RSA Conference 2026 made one thing clear very quickly.

Security leaders are done with generic AI pitches.

After two years of relentless “AI everything,” the market is now pushing back. There is a growing fatigue with vague promises, surface-level features, and what many are calling outright AI washing.

What cut through this year was not another AI-powered detection claim. It was a much more grounded question:

How do we actually govern and control AI usage inside the organisation?

That is the shift. Not more AI. Better control of it.

Day 1: The Buyer Reality Check and the Demand for Security FOR AI

The first major theme was a reset in buyer expectations.

CISOs are no longer interested in GenAI wrappers or tools that sit on top of models without addressing the underlying risk. The priority has moved decisively toward infrastructure that can govern AI usage in real environments.

At the centre of this is a growing contradiction inside most organisations.

On one side, business leaders are pushing teams to use more AI. In some cases, productivity is measured by token usage, prompt volume, or output.

On the other side, security teams are deeply uncomfortable with what that means in practice.

Sensitive data is being entered into public models. AI is embedded into SaaS tools without visibility. Employees are using personal tools outside of policy.

This is not edge-case behaviour. It is the default.

At the same time, the way security is trying to manage this risk has not evolved.

Security teams rely on static rules, predefined lists, and binary decisions. Meanwhile, AI systems and adversaries operate in context, relationships, and behaviour.

That mismatch is becoming harder to ignore.

Legacy tools like DLP and CASB can block or log, but they do not understand prompts, intent, or how AI is actually used across modern workflows.

The requirement is shifting toward something more precise. Not just security around AI, but 

Day 2: The Agentic AI Era and the Identity Nightmare

By Day 2, the conversation moved beyond chat interfaces and copilots into something more complex.

Autonomous systems that can take actions, trigger workflows, and interact across multiple systems without direct human input.

This is where the industry narrative starts to break down. There is a common analogy that AI agents are like interns: that they need supervision, guidance, and guardrails. 

Most CISOs we spoke to rejected that completely.

An intern learns. An intern slows down when unsure. An intern makes small mistakes.

A poorly prompted agent can execute thousands of actions in milliseconds. If it is wrong, it scales that error instantly. This introduces a problem that remains largely unsolved.

Identity and Access Management (IAM) for non-humans.

The industry has not solved IAM for humans cleanly. Now it is being asked to extend that model to potentially hundreds of thousands of non-human actors.

 has already highlighted this as a major emerging gap, particularly as agentic AI adoption accelerates.

Chatbots were the introduction. Agents are the real shift.

Day 3: Nation-State Deepfakes and the Failure of IR Playbooks

By Day 3, the conversation turned toward what happens when these risks materialise.

And the answer, in many cases, is uncomfortable.

Because the nature of compromise is changing. We are seeing the convergence of nation-state capability and enterprise attack surfaces, accelerated by AI.

This is not a technical exploit. It is a human one.

Deepfakes bypass traditional controls entirely. They do not rely on malware, vulnerabilities, or lateral movement in the traditional sense.

During tabletop exercises at RSA, many CISOs reached the same conclusion.

Then you cannot investigate, contain, or respond effectively. Traditional IR assumes known systems and observable signals. AI breaks both assumptions.

The Overarching Narrative: AI Washing and the Trust Deficit

Across all three days, one theme connected everything. A growing lack of trust in the market.

AI is everywhere. Every vendor has a story. Every product claims coverage. But buyers are increasingly sceptical.

Because the underlying problem is not being solved:

More than half of employees are using AI without approval, and most organisations expect AI-related breaches in the near term.

From tools that claim to “secure AI” to platforms that can 

make AI usage visible, measurable, and controllable

If there is a single takeaway from RSA 2026, it is this: 

Final Thought: From AI Hype to AI Usage Control

What RSA 2026 made clear is that the market is maturing. 

The conversation is moving away from hype and toward control. Not control in the sense of restriction, but control in the sense of 

The organisations that get there will not be the ones that slow AI down. They will be the ones that understand it, guide it, and control how it is used in practice.

If RSA made anything clear, it’s that AI usage is already happening across your organisation, whether you control it or not.

point_right

with CultureAI to see how AI is actually being used across your environment, surface hidden exposure points, and understand where policy breaks down in practice.

What RSA 2026 made clear is that the market is maturing. The conversation is moving away from hype and toward control. Not control in the sense of restriction, but control in the sense of confidence.

Recommended for you

The Offensive Potential of Computer-Using Agents

The AI Control Gap: Why Partners Are Now on the Front Line

You're Not My Supervisor! Researching My Own New Starter Scam