RSAC 2026 Day 3: AI in SOC, Cyber Trends & The Truth About Agentic AI – RSAC26 #3
AI in cybersecurity is everywhere, but is it actually delivering results?
In this RSAC 2026 Day 3 intro, we break down the biggest cybersecurity trends shaping the industry, including AI in the SOC, agentic AI, and the growing pressure to prove real value from security investments.
From market predictions to real-world challenges, this discussion covers:
Why AI in the SOC may not be living up to expectations The reality behind agentic AI hype vs practical use The “lemonade problem” in cybersecurity data quality Why organizations struggle to measure security ROI How tech debt is accelerating with rapid AI adoption The future of AI identity, trust, and reputation models Why 2026 may be the year of “prove it or lose funding”
If you're a CISO, security engineer, or IT leader, this RSAC 2026 breakdown will help you understand where cybersecurity—and AI—is really headed.
Subscribe for more cybersecurity insights, RSAC coverage, and expert interviews.
To view all the RSAC Conference 2026 coverage by CyberRisk Alliance, visit: https://securityweekly.com/rsac
- - – RSAC 2026 Day 3 Kickoff & Overview
- - – Conference Fatigue, Voice Strain & RSAC Reality
- - – Whiskey Tastings & Networking at RSAC
- - – 451 Research Insights: Cybersecurity Market Trends
- - – Why 2026 May Be a Down Year for Cyber M&A
- - – AI in the SOC: Hype vs Reality
- - – Why Security Teams Hesitate to Trust AI
- - – Risks of Blindly Adopting AI Tools
- - – The “Lemonade Problem” in Cybersecurity Data
- - – Data Quality Issues in Security Tools Explained
- - – Moving from Promise-Based to Evidence-Based Security
- - – Measuring Security ROI: Is Your Tool Actually Working?
- - – AI, Tech Debt & The Hidden Cost of Innovation
- - – Will AI Replace Jobs or Change Them?
- - – AI as an Assistant vs Decision-Maker
- - – RSA Trends: Why AI Dominates Again in 2026
- - – What Will Replace AI as the Top Trend?
- - – Agentic AI & the Rise of AI Identities
- - – Reputation vs Identity in AI Security
- - – 2026: The “Prove Value or Fail” Year for AI
- - – Budget Pressure & End of Experimental AI Spending
- - – Why “Agentic AI” Is Everywhere (And What It Means)
- - – The Real Cybersecurity Threat: Uncertainty
Beyond the Audit: Making Cyber Risk Continuous, Quantified, and Actionable – Travis Wong – RSAC26 #3
Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that's a costly blind spot. In this RSA interview, Resilience's VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise.
Resilience Arc: https://4526209.fs1.hubspotusercontent-na1.net/hubfs/4526209/arcone-pager.pdf
See it in action. Request a demo at https://securityweekly.com/resiliencersac.
Read the interview summary from SC Media here: Resilience’s Travis Wong on making cyber risk continuous, quantified, and actionable
- - – RSAC 2026 Interview Intro ????
- - – Meet Travis Wong (Cyber Risk Expert)
- - – Why Cyber Risk Management Is Broken Today
- - – What Resilience Does (Cyber Risk + Insurance Explained)
- - – Dollar-Based Risk: Speaking the Language of Business ????
- - – How Cyber Insurance Actually Works
- - – Why Actuarial Data Matters in Cybersecurity
- - – The Problem with Static Risk Assessments
- - – AI & Dynamic Risk: Why Old Models Fail
- - – Outside-In vs Inside-Out Risk Visibility
- - – Does Better Security = Lower Insurance Costs?
- - – Why Cyber Risk Is a Relationship, Not Just a Policy
- - – Transparency in Cyber Risk & Insurance Decisions
- - – Sharing Risk Models: A New Approach to Security
- - – Translating Security Risk into Business Value
- - – Communicating Cyber Risk to CFOs & Boards
- - – Building a Dynamic Cyber Risk Strategy
- - – Why Point-in-Time Risk Assessments Don’t Work
- - – The Future of GRC: Making “Risk” the Priority
- - – Risk Transfer vs Risk Mitigation Explained
- - – Measuring & Managing Cyber Risk Effectively
- - – Structural Accountability Problem in Cybersecurity
- - – CISO Risk Challenges & Real-World Case Studies
- - – Lack of Visibility Across Organizations
- - – Board-Level Cyber Risk & New Regulations
- - – Final Thoughts: The Future of Cyber Risk Management
Travis Wong is the VP of Customer Engagement at Resilience. He leads the Security and Risk Services and Customer Success teams and brings over 15 years of experience in risk management consulting, helping clients assess, measure, and manage their risk effectively.
