AI Security and Nonhuman Identities Take Center Stage
One of the most prominent themes heading into RSAC 2026 is the growing influence of AI — especially agentic AI — on both sides of the cybersecurity equation. Organizations are rapidly adopting AI agents to automate workflows, but these same systems introduce new attack surfaces and identity challenges.
Sessions focused on ambient and autonomous security and reimagining security for the agentic workforce highlight a key concern: traditional identity and access management (IAM) models are not built for nonhuman identities operating at scale. Security leaders will need to rethink governance, authentication and monitoring strategies to account for AI-driven activity.
“Last year, my big takeaway was agents for everything, and I think it’s going to just double down on that: agents for every part of your security program — GRC [governance, risk and compliance], IAM, SOC [security operations center] — everywhere,” Powell said.
“The flip side is, how do you secure an agent? That’s what I’m really looking for this year — solutions for nonhuman identities, especially around agents.”
WATCH: Check out the cybersecurity trends to watch in 2026.
Post-Quantum Cryptography Becomes a Near-Term Priority
Another major focus at RSAC 2026 is post-quantum cryptography. While quantum computing has long been viewed as a future risk, recent developments suggest that the timeline for disruption may be accelerating.
Sessions such as “Quantum-Safe Readiness: Practical Steps for Identity and Data Protection,” featuring IBM security experts, will explore how organizations can begin transitioning to quantum-resistant encryption. The conversation is shifting from “if” to “when,” and IT leaders are being urged to inventory cryptographic assets and develop migration strategies now.
This urgency is reflected in broader conference themes related to data protection and long-term resilience. Organizations must not only defend against today’s threats but also ensure that sensitive data remains secure against future decryption capabilities.
DIVE DEEPER: What your cybersecurity leaders need to know about quantum readiness.
CTEM and Risk Quantification Reshape Security Strategy
As environments grow more complex, security teams are moving toward continuous threat exposure management as a framework for prioritizing and mitigating risk. Rather than relying on periodic assessments, CTEM emphasizes ongoing visibility into vulnerabilities, attack paths and business impact.
“CTEM is the idea of moving from periodic testing to a continuous, all-the-time view of threats and exposure,” Powell explained. “I’m looking for vendors that are stitching those pieces together into a true CTEM platform, not just point solutions.”
At RSAC, this approach will be closely tied to another emerging priority: risk quantification. Security leaders are increasingly expected to translate technical risk into business terms, enabling more informed investment decisions.
“Risk quantification is about telling the story of your security program — why you’re making investments and how they map to business impact,” Powell said.
Rather than chasing every vulnerability, teams are focusing on the exposures that matter most — those with the greatest potential to disrupt operations or impact revenue.
