RSAC 2026 Day 4: AI Security, Agentic AI & Cybersecurity Must Move Beyond Monitoring – RSAC26 #4
RSAC 2026 Day 4 starts off with powerful insights into the future of cybersecurity, where AI security, agentic AI, and automation are reshaping the industry.
In this conversation, Mike Shema and Matt Alderman break down the biggest takeaways from the conference, including why AI-native security startups are rising, how Model Context Protocol (MCP) is becoming the next security battleground, and why visibility alone is no longer enough.
A key theme from RSAC 2026: cybersecurity must evolve from monitoring to action. As attackers move at machine speed using AI, defenders must adopt automation, autonomous security, and human-in-the-loop decision-making to keep up.
You’ll also learn:
Why agentic AI dominated RSAC 2026 The shift from alerts → outcomes in security operations How small and large language models will work together Why cyber hygiene still matters more than hype The growing importance of security ecosystems and collaboration
If you're interested in cybersecurity trends, AI threats, or the future of enterprise security, this video delivers actionable insights from one of the industry’s biggest events.
Watch till the end for predictions on RSAC 2027 and beyond
To view all the RSAC Conference 2026 coverage by CyberRisk Alliance, visit: https://securityweekly.com/rsac
- - RSAC 2026 Day 4 Kickoff & Final Takeaways
- - Surviving RSAC: 20 Years of Cybersecurity Evolution
- - Agentic AI Everywhere – Conference Theme Recap
- - ChatGPT Summary of RSAC 2026 Trends
- - Rise of AI-Native Security Startups
- - AI Disruption & Companies That Won’t Survive
- - Identity, Cloud & AI Supply Chain Risks
- - From Visibility to Actionable Security
- - Why Monitoring Alone Is No Longer Enough
- - Continuous Control Management vs Monitoring
- - Human-in-the-Loop AI & Autonomous Security مستقبل
- - Small Language Models vs Large Language Models
- - Multi-Model AI Strategy in Cybersecurity
- - AI Models Becoming a Commodity
- - Real Talk: Cybersecurity Industry Myths Exposed
- - Why 100% Security Is Impossible
- - Cyber Hygiene vs Shiny AI Tools
- - Foundational Security Still Matters
- - Automation vs AI – What Actually Matters
- - Finding Real Innovation at RSAC Expo
- - MCP Security: The Next Firewall for AI Agents
- - AI Supply Chain Risks & Skill File Security Challenges
- - Future of AI Security & Natural Language Risks
- - What’s Next After RSAC 2026
- - Building Cybersecurity Ecosystems & Community
- - Final Thoughts & RSAC 2026 Wrap-Up
The Making of Midnight in the War Room – Mickey Bresman – RSAC26 #4
Semperis is producing Midnight in the War Room, a full length feature film on cyberwar and CISO heroism and their work defending their companies against the onslaught of cyberattacks. Midnight in the War Room puts a human face on the front lines of cyber defense and will reveal the weight carried by defenders every day and why resilience must be built not only into systems, but into people and institutions.
Segment Resources:
Website link: https://www.semperis.com/midnight-in-the-war-room/
Forbes article: https://www.forbes.com/sites/tonybradley/2025/10/16/midnight-in-the-war-room-and-the-unsung-heroes-of-cybersecurity/
This segment is sponsored by Semperis! Visit https://securityweekly.com/semperisrsac to learn more information about Midnight in the War Room.
Read the interview summary from SC Media here: Semperis’ Mickey Bresman: The making of ‘Midnight in the War Room’
- - RSAC 2026 Interview with Semperis CEO Mickey Bresman
- - Cybersecurity Documentary “Midnight in the War Room” Overview
- - Inside the Cybersecurity Industry: Government, Hackers & Defenders
- - Real Stories from WannaCry, CISA & Cyber Leaders
- - Breaking the “Hacker in a Hoodie” Myth
- - Diversity & Career Paths in Cybersecurity
- - Mental Health & Burnout in Cybersecurity Roles
- - Why This Documentary Matters for the Industry
- - Encouraging New Talent into Cybersecurity Careers
- - Skills Gap & Non-Technical Entry into Cybersecurity
- - Behind the Scenes: Making a Cybersecurity Documentary
- - Real Cybercrime Stories & Personal Risk for CISOs
- - The True Cost of Cybercrime & Ransomware Attacks
- - Critical Infrastructure Attacks & Colonial Pipeline Impact
- - When & Where to Watch the Film (Black Hat Premiere)
- - Future Sequels & Expanding Cybersecurity Stories
- - Final Thoughts & RSAC 2026 Coverage
Mickey Bresman is CEO and co-founder of Semperis, the identity-driven cyber resilience and crisis response company.
