AI Agents Are the New Security Perimeter: What RSAC 2026 Revealed
Agents and Zero Trust Dominate the RSAC 2026 Conference Floor
The security industry gathered at San Francisco's Moscone Center for the RSAC 2026 Conference this March, and one theme was impossible to escape: AI agents have created a new and largely unsecured attack surface — and the companies trying to fix that are themselves using AI to do it.
Leo Laporte toured the conference floor and spoke with leaders from more than a dozen security companies. What emerged was a clear picture of an industry at an inflection point.
The Fastest-Growing Problem Nobody Was Ready For: Securing AI Agents
The loudest recurring concern at RSAC 2026 wasn't ransomware or nation-state attacks — though those came up. It was AI agent security: the risk that autonomous coding agents and AI tools are spinning up inside organizations, accessing sensitive credentials, and operating outside any security team's visibility.
Chris Hughes, VP of Security Strategy at Zenity, described the pattern as a replay of the shadow IT and shadow SaaS cycles that security teams have fought before — except faster. Hughes told Leo that employees are downloading and running AI coding agents with a credit card and a free account, often connecting them to production systems, without IT or security involvement. Zenity's platform addresses this by providing full lifecycle visibility of where agents are running — across endpoints, cloud environments, and SaaS platforms like Salesforce and ServiceNow — along with enforcement mechanisms when an agent starts acting outside its permitted scope.
Keycard Labs offered a different angle on the same problem. Founding engineer Jelmer Snoeck explained that the company's platform eliminates the need for AI agents to ever possess long-lived API keys in the first place. Instead, agents receive ephemeral tokens — short-lived, policy-gated credentials that expire automatically when a session ends. This directly addresses the scenario most developers quietly fear: accidentally committing a live API key to a repository, or having a compromised agent exfiltrate credentials it was never supposed to hold.
Bitwarden (TWiT.tv Network sponsor) announced its Agent Access SDK at the conference, framing it as an open standard for the industry. The approach keeps humans in the loop — AI agents must request permission before accessing credentials stored in a password manager vault, rather than inheriting static secrets from an environment file.
Tailscale, long known for its WireGuard-based mesh networking, introduced Aperture, a gateway product designed specifically for AI traffic. Jillian Murphy, Tailscale's product marketing manager, explained to Leo how Aperture addresses API key sprawl across an organization's growing portfolio of AI tools — providing a single dashboard for monitoring usage, token consumption, cost, and anomalous behavior.
Zero Trust Isn't New — But the Urgency Is
Zero trust — the principle of denying access by default and requiring explicit authorization for every action — has been a concept in security for years. What's changed, according to multiple executives at RSAC 2026, is the pressure to actually implement it.
Rob Allen, chief product officer at ThreatLocker (TWiT.tv Network sponsor), made the case that the traditional security posture — allow everything unless it's known to be bad — has been proven insufficient. Speaking with Leo on the conference floor, Allen described deploying ThreatLocker's platform at organizations and consistently discovering surprises: seven distinct remote access tools running in a 200-machine environment, or 17 machines receiving inbound RDP connections in an infrastructure the team believed was locked down to two. His framing of zero trust as a journey rather than a destination — start somewhere, add visibility, then control — was one of the most practical takes of the conference.
ThreatLocker's platform scales from one-person businesses served through managed service providers all the way to deployments of hundreds of thousands of endpoints. Allen also noted that the barrier to entry for attackers has dropped sharply — AI coding tools have democratized malware creation in the same way they've democratized software development.
Thinkst Canary founder Haroon Meer (TWiT.tv Network sponsor) — whom Leo met in person for the first time after a decade of partnership — described his company's deception technology from a red-teamer's perspective. The core insight behind Canary tokens — now a suite of roughly 30 distinct token types including fake AWS API keys, WireGuard configurations, and working credit cards — is that even sophisticated attackers who suspect a trap are often compelled to probe it anyway. The moment they do, security teams receive a high-confidence alert with immediate forensic value. Canary tokens are available as a free, open-source product used by millions.
Using AI to Fight AI: The Arms Race Accelerates
Aikido Security co-founder Roeland Delrue described his company's approach to autonomous penetration testing: AI agents that alternate between static code analysis and dynamic exploitation attempts, cycling rapidly between the two in a way that mimics how the most skilled human pen testers actually work. The company claims this approach is significantly more effective than traditional static analysis alone. Aikido uses frontier models from multiple providers — including Anthropic and OpenAI — and switches between them based on internal benchmarking. Delrue noted that open-weight and Chinese-developed models are closing the gap faster than many in the industry expected.
Torq, which recently reached unicorn valuation status, is bringing a similar philosophy to security operations. The company's AI SoC analyst, Socrates, is designed to investigate and autonomously respond to threats — not just triage and prioritize them. Bob Boyle, Torq's product marketing manager, stressed that security analysts remain deeply skeptical of black-box AI decision-making and that Torq's platform makes the reasoning behind every agent action fully transparent.
A Documentary About the Human Side of Cyber Conflict
One of the more unexpected announcements at RSAC 2026 came from Semperis. The decade-old identity security company is producing Midnight in the War Room, a documentary exploring the human toll of cyber conflict — the stress, long hours, and accountability placed on CISOs when attacks succeed. The film, which features former CISA director Jen Easterly, first U.S. National Cyber Director Chris Inglis, General David Petraeus, and Marcus Hutchins (who famously helped stop the WannaCry ransomware outbreak), is set to premiere at Black Hat in August.
What You Need to Know
- AI agents are the new shadow IT. Organizations are deploying coding agents and AI tools faster than security teams can gain visibility into them. Governance platforms are emerging to address this.
- Ephemeral credentials are the right model for agentic AI. Static API keys in environment files are a liability. Short-lived, policy-gated tokens significantly reduce the blast radius of a compromise.
- Zero trust adoption is accelerating — not because the concept is new, but because detection-first security keeps failing at scale.
- AI is being used to attack and to defend simultaneously. The companies winning in security operations are treating AI adoption not as a risk to manage but as a capability to deploy first.
The Bottom Line
RSAC 2026 made one thing clear: the AI moment has arrived for cybersecurity, and the industry is scrambling to catch up on both sides of the equation. The companies that impressed most at this year's conference weren't selling fear — they were demonstrating concrete, deployable answers to problems that most organizations are only beginning to recognize they have. The challenge now is implementation speed.
Watch the full TWiT RSAC 2026 coverage: https://twit.tv/shows/twit-events/episodes/19
