Post-Quantum Compliance Starts in Your Containers, and Sooner Than You Think – George Manuelian – RSAC26 #6
By 2028, financial institutions are expected to meet quantum-safe standards, but most environments still lack basic visibility into the cryptography running inside them. The challenge isn’t just adopting post-quantum algorithms; it’s finding where legacy encryption lives across container images, third-party libraries, and bloated software stacks. George will explain why hidden dependencies and unnecessary components are slowing quantum readiness, and why reducing the attack surface is the first step toward compliance.
This segment is sponsored by RapidFort. Visit https://securityweekly.com/rapidfortrsac to learn more about them!
- - – Intro: RSAC 2026 & Post-Quantum Cryptography (PQC)
- - – 2028 Deadline: Why Financial Institutions Must Act Now
- - – Why PQC Adoption Is Slower Than Expected
- - – Open Source & Cryptography: The Hidden Dependency Problem
- - – Are Containers the Easy Fix for PQC?
- - – Application vs Infrastructure: The Two-Part Challenge
- - – Quantum Threat Explained: Why Current Encryption Will Break
- - – PQC in Defense, Automotive & Critical Infrastructure
- - – Step 1: Discovering Your Cryptography Inventory
- - – Kubernetes Complexity: Managing Thousands of Containers
- - – Why Inventory Is Critical for Security & Compliance
- - – Eliminating False Positives in Vulnerability Scanning
- - – The Real Problem: Too Many Vulnerabilities, Not Enough Context
- - – Step-by-Step Strategy: Discovery → Filtering → Fixing
- - – Saving Engineering Time with Smart Automation
- - – Binary Identical Containers: Fix Without Breaking Apps
- - – Scaling Security: Automating Open Source Fixes
- - – Developer Challenges: Version Lock & Risk of Change
- - – Secrets, TLS & Open Source Cryptography Management
- - – Where to Start: Practical PQC Adoption Roadmap
- - – Final Thoughts: Preparing for the Post-Quantum Future
George Manuelian is a veteran technology executive with deep expertise in cybersecurity, networking, and cloud infrastructure. Before joining RapidFort, Manuelian was VP of Worldwide SASE GTM at Palo Alto Networks, driving over $1.2 billion in revenue. He has also led key partnerships at AWS, grew Versa Networks to $100M ARR as VP of Sales Engineering, and spent over 20 years at Cisco, leading innovations in mobile and cloud services.
Authenticated, But Not Verified: The Workforce Identity Gap – Aaron Painter – RSAC26 #6
Impersonation attacks are accelerating across the workforce, targeting critical moments like onboarding, account recovery, and high-risk actions where identity is often assumed rather than verified. As attackers exploit gaps in how and when identity checks occur, traditional approaches are struggling to keep up. This conversation explores what’s driving this shift and what it takes to close the workforce identity gap with a more continuous, risk-aware approach to verification.
This segment is sponsored by Nametag. Visit https://securityweekly.com/nametagrsac to learn more about them!
- - – Intro: RSAC 2026 & Identity Security Challenges
- - – What “Nametag” Does: Verifying the Human Behind the Identity
- - – Rise of AI Impersonation Attacks in Enterprises
- - – Fake Employees & Insider Threats Explained
- - – The Biggest Security Gap: Onboarding & Account Recovery
- - – Why MFA & Passkeys Still Have Weak Points
- - – Manual Identity Verification: Risks & Inefficiencies
- - – Automating Identity Verification to Reduce Human Error
- - – Impersonation-as-a-Service: New Cybercrime Model
- - – Social Engineering Tactics That Fool Help Desks
- - – Agentic AI Risks: Who Is Responsible for Actions?
