Legacy security vendors have the inside track on AI, for now: As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors, at least in the short term. This may buy legacy security vendors a bit, but not much time.Remember what happened in the cloud as we progressed from a lack of cloud trust, to “lift and shift,” to cloud-native? The same thing is happening with AI, only even faster than the cloud. Bolting AI to existing tools won’t work for long, a year at most.
You’ve got to get the AI foundations right: I was encouraged to hear vendors describe how they started their AI transition by building an infrastructural foundation, data foundation/context engine, intelligent control plane, execution layer, services, guardrails, etc., and then adding functional agents on top of this foundation. Cisco/Splunk impressed me with its development approach and roadmap, while AI-based startups such as Abstract, Crogl, and Sidekick are betting the farm on this methodology.
AI code is making an impact: Vendors are also all-in on using AI-development tools and seeing strong results. I heard about project acceleration along with staff reduction. Building connectors is a good example. Axonius and Tenable, both known for broad technology integration, are using AI to offload a lot of this tedious but necessary work, freeing developers to work on functionality rather than plumbing.
AI pricing remains a mess: While AI capabilities appear to be baked into many tools, I found that no one knows how to price their AI services. Some are doing so by the token, some by the number of users, and some are charging by the agent. The market will flush this out over the rest of the year.
Application security is getting its AI makeover: We all know the impact of AI on software development. It’s clear to me after RSA that the same thing is happening to application security. Anthropic’s Claude Code Security is one example, but I also got a view of the AWS Security Agent, which provides software testing capabilities across the software development lifecycle, from design, to development, to runtime, to red teaming.Likewise, I met with a company named XBow that focuses on autonomous offensive security based on AI agents. Based on these developments, we will see a very different application security market at RSA 2027.
Few may be prepared for what comes next from cyber-adversaries: There’s active debate in the industry about the impact of AI within the threat landscape: Are existing cybersecurity defenses adequate or will AI tilt the battlefield toward adversaries?After RSA, I believe both premises are true. Sophisticated firms with strong governance, risk management, asset visibility, modern training, and sound hygiene and posture management should be okay. Alarmingly, this is a small percentage of organizations. Most others lack advanced security skills and adequate resources. Adversaries armed with AI tools and automated workflows will have a field day here.
Managed providers are advancing the AI SOC: Managed security service providers (MSSPs) and managed detection and response (MDR) vendors are pushing the envelope on the AI-enabled security operations center (SOC).Arctic Wolf unveiled its Aurora Superintelligence Platform and the Aurora Agentic SOC, which includes agents for triage, alerting, investigations, and more. I also met with Ontinue, an MSSP that provides services on top of Microsoft security tools such as Defender for Endpoint, Defender for Azure, and MS Sentinel. It is using AI to establish what it calls “hyper-contextualization” to understand all it can about its customers’ business processes and technology infrastructure so it can improve decision-making.
Microsoft cements its position: Speaking of Microsoft, it’s hard to point to any other vendor that can match its cybersecurity coverage.Unlike others, Microsoft came to RSA armed with AI metrics and proof points. For example, Microsoft provided specific metrics from several customers that turned on its Defender agents and saved hundreds of hours of work while improving accuracy and productivity. I’m sure Microsoft has many examples to share.
Beware the cyber category killers: We’ve always viewed cybersecurity through the lens of security product categories, EDR, firewalls, SIEM, CSPM, etc. But multi-agent AI products could take on many of these tasks simultaneously, breaking down traditional product buckets and acting as category killers.CISOs must anticipate this and be open to organizational, process, and budgetary changes. Also, will multi-agent cybersecurity products mean the death of the Gartner Magic Quadrant and all other me-too vendor mapping products?
Awareness training gradually transforms: Training is in transition. I’m pleased with this development. Awareness training is being replaced by behavior monitoring and change. Human risk management (HRM) tools from Fable Security, KnowBe4, and Mimecast, among others, watch over users and provide a nudge when they go astray.Beyond synthetic phishing, some tools even provide synthetic deepfake training. HRM sales are limited today to progressive organizations, but I believe they will become a de facto standard as regulators and cyber-insurance companies see the light and support this training renaissance.
Security claims ownership of identities: Well, partial ownership, but this is a step in the right direction. I’m seeing interesting advancements in areas such as passwordless authentication (I can’t believe it’s 2026 and we’re still using passwords), browser security, non-human identity (NHI) security, and privileged account management.RSA also pushed discussions about AI-agent access and action control, detection, monitoring, control of shadow agents, zero-standing privilege, etc. AI will be a big player, helping to ease the painful identity modernization process.As a cryptographer might say, with this article, I’ve tried to hash the entire RSA event into a single key. I really enjoyed RSA 2026 (my 20th) and look forward to next year. See you at the Moscone Center from April 5 through April 8, 2027.
AI pricing remains a mess: While AI capabilities appear to be baked into many tools, I found that no one knows how to price their AI services. Some are doing so by the token, some by the number of users, and some are charging by the agent. The market will flush this out over the rest of the year.
Application security is getting its AI makeover: We all know the impact of AI on software development. It’s clear to me after RSA that the same thing is happening to application security. Anthropic’s Claude Code Security is one example, but I also got a view of the AWS Security Agent, which provides software testing capabilities across the software development lifecycle, from design, to development, to runtime, to red teaming.Likewise, I met with a company named XBow that focuses on autonomous offensive security based on AI agents. Based on these developments, we will see a very different application security market at RSA 2027.
Few may be prepared for what comes next from cyber-adversaries: There’s active debate in the industry about the impact of AI within the threat landscape: Are existing cybersecurity defenses adequate or will AI tilt the battlefield toward adversaries?After RSA, I believe both premises are true. Sophisticated firms with strong governance, risk management, asset visibility, modern training, and sound hygiene and posture management should be okay. Alarmingly, this is a small percentage of organizations. Most others lack advanced security skills and adequate resources. Adversaries armed with AI tools and automated workflows will have a field day here.
Managed providers are advancing the AI SOC: Managed security service providers (MSSPs) and managed detection and response (MDR) vendors are pushing the envelope on the AI-enabled security operations center (SOC).Arctic Wolf unveiled its Aurora Superintelligence Platform and the Aurora Agentic SOC, which includes agents for triage, alerting, investigations, and more. I also met with Ontinue, an MSSP that provides services on top of Microsoft security tools such as Defender for Endpoint, Defender for Azure, and MS Sentinel. It is using AI to establish what it calls “hyper-contextualization” to understand all it can about its customers’ business processes and technology infrastructure so it can improve decision-making.
Microsoft cements its position: Speaking of Microsoft, it’s hard to point to any other vendor that can match its cybersecurity coverage.Unlike others, Microsoft came to RSA armed with AI metrics and proof points. For example, Microsoft provided specific metrics from several customers that turned on its Defender agents and saved hundreds of hours of work while improving accuracy and productivity. I’m sure Microsoft has many examples to share.
Beware the cyber category killers: We’ve always viewed cybersecurity through the lens of security product categories, EDR, firewalls, SIEM, CSPM, etc. But multi-agent AI products could take on many of these tasks simultaneously, breaking down traditional product buckets and acting as category killers.CISOs must anticipate this and be open to organizational, process, and budgetary changes. Also, will multi-agent cybersecurity products mean the death of the Gartner Magic Quadrant and all other me-too vendor mapping products?
Awareness training gradually transforms: Training is in transition. I’m pleased with this development. Awareness training is being replaced by behavior monitoring and change. Human risk management (HRM) tools from Fable Security, KnowBe4, and Mimecast, among others, watch over users and provide a nudge when they go astray.Beyond synthetic phishing, some tools even provide synthetic deepfake training. HRM sales are limited today to progressive organizations, but I believe they will become a de facto standard as regulators and cyber-insurance companies see the light and support this training renaissance.
Security claims ownership of identities: Well, partial ownership, but this is a step in the right direction. I’m seeing interesting advancements in areas such as passwordless authentication (I can’t believe it’s 2026 and we’re still using passwords), browser security, non-human identity (NHI) security, and privileged account management.RSA also pushed discussions about AI-agent access and action control, detection, monitoring, control of shadow agents, zero-standing privilege, etc. AI will be a big player, helping to ease the painful identity modernization process.As a cryptographer might say, with this article, I’ve tried to hash the entire RSA event into a single key. I really enjoyed RSA 2026 (my 20th) and look forward to next year. See you at the Moscone Center from April 5 through April 8, 2027.
Few may be prepared for what comes next from cyber-adversaries: There’s active debate in the industry about the impact of AI within the threat landscape: Are existing cybersecurity defenses adequate or will AI tilt the battlefield toward adversaries?After RSA, I believe both premises are true. Sophisticated firms with strong governance, risk management, asset visibility, modern training, and sound hygiene and posture management should be okay. Alarmingly, this is a small percentage of organizations. Most others lack advanced security skills and adequate resources. Adversaries armed with AI tools and automated workflows will have a field day here.
Managed providers are advancing the AI SOC: Managed security service providers (MSSPs) and managed detection and response (MDR) vendors are pushing the envelope on the AI-enabled security operations center (SOC).Arctic Wolf unveiled its Aurora Superintelligence Platform and the Aurora Agentic SOC, which includes agents for triage, alerting, investigations, and more. I also met with Ontinue, an MSSP that provides services on top of Microsoft security tools such as Defender for Endpoint, Defender for Azure, and MS Sentinel. It is using AI to establish what it calls “hyper-contextualization” to understand all it can about its customers’ business processes and technology infrastructure so it can improve decision-making.
