If RSAC 2026 made one thing clear, it’s that enterprises are facing a monumental task with AI security risks. Cyber pros, it seems, will once again be putting out fires and left picking up the pieces.
Across several keynotes, the scale of the security challenges faced by AI-focused enterprises was laid bare. The risks associated with the technology are multi-fold, as well, and not limited simply to threat actor adoption.
Hype-fuelled, rushed adoption projects are causing headaches for security teams, fragmented integration across enterprise departments are leaving critical blindspots wide open to exploitation, and the spectre of “shadow AI” is an equally pressing challenge.
AI-related threats have grown in both frequency and scale over the last two years, research shows. Analysis from IBM in August 2025, for example, found 20% of organisations had suffered a breach due to security incidents involving shadow AI alone.
Meanwhile, security firms and AI providers have issued repeated alerts over the increased use of the technology by hackers, helping them to create more convincing phishing lures or to dissect threat intel reports to build potent malware strains.
This maelstrom of overlapping threats, risk factors, and considerations is already a nightmare for security teams, and it’s going to get worse. But a key talking point at RSAC 2026 centered around the fact that this is the time to shine for cybersecurity professionals.
Indeed, they’ve never been more important and will form the vanguard of safe AI adoption in years to come. RSAC executive chairman Hugh Thompson told attendees that there’s a “certain dynamism” that exists in the industry in 2026, issuing a call to action for security professionals to play a more proactive role in shaping adoption and governance.
“We cannot be passive observers on this AI journey,” Thompson said in his opening keynote. “AI and cybersecurity are so deeply intertwined, we can’t let AI be something that happens to us. Instead, it’s our responsibility as cybersecurity professionals to make AI work for us.”
Former CISA chief and newly-appointed RSAC CEO Jen Easterly echoed Thomson’s comments, highlighting the resilience of a community that has evolved multiple times over the past two decades.
From the early days of the web to mass cloud adoption, cybersecurity professionals have stepped up when they’re needed most.
“This is our community, and we should draw strength from that, because together, we are stronger than any threat,” she said.
“Together, we're building trust in a world that desperately needs trust, a world increasingly powered by the most consequential technology of our lifetime, moving faster and faster than ever.”
AI is changing the face of cyber
Cybersecurity professionals are indeed making AI work for them. A survey from ISC2 in mid-2025 found roughly one-third (30%) of respondents have already integrated AI tools into their daily workflows.
Meanwhile, around 42% told ISC2 they were “actively considering” the deployment of AI tools in security operations.
As with other professions such as software development or customer service, the productivity and efficiency gains delivered by AI are tantalizing for cyber teams contending with a seemingly never-ending torrent of threats.
Analysis from Sapio Research last year found more than half (56%) of security teams had reported productivity improvements in the wake of AI adoption.
In terms of threat detection and response, the report added that cyber pros reported similar improvements. Nearly half (46%) said the technology is helping improve incident response while 42% said it’s helping speed up threat intel gathering.
Talk to your cyber pros
The rush to adopt AI has been understandable, there’s big money involved and companies are stretching dollars as far as possible. But one of the key issues highlighted at RSAC 2026 was the fact these adoption projects have been scattered and fragmented - and it’s not helping security teams.
Tenable co-CEO Stephen Vintz summed up the situation, noting that disparate teams are all working toward their own goals with the technology, resulting in a fragmented ecosystem where threats slip through the cracks.
“AI ownership is fractured, very fractured within the enterprise,” he said. “The data science team owns the models, the ML Ops team owns the production pipeline, it owns deployment. The product team owns the integration of these capabilities into the offering, legal owns the compliance.”
Vintz noted that security pros are “at the end of the line” and left picking up the pieces when things go wrong. This “responsibility gap”, as he described it, is doing no-one any favors and highlights the need for closer cross-functional collaboration and ownership.
Simply put, it’s clear that business leaders, department heads, and individual teams need to do better when communicating with security teams – and cyber pros themselves need to be more proactive in engaging with other domains.
RSAC warnings and Arm's AGI CPU
NTT has a plan to reduce emissions across the entire software product life cycle
Systems are deterministic, people are probabilistic – AI is both, and that's a headache for cyber teams
Tenable co-CEO Stephen Vintz says enterprises need to get serious about tackling the AI “responsibility gap”
The key risks security teams face in 2026
Observability will be key to agentic AI safety, says Microsoft Security exec
Enterprises need to think of agents as ‘digital co-workers’ – and that means implementing the same security safeguards
Safe AI adoption rests on cybersecurity professionals, says RSAC chairman
