AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business.
Segment Resources:
Recently released research report: https://www.mimecast.com/resources/ebooks/state-of-human-risk/ (&ungated https://assets.mimecast.com/api/public/content/8eddf3a742d64ba8b6b13fe8dcea95d5?v=d54cf9e5&download=false) Two recent (March 2026) product announcements: https://www.mimecast.com/resources/press-releases/march-platform-enhancements/ & https://www.mimecast.com/resources/press-releases/mimecast-api-email-security/ Incydr product page: https://www.mimecast.com/products/incydr/ Blog: https://www.mimecast.com/blog/whats-your-data-worth/ Blog: https://www.mimecast.com/blog/faster-detection-fewer-threats-zero-compromise/ Blog: https://www.mimecast.com/blog/mimecasts-spring-launch/
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them!
Read the interview summary from SC Media here: Mimecast’s Rob Juncker: The attack surface just got a copilot
- 0:00 - Introduction to RSAC 2026 & Mimecast
- 0:19 - Mimecast Evolution Beyond Email Security
- 0:39 - From Email Security to Human Risk Management
- 01:46 - Why Humans Are the Biggest Cybersecurity Risk
- 02:10 - Rise of Agentic AI & Non-Human Identities
- 02:37 - Should AI Agents Be Treated Like Humans?
- 03:15 - AI Behavior, Hallucinations & Risk at Scale
- 04:24 - Real-World AI Bot Behavior & Security Lessons
- 05:20 - AI-to-AI Communication Risks Explained
- 06:10 - Prompt Injection Attack Example (Real Case)
- 07:41 - Security Guardrails vs Human Training
- 07:58 - The “AI Security Triangle” Framework
- 09:04 - Behavior Monitoring for Humans vs AI Agents
- 10:20 - Detecting AI Activity at Machine Speed
- 11:10 - Shadow AI & Unsanctioned Tool Risks
- 12:03 - Can AI Guardrails Be Updated in Real Time?
- 13:04 - Preventative vs Reactive AI Security Controls
- 14:20 - Automating AI Behavior & Governance
- 14:55 - Future Risks: Rogue AI & Mass Automation
- 15:12 - Final Thoughts on AI Risk Management
Rob Juncker is Chief Product Officer at Mimecast, where he leads strategy and product management across the global portfolio. With 25+ years in security, IT, cloud, and mobile, he serves as a trusted advisor to enterprise CISOs and Fortune 500 security leaders, helping organizations shift from reactive threat response to proactive human risk management.
As former CTO at Code42 (acquired by Mimecast in 2024), Rob led the teams that built the Incydr insider risk management solution, transforming the company from an on-premises backup product to a cloud-delivered cybersecurity platform. He previously held senior R&D roles at Ivanti and VMware, driving innovation at the intersection of security, cloud, and enterprise IT.
