RSAC 2026 recap: AI security and network security trends
RSAC 2026 spotlighted AI security as a key theme. Explore insights on securing AI agents, enterprise browsers, sovereignty and platformization trends.
- John Grady,
-
Omdia
Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
RSAC 2026 wrapped up recently in San Francisco, and to the surprise of absolutely no one, AI was the predominant topic at the show.
On the one hand, it absolutely should have been. Organizations are charging forward with AI initiatives, and the resulting security implications cannot be ignored. In fact, research from Omdia, a division of Informa TechTarget, found that 44% of respondents said security, compliance and regulatory requirements are critical to their organization's decision-making process for AI agents, while 37% say it is very important.
On the other hand, when a topic becomes as central to the discussion as AI security, it can lead to fatigue. It happened with zero trust a few years ago, and supply chain security more recently.
I presented a session on Thursday at RSAC with my esteemed colleague, Todd Theimann, on securing AI agents. Even after 3-plus days of AI content, the session was well attended and no one walked out -- so there's a clear appetite for information.
AI adoption: Complex and just beginning
The conversation around AI and security is layered and complex. While the expo floor offered vendors an opportunity to convey their key message and differentiation to potential buyers, the reality was more muddled. Are vendors using AI to generate better security outcomes? To secure the use of public AI models? To help security teams protect internally built applications that use AI, or internally built models themselves? There are a number of permutations, and it's not always clear at a top-line level.
While I expect a lot of AI security projects to accelerate over the course of the year, many organizations are still in information-gathering mode. Security teams should prioritize vendors that can offer a holistic view of AI security outside of what they support. That could be as simple as acknowledging different practices around AI security outside of what they directly provide, or going so far as to support an ecosystem through integrations with other vendors.
While many vendors offer pieces needed to secure AI, no single vendor is positioned to provide an end-to-end solution.
More trends at RSAC
In addition to AI, a few other topics caught my attention: enterprise browsers, sovereignty and platformization.
Enterprise browsers
This is still a dynamic and emerging space. There are a few approaches to addressing visibility and control over activity in the browser, but what is clear is that buyers prioritize flexibility. Whether that means the ability to use a dedicated browser for some use cases and an extension for others, or a dedicated browser or extension in conjunction with a network-based approach like SASE will vary from organization to organization. But it's clear that having a browser component has gone from differentiator to prerequisite.
Sovereignty
In my conversations, sovereignty revolved around SASE and reflected the growing need for flexibility. The original SASE concept -- where most traffic was routed through the cloud -- ignored the complexity of large enterprise environments with hybrid workforces, subject to a myriad of regulations and laws. Security teams need to use public cloud, private cloud and on-premises inspection points based on geography, business unit, user and data. Manually managing this greatly increases complexity, so tools that simplify deployment and enable security teams to focus on the broader policies can reduce friction.
Platformization
Again, specific to network security, there were multiple examples of this from a hybrid mesh firewall perspective to SASE expansion and even within network detection and response as those vendors begin to support broader observability and posture use cases. And coming back to the overall theme of the show, there is an AI component in all three of these cases.
Ultimately, it does feel like this is where things are going. Platform providers don't have all the answers for AI, but they do have the incumbent advantage. And as AI becomes pervasive, most security teams won't want to add a completely siloed layer of controls to address that specific aspect of the environment. With a topic as important as this and with so many questions unresolved, I'd bet that AI will still be the primary topic at RSAC 2027.
John Grady is a principal analyst at Omdia who covers network security. Grady has more than 15 years of IT vendor and analyst experience.
Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.