Trends Revealed in Fortinet’s FortiGuard Labs 2026 Global Threat Landscape Report – Aamir Lakhani – RSAC26 #3
Fortinet’s Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here’s how cyber defenders should respond.
Segment Resources:
This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them!
Read the interview summary from SC Media here: Aamir Lakhani on trends in Fortinet’s 2026 Global Threat Landscape Report
- - – RSAC 2026 Day 3 Kickoff & Intro
- - – Meet Amir Lakhani (Fortinet Threat Intelligence & AI Research)
- - – What is Adversarial AI? (AI Used for Attacks)
- - – How Hackers Use AI: Prompt Injection & Model Exploits
- - – From Red Teaming to AI-Powered Cyber Attacks
- - – Real-World AI Attack Simulation (Firewall Demo)
- - – Cyber Threat Trends: Efficiency Over Complexity
- - – Stolen Credentials & “Hackers Just Log In”
- - – Dark Web Tactics & Repackaged Malware with AI
- - – AI-Powered Cybercrime Tools Explained
- - – Social Engineering at Scale with AI Agents
- - – Machine-Speed Attacks vs Human Defenses
- - – The Rise of Rogue AI & Dark Web Models
- - – Future of AI Security: Prompt Injection Risks
- - – State-Sponsored Attacks & AI Evolution
- - – WormGPT & Unrestricted AI Threats
- - – Explosion of Non-Human Identities & Agents
- - – AI Agents Creating Other AI Agents
- - – The Future: Massive Paradigm Shift in Cybersecurity
- - – AI as Defender: Real-Time Threat Detection Example
- - – Final Thoughts & RSAC 2026 Wrap-Up
Aamir Lakhani is a cybersecurity researcher and practitioner with Fortinet and FortiGuard Labs, with over 15 years of experience in the security industry. He is responsible for providing IT security solutions to major commercial and federal enterprise organizations. Lakhani is considered an industry leader in support of detailed architectural engagement and projects on topics related to cyber deference, mobile application threats, malware and advanced persistent threat (APT) research. Previously, Lakhani designed cyber solutions for defense intelligence agencies, and has assisted organizations in defending themselves from active strive-back perpetrated by underground cyber groups. Lakhani’s areas of expertise include FortiGuard, fundamentals of network protection, cyber defense, mobile application threats, malware and APT research.
Securing AI Agents: Managing Runtime Risk in Enterprise AI Systems – Jimmy White – RSAC26 #3
As organizations deploy AI agents and automated workflows, security challenges are increasingly emerging once these systems interact with APIs, enterprise data, and business processes in production.
In this segment, Jimmy White, VP of AI at F5, discusses why AI security often breaks down at runtime and how organizations can gain visibility and control over AI behavior. He will also discuss two new initiatives announced at RSA Conference – F5’s partnership with Skyfire to enable secure identity and transactions for AI agents, and a collaboration with Forcepoint that connects data discovery and classification with runtime protections to help organizations secure AI systems across their full lifecycle.
Segment Resources:
F5 Application Delivery and Security Platform (ADSP) https://www.f5.com/products/f5-application-delivery-and-security-platform
F5 AI Guardrails and F5 AI Red Team https://www.f5.com/go/solution/f5-ai-security-with-guardrails
F5 Distributed Cloud Bot Defense https://www.f5.com/products/distributed-cloud-services/bot-defense
F5 Labs Research https://www.f5.com/labs
For more information about F5, please visit https://securityweekly.com/f5rsac.
Read the interview summary from SC Media here: F5’s Jimmy White on managing runtime risk in enterprise AI systems
- - – Intro: RSAC 2026 & Securing AI Agents
- - – From GenAI to Agentic AI: Rapid Adoption Explained
- - – The Biggest Challenge: Discovering AI Agents in Your Environment
- - – Shadow AI & “Vibe Coding” Risks in Enterprises
- - – Why Securing AI After Deployment Is Too Late
- - – Controlling AI Behavior: “Pre-Crime” Guardrails Explained
- - – Real-Time AI Intervention: Nudging vs Blocking Actions
- - – Why “How AI Works” Matters More Than “What It Does”
- - – AI Identity & Access Control Challenges
- - – F5 + Skyfire + Forcepoint: Securing the AI Ecosystem
- - – AI Adoption Chaos: Can Security Catch Up?
