RSAC 2026 from the floor: What an AE heard between the keynotes and the handshakes
RSAC 2026 drew 43,500 attendees, 600+ exhibitors, and enough AI announcements to fill a small data lake. But the conversations that mattered most didn’t happen on the main stage. They happened in hallway pull-asides, over bad coffee, at HH and during blunt one-on-ones with security leaders who are done being marketed to and ready to be understood. Here’s what I took away as an AE who spent the week listening more than pitching.
“This was my first RSA since COVID 2020 and within the first hour at The Box, I could tell the vibe and overall energy was different. The Upwind wave is real. “
Everyone announced AI agent security but buyers aren’t buying the packaging.
If you walked the Moscone Center expo floor this year, you couldn’t go five booths without hearing “agentic AI security.” CrowdStrike launched AI Runtime Protection and Shadow AI Discovery. Microsoft unveiled Agent 365 and its Zero Trust for AI framework. Cisco introduced DefenseClaw. SentinelOne shipped Prompt AI Agent Security. Six major vendors dropped MCP governance announcements in the same week.
The pattern was clear from the vendor side. But the buyer side told a different story.
In nearly every conversation I had with CISOs and security directors, the same question came up: “Which of these actually works in production, and which is just a press release with a roadmap?”
One CISO put it to me directly — they’d been shown three different “agentic security” demos in a single afternoon, and none of them could explain what happens when an AI agent makes a tool call that violates policy at runtime. Not at the prompt layer, but at the execution layer.
That gap between announcement and operational reality is where the real buying decisions are being made right now. Buyers at RSAC weren’t looking for the biggest product launch because they’re numb to release after release. They were looking for THE vendor that could show them what’s actually running, what it observes, and what it does when something goes wrong — in real time.
But the conversation that stuck with me most went a level deeper than AI governance frameworks. Another CISO put it bluntly: “Guardrails for AI are great — I’m more concerned about what AI services are already being used in our environment that we don’t know about. Where does shadow AI come into play — and can we actually see it?”
Runtime went from buzzword to buying criteria
A year ago, “runtime” was still something you had to explain in the first five minutes of a meeting. At RSAC 2026, it was the baseline expectation.
Constellation Research‘s post-show analysis noted that the market has moved past curiosity about AI agents and toward harder operational questions around governance, accountability, and day-to-day security operations. Enterprise Technology Research shared data showing 37% of organizations already have AI agents deployed or in active testing — up 10 points from last year. Yet only 3% reported having broad security controls in place for those agents.
That mismatch is what made runtime context the through-line of every serious buyer conversation I had. Security teams don’t just want to know what vulnerabilities exist. They want to know which ones are reachable, which services are actually running, and what’s communicating with what at any given moment. Static scans and periodic assessments aren’t matching the speed at which cloud environments change and the emergence of autonomous AI agents operating across those environments has only accelerated the gap.
Cisco’s Jeetu Patel crystallized this in his keynote when he drew the distinction between chatbots and agents: with chatbots, you worry about getting the wrong answer; with agents, you worry about taking the wrong action. That framing resonated across the floor. And it maps directly to why runtime observability has become a non-negotiable for enterprise buyers evaluating their next cloud security investment.
Platform fatigue is real — But so is platform skepticism
One of the clearest macro trends at RSAC 2026 was the tension between consolidation pressure and consolidation skepticism.
On one hand, buyers are actively pushing back on tool sprawl. Research shared at the conference showed a sharp decline in “best-of-breed” sentiment and a broader slowdown in organizations adding new security providers. CISOs want fewer dashboards, fewer vendor relationships, and fewer context-switching costs. The desire to consolidate is real and accelerating.
On the other hand, the biggest platform vendors are assembling their cloud security stories through acquisitions and packaging — and buyers can tell the difference between native integration and stitched-together portfolios. As Constellation Research put it, broad platform positioning is easy to present at an event, but proving it in production is a different standard.
