Home / Posts / Cybersecurity

RSAC 2026: The "Two Wars" of AI and the New Cyber Defense Stack

RSAC 2026 Moscone Center

As RSAC 2026 opens its doors at the Moscone Center, the industry is no longer just talking about AI—it is re-platforming on it while fighting to secure it.

The Bifurcation of Cyber Defense

The theme of **RSAC 2026** is the "Two Wars" of AI. The first war is a rebuilding phase: replacing legacy SIEMs and SOARs with AI-native architectures that can handle the massive telemetry of modern enterprises. The second war is a defensive phase: securing the very AI systems that enterprises are now deploying at scale.

Industry leaders argue that the "Age of Copilots" is over, replaced by the "Age of Agents." These agents act autonomously, making decisions without human intervention. This shift has created a new class of risk where the agent itself becomes the attack vector. "We are no longer just securing users; we are securing the autonomous non-human workforce," said one keynote speaker.

Case Study: The Claude Code Infiltration

A chilling case study discussed at the conference involves the late 2025 "Claude Code" incident. A state-sponsored group allegedly used a swarm of specialized AI agents to perform 90% of a sophisticated infiltration cycle. The agents identified vulnerabilities, drafted exploits, and performed lateral movement with a speed that bypassed traditional SOC detection thresholds.

This incident has forced a pivot toward Autonomous SOCs. These systems don't just alert; they react in real-time, isolating affected agents and rewriting firewall rules before a human analyst can even open the ticket. The 2026 defensive stack is defined by "AI fighting AI" at sub-second speeds.

Securing the Non-Human Identity

Another major pillar of RSAC 2026 is Non-Human Identity (NHI) management. As AI agents proliferate, the number of machine identities is expected to grow by 10x in 2026. This has led to massive partnerships, such as the AWS and SailPoint agreement, to provide a unified identity fabric for both humans and agents.

The RSA Reality Check:

Despite the excitement, a new report from Microsoft and Cisco warns that while 83% of firms are deploying AI agents, only 29% are prepared to secure them against "double agent" prompt injection exploits.

Conclusion

RSAC 2026 marks the moment where the cybersecurity industry accepted its AI-native future. The "Two Wars" are not just technical challenges; they are a fundamental shift in how we think about trust, identity, and defense. In the era of autonomous agents, the only way to stay safe is to out-reason the adversary.