- - – Crawl, Walk, Run: Building an AI Security Strategy
- - – Why Hands-On AI Testing Is Critical for Security Teams
- - – AI vs Other Tech: Why Adoption Is So Fast
- - – Real-World AI Example: Autonomous Systems & Risk
- - – Enterprise AI Risks: Employee Usage & Security Concerns
- - – Final Thoughts: The Fastest Tech Shift in 20+ Years
Jimmy White is a technology and AI leader focused on building secure, scalable platforms at the intersection of AI, infrastructure and cybersecurity. He currently drives AI and engineering strategy at F5, where he’s leading efforts to secure AI systems and modern application environments. Previously, he served as Chief Technology Officer and President at CalypsoAI, helping scale the company’s AI security capabilities, and has held senior engineering and security leadership roles at organizations including Qualtrics and FireEye/Mandiant. With many years of experience across software, security, and high-growth product teams, Jimmy is passionate about translating emerging AI innovation into practical, enterprise-ready solutions.
Why Passkeys Are Ready for Prime Time in Modern Banking – Ashish Jain – RSAC26 #3
Authentication has long required an uneasy tradeoff between strong security and smooth user experience. Banks have relied on a mix of passwords, OTPs, SMS codes, voice calls, and push notifications each with its own vulnerabilities and user experience challenges. Passkeys, built on FIDO standards, finally deliver a phishing resistant, high assurance, passwordless experience that improves both security and usability. This interview segment explores why passkeys are ready now for even the highest risk banking use cases, why banks should be moving quickly to adopt them, and how OneSpan delivers the most complete, secure, and enterprise ready passkey solution on the market. With Gartner predicting that by 2027 more than 75% of workforce authentication and over 40% of customer authentication will be passwordless, the shift is accelerating and the institutions that move early will gain a meaningful security and UX advantage.
Segment Resources:
FIDO Alliance – Passkeys & Phishing Resistant Authentication https://fidoalliance.org/passkeys/ https://www.onespan.com/products/digipass-s3-authentication-software https://onespan.widencollective.com/dam/assetdetails.assetdetailstab.metadatapanel.metadatainlineeditor:eventlink?inav=false&t:ac=asset:52a52e9e-d01e-4d61-ac3d-0312a1ccc7f3/$N/assetversion:cb1303d2-6361-4fd7-af91-8e70c3c0c918
This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them!
Read the interview summary from SC Media here: OneSpan’s Ashish Jain on why passkeys are ready for prime time in modern banking
- - – RSAC 2026 Intro & Passkeys Discussion Begins
- - – Why Passkeys Are Ready for Banking
- - – Security vs User Experience in Authentication
- - – Why Users Resist Passwordless Login
- - – Passkeys vs Passwords: Real Data & Success Rates
- - – Faster Logins: Passkeys vs MFA Comparison
- - – Why Banking Needs Better Authentication UX
- - – How Passkeys Stop Phishing & Credential Attacks
- - – Are Passwords & MFA Becoming Obsolete?
- - – Pros & Cons of SMS, Push, and Other Auth Methods
- - – How Banks Should Roll Out Passkeys (Best Strategy)
- - – Phased Adoption: Don’t Force Users Too Early
- - – Mobile vs Web: Where Passkeys Work Best
- - – OneSpan Passkey Implementation Explained
- - – FIDO Standards & Authentication Expertise
- - – Real-World Deployment at Scale (Millions of Users)
- - – Final Thoughts: The Future is Passwordless
Ashish Jain is OneSpan’s Chief Technology Officer. Widely regarded as one of the top digital identity experts in the industry, Ashish brings over two decades of experience leading product management, engineering, and operations teams at global organizations. He most recently served as Chief Product Officer at Arkose Labs, an enterprise fraud management and account security company where he led the development of the platform to help address consumer fraud and identity challenges for many Fortune 1000 companies. Prior to his role at Arkose Labs, Ashish served as Head of Identity at eBay, where he led the global engineering team to build the identity, risk, and trust platform to support onboarding, authentication, KYC, fraud, and abuse protection for 180+ million eBay customers and third-party developers. Before joining eBay, Ashish was Vice President of Workspace ONE at VMware, where he spearheaded the development and patenting of a solution that integrated identity and mobile device management, one of the core tenets of Zero Trust Security.
How AI-Driven Development is Reshaping the Application Risk Landscape – Idan Plotnik – RSAC26 #3
AI coding assistants are dramatically accelerating software development, generating more code and more change than security teams were built to handle. In this interview, Idan Plotnik discusses how AI-driven development is reshaping the application risk landscape and why traditional vulnerability management models can’t keep up.
Segment Resources:
This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them!
