RSA this year felt less like a conference and more like an inflection point. The conversation has clearly moved beyond whether AI will reshape cybersecurity-it already is. The real question now is where value will concentrate, and which players will define the new stack.
A few themes stood out.
From detection to action
The most consistent shift across conversations was the move away from detection toward execution.
Security teams are overwhelmed, and AI is finally being trusted not just to surface insights, but to act on them. The strongest products today are not better alerting systems- they are platforms that investigate, prioritize, and remediate automatically.
As one CISO put it, “Detection is becoming table stakes. The real value is in what happens next.” I don’t know if I fully agree with his assessment (as detection especially in the AI enabled attacks is completely different), but what’s for sure is that the reliance of actions drive momentum in the following categories:
- AI-driven SOC platforms and AI enabled services like Daylight Security
- Exposure management platforms that reduce noise into actionable priorities Zafran Security
- Next-gen SIEM focused on investigation and response including RunReveal and Vega
Buyers are increasingly paying for outcomes, not visibility, especially in the agentic era. Which brings me to my next point:
Agentic security is becoming real infrastructure
Another major shift is the rise of “agentic security”- securing a world where AI agents are operating autonomously across systems.
This introduces entirely new challenges:
- Identity and access control for non-human actors Silverfort
- Governance over what AI systems can and cannot do Alice (Formerly ActiveFence)
- Coordination between multiple AI agents across fragmented tools Runlayer
A large cyber vendor described it as: “We’re not just securing users anymore- we’re securing decision-making systems.”
This is quickly evolving into a new infrastructure layer, not just a feature set.
Existing categories are being rebuilt for the AI era
Interestingly, the most compelling innovation isn’t coming from entirely new categories- it’s coming from redefining existing ones.
Three areas stood out:
- Endpoint securityis entering another disruption cycle, this time focused on controlling AI activity at the device level
- SIEM / SOCas previously mentioned, is shifting from log management to flexible, automated investigation and response with lightweight deployment architecture and log ingestion
- DLP and exposure management are being reframed around business risk and CISO-level ownership
Even more mature categories like PAM are seeing credible attempts at disruption, particularly from teams willing to rethink both architecture and deployment models.
The vulnerability landscape is about to accelerate
We have already witnessed large scale AI driven attacks this year, but a recurring theme was that attackers are scaling with AI just as quickly as defenders.
Across discussions, there was a growing consensus that:
- Exploit generation is becoming automated
- Vulnerability discovery is accelerating dramatically
- Many attacks are beginning to bypass traditional controls altogether
As one CISO noted, “We’re heading into a world where most vulnerabilities are discovered and exploited by machines.”
This reinforces the need for automation- not just in detection, but (and more rarely) in remediation.
Strategic buyers are re-engaging with focus
Corporate development teams were on fire this week- and notably more focused.
Across multiple conversations, it’s clear that large vendors are actively scanning for:
- AI-driven SOC platforms
- Identity infrastructure for AI systems
- Exposure management solutions
One corp dev leader put it simply: “We’re looking for platforms that bring AI native directly to our customers, not add another SKU.”
Israel continues to punch above its weight
The Israeli ecosystem had a strong presence across the board- founders, investors, and operators.
Amid regional developments and beyond participation, what stood out was the sentiment from global peers: a mix of admiration for execution and resilience, alongside genuine concern given the broader context.
Many of the most forward-leaning companies- particularly in AI-native security- continue to emerge from Israeli teams, as shown in the RSAC innovation sandbox (4 IL companies) and AWS/CRWD/Nvidia accelerator (IL winner)
Final thought
RSA 2026 made one thing clear: AI in cybersecurity is no longer experimental, it’s foundational and CISOs are realizing that they have no choice but to trust it to act on their behalf.
The companies that will define this next phase are not the ones layering AI onto existing products, but those rebuilding core workflows and control points from the ground up.
The shift is already underway. The only question now is who moves fast enough to lead it.
Get in touch with Iren Reznikov:
