At the RSAC2026 Conference, practitioners and vendors came together to hear a new story focused less on prevention, and more on adaptation ahead of the inevitability of change brought on by the rapid enterprise adoption of agentic artificial intelligence coding agents and autonomous automation — whether the cybersecurity community is ready for it or not. 

“This community makes a deliberate choice to be protectors and defenders,” RSAC Chief Executive Jen Easterly said in the opening keynote. “We’re delivering trust in a world that desperately needs trust, a world with the most consequential technology change in our lifetime, moving us faster and faster.”

In my RSAC 2025 roundup, everyone was talking about agents, but very few folks had practical experience dealing with the Pandora’s box we were about to collectively open. Fortunately, there were some bright spots of vendor innovation at this year’s show that don’t simply lean on agentic AI window dressing as they address risk.

Every workflow starts and ends with data

Security practitioners I talked to at the show were universally overwhelmed by the sheer amount of data introduced as their organizations scale up ephemeral services and, now, nondeterministic agents, in enterprise architectures. Known common vulnerabilities and exposures give way to ‘known unknowns’ as these systems interact in new ways, surfacing thousands of potential risk indicators  – and no company can afford to hire its way out of this problem.

In the expo, I took in a demo of Spektion Inc.’s latest exposure management platform that discovers, tracks and visualizes real-time data to highlight weaknesses across an environment of sensors from a single endpoint. It’s untangling a hairball of attack chains and telemetry from agents and workloads, and taming them into smoother workstreams that prioritize fixing high-impact vulnerabilities first.

“Copilot and assistant agent adoption is accelerating fast within enterprises, but it is often being gated by security concerns about the data layer, and having telemetry about that data that they can trust to build controls,” said David Stuart, senior director of product marketing at Sentra Inc. 

The vendor now offers AI data readiness capabilities to monitor an enterprise estate of agents and models – who created them, what data they were trained on, what data they can access, and where their data outputs go, in order to prioritize sensitive data risks and exposures.

Cribl Inc. continues to optimize data flow with its any-source/any-destination federated search engine with agents that can recognize incoming data and normalize, filter and assign contextual metadata according to preset workflows or wizard-built pipelines. Security operations center analysts, site reliability engineers and threat hunters can conduct natural language searches, Kusto queries, build notebooks for agent training, forward select alerts or log types to security information and event management tools, and so on, without having to ingest or reindex the data again.

Learning to hunt with agentic partners in the SOC

“In just the last six months, the attack surface has expanded so fast, while the cost of an attack has come down so far,” said Kara Sprague, CEO HackerOne Inc., an agentic threat exposure and offensive testing platform. “Humans are being told they have to use AI tools to do a better job, but they don’t understand how they work, so they are becoming huge sources of data leakage. CISOs and security teams will have to adjust the way they operate and focus on what is truly exploitable.”

Dropzone AI Inc. brought its autonomous SOC hunt packs and investigators from last year’s startup pavilion to the main show floor in a big way with their clever AI Diner booth, complete with fake burgers on conveyors under heat lamps.

“We want to compress 20 to 40 hours of manual threat hunting into an automated one- to two-hour process to make daily threat hunting affordable,” said Dropzone AI founder and CEO Edward Wu.” Hunting at a greater cadence forces you to dive deep into your data, and it really surfaces where you have data visibility gaps and misconfigurations.”

Lydia Zhang, co-founder and president of Ridge Security Inc., noted that the human pentester is moving from being an operator to being a strategic planner. “There’s a lot of money being thrown at agentic AI but we don’t just need findings, we need to deliver results and evidence to back it up,” she said. “Hallucination is a valid concern, so we use one agent to find issues and another to verify proofs within our autonomous penetration testing.”

Thomas Kinsella, chief customer officer of Tines Security Services Ltd,, which recently released AI in Tines for its flagship Workbench design, automation and governance platform, said agents are useful, “but the real reason you want agents is that you are trying to solve some part of a business problem, a workflow that should contain some deterministic elements, some probabilistic elements and, most importantly, human elements. If you throw agents at a problem and humans still don’t know what to do with the results, chances are you just have a bad process.”

Securing the software supply chain

With agents working alongside human developers, someone has to be ultimately responsible for every line of code, and every component that gets checked in with each pull request. Super-credential-collector attacks such as last year’s Shai-Hulud and this year’s nasty Trivy GitHub/npm exploit are hard to extricate once they replicate.

GitGuardian SAS was there with a new study on secrets sprawl and functionality that continuously scans for secrets (more than 29 million found on GitHub!), corrupt packages and identity issues, whether they are improperly leaked onto repos by an agent, or hardcoded in the developer’s integrated development environment. AppSec and hybrid development teams can improve hygiene by preempting coding mistakes and remediating the source of an exposed secret by rotating permissions.

“We were able to find and name the Shai-Hulud exploit a few months ago in an npm package, it would literally pose as a security manager and look for local agents that it could prompt to help it do pentesting work,” said Ahmad Nassri, chief technology officer of Socket Inc., a software supply chain security vendor. “Social engineering is nothing new, but novel self-replicating attack vectors like CanisterWorm and Trivy can make an open source security tool malicious.”

With all the agent hubbub, there weren’t enough people talking about securing the company jewels with quantum-safe computing, even though Google LLC said we’d be working in a post-quantum world by 2029. Usefully, enQase was there with a combined hardware/software stack that overlays an enterprise information technology estate, surveying quantum encryption and decryption workloads, managing cryptographic keys, and providing governance controls so companies can gradually improve quantum-readiness and meet emerging standards and compliance requirements.

Using agents to harden the mobile attack surface

Mobile is becoming the de facto way most companies conduct business. The global scale and varied threat landscape of mobile apps, devices and OS versions is quite amazing compared with regular enterprise IT applications. New agent-enablement features such as Google’s introduction of AppFunctions in Android are also opening up our smartphone attack surfaces in nonhuman ways we never imagined.

“We presume that the device is in a bad actor’s hands, so our fundamental premise is to never embed secrets in the mobile app,” said Ted Miracco, CEO, Approov Ltd. “Code obfuscation is dead, and an agent can pick up API keys and private data though static and dynamic analysis, and commit fraud. AIs are getting so good at deepfakes and emulation that we need more attestation to ensure that there is trust.”

The firm recently announced a partnership with CloudFlare to provide development customers with an SDK that allows them to embed attestation and API access policies into the mobile app.

“We have some environments with 50 million or 100 million users, and engineers spending hundreds of thousands of hours trying to use generalized coding agents for investigations,” said Chris Roeckl, chief product officer at Appdome Inc. “For us, AI should not just be a co-pilot, nor should it replace engineers. Agentic defense needs to get understaffed mobile cyber teams out of the minutia, so they can focus on requirements and get an exact answer that includes the place, time and specific attributes of an attack.”

The firm also recently released an on-device support agent that can snapshot the exact OS and application state to kick off high-risk cyber investigations, or deliver self-service remediation instructions directly to the consumer, for instance to help them remove a rogue app or utility that may have rooted their device.

Iru Inc. evolved from iOS mobile device management (formerly under the brand Kandji) into a cross-platform suite of endpoint security, vulnerability management, workforce identity and compliance automation features that even an analyst like me could figure out how to administer. For instance, if an employee device has an app with a detected vulnerability, an on-device agent automatically downloads a safe or patched version and prompts the user to replace it. An IT manager can set a compliance policy and controls by having a brief Q&A chat with an assistant.

Clawing back control and governance

Agentic AI platform player Airrived Inc. showed me their new AetherClaw agent execution and automation capability, which circumvents current concerns such as OpenClaw exploits, because their agents are created for declared work objectives and deterministically grounded for deep learning on the enterprise’s own environment and data. 

Let’s not forget the importance of protecting core systems that are still the beating heart of enterprise business processes. Rather than starting from traditional identity governance and access entitlements, Pathlock Inc. demonstrated a unique approach that manages human and nonhuman AI identity risk from a business process, transaction and compliance perspective.

“For instance, if you want to create a vendor, and then pay a vendor, each of those processes has different owners and a separate set of actions that roll up to transaction codes in SAP, Oracle, Dynamics or Workday,” said Jason Gzym, vice president of solution engineering at Pathlock. “When you bring agents into the mix, you need to know who authorized them to work, and how each action meets the compliance and business requirements.”

Firemon LLC showed a policy control plane for network security that discovers, manages and rationalizes everything from access policies, to firewalls, to microsegmentation for cloud-native environments. Network security engineers can review risk analytics and get recommendations for improving policies and predicting the impact of changes to the network. The firm also just put out a fun “cyber confessional” podcast with anonymous horror stories from the trenches.

“Among network security practitioners we talk to, fear of disruption is the most prevalent thing they have in common,” said Firemon CEO Jody Brazil. “I’ve never heard one story where someone gets fired for creating a security gap, but there are multiple instances where someone gets fired for creating a disruption that impacts live services.”

The Intellyx take

On a surface level it seemed like all the buzz this year was pretty much the same as last year: addressing AI-based attacks that exploit agent-introduced exploits with agentic AI tools.

Yes, enterprises are plowing ahead with AI mandates, and in the absence of well-defined governance and controls, individual engineers and business stakeholders who don’t want to be left behind are picking up these tools, whether security departments and vendors are ready for it or not.

We could have swapped in trends such as microservices and bots, cloud computing or DevSecOps automation from previous conferences and the underlying story would remain the same. Chief information security officers and their security organizations can obsess over preventive measures and become a bottleneck to progress, or they can insert themselves into the strategic conversation as a critical enablement partner for adoption and innovation.

Jason English is a principal analyst and chief marketing officer at Intellyx. He wrote this article for SiliconANGLE. At the time of writing, Appdome is a current Intellyx subscriber, and Approov and Tines are former Intellyx customers. No other companies mentioned are Intellyx customers. RSAC covered the analyst’s attendance cost for the event, a standard industry practice. ©2026 Intellyx B.V.

Photo: Jason English