Read the interview summary from SC Media here: Apiiro’s Idan Plotnik on how AI-driven development and the risk landscape
- - RSAC 2026 Introduction & AI Dominance in Cybersecurity
- - AI Trends and Predictions for Cybersecurity
- - Shift from AI Hype to Data Security & Identity
- - Rapid Adoption of AI Coding Agents in Enterprises
- - Risks of AI-Generated Code and Developer Blind Spots
- - How AI Changes Software Development & Security
- - Loss of Visibility for CISOs and Need for Control
- - Secure Prompt Technology Explained
- - How AI Security Fits into the SDLC
- - Seamless Integration with Coding Agents
- - AI Compliance & Secure Code Generation
- - Rethinking AppSec and the End of Traditional Shift-Left
- - Why Developer Training is Becoming Obsolete
- - Preventing Vulnerabilities Before Code is Written
- - Eliminating Alert Fatigue in Developers
- - Balancing Security with Developer Velocity
- - AI Model Flexibility and Agnostic Approach
- - Future of AI Security & Software Development Evolution
Idan is a serial entrepreneur and product strategist, bringing to Apiiro nearly 20 years of experience in cybersecurity. Previously, Idan was Director of Engineering at Microsoft following the acquisition of Aorato where he served as the founder and CEO.
Mind the Gap: Confidence, AI, and the Future of Exposure Management – Chris Wallis – RSAC26 #3
Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder’s 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality.
This segment is sponsored by Intruder. Visit https://securityweekly.com/intruderrsac to learn more about them!
Read the interview summary from SC Media here: Intruder’s Chris Wallis on confidence, AI and the future of exposure management
- - RSAC 2026 Introduction & Cybersecurity Trends
- - AI Uncertainty and Rising Tech Debt in Security
- - What is Exposure Management in Cybersecurity?
- - Moving Beyond Vulnerability Management to Risk-Based Security
- - Why Traditional Vulnerability Scanners Miss Real Threats
- - False Confidence in Security Scanning Explained
- - The Need for Real-World Attack Surface Visibility
- - How AI is Transforming Exposure Management
- - Using AI to Prioritize Real Security Risks
- - Solving Context Gaps in Cybersecurity Data
- - The Future of AI in Penetration Testing
- - Human vs AI in Advanced Security Testing
- - Lessons from Real Cyber Breaches & Failures
- - CISO vs Security Team Confidence Gap
- - Are We Measuring the Right Security Metrics?
- - Zero-Day Exploits and Faster Attack Timelines
- - Why Patching Alone No Longer Works
- - The Importance of Detection, Response & Mitigation
- - Rethinking Cybersecurity Strategy Beyond Vulnerabilities
- - Final Thoughts & Security Report Takeaways
Chris Wallis is Founder and Chief Executive Officer (CEO) at Intruder. He has previously worked as Senior Security Specialist at WorldPay, Lead Security Consultant at Context Information Security and Security Consultant at Deloitte. Chris is an alumnus of the University of Bath.
Why More Technology Hasn’t Made Us More Secure – John Anthony Smith – RSAC26 #3
Despite massive investment in cybersecurity tools, organizations remain vulnerable because their existing technologies are often misconfigured, poorly integrated, and disconnected from real operational risk. This keynote argues that complexity, human decision‑making, and gaps in execution—not a lack of products—are what truly empower attackers, especially as modern environments like cloud and SaaS expand the attack surface. Real security comes from simplifying, aligning, and expertly orchestrating what organizations already own, shifting the focus from buying tools to achieving disciplined, resilient outcomes grounded in breach reality.
This segment is sponsored by Fenix24. Visit https://securityweekly.com/fenix24rsac to learn more about them!
Read the interview summary from SC Media here: Fenix24’s John Anthony Smith on why more technology hasn’t made us more secure
- - Introduction & RSAC 2026 Interview
- - What Phoenix 24 Does: Fast Post-Breach Recovery
- - Why Backups Often Fail in Cyberattacks
- - The Importance of Speed in Breach Recovery
- - Minimizing Downtime & Business Interruption Costs
- - Working with Incident Response & Forensics Teams
- - Wartime vs Peacetime Cybersecurity Strategy
- - What “Breach Truth” Means in Cybersecurity
- - Why Security Tools Alone Don’t Work
- - Orchestration: People, Process & Technology
- - Real Attacker Behavior & Short Dwell Time
- - Why Traditional SLAs Fail Against Attackers
- - How Most Breaches Actually Happen (Misconfigurations)
- - Real-World Breach Example: No MFA on VPN
- - The Problem with Security Tool Overload
- - Continuous Security Hardening & Risk Reduction
- - Argos Platform: Data Discovery & Mapping
- - Finding Critical Data & Application Dependencies
- - Preparing for Recovery Before a Breach
- - Ensuring Backup Integrity & Recovery Assurance
- - Why PAM Solutions Can Still Fail
- - Real Attack Chain: From AD to Data Exfiltration
- - What Effective Security Orchestration Looks Like
- - Final Thoughts & Key Takeaways
John Anthony Smith, Founder and Chief Security Officer of Fenix24, is a leading information security expert with deep cybersecurity experience in healthcare, financial services, and legal industries. He has overseen infrastructure for over 400 companies and currently serves as a vCIO and trusted advisor to companies worldwide. With more than 16 years of breach response experience, he is a staunch advocate for tougher sanctions on nations harboring cybercriminals and is dedicated to locating, investigating, and prosecuting cybercriminals.
