Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

By: Beth Dannemilller, Senior Director, Product Marketing For years, security operations have been measured by effort. More alerts processed. More data ingested. More tools deployed. It looks like progress. It isn’t. CIOs know the reality. Teams are overwhelmed. Costs keep rising. And when the board asks a simple question, “Are we reducing risk?”, the answer is often unclear. This is the breaking point for the SOC.

Conversations at RSA 2026 circled back to the same topic: identity is the foundation of AI agent security. While it’s understandable, it’s the wrong way to look at things. Identity tells you who showed up. It says nothing about whether what they did made sense.

One man’s perspective on RSA 2026 and what the AI agent security market actually looks like up close. Every year at RSA, there's a theme, not the official one printed on the lanyards, but the real one. The one that shows up in every booth conversation, every hallway argument, every dinner where people finally say what they wouldn't say on a panel. A few years back, it was cloud. Then zero trust took over and held the room for a while. XDR came through and confused everyone. Identity had its moment.

Most mobile security workflows end in a familiar way. A scan runs, a report is generated, and the output looks reassuring. There are no critical issues, maybe a few medium findings, nothing that blocks a release. The process completes, the team moves forward, and the app ships. At that moment, the assumption is clear. The app has been tested. The risk is understood. But there is a question that rarely gets asked, and it changes the entire conversation.

COMMENTARY: When the United States and Israel launched coordinated strikes against Iran on February 28, the security community mobilized around the visible response. I’ve watched that response for two weeks: teams tracking hacktivist DDoS campaigns, incident counts climbing, news coverage following close behind.

AI application security protects AI-powered apps, including those powered by large language models ( LLMs), from unique threats like prompt injection, data poisoning, and model theft. It achieves this by securing the entire lifecycle, including code, data, algorithms, and APIs, using specialized tools and processes that go beyond traditional security measures. It involves securing the AI model’s behavior, training data, and outputs.

Attackers inside OT environments don’t run, they walk slowly, blend in, and map everything before they act. Here’s why cyber deception technology is built for exactly that threat.