Beginning his technical career in the Navy, Mickey’s comfort zone is on the front lines helping organizations thwart and respond to cyberattacks. The long-time cybersecurity expert and entrepreneur has an extensive track record of driving revenue growth and scaling organizations across the globe. Prior to founding Semperis, Mickey held the position of CTO at YouCC Technologies, a Microsoft Gold Partner integration company. As a cybersecurity thought leader, Mickey has been quoted or featured in many major publications, including Forbes, Fortune, Wall Street Journal and others.
Semperis recently surpassed $150M in annual recurring revenue, a milestone that fewer than one in every 1,000 venture-backed enterprise software companies achieves. The company was recently recognized by Cohesity as its 2025 Security Partner of the Year, one of Dun’s 100 Best HighTech Companies, recognized by Inc. Magazine as one of its Best Workplaces for four consecutive years and has been named to Deloitte’s Technology’s Fast 500 for the sixth consecutive years.
Attack Surface Just Got a Copilot – Rob Juncker – RSAC26 #4
AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business.
Segment Resources:
Recently released research report: https://www.mimecast.com/resources/ebooks/state-of-human-risk/ (&ungated https://assets.mimecast.com/api/public/content/8eddf3a742d64ba8b6b13fe8dcea95d5?v=d54cf9e5&download=false) Two recent (March 2026) product announcements: https://www.mimecast.com/resources/press-releases/march-platform-enhancements/ & https://www.mimecast.com/resources/press-releases/mimecast-api-email-security/ Incydr product page: https://www.mimecast.com/products/incydr/ Blog: https://www.mimecast.com/blog/whats-your-data-worth/ Blog: https://www.mimecast.com/blog/faster-detection-fewer-threats-zero-compromise/ Blog: https://www.mimecast.com/blog/mimecasts-spring-launch/
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them!
Read the interview summary from SC Media here: Mimecast’s Rob Juncker: The attack surface just got a copilot
- - Introduction to RSAC 2026 & Mimecast
- - Mimecast Evolution Beyond Email Security
- - From Email Security to Human Risk Management
- - Why Humans Are the Biggest Cybersecurity Risk
- - Rise of Agentic AI & Non-Human Identities
- - Should AI Agents Be Treated Like Humans?
- - AI Behavior, Hallucinations & Risk at Scale
- - Real-World AI Bot Behavior & Security Lessons
- - AI-to-AI Communication Risks Explained
- - Prompt Injection Attack Example (Real Case)
- - Security Guardrails vs Human Training
- - The “AI Security Triangle” Framework
- - Behavior Monitoring for Humans vs AI Agents
- - Detecting AI Activity at Machine Speed
- - Shadow AI & Unsanctioned Tool Risks
- - Can AI Guardrails Be Updated in Real Time?
- - Preventative vs Reactive AI Security Controls
- - Automating AI Behavior & Governance
- - Future Risks: Rogue AI & Mass Automation
- - Final Thoughts on AI Risk Management
Rob Juncker is Chief Product Officer at Mimecast, where he leads strategy and product management across the global portfolio. With 25+ years in security, IT, cloud, and mobile, he serves as a trusted advisor to enterprise CISOs and Fortune 500 security leaders, helping organizations shift from reactive threat response to proactive human risk management.
As former CTO at Code42 (acquired by Mimecast in 2024), Rob led the teams that built the Incydr insider risk management solution, transforming the company from an on-premises backup product to a cloud-delivered cybersecurity platform. He previously held senior R&D roles at Ivanti and VMware, driving innovation at the intersection of security, cloud, and enterprise IT.
Securing the Next Billion Users: Why the Browser is the Front Line for Agentic AI – Ramin Farassat – RSAC26 #4
The enterprise is facing a fundamental shift: the next billion knowledge workers will not be human, they will be AI agents. While these agents offer exponential productivity, they operate at machine speed without human guardrails like MFA or skepticism, creating a massive security blind spot. Ramin Farassat discusses the "Agentic Paradox" and how a new approach to browser security is required to provide architectural immunity for the modern, hybrid workforce of both humans and agents.
Segment Resources:
Menlo on LinkedIn: https://www.linkedin.com/company/menlo-security/ Website: https://www.menlosecurity.com/ Product Page: https://www.menlosecurity.com/product
Learn more about how Menlo Security protects both humans and agents at https://securityweekly.com/menlorsac.