No Device, No Access: The Future of Zero Trust Security – Rob Allen – RSAC26 #3
As credential-based attacks continue to dominate headlines, many organizations are realizing that identity alone is no longer a sufficient control. This conversation explores the shift toward device-based access enforcement and why tying access to both user and device is becoming critical. We’ll discuss how this evolution is reshaping Zero Trust strategies across modern environments.
Segment Resources:
https://www.threatlocker.com/tl-capabilities/zero-trust-cloud-access https://www.threatlocker.com/tl-capabilities/zero-trust-network-access https://www.threatlocker.com/press-release/threatlocker-launches-zero-trust-network-and-cloud-access-to-stop-credential-based-cyberattacks
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them!
Read the interview summary from SC Media here: ThreatLocker’s Rob Allen on the future of zero trust security
- - RSAC 2026 Day 3 Introduction & Guest Overview
- - Podcast Culture & Cybersecurity Influencers
- - Zero Trust Security & ThreatLocker Overview
- - The Challenge of Explaining Cybersecurity Trends
- - Social Media, TikTok & Tech Culture at RSAC
- - Cybersecurity Conference Experience & Networking
- - ThreatLocker Presence at RSAC 2026
- - Conference Chaos, Protests & Event Stories
- - San Francisco Culture & RSAC Atmosphere
- - Traveling Across the U.S. – Scale & Geography Lessons
- - Why San Francisco Feels Unique for Tech Events
- - Comparing U.S. Cities & Cybersecurity Conferences
- - The Reality of Travel Distance in the U.S.
- - Lessons from Visiting Colorado & Large Regions
- - Time vs Distance – Navigating U.S. Travel
- - Scenic Routes, Travel Tips & Conference Trips
- - Startup Ideas, Innovation & Tech Humor
- - RSAC Conversations & Industry Networking Value
- - Zero Trust Security (Quick Take)
- - Final Thoughts & ThreatLocker Call to Action
Rob Allen, Chief Product Officer of ThreatLocker, is an IT Professional with three decades of experience assisting small and medium enterprises embrace and utilize technology. He has spent the majority of this time working for an Irish-based MSP, which has given him invaluable insights into the challenges faced by businesses today. Rob’s background is technical – first as a system administrator, then as a technician and an engineer. His broad technical knowledge, as well as an innate understanding of customers’ needs, made him a trusted advisor for hundreds of businesses across a wide variety of industries. Rob has been at the coalface, assisting clients in remediating the effects of, and helping them recover from cyber and ransomware attacks.
Beyond IOCs: A Framework for High-Impact Cyber Threat Intelligence – Samuel Hassine – RSAC26 #3
In a time where the ability to turn intelligence into decisive action is a true competitive advantage, organizations must move beyond reactive alert triage to a proactive, threat-informed defense. This segment explores how unifying threat intelligence with adversarial attack simulation enables a Continuous Threat Exposure Management (CTEM) framework that replaces hype with measurable outcomes. We will discuss why these are no longer just technical security conversations, but critical business strategies that provide the board and C-suite with the clarity and confidence to reduce risk and focus resources where they matter most.
Segment Resources:
Blog: https://filigran.io/our-blog/ CTEM blog: https://filigran.io/ctem-but-without-the-hype-turning-intel-and-validation-into-outcomes/ Github: https://github.com/FiligranHQ Filigran Community: https://filigran-community.slack.com/ Filigran Academy: https://academy.filigran.io/ Get a tailored demo: https://filigran.io/book-a-demo/
This segment is sponsored by Filigran. Visit https://securityweekly.com/filigranrsac to learn more about them!
