The physical security at the Moscone Center in San Francisco was high this past week, with RSAC 2026 attendees and bags being checked in similar ways to airport security checkpoints. Even the lines reminded me of long airport security waits.
And while attendees from across the globe came to RSAC to talk and learn about cybersecurity, this year's conference occurred with the backdrops of the U.S. military fighting battles in the Middle East, U.S. federal agencies pulling out of this year’s RSAC and cyber attacks occurring in the U.S. impacting critical infrastructure — including the recent cyber attacks against Stryker.
Some of the top product launches that occurred at RSAC are presented in this Help Net Security article.
I also really like this human-focused article from PC Magazine (based on an RSAC session) on the surprising reason why phishing still works in 2026. As we have discussed numerous times in this blog over the years, humans remain your biggest strength and also biggest weakness in cybersecurity. The key to stopping scammers is slowing down. Here's an excerpt from that article:
“Perhaps most importantly, he referenced the work of Nobel Prize winner Daniel Kahneman. Kahneman identified two systems the brain uses to make decisions. ‘System 1 is fast, automatic, emotional, and intuitive,’ noted Rose, ‘while System 2 is slow, effortful, logical and deliberate. We live in System 1 all day, every day.‘ Rose explained that System 2 thinking literally uses more of your body’s energy, and that having evolved through periods of scarcity, we’re inclined to avoid expending that energy.”
TOP RSAC 2026 SESSIONS
Many of the top main stage sessions from RSAC 2026 are available for free at their YouTube channel, and I urge you to take the time to watch a few of these fascinating presentations of interest. There are many great sessions on securing AI through various means.
Some of the top RSAC keynotes included:
Reimagining Security for the Agentic Workforce by Jeetu Patel, president and chief product officer, Cisco
Key quotes:
- “We should NOT think of these agents as tools. They are more like digital co-workers.”
- “With chatbots, you worry about getting the wrong answer. With agents, you worry about taking the wrong action.”
- “Beware of the ‘oops phase.’” (Watch the video to see what that means.)
Activate Industry!: Moving Beyond Defense to Disruption and Active Defense by Sandra Joyce, vice president of Google Threat Intelligence, Google Security
Key quotes:
- “We found that the time between initial access [from threat actors] to the hand-off has collapsed from eight hours in 2022 to 22 seconds in 2025.”
- “Threats in the AI era include speed, scale and sophistication.”
- “We must move to active defense, but not hacking back.”
AI vs. AI: How to Reshape Defense Faster Than Attackers Reshape Offense by Nadir Izrael, CTO and co-founder, Armis
CNBC live from RSAC show floor - Databricks CEO: AI will kill the security, information and event management systems - Ali Ghodsi, Databricks CEO
Key quote: “AI will kill the SIEM in 2026.”
WHAT CAUGHT MY EYE AT RSAC 2026
As I walked the RSAC show floor, the pictures below show some of the excitement, surprising numbers and activity that is still alive at one of the world’s largest annual cyber events.
Dan Lohrmann
Dan Lohrmann
FINAL THOUGHT
I also had the chance to describe what I was seeing to several media outlets, and here is one of those interviews I did with Expert Insights covering my views on trends for governments in cybersecurity.
Meanwhile, outside the Moscone Center, I was also shocked by the gas prices in California, which are a solid $3-plus higher per gallon than in Michigan — and a reminder of the impact of current global events.