Read the interview summary from SC Media here: Menlo’s Ramin Farassat: Why the browser is the front line for agentic AI
- - Introduction to RSAC 2026 & Menlo Security
- - Securing the Next Billion AI Users
- - Why AI Agents Will Outnumber Humans
- - Browser Security for AI Agents Explained
- - Shift from Read-Only to Read/Write AI
- - The Visibility Problem with Agentic AI
- - Detecting AI Agents in the Environment
- - Registering and Tracking AI Agents
- - Applying Security Controls to AI Agents
- - Human vs AI Security Controls Compared
- - Authentication & Authorization for AI
- - Preventing Data Leakage from AI Agents
- - Risks of Agent-to-Agent Spread
- - AI Communication Beyond the Browser (MCP)
- - Securing MCP with Browser-Based Controls
- - Converging AI Communication Channels
- - Getting Started with AI Security Strategy
- - Dev vs Security Teams Collaboration
- - Automating AI Agent Registration & Control
- - Managing Dev vs Security Conflicts
- - Using AI to Secure AI (Automation)
- - Moving from Detection to Autonomous Action
- - Building Trust in AI Security Systems
- - Why Proactive AI Security Matters
- - Future of AI Security & Compliance
- - Data Sovereignty Challenges with AI
- - Managing Global Compliance for AI Agents
- - Final Thoughts on Securing Agentic AI
Ramin Farassat is the Chief Product Officer at Menlo Security, where he leads the company’s product strategy, management, and design. He is an Executive Product Leader with a proven track record of scaling SaaS platforms, driving Al-led innovation, and delivering sustained enterprise growth. Ramin bridges boardroom strategy with day-to-day execution – aligning product direction with market opportunity, investor priorities, and operational excellence.
Browser in the AI Era: Apply Controls Where the Work Happens – Arunesh Chandra – RSAC26 #4
The browser has become the primary gateway to work, data, and AI. In this episode, we talk about why security and IT teams are rethinking the role of the browser and what sets Edge for Business apart as a secure, enterprise-ready solution. We’ll cover how built-in security, native integration with existing IT tools, and centralized management can simplify operations, reduce risk, and support modern work across managed devices, BYOD, and contractors. A must listen for IT pros and security experts navigating browser sprawl and AI adoption.
Segment Resources:
- Edge for Business 1-pager https://aka.ms/Edge1pager/CyberRiskAlliance
- Edge for Business security whitepaper https://aka.ms/EdgeSecurityWhitepaper/CyberRiskAlliance
- Edge for Business security connectors https://aka.ms/EdgeforBusinessconnectors/CyberRiskAlliance
- Edge for Business licensing matrix https://aka.ms/EdgeLicenseMatrix
- Edge management service https://aka.ms/EMS
This segment is sponsored by Microsoft. Visit https://securityweekly.com/microsoftrsac to learn more about them!
Read the summary article from SC Media here: Microsoft’s Arunesh Chandra: The browser in the AI era
- - Welcome to RSAC 2026 Interview
- - Enterprise Browser Trend Explained
- - Why Enterprise Browsers Are Growing Fast
- - Consumer vs Enterprise Browser Differences
- - Browser as the Primary Security Surface
- - Why Big Tech Is Investing in Enterprise Browsers
- - Browser as a New Security Endpoint
- - The Role of Browsers in AI Security
- - Shadow AI Risks in the Workplace
- - Browser as the AI Control Plane
- - Microsoft Edge for Business Security Controls
- - Visibility Into AI Tool Usage
- - Granular Control vs Blocking AI Tools
- - AI Policies Compared to Firewall Rules
- - AI-Driven Threat Speed & Attack Surface
- - Standardizing Browsers to Reduce Risk
- - AI Tool Discovery & Web Filtering Challenges
- - Managing Approved vs Unapproved AI Tools
- - Final Thoughts & Key Takeaways
Arunesh Chandra is the Head of Product for Microsoft Edge for Business, where he leads the browser’s growth and adoption across commercial organizations on both desktop and mobile. His work sits at the forefront of enterprise security, compliance, and the browser’s emerging role as a critical control point in the AI era. With deep expertise in endpoint security, data protection, and browser manageability, Arunesh helps organizations—from small teams to global enterprises in highly regulated industries—tackle emerging risks like shadow AI and establish the secure enterprise browser as a consistent, scalable foundation for security and compliance.
The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 – Craig Sanderson – RSAC26 #4
Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today’s distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction.
This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them!
- - RSAC 2026 Interview Introduction
- - Why DNS Security Matters Now
- - NIST DNS Update (SP 800-81 Rev 3) Explained
- - Key DNS Security Improvements & Best Practices
- - Encrypted DNS (DoH, DoT, DoQ) Overview
- - DNS Regulations & NIS2 Impact
- - DNS Risks in Critical Infrastructure
- - What is Protective DNS?
