Innovation in security: RSAC 2026

A few weeks ago, the cybersecurity world descended upon San Francisco for RSA Conference 2026. With nearly 200 sessions—roughly 40% of the total agenda—dedicated to AI, it’s safe to say that the "Age of AI" has officially moved from speculative enthusiasm to operational reality.

The shift was palpable across the expo floor. Nearly a third of all exhibitors featured AI as their dominant theme, signaling that AI is no longer just a feature. However, this rapid evolution has exposed a fluid new attack surface that traditional frameworks were never built to handle. 

With the dust finally settling, here are our top three takeaways from RSAC 2026 and what they could mean for the future of your data and AI security strategy.

Organizations are currently caught in a pincer movement. On one side, boards are aggressively pushing for AI integration to maintain operational velocity. On the other, employees are bypassing manual bottlenecks and introducing Shadow AI—unmanaged large language models (LLMs) and agents—directly into the data perimeter.

This isn’t just a feeling. A recent IBM and AWS study found that nearly 70% of executives are now prioritizing the speed of innovation over security. As CrowdStrike CEO George Kurtz noted in his mainstage keynote, boards want the competitive edge of AI, but they have zero appetite for the data risk that usually comes with it.

The strategic takeaway: Organizations must move away from binary allow/deny security and toward a model where security is baked into the data itself. This ensures safety remains constant, regardless of whether the data is being consumed by a trusted employee or an unmanaged AI agent.

The conversation at RSAC has shifted from LLMs simply writing phishing emails to the operational risks of Agentic AI. Cisco’s Jeetu Patel made a compelling case: We should stop viewing AI agents as mere tools and start treating them as "digital co-workers." Because autonomous agents operate at a scale beyond human oversight, we must evolve how we think about data security to a paradigm with AI governance and auditability at its foundation.

This shift also highlights a critical identity gap. While 86% of IT leaders view AI agents as mission-critical, only 27% agree that their current identity systems are fully equipped to govern these non-human identities at scale. As CrowdStrike noted, “Most organizations deploy AI agents with less governance than they'd give an intern.”

The strategic takeaway: Security teams must govern non-human identities (NHI) with the same rigor as human users. Embedding data security at the field level ensures that verified identities only interact with non-sensitive, tokenized information—significantly reducing the risk and blast radius of a "rogue agent" event.

Perhaps the most sober takeaway from the week was the focus on cyber resilience. Google’s Sandra Joyce highlighted a startling statistic: The time between initial access and a threat actor's handoff has collapsed from eight hours in 2022 to a mere 22 seconds in 2025. 

In a world where attacks move at machine speed, prevention is only the first layer. Since you cannot always control which AI tools enter your ecosystem, you must focus on securing the data so it’s rendered useless to an attacker while still preserving the analytical utility of the data.

The strategic takeaway: A “secure by default” foundation must be implemented where protection travels with the data, empowering teams to move at AI speed while containing risk at the field level.

Databolt allows organizations to move beyond the security vs. speed tradeoff by embedding protection directly into the data lifecycle. 

• Security as an accelerator: Data security should act as an engine, not a brake. By securing data the moment it is created or ingested—and enforcing protections at the point of consumption—Databolt empowers both human users and autonomous agents to move faster without increasing the attack surface.

• Safely unlock AI at scale: Reliable AI agents require a unified context layer to function effectively. Databolt facilitates this through tokenization, protecting PII at scale without sacrificing the model accuracy or referential integrity essential for autonomous action.

• Secure third-party sharing: True innovation requires interoperability across ecosystems. Databolt enables organizations to exchange tokenized datasets with third-party AI vendors and research partners, successfully enabling data sharing while still maintaining secure data requirements.

As we packed up our badges and headed home, one sentiment remained: The future is agentic, but only if we build the foundation those agents need to be safe and reliable. 

The quicker an organization can get their data ready for AI securely—shifting from a deny-by-default to a secure by design posture—the faster they can unlock true value.

Ready to move at maximum velocity without the headline risk? Schedule an exploratory conversation to see how we’re securing the next generation of AI innovation.