The theme of this year’s RSAC gathering in San Francisco was “The Power of Community.” Based on the presentations and dialogue that took place over four days, the cybersecurity community is increasingly autonomous and under AI attack.

Survey results provided to SiliconANGLE from Enterprise Technology Research show that as organizations turn to stronger hygiene and deeper layers of protection, AI is becoming a major part of the enterprise platform, often at the expense of cloud investment. Yet, AI agent adoption is also moving faster than an organization’s ability to control it, and AI-generated attacks are adding a new layer of complexity to an already challenging security picture.

“This is the first time that we’ve seen LLM and gen AI protection be the number one player. Cloud security had been the number one player for the last two years,” according to Erik Bradley, chief strategist and research director at Enterprise Technology Research, in an analysis on theCUBE, SiliconANGLE Media’s livestreaming studio. “I don’t think anyone has the control tower at this moment. I think it’s going to be a blend. That’s why I keep saying depth of defense. It’s a term we used to use 10, 20 years ago that I think is more important now than ever.”

Bradley and other industry experts joined theCUBE Research’s Jon Oltsik, Christophe Bertrand and Dave Vellante during the RSAC 2026 Conference to provide exclusive commentary about how enterprise security is being reshaped by identity fragmentation, autonomous threats and AI systems. (* Disclosure below.)

Here’s theCUBE’s complete video analysis with Erik Bradley and Dave Vellante:

Here are three insights you may have missed:

Insight #1: The lateral world will play a central role in defending against an AI attack, and cyber resilience now demands AI-powered defense at machine speed.

Some of the most damaging cybersecurity attacks can happen when a threat actor successfully breaches a poorly guarded part of the network and then uses that access to navigate laterally across IT systems.

This exposure is what Broadcom Inc. is addressing, through a four-step prescriptive deployment framework, and controls positioned closer to the workload. The key is to have enforcement, prevention and mitigation — not just detection — according to Prashant Gandhi (pictured, left), vice president of products for the application networking and security division at Broadcom.

“If you really look at any AI-generated attack, ultimately what happens is that the perimeter is breached, the attacker gets in, lands on a weakly-protected asset, then moves laterally,” Gandhi explained during an interview with theCUBE. “That lateral propagation is where we come in, because we lay the trap in the lateral world, and that’s where we drive zero trust.”

Organizations are grappling with a new reality in which attacks are moving much faster. Google Mandiant’s “M-Trends 2026” report documented that the median time from an attacker’s initial access to passing further action on to a secondary set of threat actions had fallen from eight hours to only 22 seconds. A human-only response is no longer a possibility.

“Time is measured in seconds and minutes,” said Francis deSouza, chief operating officer and president of security products at Google Cloud, in conversation with theCUBE. “It’s not possible to mount a human-only defense against an AI attack. The old models of having a human defense or a human-in-the-loop defense have really got to change. Now what we’re seeing is primarily an agentic defense — using AI to fight AI — so that you can move at machine speed too, and you can have humans overseeing the process, creating guardrails, creating the policies and the strategies, and monitoring what’s happening.”

Here’s theCUBE’s complete video interview with Prashant Gandhi and Umesh Mahajan (pictured, right) of Broadcom:

Insight #2: The quantum threat is closing in on enterprises, and it’s time to pick up the pace toward built-in protection.

The ability of quantum computing to rapidly decrypt algorithms that have protected critical systems for decades may soon force enterprises to adopt a whole new set of preventative measures, according to Mark Hughes, global managing partner of cybersecurity services at IBM Corp. The only question now is how much time there is before protections need to be in place.

“My first piece of advice is don’t panic, because there’s a lot that we know how to do already, which intrinsically underpins the safe use and introduction of AI into enterprises. But notwithstanding the ‘don’t panic’ thing, it’s ‘get busy and get moving very fast,’” Hughes told theCUBE. “The same principles [around governance and deployment] apply when it comes to how we do that with AI and how you get that into the enterprise, but we need to speed up.”

Hughes believes that a silver lining in the quantum threat is that it will push enterprises to become more disciplined in the management of certificates, keys and broader cryptographic workflows. It can also remove a growing bottleneck to AI adoption since the sheer volume of work required cannot be done by humans alone.

IBM has developed four quantum-resistant algorithms, and the U.S. Department of Commerce’s National Institute of Standards and Technology has released its first three finalized post-quantum encryption standards for organizations to adopt.

“Getting organized around cryptography now is essential — not just because of the quantum event, although that is absolutely a necessity,” Hughes said. “You need to be doing that now so we can get to a state of what we’re describing at IBM [as] ‘crypto agility,’ where we move away from how we’ve traditionally managed crypt, which is hard-coded crypt. It’s worked, and it’s worked really well for us, but that’s not relevant now in today’s environment.”

Here’s theCUBE’s complete video interview with Mark Hughes of IBM:

Insight #3: AI agents are transforming the identity channel and helping close the skills gap in cybersecurity.

Zero trust is one of the critical principles for enterprise systems, and it has worked reasonably well when human behavior is involved. However, the introduction of AI agents into mainstream work processes has altered the nature of identity, where each action now needs to be authorized in real-time based on live context.

To address this new dynamic, enterprise access security provider Ping Identity Inc. has launched an Identity for AI platform designed to improve visibility into agents across environments to ensure they are not operating outside the boundaries for a given task.

“With agents acting in our system, there’s no equivalent of a consequence for something that we deem to be … damaging to the company,” said Andre Durand, founder and chief executive officer of Ping Identity, during an appearance on theCUBE. “For that reason, the guardrails need to be much tighter.”

Despite the need for tighter controls, AI agents are proving to be a solution at the right time for the cybersecurity industry. According to the 2025 “ISC2 Cybersecurity Workforce Study,” the cybersecurity industry experienced a critical shortage of 3.5 to 4 million professionals globally last year.

An ability to offload “tier-one” tasks such as phishing triage to AI agents will enable security professionals to reclaim hundreds of hours each month and focus on preemptive threat pursuit, according to Scott Woodgate, general manager for threat protection at Microsoft Corp.

“Agents provide a real opportunity to take automation to the next level and fundamentally upskill the roles that people have so that [the] employment gap actually can be filled by the partnership between people and agents,” Woodgate told theCUBE.

Here’s theCUBE’s complete video interview with Andre Durand of Ping Identity:

To watch more of theCUBE’s coverage of RSAC 2026, here’s our complete video playlist:

(* Disclosure: TheCUBE is a paid media partner for the RSAC 2026 Conference. Sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE