AI Takes Center Stage — Again
RSAC 2026 opened with the same headline that has dominated the conference for several years running: artificial intelligence. Informa TechTarget's Jamison Cush and Sabrina Polin hosted a series of live discussions on day one, including a conversation with Alex Culafi, senior news writer at Dark Reading, who was attending his sixth RSAC conference. Culafi offered candid observations on the state of AI marketing, the conspicuous absence of government agencies, and shifts in the broader threat landscape.
"This is the most aggressive I've seen AI pushed and sold since, I would say, 2023, when the products really started coming out," Culafi told Cush and Polin. He noted that even before the show floor officially opened, billboards, session titles, and vendor branding were saturated with AI messaging — a phenomenon that has intensified each year since 2023 rather than plateauing as some observers predicted.
From Data Combing to Agentic Ambitions
Culafi traced the evolution of AI offerings across recent conferences. In 2023, vendors pitched AI primarily as a tool for sifting through large datasets and functioning as automated threat intelligence bots. By 2026, the ambitions have grown considerably more aggressive. Vendors are now positioning agentic AI systems as solutions that can implement, augment, or outright replace traditional security operations centers (SOCs), depending on the audience being addressed.
"It's a lot of combing through data, making human-readable documents for the board. And now with agentics, it's like they're trying to either implement or augment or replace or be the SOC all at the same time," Culafi explained. He acknowledged that a class of organizations has now spent several years actually deploying these products, producing real-world feedback that is sometimes positive and sometimes mixed. He cited reporting by Eric Geller at Cybersecurity Dive as capturing that mixed reception among early adopters.
The 'Human in the Loop' Scalability Problem
One of the more provocative themes to emerge from RSAC 2026 sessions centered on whether the concept of keeping a human in every AI-driven security decision — commonly referred to as "human in the loop" — is even practically achievable at scale. The volume and speed of modern threats means that waiting for human approval at each decision point may introduce unacceptable delays.
Emma Smith, Vodafone's global CISO, argued for a different model: "human on the loop." Under this framework, AI systems take the lead on executing security actions, with humans stepping in only when escalation or intervention is specifically required. While the approach offers clear operational efficiency advantages, it also raises significant concerns about accountability, error correction, and the risks of automated systems acting on flawed or incomplete data.
The debate reflects a broader tension in the industry between the promise of AI-driven speed and the enduring need for human judgment in high-stakes security environments.
A Notable Absence: Government Representation
Beyond AI, Culafi flagged a development that many attendees found unsettling: the near-total absence of U.S. government representatives at RSAC 2026. In prior years, agencies including CISA and the FBI maintained a visible presence at the conference, contributing to the public-private dialogue that has long been a hallmark of the event.
That changed this year. CISA announced in January that it would not be attending RSAC 2026. Additionally, furloughs affecting DHS employees further reduced any potential government footprint. Kristi Noem, who attended RSAC the previous year, did not return. "It's weird not having a government presence here," Culafi said. "They're such an important part of the security ecosystem."
Supply Chain Attacks Turn Vicious
Shifting to the threat landscape, Culafi highlighted the ongoing brutality of supply chain attacks targeting open source ecosystems. He specifically called out threat actors Shai Hadud and Glassworm, both of which have been targeting the npm registry and other open source environments with highly aggressive information stealers.
What makes these campaigns particularly dangerous is their layered nature: the attacks do not merely infect individual components used in software development, but also compromise the downstream dependencies of those components. The cascading effect means that a single malicious package can ripple through an enormous number of applications and organizations.
Ransomware Payments Are Declining — But Data Theft Persists
On a more encouraging note, Culafi pointed to what he described as a positive trend in ransomware. Organizations are increasingly demonstrating the ability to recover from ransomware attacks without paying, thanks to improved backup strategies, faster engagement with incident response teams, and smarter defensive postures overall.
"If you take out the outlier extreme payments, the average and median ransomware payment seems to also be going down over time," Culafi observed. While he acknowledged that many organizations still struggle with basic security hygiene, the directional trend is promising.
However, the declining emphasis on encryption-based extortion has not translated into a less dangerous ransomware ecosystem. Threat actors have pivoted heavily toward data theft, recognizing that the leverage gained from exfiltrating sensitive information can be just as effective — or more so — than locking systems with ransomware. "Threat actors don't care as much about encryption as they used to. It's all data theft now. And they're getting pretty good at that," Culafi warned.
A Conference at a Crossroads
Informa TechTarget's Sabrina Polin noted during the broadcast that at RSAC 2024, Culafi's three key takeaways could be summarized as "AI, AI, more AI" — a characterization that Culafi confirmed remains accurate in 2026, despite expectations that the focus might shift. Even efforts to reframe the conversation around human-centric themes have struggled to displace AI as the dominant narrative.
What RSAC 2026 makes clear is that the cybersecurity industry is navigating a genuine inflection point. The maturation of AI products is real, as is the growing body of evidence — both positive and cautionary — from organizations that have deployed them. At the same time, threats continue to evolve in sophistication, government partnerships face institutional uncertainty, and foundational questions about human oversight of automated systems remain unresolved.
- Agentic AI is reshaping how vendors pitch SOC augmentation and replacement.
- Vodafone CISO Emma Smith advocates moving from "human in the loop" to "human on the loop."
- CISA, FBI, and DHS were largely absent from RSAC 2026, a shift noted by multiple attendees.
- Supply chain attacks by Shai Hadud and Glassworm are hitting npm and open source ecosystems hard.
- Ransomware payment trends are improving, but data theft has become the primary extortion lever.
As the conference continued beyond day one, the conversations Culafi helped frame — about scale, accountability, threat evolution, and the role of government in cybersecurity — were expected to deepen across sessions, panels, and hallway debates throughout the week.
Source: Dark Reading