Read the interview summary from SC Media here: Filigran’s Samuel Hassine on a framework for high-impact cyber threat intelligence
- - Introduction & RSAC 2026 Interview
- - Topic Overview: Beyond IOCs & Threat Intelligence
- - What Modern Threat Intelligence Really Means
- - OpenCTI Platform & Intelligence Aggregation
- - Pyramid of Pain & Intelligence Lifecycle
- - Measuring Security Value & ROI Challenges
- - From Intelligence to Threat-Informed Defense (CTEM)
- - Continuous Threat Exposure Management Explained
- - Validation Challenges in Real Environments
- - AI, Agentic Security & Validation Risks
- - Importance of High-Quality Threat Intelligence
- - Exploitation vs Real Risk Explained
- - Why Speed Matters in Cybersecurity Defense
- - How Defenders Can Get Faster
- - Proactive Security & Continuous Testing
- - Learning from Past Incidents
- - Closing Thoughts & Key Takeaways
Former Head of Cyber Threat Intelligence at the French Cybersecurity Agency (ANSSI) and Director of Cybersecurity Strategy at Tanium, Samuel Hassine is the CEO and the co-founder of Filigran, a fast-growing European CyberTech developing cutting-edge solutions for cyber threat management.
The Agentic SOC: Autonomous AI Analysts at Machine Speed – Edward Wu – RSAC26 #3
SOC teams are overwhelmed with the sheer number of alerts and have historically been reactive. Edward will discuss how Dropzone’s Agentic SOC deploys autonomous AI agents that investigate every alert, respond to emerging threats, and proactively hunt attackers - without a human bottleneck. He’ll explain how agent collaboration, deep recursive investigations, and self-agency expand SOC capacity by 10x without additional headcount.
This segment is sponsored by Dropzone AI. Visit https://securityweekly.com/dropzonersac to learn more about them!
Read the interview summary from SC Media here: DropZone AI’s Edward Wu on autonomous AI analysts at machine speed
- - Introduction to RSAC 2026 & Agentic AI SOC Explosion
- - The Overcrowded Market of AI SOC Vendors
- - What Makes Dropzone AI Different?
- - Scaling to 300+ Enterprise Deployments
- - MSSP & MDR Partnerships Explained
- - The Challenge of Building True Agentic AI
- - Why LLMs Are Non-Deterministic (And Why It Matters)
- - The Need for Consistency in Security Operations
- - How Dropzone Achieves Deterministic AI Outcomes
- - Inside the AI SOC: 100+ LLM Invocations Per Alert
- - Mimicking Human Analyst Investigation Workflows
- - The Importance of Reporting & Communication in SOC
- - Modular AI Architecture for Security Operations
- - Turning Probabilistic AI into Reliable Systems
- - The “Internal Combustion Engine” AI Analogy
- - Eliminating the Human-AI-Human Workflow Problem
- - Achieving 100% Software-Driven SOC Automation
- - Adapting AI to Organizational Context & Policies
- - Training AI with Historical Security Case Data
- - Future Roadmap: Building an Army of AI Agents
- - Expanding Beyond SOC Analysts to Full Security Roles
- - AI Threat Intelligence, Detection & Hardening Agents
- - The Rise of AI Forensics & Response Automation
- - Humans as “Generals” Leading AI Security Agents
- - Product Roadmap & Upcoming AI Agent Releases
Edward Wu is the founder & CEO of Dropzone AI, creator of the world’s first autonomous AI SOC analyst that force-multiplies cybersecurity teams with armies of AI agents. Previously, Edward spent eight years at ExtraHop Networks, leading AI/ML and detection engineering and developing behavioral network attack detection. He also worked on automated binary analysis and software defenses at the University of Washington, Seattle, and UC Berkeley. Edward holds 30+ patents in applied AI for cybersecurity and is a contributor to the MITRE ATT&CK framework.
The Guardrails are Gone: The Onus for AI Security Is On the Enterprise – Marc Manzano – RSAC26 #3
AI model providers are increasingly stepping back from enforcing guardrails, putting the responsibility for AI security squarely on enterprises. But most organizations don't yet have the visibility to meet that responsibility, facing a blind spot across the broader ecosystem of AI systems already operating in their environments. Closing that gap requires unified visibility across both AI systems and the cryptographic infrastructure they touch, so security teams can assess risk and act on it in one place.
Segment Resources:
https://www.sandboxaq.com/press/sandboxaq-report-ai-adoption-outpacing-ai-security https://www.sandboxaq.com/press/sandboxaq-launches-aqtive-guard-ai-spm-to-stop-the-rapid-spread-of-shadow-ai-across-the-enterprise
Visit https://securityweekly.com/sandboxaqrsac to discover how enterprises are taking control of their AI security with AQtive Guard AI-SPM by SandboxAQ.
