Get ready to take action! Registration for Axonius Adapt26 in NYC is Open!

Register Now

RSAC 2026 recap: Taylor Swift has her eras. So does cybersecurity.

Mar 27, 20265 min

I’ve been going to RSAC long enough to notice the pattern. Every year, the show floor tells you exactly which era the industry is in. This year, the message was unmistakable. AI is the new attack surface. And everyone is still figuring out what that actually means. 

Here’s what I took away from RSAC 2026 Conference.

1. The industry continues to rewrite itself 

Walk the expo floor at RSAC over the last decade, and you’ll see the industry’s mental model shift. A decade ago, it was all about defense in depth, born from the migration to cloud and mobile, the so-called “deperimeterization” of the enterprise. The walls weren’t enough anymore, and everyone started realizing it.

Then came zero trust. A direct response to the failure of perimeter-based models. What was initially a buzzword became operationally mainstream as identity-centric tools matured. Every booth had a zero trust angle. Every pitch deck featured a diagram with concentric circles stating “trust but verify.”

Now, the booths have a new protagonist: the agent. Not the human kind. The AI kind. Autonomous systems acting continuously, at scale, without a person on the other end asking permission. Zero trust assumed someone was at the door. Agentic security is reckoning with the fact that the door is open and things are walking through it on their own.

But you’ll notice there’s a through-line across these eras. The attack surface keeps expanding, and the industry’s mental model of what deserves trust is perpetually playing catch-up. The tagline I kept seeing this year: you can’t verify what you can’t see.

So, what’s next? So far, each era has been largely centered around seeing more clearly. At some point, clarity has to become consequence — knowing something is wrong and having the system correct itself before any intervention is required. We’ll save this for a future post. 

DSC_2092_1_(2).png

2. “AI is the new attack surface” was everywhere. Here’s what it actually means.

This phrase was prominently displayed on banners, stitched into session titles, and printed on swag. What it’s really pointing at: companies are scrambling to account for all their AI assets. 

Why? The applications that power enterprises have changed. The infrastructure beneath those apps has changed. And that means the security controls wrapped around that infrastructure have to change, too. AI isn’t a single new threat vector. It has quietly rewritten the topology of the environments we’re supposed to be protecting, and most teams haven’t updated their maps yet.

The thing is, some of this is deterministic. AI infrastructure, deployments, model configurations — these behave like any other asset in your environment. But AI behaviors are probabilistic: what tasks agents perform, what data they access, what actions they take on their own. Security teams have muscle memory for both. What's new is the speed, the scope, and the sheer number of actors.

3. Identity is still the conversation, but the cast has changed

If there’s one theme that never leaves RSAC, it's identity. But this year, the emphasis shifted. The phrase I heard repeated across sessions and side conversations: Non-human identities now outnumber human identities.”

Service accounts, API keys, machine credentials, AI agents. All acting on behalf of organizations, and largely ungoverned. This isn’t a brand-new realization; we’ve known for years that service accounts tend to run over-privileged, that API keys get rotated on a “when we get to it” schedule. But AI agents have amplified the urgency because they don’t just hold credentials; they act on them autonomously, at scale, around the clock.

The identity conversation has graduated from “who has access” to “what has access, what is it doing, and did anyone actually authorize it?”

4. Actionability is the next frontier (and it starts with truth)

Dean Sysman, Axonius' Executive Chairman, took the stage and made the argument that the rest of the floor was circling around but not quite landing: visibility is table stakes; actionability is the differentiator.

Dean_Speaker_1_(1).png

The numbers backed him up. Across the Axonius customer base, the median device inventory is 298,000 devices. 12.7% of those  (roughly 37,000 endpoints per organization) are missing an expected security agent. That's one control. Just one.

And the visibility problem runs deeper than coverage gaps. In a recent study we conducted with the Ponemon Institute, more than half of organizations don't see their full environment in a single place. Of those that do, half are tracking assets in spreadsheets. Only 13% reconcile their data daily. The top three barriers to remediation were all the same problem wearing different masks: unclear prioritization, unclear ownership, and inconsistent data.

This is what stuck with me most. We treat security policies like they're self-evident. Every endpoint has EDR. Every admin account has MFA. But saying it doesn't make it true. The only thing that makes it true is continuous proof, and proof means reconciling what every tool in your stack actually sees into something you'd stake a decision on.

As Dean put it: “Start with the truth. The fundamentals will follow.”

What I’m taking home

More assets, more identities, more agents, more tools, more data — and a growing recognition that visibility without action is just … expensive observation. So far, the pattern across eras has been largely reactive: an expanding attack surface, a new security model to address it, and new lag. AI might be the first time that the technology driving the expansion is also what helps us get ahead of it. 

Before I close my laptop and head home:

  • The fundamentals aren’t basic. Every foundational security control is a multi-dimensional matching challenge across an expanding, distributed attack surface. Stop treating them as checkboxes.

  • Confident AI adoption requires strong fundamentals. We all know AI is only as good as the data it acts on. Going back to the basics is a must-have for companies that want to properly and confidently adopt AI. 

  • The identity crisis is real. Non-human identities are a “now problem,” and governance has to catch up to the speed at which AI agents are proliferating.

  • Actionability isn’t a feature. It’s a posture. Declare what should be true, detect when it drifts, decide what matters most, and deliver the fix. That loop is how the gap between policy and reality actually closes.

From Moscone to Manhattan: Adapt 2026

RSAC is where the industry talks about what’s coming, and Adapt 2026 is where we get into how to actually do it. On April 15 in New York City, Axonius is bringing together security, IT, and risk leaders for a day built around one idea: turning overwhelming findings into focused remediation.

The lineup includes former NASA CIO Renee Wynn on securing infrastructure that literally connects worlds, real-world asset intelligence playbooks from teams like UKG, and a first look at what’s new in Axonius. 

Adapt 2026. April 15, NYC. Save your seat.

Categories

  • Axonius News
Get Started

Get Started

Discover what’s achievable with a product demo, or talk to an Axonius representative.

  • Request a demo
  • Speak with sales