• RSAC™ 2026 Conference signals a decisive industry shift toward proactive, consolidated security architectures powered by Agentic AI, mature supply‑chain safeguards, and unified identity fabrics.
• The conference’s core message is unmistakable: fewer agents, simplified stacks, and deeply correlated telemetry are the new path to stronger defense with far less operational drag.
• With single‑agent platforms emerging as the disruptor to watch, RSAC’s standout sessions promise sharp, predictive insight into securing an AI‑driven, identity‑centric, rapidly evolving threat landscape.
• We recommend several sessions to catch, but don’t miss our own Jason Rolleston and Eric Chien explore what you must do to defend that expanding attack surface on March 25.

Some security professionals seemingly have the gift of prophetic insight. That’s why every conference season I dust off a list  of speakers with a history of predictive vision in our industry, using it to select sessions that are 100% guaranteed to shape the coming year. This year, RSAC™ 2026 Conference is delivering up speakers armed with the definitive pulse check for the cybersecurity industry. And this year's event, March 23-26 at San Francisco’s Moscone Center, will highlight a palpable shift in focus as security teams move from a classically defensive posture and a proliferation of disparate vendor tools to proactive, consolidated security architectures and platforms. 

Let’s start with four key trends to look out for and the one major disruptor poised to become the new normal. Then we’ll turn to the prophets for more details on the talks that predict the path ahead. RSAC suggests it’s time to get excited about the myriad ways that adopting consolidation strategies should make 2026 a new benchmark for streamlined cybersecurity that yields better defense with less wear-and-tear on overburdened SOC teams.

For many, many years, the refrain from customers has been “fewer agents,” and they are right to ask for it. This reduces burdens on teams, and reduces friction to outcomes…which is what is actually being asked for. 

Trend watch: What to look for at RSAC 2026

From session to session, and vendor to vendor, four big trends emerged. Combined, these trends paint an encouraging picture for 2026, suggesting it will be a pivotal year for cybersecurity as:

1. SOC teams operationalize Agentic AI for enhanced defense 

While GenAI was omnipresent last year, 2026 marks the year security teams will move into operationalizing AI as a useful defensive tool. This shifts the focus from using AI simply to detect threats toward harnessing it for automated remediation, policy optimization, and—crucially—as a force multiplier for security analysts. Numerous platforms integrating large language models (LLMs) to translate complex threat data into actionable, plain-language insights, leads to significantly reduced mean time to understand (MTTU) and respond (MTTR). 

2. Supply chain security grows up 

Sometimes it takes a crisis to force growth. It seems the echoes of major supply chain breaches have finally driven meaningful maturity in this area. Beyond mere Software Bill of Materials (SBOM) generation, vendors showcased solutions focused on continuous verification of third-party code and infrastructure. These solutions include robust mechanisms for runtime analysis of dependencies and automated drift detection, ensuring that the components organizations rely on remain trustworthy throughout the application lifecycle. 

3. Identity Fabric and consolidation achieve context-aware authorization 

Identity has cemented its status as the new perimeter. 2026 takes Zero Trust a step further: encouraging security teams to create a cohesive Identity Fabric. This involves seamlessly integrating disparate identity and access management (IAM) solutions, privileged access management (PAM) systems, and non-human identity management tools into a unified, policy-driven layer. The goal is singular: a platform achieving precise, context-aware authorization across hybrid and multi-cloud environments.

4. Simplified stacks reduce admin load

We’re all familiar with stacks so big they might topple under heavy administrative loads. Most orgs are juggling several platforms to gather data from myriad sources and then correlate it with something like SIEM–a problem for organizations with growing attack surfaces (and what org doesn’t have a growing attack surface?) that must pay, pay, and pay some more as their SIEM ingests more and more telemetry data. With seven to nine major platforms common in a single organization, overhead management becomes overwhelming and costly. Past iterations of XDR miss the memo on relieving administrative loads. Demanding XDR platforms risk breaches triggered by struggles with agent management and distribution, leaving endpoints running old agents more vulnerable to emergent and prevalent threats. 

Enter the single agent with exponential benefits

To maximize the combined potential of these security trends, it’s time to transition to a single, unified agent for core security functions. Integrating Endpoint Detection and Response (EDR), Extended Detection and Response/XDR, vulnerability management, device control, and more delivers multifold  benefits across the security lifecycle: 

1. Reduced Attack Surface and Improved Performance

2. Enhanced Data Cohesion and Threat Context 

A single agent is inherently better at correlating security events. Instead of relying on APIs to stitch together partial views from disparate sources, a unified architecture collects data at the source once. This allows for: 

● Holistic data collection: All telemetry (process execution, network activity, file modification, user behavior, etc.) is collected by one mechanism, ensuring complete and synchronized event data. 