- - – Human Accountability in AI-Driven Workflows
- - – Why Passkeys Alone Don’t Prove Human Identity
- - – Zero Trust Limitations in the Age of AI
- - – Deepfakes & Voice Cloning: The New Authentication Threat
- - – Securing Identity Lifecycle: Onboarding to Recovery
- - – Practical Steps to Prevent Identity-Based Attacks
- - – Risk vs Cost: In-Person Verification vs Remote Hiring
- - – Awareness Gaps & Real-World Breach Examples
- - – Why Video Calls Can’t Be Trusted Anymore
- - – The Future of Identity: Human Verification + Security Tech
- - – Final Thoughts: Solving Identity Security Together
Aaron Painter is the CEO of Nametag Inc., the world’s first identity verification platform built to protect accounts from impersonators and AI-driven deepfakes. Aaron has nearly 20 years of global experience in security leadership, including senior roles at Microsoft across four continents. He is the author of the best-selling book LOYAL, a Fellow at the Royal Society of Arts, and a frequent commentator on cybersecurity and leadership.
OWASP Gen AI Security Project RSAC 2026 – Scott Clinton – RSAC26 #6
At RSA Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project’s latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI data security, the rise of AI-assisted development (“vibe coding”), and the rapid growth of the OWASP community and sponsor ecosystem. Looking ahead, Clinton outlines the most urgent risks and priorities shaping AI and agentic security in 2026.
Segment Resources:
Https://genai.owasp.org https://genai.owasp.org/resources/
- - Welcome to RSAC 2026 Interview
- - Introduction to OWASP Gen AI Security Project
- - Beyond the LLM Top 10 Explained
- - Securing the Gen AI Lifecycle (SDLC)
- - Growth of the AI Security Community
- - Why Traditional Security Lists Fall Short
- - New 2026 Data Security Guide Released
- - Agentic AI Security & Emerging Risks
- - Mapping AI Security Solutions & Tools
- - Secure AI Architecture & MCP Design
- - Moving from “Don’t Do This” to Secure Design
- - Enabling Safe AI Adoption for Organizations
- - Building Actionable AI Security Programs
- - CISO Compass & AI Security Strategy
- - Tailoring Security for Different Audiences
- - AI Threat Research & Incident Response
- - Education & Rapid Iteration in AI Security
- - How to Contribute to OWASP Gen AI Project
- - Growing a Global AI Security Community
- - Virtual Summits & Global Collaboration
- - Prompt Injection Risks & Overtrust Issues
- - AI Coding Risks & Human Oversight
- - Making AI Safe, Not Restrictive
- - Future Roadmap & How to Get Involved
Scott Clinton is Co-Chair and Co-Founder of the OWASP GenAI Security Project, leading strategy, operations, and growth. A 25+ year industry executive and 20-year open source leader, he has built and scaled open source businesses and industry consortiums across security, DevOps, AI/ML, and data markets. Scott is a published author and research lead, including the Gen AI Security Landscape and AI Security Center of Excellence Guide. Scott also holds multiple board and advisory roles with technology companies helping guide organization scale and growth.
Maximizing the Safe Usage of AI Starts With Observability – Pete Constantine – RSAC26 #6
Pete Constantine, Chief Product Officer of Origin, will discuss why the rapid adoption of local AI agents like Claude, Cursor, and Codex has outpaced modern security frameworks and the technology meant to govern them. During this session, we’ll explore why organizations must first understand what AI agents are doing across their endpoints in order to safely adopt AI.
This segment is sponsored by Origin. Visit https://securityweekly.com/originrsac to learn more about them!
- - – RSAC 2026 Intro & The AI Explosion
- - – The Biggest AI Security Challenge Today
- - – Do Companies Lack AI Visibility?
- - – Hidden Risks of AI Agents & Shadow AI
- - – Beyond Endpoint Security: What Users Are REALLY Doing
- - – Safe AI Usage vs Risky Behavior
- - – AI Governance: Monitoring Prompts to Outcomes
- - – AI Beyond Developers: Business-Wide Adoption Risks
- - – Does AI Security Slow Down Developers?