I hear this tension constantly in my pipeline, and the themes are remarkably consistent. “None of the modules actually integrate.” “If they do, it takes a ton of professional service hours and continuous maintenance.” “More SKUs complicate contracts and balloon costs.” “They acquired that module and it doesn’t work.” These aren’t edge cases — they’re the default experience for teams that chose a platform based on a slide deck and found out the hard way that acquisitions don’t equal integration.
This is where I saw the most nuanced conversations happening. Buyers weren’t asking “platform or point solution?” They were asking: “Does this platform actually share context across its capabilities natively, or am I getting a bundle of tools that still operate in silos behind a single login?” The organizations that gave the best answers were the ones that could show a live graph of how risk signals flow from workload to identity to network in a single view — not a slide deck promising that integration is “coming in Q3.”
The CISO has become a business risk translator
RSAC 2026 also surfaced a significant shift in how CISOs are positioning themselves and what they expect from the vendors who sell to them.
The days of the CISO as the technical gatekeeper who keeps the lights on are over. Multiple sessions and floor conversations reinforced that the modern CISO is a business risk manager who happens to understand technology deeply. Boards want to know what risks exist and what they cost, not what tools are running. Risk quantification has become the language of the security budget conversation: why investments are being made and how they map to business impact.
For an AE, this changes everything about how you show up. And I felt it firsthand at RSAC. The CISOs I spoke with at RSAC didn’t want a feature walkthrough. That’s so 2021. They wanted to understand how our platform helps them tell a story to their board: here’s what’s exposed, here’s what it would cost if exploited, here’s what we’ve reduced, and here’s what’s left. Runtime context enables that story because it separates theoretical risk from actual operational exposure.
If you can’t help a CISO translate technical findings into business language, you’re not in the conversation.
Non-human identities are the new unmanaged attack surface
A quieter but equally important theme at RSAC 2026 was the explosion of non-human identities — service accounts, bots, API keys, and now AI agents — that outnumber human identities by a significant margin in most enterprise environments.
These identities are decentralized, often lack clear ownership, and frequently carry excessive permissions that are rarely audited. They’ve become one of the largest unmanaged attack surfaces in cloud environments. And with agentic AI adoption accelerating, the problem is compounding. Gravitee’s State of AI Agent Security 2026 report, which surveyed 919 executives and practitioners, found that on average only 47% of an organization’s AI agents are actively monitored or secured — meaning more than half operate without any security oversight or logging. Meanwhile, 82% of executives reported confidence that their existing policies protect against unauthorized agent actions. That gap between perceived coverage and actual visibility is where breaches happen.
This isn’t a future problem, it’s a current one. And it reinforces why runtime visibility matters: you can’t govern what you can’t see, and you can’t see non-human identity behavior without observing what’s actually happening inside your environment at execution time.
What I’m telling my team after this week
RSAC is overwhelming by design. Hundreds of vendors, thousands of announcements, and a firehose of content that can make it hard to separate signal from noise. But after a week of conversations with the people who actually buy, deploy, and operate cloud security, a few things are clear:
Buyers have moved past the “do I need runtime?” question. They’re now asking “which runtime approach gives me the most operational value with the least friction?” That shift is significant and it favors platforms that can demonstrate real-time context across workloads, identities, APIs, and network behavior without requiring teams to stitch together five different tools to get a coherent picture.
AI agent security is no longer a forward-looking category. It’s a current requirement with a massive governance gap. The organizations getting ahead are the ones treating AI agents like privileged users. That means applying least privilege, monitoring tool calls, and logging actions at runtime. Everyone else is hoping their policies cover what their agents actually do and hope is not a security strategy.
And the vendors who will win this next phase aren’t the ones with the loudest RSAC presence. They’re the ones whose customers can answer a simple question: “When something unexpected happens in your cloud at 2 a.m., does your security platform tell you what’s actually running, what it’s doing, and what to do about it?” If the answer is yes — and it comes from runtime — that’s the platform worth evaluating.
