The expo halls are quiet now, the buzz has faded, and the swag bags are unpacked, but the real story of RSAC 2026 is just beginning. With more than 40,000 attendees converging from around the world, the cybersecurity debates and ideas were constant. Beyond product launches and polished keynotes, the Fortra team found something more meaningful: a shift in how the industry is thinking about security itself. Here’s what stood out to some of our team members and what it all means for the road ahead.
AI in Practice for Security Teams
This year’s RSA Conference made one thing unmistakably clear: AI is everywhere. In prior years, the dominant narratives were platforms in 2025 and Zero Trust in 2024, and it’s worth remembering that both remain foundational to modern cybersecurity strategies.
What felt different this year was the emotional tone surrounding AI. There is a palpable mix of excitement and anxiety, and opportunity paired with uncertainty. Attendees see AI’s potential to dramatically improve detection, response, and efficiency, but there is also concern about misuse, over‑reliance, and unforeseen risk. Most organizations are still in an exploratory phase, experimenting and searching for practical, defensible ways to apply AI at scale. The conversation has clearly shifted from if AI will matter to how it should be responsibly and effectively integrated into existing security architectures.
— John Grancarich | President, Defense & Intelligence
A Decade at RSA: How AI Has Changed the Conversation
I’ve attended RSA many times this decade. Over the years, I’ve taken part in a panel about a botnet takedown (Citadel), worked my company’s booth for hours on end, hosted customer and prospect events, and twice presented in the vendor showcase in the expo halls.
Certain aspects of RSA never change. Lavish booths. Gimmicks designed to drive traffic. Invite-only events with top-shelf liquor and high-end appetizers. Competing sessions on malware takedowns, cybersecurity policy, and OSINT techniques. The main stage keynotes run like clockwork, blending Vegas-level showmanship with Silicon Valley ambition.
It should come as no surprise that AI dominated RSAC 2026. What stood out, though, was how much the conversation has shifted over the past seven years.
In 2019, the message was simple: AI would solve cybersecurity. We would detect threats before they became problems, identify anomalous behavior across packets, emails, and logins, and stop attacks in real time.
By 2025, that optimism remained, but with a caveat. Adversaries would also use AI, so defenders would need to move faster and think smarter.
This year, the message was different. AI is the threat.
I heard CEOs describe AI agents collaborating in unpredictable ways, sometimes with unintended and negative outcomes. Vendors emphasized solutions to address a rapidly expanding attack surface. The warnings about adversaries using AI were still there, but sharper and more dire.
I left RSAC 2026 with a mix of angst and optimism. I reconnected with longtime colleagues and realized we are all a bit older, a bit wiser, and less certain about where cybersecurity is headed. I also met people just starting their careers, confident and eager to take on the challenge of protecting our digital lives.
Innovation tends to follow necessity. There will be no shortage of innovation in the years ahead.
— John Wilson | Fortra Senior Fellow, Threat Research
AI in Action: From Automation to Outcomes
At RSAC 2026, the overarching theme was clear: Cybersecurity is fully in the AI era, but success in it depends on governance, identity management, and tangible outcomes, not just automation. AI has shifted from theory to operational reality, now embedded in security operations center (SOC) workflows, threat detection, SaaS security, and identity systems.
A major focus was on agentic AI, with autonomous AI agents acting as “digital coworkers” capable of investigations, triage, and response, transforming SOCs into AI-supervised environments. Discussions also emphasized identity, SaaS and cloud security maturity, and the evolving threat landscape in an AI-driven world. Security buyers are increasingly moving away from tool fatigue toward integrated platforms, favoring ecosystems that reduce the number of vendors. Meanwhile, OT and critical infrastructure face growing exposure, with attacks on these systems becoming more common.
— Jay Angsman | Fortra Offensive Security Senior Account Executive
Why Research-Driven Content Stood Out
I’ve spent my entire career in this field as an analyst and engineer, working behind the scenes in technical roles. Most of the conferences I’ve attended were built around that experience, focusing on learning new technologies or sharpening skills. While sponsors were always present, the emphasis wasn’t on selling.
RSAC felt different. The focus leaned heavily toward product showcases, with many conversations centered on solutions. Technical discussions did happen, but often only when a booth happened to have a technical expert available.
That said, RSAC excels as a place to make initial connections with vendors and to showcase your own capabilities. But there’s an opportunity to go further. More tradecraft and real-world insight from researchers and analysts would add meaningful depth to the experience.
I saw this firsthand during our vendor showcase, where we presented on Scripted Sparrow, a newly identified phishing group discovered by Fortra. As attendees passed by and recognized that the session was focused on research and tradecraft, the audience steadily grew. In contrast, more sales-oriented presentations we observed often saw attendees filtering out mid-session.
That contrast was telling. There’s a clear appetite for substantive, research-driven content and increasing its presence would make RSAC even more valuable for the community.
— Gregory Benton | Fortra Director, Threat Intelligence and Security
Connecting Globally, Securing Together
The 2026 RSA Conference did not disappoint and truly reflected the global nature of today’s cybersecurity community. I personally met with partners from six of the seven continents — Antarctica being the only one missing — which reinforced just how international the event has become. Throughout the conference, there was strong engagement and a genuine appreciation for the opportunity to reconnect face to face.
Many of our conversations centered on Fortra’s approach to cybersecurity in today’s rapidly evolving threat landscape and how we can work together to address our customers’ most pressing challenges. A recurring theme was artificial intelligence — both how Fortra leverages AI and how we help organizations protect themselves against AI-driven threats. It was also valuable to showcase the Fortra platform and how our solutions work together in a cohesive, integrated way.
Overall, RSAC 2026 was a highly productive and energizing event.
— Faraz Siraj | Fortra Vice President, Channel
