RSAC 2026 ran March 23–26 at the Moscone Center, the 35th edition of the industry’s largest gathering. This preview was written against the published agenda and still maps the terrain that mattered — and now doubles as a guide to what’s worth pulling up on demand. The theme, “Power of Community,” framed a program that drew more than 700 speakers, 31 session tracks, 570+ sessions, and 600+ exhibitors, according to the conference organizer. Every one of those numbers tells you the same thing: you cannot attend RSAC. You can only attend a sliver of it, and the game is choosing the right sliver.
The honest guide isn’t a session-by-session roll call. It’s a filter. What actually moved the industry forward, what was marketing in a lanyard, and where the real conversations happened. For the 35th anniversary, the filter sharpened around three things: agentic AI security, identity in a non-human world, and active defense over reactive posture. Everything else was context.
Why “Power of Community” Landed Differently This Year
The theme sounds like boilerplate. It isn’t — or at least, it didn’t play that way in the room. RSAC 2026 opened against a backdrop of ongoing U.S. military operations in the Middle East, the absence of several federal agencies that would normally fill SOC panels, and airport-style physical screening at Moscone. Community here wasn’t a platitude. It was a statement that industry has to carry work that public institutions are, for various reasons, carrying less of.
That reframing showed up in session selection. The opening keynote from Jen Easterly, former CISA director and now RSAC CEO, set a through-line of practitioner-to-practitioner knowledge transfer over vendor spectacle. Whether it held across 570 sessions is a separate question — it didn’t always — but the headline sessions clearly got the memo.
The Keynotes That Mattered
Keynote programs at RSAC are a mix — genuine research, industry-aimed executive pitches, and celebrity bookings designed to move badge sales. The 2026 lineup leaned heavier on substance than recent years. These are the ones worth your time.
Reimagining Security for the Agentic Workforce — Jeetu Patel, Cisco’s president and chief product officer, delivered the argument that defined the conference: AI agents require security architectures built for non-human actors operating at machine speed. His framing — protect agents from the world, protect the world from agents, and detect and respond at machine speed — became the shorthand every vendor booth copied by Tuesday afternoon. His line “with chatbots, you worry about getting the wrong answer; with agents, you worry about taking the wrong action” will get quoted in every CISO deck for the next year.
Activate Industry!: Moving Beyond Defense to Disruption and Active Defense — Sandra Joyce, vice president of Google Threat Intelligence, made the case for industry-led disruption of adversary infrastructure rather than pure defensive posture. Her most-cited statistic: the time from initial access to hands-on-keyboard adversary activity has collapsed from eight hours in 2022 to 22 seconds in 2025. If that number holds up under scrutiny, it rewrites the economics of dwell-time defense.
The Cryptographers’ Panel — the 9:40 AM Tuesday session at the YBCA Blue Shield of California Theater remains one of the few places you can hear the actual designers of modern cryptography argue in public. Always worth the time, especially as post-quantum migration deadlines tighten.
Multi Dimensional Defense in an Era of Escalating Cyber Risk — Richard Horne, CEO of the UK National Cyber Security Centre, gave the European counterweight to the U.S.-dominated threat discourse, with specific focus on societal impact and supply chain exposure.
Inside Offensive Cyber: Lessons from Four NSA Directors — the panel of four former NSA directors delivered the most candid public discussion of offensive cyber doctrine you’ll get outside a SCIF. No specific names on the full panel appeared in public materials, but the content made it the week’s sleeper session.
Empathetic Leadership — former New Zealand Prime Minister Jacinda Ardern in conversation with Jen Easterly. Skip or watch based on whether you want leadership content or technical content. It’s well-executed but it’s the former.
The closing celebration featured Hugh Jackman in conversation with RSAC Executive Chairman Hugh Thompson. That’s entertainment, not signal.
Innovation Sandbox: The Only Track That Reliably Predicts the Future
The RSAC Innovation Sandbox contest is the single most reliable indicator at the conference. In 21 years, its top 10 finalists have collectively seen more than 100 acquisitions and received over $50.1 billion in investments, per the conference organizer. Past finalists include Wiz, SentinelOne, Imperva, Axonius, HiddenLayer, Reality Defender, Phantom, and ProjectDiscovery. If you attend nothing else, watch the Sandbox — live or on demand.
The 2026 winner was Geordie AI, an AI governance platform that discovers AI agents running across code, cloud, and endpoints, maps each agent’s tools and connections, and provides runtime observability of agent behavior. That its AI-agent-governance pitch won tells you where the judges — drawn from Morgan Stanley, JPMorgan Chase, Verizon, and Capitol Meridian Partners — believe the money is going.
The full field of finalists read as a map of 2026’s enterprise security pressure points. Each finalist received a $5 million investment as part of the contest’s SAFE program.
