital world we’re protecting.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]But that confidence has been balanced by a much more sobering reality. The other side of the conversation focuses on systematic fragility. There’s a deep concern around AI lowering the bar for entry into cybercrime, giving entry-level criminals the capabilities to do enterprise-scale harm. Many fear that security simply can’t handle the velocity of today’s automated attacks.This tension — between the optimism of the next generation of AI-enabled cybersecurity and the reality of AI-enabled attack — defined much of the energy at this year’s show. This tension was best encapsulated during the SANS Institute’s keynote: The Five Most Dangerous New Attack Techniques.The session offered a clear-eyed look at how AI has been weaponized right now, laying out the specific hurdles we have to clear to actually secure our future.Although the techniques listed by the SANS team are a serious reality check, they aren’t the whole story. This list calls the industry to action, not a sign that we’ve won the battle. Looking ahead, I’m optimistic, but for a very practical reason: the same AI advancements that are helping the adversary are also giving us a defensive roadmap we’ve never had before. We are moving into an era where AI-driven intelligence is a baseline requirement.At the end of the day, the real advantage still lies with human ingenuity. Attackers generally operate in silos, driven by short-term profit. The security community, by contrast, has a long history of sharing knowledge to solve big problems. We saw this in action with the "swarm" of defenders who stood up the OpenClaw framework in a single weekend. Our disorganized adversaries can’t easily replicate that kind of collective speed.By giving our best people the right AI tools and sticking to a culture of transparency, we do more than just keep up. We change the rules of the game. We have a complex road ahead, but when we combine innovation with a genuine collaborative spirit, we have everything we need to build a safer, more resilient future.Braden Russell, chief technology officer, BugcrowdSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Today's AI-driven threats
The SANS team laid out a clear framework for these modern exploitation methods, illustrating how AI functions as a force multiplier for traditional attack vectors. These five techniques represent a significant shift in the risk calculus for the modern enterprise:- AI-generated zero-days: Joshua Wright highlighted a paradigm shift in vulnerability research. Historically, zero-days were rare and labor-intensive. Today, LLMs are being used to automate discovery, effectively democratizing high-level exploitation. Attendees learned that software companies are no longer facing a trickle of vulnerabilities, but a potential storm that traditional, months-long patching cycles simply cannot withstand.
- Supply chain infection at scale: Wright also emphasized that AI exploits now work in tandem with the "patchwork" nature of modern software. Because all software runs as an ecosystem, attackers use AI to find vulnerabilities in a "vendor’s vendor’s vendor." The lesson for the floor was clear: even if our own house is in order, the interconnected dependencies we rely on are the new primary targets for automated discovery.
- Operational technology (OT) homogenization: Robert Lee discussed how the shift toward uniform controls in industrial systems has made attack scaling significantly easier. AI now acts as a layer of complexity that obscures Root-Cause Analysis (RCA). In these "systems of systems," attendees learned that detecting a cyber-attack versus a safety failure has become a major hurdle, as AI-driven noise makes it harder to prove the intent behind a malfunction.
- Irresponsible AI integration: Heather Barnhart touched on the "incorporation without validation" crisis from AI-tooling. As businesses, but more importantly individuals, rush to adopt AI; they are feeding sensitive data into models without independent verification or transparency. The keynote warned that a lack of "find evidence" buttons in AI-generated information could potentially lead to catastrophic mistakes.
- The sub-24-hour exploit window: Rob T. Lee detailed the alarming velocity of the modern attack. With offensive AI agents, the time from vulnerability disclosure to active exploit is now often less than 24 hours. The attack surface is expanding via exposed enterprise AI agents, and security organizations—the "cobbler's children" who often lack their own defensive shoes—are struggling to maintain pace with these automated offensive agents.