- - – AI Policies, Blocking, and Safe Enablement
- - – Measuring AI ROI & Business Impact
- - – Avoiding Data Overload in AI Observability
- - – Granular AI Monitoring: Org to Individual Level
- - – First Steps to Secure AI in Your Organization
Pete Constantine has a storied history in product management and development of endpoint security products. Formerly the Chief Product Officer of Tanium, Pete now leads product development at Origin, focusing on building capabilities that enable teams to drive observability into the presence and usage of AI agents
The Convergence of Physical and Digital Risk – David Muse – RSAC26 #6
As physical and digital threats become more connected, organizations are being forced to rethink how they approach security. This conversation explores trends uncovered by ZeroFox’s physical threat and risk investigations and examines how organizations can build a more holistic security program, from blending AI and human intelligence to creating a more integrated security model.
This segment is sponsored by ZeroFox. Visit https://securityweekly.com/zerofoxrsac to learn more about them!
- - RSAC 2026 Intro & Executive Protection Trends
- - The Rise of Digital & Physical Threat Convergence
- - Why Executive Protection Is Growing in Cybersecurity
- - Digital Footprint → Physical Threats Explained
- - Cyber vs Physical Attack Surface Convergence
- - Protecting Facilities, Supply Chains & Infrastructure
- - AI & OSINT: The Explosion of Threat Intelligence Data
- - AI-Powered Attacks at Scale
- - Automation & the Future of Cyber Attacks
- - The New “Agentic Attack Surface”
- - Defender vs Attacker Speed: Who Wins?
- - Where to Start: Visibility & Risk Awareness
- - Executive Risk Education & Digital Hygiene
- - The Human Factor in Cybersecurity Risk
David Muse brings extensive global leadership experience to ZeroFox. His career includes serving as CEO of Elemica, a leading Digital Supply Chain Network. Additionally, he was the CEO of Dharma Platform, President and CEO of Enviance, and COO at P2 Energy Solutions. He also held leadership positions at Honeywell, Aspen Technology, and IBM Global Business Services.
Understanding Where Agentic AI Stands in the Enterprise – Fred Kneip – RSAC26 #6
As enterprises actively adopt agentic AI, security teams are working to keep pace, often without the tools or visibility needed to fully manage it. Organizations are navigating challenges around shadow AI, inconsistent or unenforceable policies, and limited regulatory guidance, as frameworks like NIST continue to evolve. At the same time, agentic AI is introducing a new class of high-impact risk, with vulnerabilities that carry more serious consequences across enterprise environments. This conversation explores what Helmet Security is hearing from leaders in the field and provides a clear view into the current state of agentic AI risk.
For more information about Helmet Security, please visit: https://securityweekly.com/helmetrsac.
- - RSAC 2026 Intro & AI Adoption Chaos
- - Why Companies Are Going “AI-First” Without a Plan
- - Hidden Risks of AI Usage in Enterprises
- - Do You Need Prompt-Level Visibility for AI?
- - MCP, AI Agents & New Security Exposure
- - AI Guardrails vs Visibility: Where to Start
- - Experimentation Phase vs Security Control
- - Managing PII Risks in AI Workflows
- - Balancing AI Innovation with Security Controls
- - Will AI Security Be Driven by Major Incidents?
- - AI Data Risks & The Hallucination Tradeoff
- - AI Escaping Guardrails & Security Challenges
- - AI Model Behavior Changes & Risk Management
- - AI Red Teaming & Prompt Injection Risks
- - Observability: The Key to AI Security
- - How to Monitor AI Usage Across Enterprise Systems
Fred Kneip is a veteran security and risk executive with deep leadership experience across the technology and financial sectors. He has held senior roles at Bridgewater Associates and McKinsey & Company and is the former CEO of CyberGRX, which was acquired by the Marlin Equity Partners–backed ProcessUnity in 2023. Fred is now the CEO and co-founder of Helmet Security, where he focuses on helping organizations secure their agentic workflows. He holds a B.S.E. from Princeton University and an M.B.A. from Columbia Business School.
