Nearly 44,000 cybersecurity professionals descended on San Francisco’s Moscone Center this week for RSA Conference 2026 and if you weren’t there, you might be wondering what you missed. The theme this year was “The Power of Community,” but the conversations happening behind closed doors told a more complicated story. The Bolster AI team was on the ground the whole week: sitting in private meetings with customers, walking the expo floor, and listening carefully to what security leaders are actually worried about in 2026 and beyond. Here’s what we took away.
What RSA 2026 Told Us About the Future of Cybersecurity
Walk the RSA expo floor and it’s clear the industry is going through something of a reinvention. This year’s standout visual? A full WWE-themed booth, complete with the spectacle you’d expect, that somehow managed to make threat detection feel like a championship event. Only at RSA.
But strip away the theatrics, and something more important is happening. Security is no longer just a product category, it’s becoming a core feature of every platform. Data platforms, workflow tools, network infrastructure providers, they are all racing to show how they can both harness AI and protect against the chaos AI is creating. And here’s the thing: that chaos is real.
“Software in general creates so much value, but AI is making it harder for software companies to capture that value, there are just so many new substitutes. Security is still very AI-prompt resistant. You can’t Claude Code your way to a new IAM tool or a new DLP tool. As long as AI continues to blow up security models, security will be an incredible moat for companies that can weave it into their products.”
— Rod Schultz, CEO, Bolster AI
So what does that mean on the ground? The attack surface is growing faster than most security teams can realistically manage. Agentic AI, systems that can plan and act across multiple steps without a human in the loop, has changed the game for defenders and attackers alike. Threat actors are using those same autonomous capabilities to run brand impersonation campaigns, spin up phishing sites, and clone legitimate businesses at a speed and scale that simply wasn’t possible 18 months ago. The problem isn’t just detection anymore. It’s keeping pace with adversaries who are shipping new attacks faster than your vendor ships updates.
Top Cybersecurity Trends from RSA Conference 2026
Agentic AI Threats: What Security Teams Aren’t Ready For
It came up in almost every keynote, but the real conversations were happening off stage. Security teams broadly understand that agentic AI introduces new risks: think prompt injection attacks, credential abuse, and AI systems taking consequential actions without human sign-off. What’s less clear is how to actually build defenses against it. Most organizations don’t yet have threat models that account for AI agents operating on behalf of users, and the vendors who showed up to RSA with real answers to that question had the longest queues on the floor.
Brand Impersonation Attacks Are Now Operating at Industrial Scale
This one kept coming up, both in sessions and in private conversations: the sheer volume of brand impersonation attacks has crossed a threshold. Cybercriminals are using generative AI to build convincing lookalike domains, fabricate customer service portals, and stand up fake social profiles and they’re doing it faster than most takedown processes can respond. The window between a fraudulent site going live and a real customer being deceived is getting shorter. Manual review workflows were not built for this speed, and most organisations know it.’
What Proprietary Threat Intelligence Is the New Competitive Moat
Here’s a pattern we noticed across the expo floor: the vendors generating the most interest weren’t necessarily the ones with the most sophisticated models. They were the ones sitting on the most differentiated data. You can use an AI model to draw insights from data you already have but you cannot use an AI model to manufacture better data. Security organisations that have built broader, deeper, and more current threat intelligence feeds are pulling ahead, and the gap between them and everyone else is widening fast.
What CISOs Said Behind Closed Doors at RSA 2026
Beyond the keynotes and the booth conversations, the Bolster AI team spent meaningful time in private meetings with customers and senior security leaders across a range of industries. A few themes kept resurfacing.
- The data problem is the real problem. More than once, we heard some version of this: “You can use an AI model to get insights from your data but you can’t use an AI model to find more data.” The search for differentiated threat intelligence has never been more competitive. Data has effectively replaced software as the most defensible asset a security company can build around, and the organisations that have figured that out are making very different strategic bets.
- The AI expertise bubble is creating quiet risk. There was a wry observation doing the rounds that the past five years have “minted” an enormous number of people who consider themselves AI experts. The concern isn’t that the expertise is fake, necessarily. It’s that overconfidence in AI systems is leading teams to deploy tools without truly understanding where they fail. Adversaries are banking on exactly that gap.
- Detection has outrun response and it’s becoming a serious problem. CISOs were candid about this one. Threat detection has improved significantly. The ability to act on those detections especially for external threats like fraudulent domains or impersonated brand assets has not kept up. The frustration is real. And it’s exactly the gap that Bolster AI is built to close: detecting, validating, and removing threats before they reach your customers, without requiring a human to manage every step.
What RSA 2026 Means for Security Leaders in the Second Half of the Year
RSA is always a lot of things at once; part trade show, part conference, part industry therapy session. But this year felt different. There was a seriousness to the conversations that went beyond the usual vendor noise. Security leaders aren’t just worried about keeping up with threats. They’re worried about whether the tools and processes they’ve built are fundamentally matched to the speed of the threat environment they’re now operating in. For the Bolster AI team, that’s not a discouraging signal; it’s a clarifying one. The threats are getting faster, more automated, and harder to distinguish from the real thing. That’s the exact problem we built Bolster AI to solve, and we left San Francisco more convinced than ever that the work matters
Missed us at RSA?
We’d love to pick up the conversation. Schedule time with the Bolster AI team to see how we detect and dismantle brand impersonation threats before they ever reach your customers. →Book a Meeting