● Superior detection and XDR: True XDR depends on correlated data. A single agent ensures immediate context, enabling faster and more accurate threat tracing from the endpoint to the network to the cloud workload. Speed + accuracy = rapid response that hits the target. 

3. Simplified Management and Lower Total Cost of Ownership (TCO) 

A single-agent approach eliminates unsustainable administration burden and streamlines operations with: 

● Centralized policy management: Security policies such as firewall rules, patch management, and application control can be enforced from one console, reducing configuration drift and simplifying auditing. 

● Faster deployment and updates: Patching and updating one agent is exponentially simpler than coordinating releases across ten different vendor products. An efficient single agent cuts vulnerabilities from delayed updates. 

● Reduced training overhead: Security teams only need to master one platform and one vendor relationship, enabling them to shift focus away from tedious tool management back onto the threat hunting and strategic defense at the heart of their mission. 

The emergent trends for 2026 demand ever-ready agility and deep correlation, capabilities that are fundamentally absent in fragmented security stacks. For SOC leaders looking to maximize the benefits of AI and manage complex supply chains, the shift to a single-agent architecture is no longer a luxury—it is a foundational necessity for effective, modern cyber defense. 

Can’t-miss talks for 2026 predictive insights

Here are a few of the sessions I am eager to attend. Each one promises to deliver crucial intel on a more streamlined and comprehensive security approach—one that’s ready for the era of AI and rapid-fire attacks on enterprises of all sizes. 

1. From Generative AI to Agentic AI 

The conversation has shifted from basic LLMs to security driven by Agentic AI—autonomous agents that make decisions and take actions on behalf of users. For an overview, consider attending From Threat to Strategy: The CISO's Playbook for the AI Revolution. Other promising panels are linked below:

• Model Context Protocol (MCP): Learn how Model Context Protocol standardizes how AI agents interact with data. Sessions will explore "tool poisoning" and the unique threats inherent in agent-driven workflows. 

• Autonomous Defense: Experts from Uber and other firms discuss securing AI at scale and the lessons learned from two years of "hacking" AI infrastructure. 

2. "Vibe Coding" and software supply chain risks 

The rise of AI-assisted development has birthed the trend of "vibe coding"—where individuals with little formal training create applications using natural language prompts.

• The risk: Speakers warn of "insecure vibes," where critical vulnerabilities are introduced into the software supply chain because the creators do not understand underlying security principles. 

• The solution: Self-described Chief Security Evangelist for Veracode, Chris Wysopal is a prophetic panelist for GenAI Code in the Wild: Trust & Risk Through a CISO Lens, a discussion on  how to fix vibe-coded apps and secure the broader supply chain in a highly regulated world. Don’t miss his powerful insights, rooted in a legendary history detailed on our recent episode of SECURITY.COM The Podcast.

3. Identifying the "final frontier" 

Identity is no longer just a component of security; it is being treated as the foundational security boundary for cloud-native and AI environments. Some of the sessions I’m most excited about will explore:

• Token abuse: A highly anticipated session from SANS focuses on ”chasing ghosts” by detecting token abuse in the Microsoft Cloud. 

• Non-human identities: Discussions highlight the urgency of securing trusted identity propagation for autonomous agents across complex SaaS ecosystems. 

4. Notable speakers and sessions with geopolitical implications 

The 2026 lineup features an edifying mix of deep technical researchers and strategic policy voices: 

• Industry luminaries: Ballistic Ventures’ Kevin Mandia and cybersecurity author and investor Nicole Perlroth return to the stage for The Cyber Threat Landscape: Year in Review, Future in Focus session. 
• At the movies: RSAC CEO Jen Easterly heads a panel featuring security leaders from an array of industries, including those featured in a new documentary on the real heroes of cybersecurity. Check out The Evolution of Cyber War: Inside the Making of “Midnight in the War Room”.

5. Two big brains on an ever-bigger problem 

Even a conference as great as RSAC would be incomplete without legendary insights from our own groundbreaking team. If you only get to one panel, make it this one: 

• Attack Surface Everywhere—All Defenders Need Multi-Layer Signals to Keep Up Wednesday, March 25 at 1:15 PM - 2:05 PM PDT. Join Jason Rolleston, general manager of Broadcom’s Enterprise Security Group, and Eric Chien, a fellow with our Symantec and Carbon Black Threat Hunters, to learn what every security team must do to protect their constantly changing environments. Smaller security teams face a paradox of fighting the same threats as enterprises but lacking the resources to see them clearly. This session will explore the full range of attack vectors—from endpoints to sensitive data stores—and how to detect them using real TTPs to show how behaviors surface across layers. Learn how to gain visibility, reduce noise, and expose attacker activity without breaking the bank.

Catch me at RSAC. I’ll be the guy fueling at Booth N-5345 with protein bars and soaking up single agent strategies to make 2026 the most secure and efficient year yet.