Image: RSA Conference 2026
RSA Conference yet again welcomed scores of security practitioners, executives, and infrastructure providers to San Francisco this year. I had the opportunity to attend in person and meet with thirty companies over four long days. Not surprisingly, agentic AI security punctuated all my conversations.
With a continued theme of summarizing my event attendance with three big takeaways – let’s dive in!
You Can’t Protect What You Can’t See
Agentic frameworks are moving at hyper speed, and enterprises are struggling to keep pace. Historically, technology roadmap refreshes were measured in years. In contrast, modern AI application innovation can be measured in months. OpenClaw experimentation is a glaring example: its initial release last November as Clawdbot, then renamed to Moltbot, and eventually OpenClaw in late January, shattered GitHub records for open-source downloads.
Last year at RSAC, identity access management for non-human orchestration and task agents was clearly defined as foundational in securing agentic frameworks. It is an intuitive assumption, given the expectation that, over time, enterprise knowledge workers will individually deploy potentially hundreds of agents to improve productivity. This year at RSAC, a new foundational tenet of agent observability emerged. After all, you can’t protect what you can’t see, and for many organizations, it is impossible to understand what is deployed within IT and OT infrastructure estates.
There is ample opportunity for traditional observability solution providers to lean in to address the agent visibility challenge, as identity solution providers are doing to extend its platforms and ensure the necessary provisioning and control. However, there may be a more critical consideration. The emergence of a multitude of bespoke agentic frameworks will require greater control-plane orchestration. Technology infrastructure providers want to establish themselves as the go-to agentic platform for obvious sales adjacency reasons, but it is not realistic, and more is needed beyond MCP and A2A to ensure agent visibility and interoperability.
The Year of the Claw
Coming back to the meteoric rise of OpenClaw, this year is quickly becoming the “Year of the Claw”. The ability to use endpoints to create and deploy agents is somewhat of a science experiment now, but open-source offerings, including NVIDIA NemoClaw, announced at GTC, and Cisco DefenseClaw, announced at RSAC, have great promise in providing the guardrails needed to ensure the safe deployment of OpenClaw within the enterprise.
NVIDIA positions its solution as enterprise-ready, but that is a huge stretch. The good news is that with both NVIDIA and Cisco making its agentic security frameworks open source, having more hands-on-deck upstream and downstream has the potential to accelerate innovation and harden security.
Noteworthy Announcements
Big technology industry events give infrastructure providers a stage to make a splash with new products and solutions. RSAC is no exception, and four tech titans, including Cisco, Google, HPE, and Palo Alto Networks, made noteworthy announcements.
Cisco introduced DefenseClaw, its open-source, secure-agent framework that automates security and inventory, with plans to integrate with NVIDIA OpenShell as the sandbox to eliminate manual steps and accelerate secure-agent deployment. The company is also wisely positioning its Splunk business unit’s capabilities to supercharge security operations by automating response workflows and empowering security operations teams to keep pace with the utilization of AI by bad actors. DefenseClaw adds to an already impressively broad and deep Cisco AI security portfolio, and the company’s leadership points to using modern AI tools to accelerate its agentic security solution development.
Cisco also shared an extension of its Zero Trust Access architecture to agents, including agent discovery in Cisco Identity Intelligence, new agent identity and access management capabilities in Duo, and MCP policy enforcement and adaptive risk protection within its Secure Access SSE offering. Furthermore, an enhancement to the company’s AI Defense solution, the Explorer Edition, aims to democratize AI safety and security by providing developers with self-serve tools to assess model and application resilience against attacks and to embed robust guardrails into agents before they are deployed. In totality, it is a comprehensive set of new security functionality, but Cisco channel partners will have to digest it all and determine how to position and sell it.
Google made several announcements, and three stood out as significant. As adversaries increasingly use AI to automate coding and scale attacks, the company published its Mandiant M-Trends 2026 report. It provides insights to arm defenders with threat intelligence to fight AI with AI, and demonstrates the value of a discrete focus on research that unpacks the weaponization of AI.
Available in preview, Google Security Operations delivers new agentic automation capabilities designed to enable persistent, dynamic protection to keep pace with an evolving threat landscape, including the incorporation of dark web intelligence telemetry. Equally noteworthy is Google’s Model Armor integration with Google MCP servers to mitigate data leakage and deepen protection against model poisoning and prompt injection. With Google’s hard-fought battle to close its acquisition of Wiz just days before RSAC, it is safe to assume we will see further agent-based cloud security innovations in the coming months.
HPE rightly recognizes that AI is solidifying the need for deeper integration of security into networking infrastructure to enable runtime protection and unlock inference at network edges. To address these needs, the company announced new HPE Juniper Networking SRX400 Series Firewalls to extend protection from core to edge, an expanded hybrid mesh firewall architecture to wrap guardrails around AI applications, improved resilience with HPE Zerto recovery for AI workloads, and enhanced encryption and post-quantum readiness across its expansive infrastructure portfolio.
Also worth highlighting is the recent launch of HPE Threat Labs just before RSAC. A threat intelligence service was strategically needed to complement the company’s investments in security and level its playing field with Cisco Talos. HPE’s inaugural report, In the Wild, is eye-opening, capturing insights tied to live threat activity it observed globally last year. The report demonstrates that cybercrime has become an industrial endeavor, with attackers using automation and long-standing vulnerabilities to scale campaigns and repeatedly compromise high-value targets faster than defenders can respond.
Palo Alto Networks did a masterful job of using RSAC to hold a mini conference at the beautiful Shack15 on the Embarcadero to announce a handful of solutions. Prisma AIRS 3.0 stands out for its design to secure the entire agentic AI lifecycle, enabling enterprises to move from simply observing AI interactions to safely authorizing autonomous execution. To facilitate control-plane functionality, the company is developing an AI gateway that harmonizes runtime controls, red teaming, identity, discovery, and agentic endpoint security. It is a powerful AI security stack and further strengthens Palo Alto Networks’ platform approach to cybersecurity.
The company also announced its Next-Generation Trust Security solution to transform cryptographic trust from a manual, human-error-prone process into an automated network control, eliminating service outages and dramatically improving operational efficiency. Enhancements to its Prisma Browser that enable deeper AI runtime controls, and a new version of an enterprise browser for smaller businesses to affordably ensure the safe and secure use of modern AI applications, rounded out the company’s announcement payload. Endpoint security in the AI era will require retooling, and the browser will continue to play a vital role in a layered approach that mitigates tool sprawl.
Final Thoughts
I am an unabashed science fiction nerd, and the need for stronger agentic security controls reminds me of the Battlestar Galactica television series reboot over two decades ago.
In the reimagination of the iconic series, the Galactica disabled all shipwide connectivity to prevent Cylon bad actors from infiltrating critical systems and infrastructure. In many ways, it parallels the concerns that enterprises have with the safe and secure deployment of AI agents. The good news is that the pace of agentic security innovation is mind-blowing, and the innovations revealed at RSAC point to the confidence that the scales in the fight against AI with AI can be tipped in favor of defenders.
So Say We All!
