The RSAC 2026 cybersecurity conference in San Francisco this week is set to prominently feature discussions on artificial intelligence (AI), with a focus on its operational implementation in an increasingly complex security landscape. Security leaders face the challenge of integrating AI while managing a proliferation of security tools and applying zero-trust principles. The Enterprise Technology Research survey indicates that while 90% of organizations report using AI in their security stack, 75% apply it to less than 10% of their security portfolio, highlighting a significant gap between AI adoption and its effective scaling.
At the conference, industry experts anticipate robust conversations surrounding AI-driven Security Operations Centers (SOCs), which promise enhanced automation in tasks like triage, investigation, containment, and remediation. However, successful deployments hinge on critical factors such as data quality, governance, and exposure management hygiene. Cybersecurity expert Jon Oltsik emphasizes the need for a careful approach to AI implementation — one that prioritizes tangible outcomes over merely adding another layer of complexity to existing security frameworks.
RSAC’s theme this year, “The Power of Community,” underscores the collaborative nature of the cybersecurity field, where competitors increasingly share threat intelligence. New dimensions of collaboration are emerging as machine-based agents begin to operate alongside human teams. These agents should not be seen as replacements but as tools that extend the capabilities of security professionals, reinforcing the existing community rather than competing against it.
The rise of AI within SOC operations is one of the main topics at RSAC 2026. Vendors are shifting from AI as a mere assistant to agents capable of performing substantive SOC duties. The challenge remains: bridging the gap between the alluring promise of AI and the operational realities that security teams face. While some startups have successfully focused on specific security operations, such as alert triage, the industry remains cautious about broader AI adoption. Security professionals still cling to a human-in-the-loop approach, advocating for careful assessments of where automation can effectively mitigate inefficiencies and address data bottlenecks.
Managed Security Service Providers (MSSPs) could lead the charge in aggressive AI deployments, driven by economic pressures to scale operations without proportional increases in personnel costs. Companies like Arctic Wolf Networks, Expel, and LevelBlue are expected to be at the forefront of adopting AI solutions. Nick Schneider, CEO of Arctic Wolf, is slated to discuss how far automation can be pushed while maintaining trust and managing liability during the conference.
Another topic gaining traction at RSAC is Continuous Threat Exposure Management (CTEM), which emphasizes the need for real-time visibility into assets, configurations, and vulnerabilities rather than relying on static scans. The effectiveness of CTEM, however, is contingent on having credible data. Organizations must ensure that their data is not only accessible but also formatted for effective use, as the stakes rise in a fast-evolving cyber threat landscape.
The importance of cyber resilience is also under scrutiny, with experts cautioning against viewing it as merely a product. Instead, it should be seen as a capability requiring a comprehensive approach across various phases: anticipation, withstand, recovery, and adaptation. This perspective is critical for organizations as they navigate disruptions while ensuring the continuity of essential business operations.
Identity management remains a cornerstone of security strategy, particularly as the traditional network perimeter dissolves in favor of identity as a key security vector. Discussions at RSAC will focus on how organizations can enhance identity governance, move toward passwordless authentication, and adopt behavioral analytics for identity threat detection and response.
The pre-RSAC data from Enterprise Technology Research illustrates a growing reliance on AI across security tools, with only 5% of respondents indicating no use of AI. While 51% report using AI in over 10% of their security tools, security professionals remain vigilant about AI’s limitations, including issues around “hallucinations” and opaque decision-making processes. This cautious optimism reflects a broader recognition that while AI’s integration into security frameworks is essential, it must be approached with diligence and critical evaluation.
As the RSAC 2026 unfolds, a plethora of themes will emerge, from zero trust to cloud security. The conversations during this week will not only shape the immediate landscape of cybersecurity but also influence long-term strategies as organizations adapt to an increasingly complex digital world. The community aspect of RSAC, where practitioners share insights and experiences, will be particularly vital in discerning actionable insights from the myriad of vendor claims.