Microsoft cements its position: Speaking of Microsoft, it’s hard to point to any other vendor that can match its cybersecurity coverage.Unlike others, Microsoft came to RSA armed with AI metrics and proof points. For example, Microsoft provided specific metrics from several customers that turned on its Defender agents and saved hundreds of hours of work while improving accuracy and productivity. I’m sure Microsoft has many examples to share.
Beware the cyber category killers: We’ve always viewed cybersecurity through the lens of security product categories, EDR, firewalls, SIEM, CSPM, etc. But multi-agent AI products could take on many of these tasks simultaneously, breaking down traditional product buckets and acting as category killers.CISOs must anticipate this and be open to organizational, process, and budgetary changes. Also, will multi-agent cybersecurity products mean the death of the Gartner Magic Quadrant and all other me-too vendor mapping products?
Awareness training gradually transforms: Training is in transition. I’m pleased with this development. Awareness training is being replaced by behavior monitoring and change. Human risk management (HRM) tools from Fable Security, KnowBe4, and Mimecast, among others, watch over users and provide a nudge when they go astray.Beyond synthetic phishing, some tools even provide synthetic deepfake training. HRM sales are limited today to progressive organizations, but I believe they will become a de facto standard as regulators and cyber-insurance companies see the light and support this training renaissance.
Security claims ownership of identities: Well, partial ownership, but this is a step in the right direction. I’m seeing interesting advancements in areas such as passwordless authentication (I can’t believe it’s 2026 and we’re still using passwords), browser security, non-human identity (NHI) security, and privileged account management.RSA also pushed discussions about AI-agent access and action control, detection, monitoring, control of shadow agents, zero-standing privilege, etc. AI will be a big player, helping to ease the painful identity modernization process.As a cryptographer might say, with this article, I’ve tried to hash the entire RSA event into a single key. I really enjoyed RSA 2026 (my 20th) and look forward to next year. See you at the Moscone Center from April 5 through April 8, 2027.
Microsoft cements its position: Speaking of Microsoft, it’s hard to point to any other vendor that can match its cybersecurity coverage.Unlike others, Microsoft came to RSA armed with AI metrics and proof points. For example, Microsoft provided specific metrics from several customers that turned on its Defender agents and saved hundreds of hours of work while improving accuracy and productivity. I’m sure Microsoft has many examples to share.
Beware the cyber category killers: We’ve always viewed cybersecurity through the lens of security product categories, EDR, firewalls, SIEM, CSPM, etc. But multi-agent AI products could take on many of these tasks simultaneously, breaking down traditional product buckets and acting as category killers.CISOs must anticipate this and be open to organizational, process, and budgetary changes. Also, will multi-agent cybersecurity products mean the death of the Gartner Magic Quadrant and all other me-too vendor mapping products?
Awareness training gradually transforms: Training is in transition. I’m pleased with this development. Awareness training is being replaced by behavior monitoring and change. Human risk management (HRM) tools from Fable Security, KnowBe4, and Mimecast, among others, watch over users and provide a nudge when they go astray.Beyond synthetic phishing, some tools even provide synthetic deepfake training. HRM sales are limited today to progressive organizations, but I believe they will become a de facto standard as regulators and cyber-insurance companies see the light and support this training renaissance.
Security claims ownership of identities: Well, partial ownership, but this is a step in the right direction. I’m seeing interesting advancements in areas such as passwordless authentication (I can’t believe it’s 2026 and we’re still using passwords), browser security, non-human identity (NHI) security, and privileged account management.RSA also pushed discussions about AI-agent access and action control, detection, monitoring, control of shadow agents, zero-standing privilege, etc. AI will be a big player, helping to ease the painful identity modernization process.As a cryptographer might say, with this article, I’ve tried to hash the entire RSA event into a single key. I really enjoyed RSA 2026 (my 20th) and look forward to next year. See you at the Moscone Center from April 5 through April 8, 2027.
Awareness training gradually transforms: Training is in transition. I’m pleased with this development. Awareness training is being replaced by behavior monitoring and change. Human risk management (HRM) tools from Fable Security, KnowBe4, and Mimecast, among others, watch over users and provide a nudge when they go astray.Beyond synthetic phishing, some tools even provide synthetic deepfake training. HRM sales are limited today to progressive organizations, but I believe they will become a de facto standard as regulators and cyber-insurance companies see the light and support this training renaissance.
Security claims ownership of identities: Well, partial ownership, but this is a step in the right direction. I’m seeing interesting advancements in areas such as passwordless authentication (I can’t believe it’s 2026 and we’re still using passwords), browser security, non-human identity (NHI) security, and privileged account management.RSA also pushed discussions about AI-agent access and action control, detection, monitoring, control of shadow agents, zero-standing privilege, etc. AI will be a big player, helping to ease the painful identity modernization process.As a cryptographer might say, with this article, I’ve tried to hash the entire RSA event into a single key. I really enjoyed RSA 2026 (my 20th) and look forward to next year. See you at the Moscone Center from April 5 through April 8, 2027.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4154086/12-cyber-industry-trends-revealed-at-rsac-2026.html