- - DNSSEC vs Protective DNS Explained
- - Using DNS as a Cybersecurity Control
- - Real-Time Threat Intelligence with DNS
- - Moving Beyond Whack-a-Mole Security
- - Reducing Attack Surface with DNS Intelligence
- - Preventing Phishing with Protective DNS
- - Real-World Example: Government DNS Protection
- - Why Organizations Should Adopt Protective DNS
- - DNS as a Security Service Mindset Shift
- - Breaking Silos: Network vs Security Teams
- - DNS Attack Risks & Domain Takeover Threats
- - Final Thoughts & Key Takeaways
Craig Sanderson is the Principal Cyber Security Strategist at Infoblox. Craig has over 25 years of experience in the CyberSecurity industry with a broad array of roles ranging from consultancy, security architecture, business development and product management. Over the last seven years, Craig has been responsible for creating the vision, strategy and delivered the execution of the Infoblox BloxOne Threat Defense solution. He continues to be passionate about the role that DNS can play in delivering world class cyber security with a particular emphasis on how DNS can become the foundation for national and governmental Protective DNS solutions.
ArmorCode: AI Exposure Management and Governing Shadow AI – Mark Lambert – RSAC26 #4
AI is moving faster than most governance models can keep up. As organizations race to adopt new AI tools, developer workflows, agents and MCP servers, security leaders must enable innovation without losing control over risk, accountability and oversight.
In this segment, ArmorCode will discuss its new AI Exposure Management (AIEM) solution, as part of the ArmorCode Agentic AI Platform. ArmorCode will highlight how AIEM gives enterprises clearer visibility into where AI is being used, who owns it and the potential risks it introduces across heterogeneous environments. By turning AI usage and signals from existing security and IT systems into governed, auditable outcomes, AIEM helps organizations reduce shadow AI risk, assign accountability and accelerate AI adoption with stronger control and board-ready governance.
ArmorCode will also share findings from its new 2026 State of AI Risk Management report, developed in partnership with The Purple Book Community and based on responses from more than 650 enterprise security leaders. The discussion will connect ArmorCode’s latest product innovation to the broader industry need for scalable, enterprise-ready AI risk governance.
Segment Resources:
ArmorCode.com/platform armorcode.com/ai-exposure-management armorcode.com/datasheet/remediate-less-reduce-risk-faster https://www.armorcode.com/blog/shadow-ai-in-the-agentic-era-who-owns-the-risk-governance https://thepurplebook.club/
ArmorCode AI Exposure Management is available now as a solution deployed on the ArmorCode Agentic AI Platform. To learn more, visit https://securityweekly.com/armorcodersac.
Read the interview summary from SC Media here: ArmorCode’s Mark Lambert: AI exposure management and governing shadow AI
- - Welcome to RSAC 2026 Interview
- - What is ArmorCode?
- - Unified Exposure Management Explained
- - Breaking Down Security Silos
- - 350+ Integrations for Full Visibility
- - Centralized Security Data & Context
- - Correlating Vulnerabilities Across Tools
- - Enriching Data with Threat Intelligence
- - The Challenge of Risk Prioritization
- - Can AI Replace Exposure Management Tools?
- - Build vs Buy in the Age of AI
- - Introducing Anya Agentic AI Framework
- - Governance, Auditability & AI Workflows
- - Buy + Build Approach Explained
- - Solving Tool Sprawl in Cybersecurity
- - 2026 AI Risk Management Report Insights
- - Key Differentiators vs Other Platforms
- - Agentic Workflows & Platform Architecture
- - Customer-Driven Product Innovation
- - Expanding Use Cases: AppSec, Vulnerability Mgmt
- - What’s Next: AI Exposure Management
- - AI Code Growth & Rising Vulnerabilities
- - Complex Vulnerabilities & AI Development Risks
- - Final Thoughts & Closing
Mark Lambert is the Chief Product Officer for ArmorCode, a leader in unified exposure management. Mark has built products for more than 20 years, and helped organizations streamline the delivery of secure, reliable and compliant software applications across the enterprise, embedded and IoT markets.
Prior to ArmorCode, he held product leadership positions with Parasoft, Advanced Visual Systems (AVS) and more. Mark holds a bachelor’s and master’s degree in computer science from Manchester University, UK.
