RSAC 2026 Preview Signals New Cybersecurity Priorities

The cybersecurity world’s biggest annual gathering returns with a sharper, more pragmatic agenda. Expect RSAC 2026 to pivot from buzz to build, with AI security, identity resilience, cloud exposure management, and board-level accountability driving the conversations in keynotes, track sessions, and hallway debates.

The stakes are unmistakable. IBM’s latest breach report pegs the global average breach cost around $4.5 million, while the FBI’s Internet Crime Complaint Center reported record fraud losses surpassing $12 billion in a recent year. Pair that with the World Economic Forum’s repeated ranking of cyber insecurity among top global risks, and it’s clear why this conference has become a bellwether for what CISOs will actually fund next.

AI Security Takes Center Stage at RSAC 2026

The industry has moved past novelty demos into hard questions: how to threat-model machine learning systems, how to verify training data lineage, and how to detect model theft, poisoning, and jailbreaks at scale. Expect deep dives into aligning the NIST AI Risk Management Framework with enterprise controls, plus practical guidance on the OWASP Top 10 for LLMs, evaluation playbooks, and red-team methodologies that produce measurable risk reduction rather than one-off stunts.

Vendors will push “secure-by-design” stacks for AI workloads: model cards tied to governance workflows, inference-time guardrails with audit trails, and the emerging idea of an MLOps SBOM—an “MLSBOM”—to map datasets, weights, and dependencies across the model lifecycle. With the EU’s AI Act setting new compliance expectations and regulators emphasizing transparency, the conversation will center on defensibility: can you explain what your model did and prove it was done safely?

Human Factors and Scam Psychology in Cyber Defense

Social engineers continue to outperform technology, and RSAC will dissect why. Expect sessions that translate behavioral science—biases, urgency cues, parasocial trust—into controls that actually change outcomes: safer defaults, just-in-time friction, and adaptive training that tracks real attack patterns. The FTC and FBI have flagged steep increases in fraud losses, with investment, business email compromise, and imposter schemes leading the pack; the agenda answers with measurable playbooks for consumer and enterprise defense.

One theme to watch: protecting older adults and other high-risk groups. Organizations like the National Cybersecurity Alliance have stressed media literacy tactics such as sender verification and link inspection, but this year’s focus shifts to making these steps automatic—think call verification rails with carrier support and account recovery flows built to withstand AI-augmented social engineering.

Identity Proofing Meets Deepfake Defense

Identity teams face an arms race against synthetic media. After a widely reported case in which a finance worker was duped by a video-call deepfake into wiring tens of millions, enterprises are rethinking “presence equals trust.” Expect guidance on multi-signal verification—combining device intelligence, behavioral biometrics, and out-of-band confirmations—with escalation paths that can’t be spoofed by a convincing face or voice.

NIST’s Facial Recognition Vendor Test program has long shown wide variance in accuracy by algorithm and scenario, and academic work on presentation attacks continues to reveal bypasses for systems without robust liveness checks. RSAC sessions will emphasize layered authentication, with FIDO2 security keys and passkeys reclaiming ground as the strongest answer to phishing and deepfake-driven account takeover.

Cloud and SaaS Exposure Gets Real for Enterprises

Recent large-scale data theft tied to weak credentials and overbroad access in third-party platforms underscored a familiar truth: identity is the new perimeter, and SaaS is the new shadow IT. Look for case studies on shrinking blast radius with just-in-time access, workload identity controls, and tenant isolation—alongside Cloud Security Alliance guidance on the top cloud threats and how to operationalize least privilege in sprawling multi-cloud estates.

On the expo floor, expect consolidation pitches: CNAPP stitched with DSPM, XDR converging with SIEM, and posture management tools promising unified visibility from code to cloud. The winners will show integrations that reduce toil—automating misconfiguration fixes and mapping findings to frameworks like NIST CSF 2.0 without drowning teams in alerts.

Boards, Regulations, and Real Metrics for 2026

With regulators pressing for timely, plain-English disclosures of material cyber events, CISOs are translating technical risk into business terms. Sessions will spotlight control health reporting, cyber risk quantification models like FAIR, and resilience metrics such as mean time to detect and contain. CISA’s Secure by Design initiative and software bill of materials requirements are pushing vendors to prove safer defaults; buyers will arrive with checklists and leave with scorecards.

Biometrics Under Pressure from Real-World Attacks

Demonstrations will likely show how facial recognition can be fooled in the wild and why liveness detection and anti-spoofing need to be explicit requirements, not assumed features. Expect frank discussions about demographic bias, presentation attacks, and where to draw the line between convenience and unacceptable risk. The pragmatic takeaway: treat biometrics as one factor among many, not a silver bullet.

What Will Make Headlines at RSAC 2026 and Beyond

Keep an eye on announcements that blend AI copilots with auditable guardrails for SecOps, identity-first cloud controls that actually close high-severity gaps, and cross-industry alliances on secure defaults. The market trend points to fewer platforms doing more, but the real test is whether tools lower breach likelihood or cut dwell time by double digits—not slideware, but outcomes backed by customer data.

Bottom line: RSAC 2026 will reward substance over spectacle. The programs and products that stand out will prove how they reduce real attacker advantages—from AI-enabled social engineering to cloud missteps—while helping leaders meet rising regulatory expectations without slowing the business.