RSA technically started Tuesday—at least the regular sessions and exhibition hall did—but that didn’t stop Monday from being a long head-spinning day of thought leadership around AI, AI, AI, and, oh, AI.
What we heard:
Speed and capabilities of AI are exceeding governance and security strategy. We all know this, but this year’s RSA brings a greater sense of urgency to wrangling AI if not into something controllable then at least into something manageable. The experts widely agree that organizations should have their strategies in place this year.
Browser security is front and center. Some people believe the browser is going to go away. Maybe. But not now. The browser is the gateway to all sorts of sensitive and personal information. And it is open all night long—so security is paramount.
The SOC will be reimagined. The SOC traditionally has been reactive and alert-driven, but the AI-infused SOC of the future AI agents and humans will work side by side. Under this new collaboration, SOCs will likely leave round the clock triage to AI agents so that humans can focus on things like oversight and complex threat hunting.
AI is creating opportunities in the workforce. For all the talk of AI driving jobs away, it’s going to create opportunity for those with specialized skills and perhaps level the playing field for women and others who have been pigeon-holed in certain roles. Self-starters are expected to thrive.
Programmers are feeling the pain. Everybody’s a coder these days, and programmers’ jobs hang in the balance. But not all of them. Yes, AI is snatching some jobs, but there’s a real need for those who tk.
What’s the Buzz? Overheard at RSA:
“AI-enabled scams are 4.5 times more valuable. That means we’re going to see a massive movement from human attackers to AI-enabled attacks. 2026 is going to be the year that transition is complete.” – Roger Grimes, CISO Advisor, KnowBe4
“I think the saddest refrain I've heard over the last couple of months working with my CISO peer group has been--and the sentence haunts me—'I'm too busy to learn.’ When you're in that spot, as a security department, you are so overwhelmed by the inbound and you're trying to navigate the dual mandate of protecting the organization while advising them on AI as they make these big transformations that you don't have time yourself to tool up, skill up.” – Conor Sherman, CISO, Sysdig
“Soon the industry is going to realize that young people coming out of college are AI natives and they can make the biggest change the fastest. But they won’t have the institutional knowledge of the business so you’ll have to pair them with people who [have that knowledge].” – John Morgan, SVP, GM, Splunk Security
“AI is an interesting realm where CISOs are getting pulled into areas that are either expanding the scope of their jobs or maybe this is a new role.” – Jonathon Trull, CISO, Qualys