Enterprises need to rethink their cybersecurity approach in 2026. The combination of AI and quantum alone are driving the acceleration of new approaches and risks.
Next month, the annual RSAC cybersecurity conference takes place in San Francisco. The conference brings together security solutions from across the spectrum. For those in attendance, it can be a bit overwhelming how many different (and similar) products there are in the marketplace.
Cybersecurity is also going through a bit of a change. CIOs are rethinking how they approach risk and cybersecurity is one of several key elements including other topics like resiliency, AI and quantum.
While AI may be attracting much of the attention, the broader topic of cybersecurity is a top issue facing enterprises small and large. AI itself is also driving renewed attention toward cybersecurity due to acceleration, new vectors and overall complexity.
9 things to watch at RSAC 2026
At the upcoming conference, I am watching several areas. Here’s a rundown of what I’m looking for and why.
- Security for AI and AI for Security: There are two sides to this discussion. Cybersecurity for AI operations and using AI to augment cybersecurity operations. As AI functions like agentic AI, model context protocol (MCP) servers and agent to agent (A2A) functions are more widely used, enterprises will need new approaches to protect against threats and misuse. On the other hand, cybersecurity operations (SecOps) to endpoint detection and response (EDR) and everything in between, there are aspects where AI can augment functions. This includes solutions in the security information and event management (SIEM) and security orchestration, automation and response (SOAR). How are companies leveraging AI to bring intelligence to each of these functions to accelerate the time to value?
- Network Security Products: Network companies like Lumen, Cisco and Palo Alto Networks have incredible access to insights due to the sheer size and reach of their networks. Lumen’s Black Lotus Labs is one example of an impressive team highlighting insights to customers. Coming off Cisco’s AI Summit, there is a lot we can learn from leveraging these insights to our benefit. I’m looking to understand how these companies are leveraging AI to access insights not previously available.
- AI Security Products: As enterprises increase their use of agentic AI along with MCP and A2A, they will need help to protect not just the data, but the processes and agents too. Agentic AI brings new automation into the mix which could run amok or be misused if not protected properly. I’m looking at companies that assist enterprises in putting up the right guardrails to protect themselves, their customers and their employees. It’s about data and agents. Furthermore, the proliferation of agents will lead to agentic sprawl. Products from companies like Varonis are stepping into this area.
- Simplification: I may sound like a broken record on this subject. Simplification has been mentioned in the past CIO playbooks. Simplification is needed for the cybersecurity stack. From processes to architecture, I’m looking at how companies are simplifying their solutions to benefit customers and make it easier to leverage.
- Platform versus Best of Breed: Related to simplification, there are tradeoffs between integrating multiple best of breed solutions versus using a more integrated platform. I am looking at how vendors are thinking about each of these approaches. There are pros and cons to each approach.
- Post Quantum Cryptography: Quantum is not as far out as some may think. Even if it were, enterprises need to take action today to protect the future. Nation states are already amassing droves of encrypted data with the expectation that new quantum technology will allow decryption of existing algorithms. That is why enterprises need to take action today and think about quantum including post quantum cryptography (PQC). I’m looking at solutions and approaches that companies are taking today with an eye to the future.
- Identity and Authorization: Identity and access management (IAM) solutions are not new. What is new is how companies are thinking differently about authorization. There are new solutions coming onto the market that augment existing approaches to tackle the authorization problem. AI is bringing new challenges to the space as enterprises think about governance models, layers of access and even setting a new perimeter for cybersecurity. I’m looking to see who is approaching this and how. I’m also looking at how this plays into an agentic AI world.
- Vibe Coding: The cybersecurity aspects of code development are far and wide. With AI algorithms now able to create code, enterprises need to think about how to protect those processes. As automation for code development becomes more mainstream, so will the need for cybersecurity around code development to avoid malicious code development. AI brings many new challenges for code development.
- Risk Assessment and Mitigation: At a macro level, all of the actions around cybersecurity are to assess risk and mitigate it whether proactively or reactively. From an executive perspective I’m looking at how vendors are approaching cybersecurity at a macro level.
Connect at RSAC 2026
There is a lot to consider in 2026 and these are just some of the top-line areas I’m following that align with where customers are or should be headed. It’s going to be a very busy week at the conference. And while the conference is just one point in time, the conversation will continue far beyond it.
What are you looking for at RSAC 2026? Want to connect? Reach out via the Contact page and let’s chat.
Discover more from AVOA
Subscribe to get the latest posts sent to your email.