Read the interview summary from SC Media here: SandboxAQ’s Marc Manzano: The onus for AI security is on the enterprise
- - Introduction to RSAC 2026 & AI Guardrails Discussion
- - Do AI Guardrails Even Exist Yet?
- - New Security Challenges Introduced by AI
- - Speed & Asymmetry Between Attackers and Defenders
- - Why Attackers Move Faster Than Security Teams
- - The Rise of Shadow AI in Enterprises
- - AI Supply Chain Risks & Hidden Vendor AI Usage
- - Data Security Challenges with AI Prompts & Semantics
- - Malicious AI Models & Open Source Threats
- - Lack of Traceability Across AI Agents
- - AI as a New Insider Threat Risk
- - AI-Powered Exploits & Zero-Day Speed Advantage
- - Why Traditional Patch Windows No Longer Work
- - Keeping Security Systems at Machine Speed
- - How to Detect Shadow AI in Your Environment
- - Moving from Inventory to Risk-Based AI Visibility
- - Expanding AI Risks Across the Supply Chain
- - Quantum Computing & AI Security Intersection
- - Post-Quantum Cryptography vs Quantum Cryptography
- - How CISOs Should Handle AI + Quantum Threats
- - Building Separate AI and Quantum Security Programs
- - Automating Identity & Access for AI Agents
- - Final Thoughts on AI Security Strategy
Dr. Marc Manzano leads the cybersecurity group at Sandbox. His current research interests include post-quantum cryptography, lightweight cryptography, fully-homomorphic encryption, the intersection between machine learning and cryptanalysis, performance optimizations of cryptographic implementations on a wide range of architectures, and quantum algorithms. Manzano holds a Ph.D. in Computers Network Security, which he earned under the supervision of the University of Girona (Spain) and Kansas State University (United States). He earned an MSc in Computer Science from the University of Girona (Spain), while he did research stays at UC3M (Spain) and at DTU (Denmark). He initiated his research career while finalizing his BSc in Computer Engineering at Strathclyde University (UK).
Over the past ten years, Manzano has led the development of many secure cryptographic libraries and protocols. Manzano was formerly a Senior Staff Software Engineer at Google, and before that, he was the Vice President of the Cryptography Research Centre at the Technology Innovation Institute, a UAE-based scientific research center. Prior to that, he held several positions where he was responsible for implementing pivotal cryptographic components of a variety of secure communication products, including an electronic voting platform.
Multi-Channel Impersonation: Why Legacy Controls Are Failing – Bobby Ford – RSAC26 #3
As social engineering expands past just email to include text messages, chat apps, social platforms, and live video calls, traditional point solutions are struggling to keep up. In this segment, Bobby Ford explains how AI-powered impersonation and deepfake-enabled campaigns are exposing critical gaps in legacy defenses, and why organizations must evolve toward a unified social engineering defense platform that connects Digital Risk Management and Human Risk Management. He’ll outline what modern security programs need: real-time cross-channel visibility, behavior-driven detection, and strategies designed around how people actually communicate and make decisions today.
Segment Resources:
https://www.doppel.com/blog/new-hrm-capabilities-built-how-attacks-actually-happen https://www.doppel.com/blog/why-every-brand-needs-impersonation-attack-response-plan https://www.doppel.com/product/simulation https://www.doppel.com/product/brand-protection https://www.doppel.com/product/security-awareness-training
Visit https://securityweekly.com/doppelrsac to learn how Doppel helps organizations defend against AI-powered impersonation, phishing, and multi-channel social engineering threats with a modern Human Risk Management approach.
Read the interview summary from SC Media here: Doppel’s Bobby Ford on why legacy controls are failing
Bobby Ford is the Chief Strategy and Experience Officer at Doppel, an AI-native social engineering defense platform backed by Bessemer Venture Partners and a16z. A globally recognized cybersecurity leader, Bobby has nearly 30 years of experience and has served as CISO for Abbott Laboratories, Unilever, Exelis, and Hewlett Packard Enterprise. Since joining Doppel in July, Bobby has played a pivotal role in shaping the company’s strategy during a defining period of expansion and innovation.
Hard Truths: The Lies We Keep Buying in Cybersecurity – Andrew Rubin – RSAC26 #3
Cybersecurity isn’t broken because of a lack of technology—it’s broken because the industry avoids hard truths. Fear still drives budgets. AI is oversold as a cure‑all while foundations remain weak, and CISOs are held accountable without the authority to change outcomes. In this conversation, Illumio CEO and founder Andrew Rubin breaks down what must change to build real resilience—because the next breach won’t just impact the business, it could end a career.