Beyond the Hype: Measuring Cyber Readiness in the Age of AI – Gibb Witham – RSAC26 #4
In the AI era, cybersecurity is undergoing a fundamental shift as AI agents transform both the speed and scale of attacks. In this interview, Gibb Witham, President and Chief Financial Officer of Hack The Box, explains why organizations must move beyond assumed AI capability toward measurable, validated cyber readiness for both humans and AI systems. Drawing on real-world benchmarks, agentic AI testing, and hands-on training, Witham outlines how security teams can safely adopt AI by proving performance under pressure. The discussion highlights why the future of cybersecurity depends on training, testing, and reinforcing human and AI operators together before they are trusted in critical environments.
This segment is sponsored by Hack The Box. Visit https://securityweekly.com/hacktheboxrsac to learn more about them!
Read the interview summary from SC Media here: Hack the Box’s Gibb Witham: Measuring cyber readiness in the age of AI
- - RSAC 2026 Final Interview Kickoff
- - Meet Hack The Box Leadership
- - Hack The Box Community & Growth Overview
- - Cyber Readiness in the Age of AI
- - How AI Is Changing Cybersecurity Training
- - Evolution from Manual Hacking to AI-Assisted Security
- - Limits of AI in Real-World Cyber Labs
- - Hack The Box AI vs Human Competition Insights
- - 40% Speed Boost with AI Tools
- - Why Skilled Hackers Benefit Most from AI
- - AI + Human Expertise = Maximum Performance
- - The Risk of Skipping Cybersecurity Fundamentals
- - The “Missing Middle” Skill Gap Problem
- - Why Organizations Must Invest in Training
- - Building Cybersecurity Muscle Memory
- - Can AI Improve or Weaken Security Posture?
- - How to Get Started with Hack The Box
- - Free Training & Community Access Explained
- - Why Beginners Should Start Now
- - Learning Cybersecurity Through Practice
- - Final Thoughts on AI + Cyber Skills Future
Gibb Witham is President of Hack The Box. With two decades of experience across cybersecurity, AI, and enterprise software, Gibb has spent his career at the intersection of innovation, capital, and operational execution. Prior to Hack The Box, he spent 14 years as a venture capital investor at Paladin Capital Group, where he partnered with high-growth companies at the forefront of cybersecurity and enterprise AI innovation. His portfolio experience includes multiple companies growing from early stage to category leaders with over $100M in annual recurring revenue, with several successful IPOs and strategic acquisitions.
Earlier in his career, Gibb led initiatives at IBM to build and scale its cloud and SaaS businesses in major industry verticals, following work as a strategy consultant advising Fortune 500 technology companies. Gibb holds a B.S. from Columbia University and lives with his family in Brooklyn, New York.
RSAC 2026 Recap: Agentic AI Hype, Cybersecurity Trends & Startup Reality Check – RSAC26 #4
RSAC 2026 recap is here! In this candid conversation from Cyber Risk TV, we break down the biggest cybersecurity trends shaping the industry—from agentic AI hype to the reality of startup innovation and venture funding.
As RSA Conference 2026 wraps up, we dive into what really stood out on the expo floor, including the explosion of AI security startups, lack of differentiation, and the evolving buy vs build debate in cybersecurity.
You’ll also hear insights on:
The rise (and overuse) of agentic AI in security Cybersecurity startup trends and valuation challenges Venture capital shifts and funding realities Why RSAC is a C-suite strategy conference What the future of cybersecurity innovation looks like
Whether you're a CISO, security leader, or startup founder, this RSAC 2026 breakdown gives you real, unfiltered insights into where the industry is headed.
Subscribe for more cybersecurity interviews, RSAC coverage, and AI security insights.
To view all the RSAC Conference 2026 coverage by CyberRisk Alliance, visit: https://securityweekly.com/rsac
- - RSAC 2026 Day 4 Wrap-Up
- - Event Highlights & Celebrity Moments
- - Surviving RSAC: Scale & Experience
- - Exploring the Expo Floor & Early Stage Startups
- - Agentic AI Hype & Market Saturation
- - Lack of Differentiation in Cybersecurity Startups
- - Buy vs Build in the Age of AI
- - Venture Capital Trends & Funding Challenges
- - Lessons from Past Tech Bubbles
- - Future of Cybersecurity Startups & Valuations
- - The Evolution of AI Security Trends
- - First-Time RSAC Experience & Insights
- - Why RSAC Is a “C-Suite Strategy Conference”
- - Key Cybersecurity Trends from RSAC 2026
- - Networking, Meetings & Industry Connections
- - RSAC Social Scene & Networking Events
- - Conference Culture & Industry Humor
- - Perspectives on AI Innovation & Differentiation
- - Final Reflections on RSAC 2026
- - Expo Floor Experience: Scale & Complexity
- - Early Stage vs Main Expo Comparison
- - Startup Innovation & Future Market Leaders
- - Closing Thoughts & RSAC 2026 Recap