For more information about Illumio, please visit: https://securityweekly.com/illumiorsac
Read the interview summary from SC Media here: Illumio’s Andrew Rubin: The lies we keep buying in cybersecurity
- - Introduction to RSAC 2026 & Cybersecurity Myths
- - The Big Lie: “We Can Be 100% Safe”
- - Accepting Breaches as Inevitable
- - Why Cybersecurity Is Not Binary (Safe vs Breached)
- - The Inventory Problem in Cybersecurity
- - Understanding Risk Beyond Black-and-White Thinking
- - Dwell Time & Why Detection Speed Matters
- - AI Accelerates Attacks Beyond Human Speed
- - The Misunderstanding of Cyber Risk
- - Why Security Investments Don’t Match Real Risk
- - The Importance of Basic Cyber Hygiene
- - AI Speed vs Security Limitations
- - How AI Gives Attackers a Massive Advantage
- - Rethinking the Cybersecurity Playbook
- - Why Traditional Security Models Won’t Work for AI
- - The Need for Honest Industry Conversations
- - Reactive vs Proactive Cybersecurity Mindsets
- - Fixing Security Hygiene & Closing Attack Surface Gaps
- - AI, MCP, and Expanding Network Complexity
- - The Explosion of Attack Surface with AI Infrastructure
- - Final Thoughts on the Future of Cybersecurity
As Founder, CEO, and Board Member of Illumio, Andrew is responsible for the overall strategy and vision of the company. With deep expertise in Zero Trust, segmentation, network security, and regulatory and compliance management, Andrew is the Executive Sponsor of many of Illumio’s largest customers worldwide, including Citi, HSBC, Salesforce, and Microsoft. Andrew frequently participates in panels, articles, and podcasts for leading industry events and publications. Andrew was named to Goldman Sachs’ “100 Most Intriguing Entrepreneurs” seven times as part of its Builders & Innovators program and received Ernst & Young’s Bay Area Entrepreneur of the Year 2024.
Andrew serves as a Board Member of Emigrant Bank, as well as an advisor to several cyber and technology start-ups, and is an active angel investor. Andrew graduated from Washington University in St. Louis with a BSBA in Finance, and he is both a guest lecturer on entrepreneurship and a National Council member of the Skandalaris Center for Entrepreneurial Studies at the university.
RSAC 2026 Day 3: AI Security Trends, MCP Risks & The Future of Cybersecurity – RSAC26 #3
RSAC 2026 Day 3 delivered powerful insights into the future of cybersecurity, with a strong focus on AI security, agentic AI, and emerging risks like Model Context Protocol (MCP).
In this discussion, Joshua Marpette and Matt Alderman break down key trends from the expo floor, including the rise of AI-driven security tools, the challenges of securing MCP and APIs, and the growing need for visibility, automation, and real outcomes in cybersecurity programs.
They also explore why agentic AI is dominating the conversation, how market consolidation is impacting startups, and what the shift toward autonomous security systems means for the future of cybersecurity professionals.
Key topics covered:
The security risks of Model Context Protocol (MCP) Why AI security is evolving beyond hype The shift from alerts to automated outcomes Cybersecurity market consolidation and startup survival Human vs AI roles in the future of security
If you're tracking cybersecurity trends, AI threats, or RSAC 2026 highlights, this conversation gives you a clear, real-world perspective on where the industry is heading.
To view all the RSAC Conference 2026 coverage by CyberRisk Alliance, visit: https://securityweekly.com/rsac
- - RSAC 2026 Day 3 Recap & Key Takeaways
- - Early Stage Expo Insights & Startup Trends
- - The Real Problem: Securing AI Model Context Protocol (MCP)
- - MCP vs APIs – The New Security Challenge
- - Lack of Visibility = No Protection in AI Systems
- - Agentic AI Overload & Market Saturation
- - Too Many Cybersecurity Vendors, Not Enough Buyers
- - Industry Consolidation & Startup Survival Reality
- - AI Driving Market Consolidation in Cybersecurity
- - Massive Marketing Spend & Big Vendor Presence at RSAC
- - Collaboration Over Competition – New Industry Trend
- - Open Ecosystems & Data Sharing in Security Platforms
- - The End of Point Solutions in Cybersecurity
- - From Alerts to Outcomes – The Future of Security
- - Autonomous Security & Human-in-the-Loop Evolution
- - Trusting AI for Automated Cyber Defense
- - The Risk of Losing Human Expertise in Security
- - The Future of Cybersecurity Careers & Skills Gap
- - Rise of AI Security Roles & Prompt Engineering
- - Final Thoughts & RSAC 2026 Wrap-Up