Seven of ten finalists are pointed directly at AI agent problems — governance, identity, runtime monitoring, code security written by AI, social engineering performed by AI. This is not a coincidence. Forrester’s Q4 2025 AI Pulse Survey reports 50% of organizations piloting agentic AI with 24% already in production, and the Sandbox field is the early market’s response to that reality.
A practitioner note: most Sandbox finalists don’t mature as independent platforms. They solve narrow, high-friction problems and get absorbed by existing security and cloud players. The pattern is consistent — Phantom was acquired by Splunk, StackRox sold to Red Hat, Calypso AI sold to F5, Securiti AI sold to Veeam for $2.7 billion. Evaluate these startups for what they’ll teach you about problem shape, not for long-term vendor bets.
The Villages, Launch Pad, and What Gets Missed on the Main Stage
RSAC 2026 featured seven villages, a Capture the Flag, a hackers association experience, and hands-on learning formats that opened Tuesday. Villages are where practitioners trade technique; main stages are where strategy gets rehearsed for earnings calls. The ratio matters. If you came to learn — not to be sold to — villages plus the track sessions were the budget-worthy spend.
RSAC Launch Pad, in its sixth year, put three pre-market startups in front of venture capitalists in a Shark Tank-style pitch format. It’s a useful read on what very early-stage founders think is fundable right now; it’s not a buy signal.
College Day on Thursday brought students and faculty in on free passes. If your organization hires from pipeline, Thursday afternoon networking produced better candidates than the career fair ever does.
New for 2026: the RSAC Connection Hub, pitched as a networking and community space and the closest thing the conference has ever had to an unscheduled lobby. Reports from the floor suggest it worked — a rare successful addition to a conference format that typically calcifies.
Track Priorities for the On-Demand Watch List
For All Access Pass holders, keynote and track sessions become available on demand approximately four hours after the live occurrence. If you’re building a watch list now, these were the tracks the community called out:
The Agentic AI / Non-Human Identity track was the conference’s center of gravity. Sessions covered how autonomous agents break existing IAM assumptions, how to inventory agents across code, cloud, and endpoints, and how zero-trust models extend — or don’t — to software that thinks. Vasu Jakkal of Microsoft Security led a well-reviewed session on self-healing autonomous security architectures.
The Active Defense and Disruption track extended Sandra Joyce’s keynote argument into the tactical layer. If your org is still operating on pure detect-and-respond doctrine, this is where the counterargument lives.
The Cryptography and Post-Quantum track continued its slow-burn role as the most technically serious content on the program. NIST’s post-quantum standards aren’t theoretical deadlines anymore; migration is the work.
The annual SOC at RSAC report session — the team that secures the conference Wi-Fi itself — delivered its tenth-year retrospective. It’s an underappreciated window into real-world network hygiene at scale. This was the 7th year of the report; the SOC itself has now run for ten.
The Supply Chain Security panel brought together legal, technical, and operational perspectives on rising supply chain attacks under stricter regulatory regimes. For CISOs with regulatory exposure, this one earns the watch time.
Expo Floor: What the 600 Booths Were Selling
One pattern defined the expo hall this year: every vendor put an agentic AI story somewhere on their pitch, whether or not they had product to back it. Separating signal from slideware required asking two questions. First, does the product actually discover and govern AI agents, or does it just add an AI feature to an existing product? Second, what’s the non-human identity story — specifically, how does the vendor handle an agent that changes behavior during operation without a human in the loop?
Vendors worth the booth time were the ones answering both questions concretely. A long tail of the expo was recycled cloud security with AI marketing applied to it. The Early-Stage Expo, a separate floor zone for pre-Series-B companies, had a higher signal ratio than the main floor and took less time to walk.
The Harder Conversation: Community Under Strain
The theme was Power of Community. The subtext was a community absorbing disruption. Multiple federal agencies that would normally staff sessions were absent or reduced. Physical screening at Moscone ran at airport levels. International attendees dealt with visa uncertainty that wasn’t a factor five years ago. RSAC 2026 happened in a year where the public-private partnership model that underwrites most of modern cybersecurity is under stress on multiple axes.
The useful community conversations weren’t on the main stage. They were in the hallway, in the villages, at the side events, and in the candid-by-necessity off-record sessions. For attendees who go back to a smaller shop on Monday, that’s the real takeaway: the network you built at RSAC matters more than the sessions you watched, and 2026 was a year where that mattered more than it has in a long time.
What to Actually Attend Next Year
Decide your question before you register. If the question is “what’s the industry selling,” the main stage and expo floor answer it. If the question is “what are practitioners actually doing,” villages, birds-of-a-feather sessions, and side events answer it. If the question is “where’s the market going,” Innovation Sandbox is the only reliable oracle the conference has produced in 21 years.
For RSAC 2026 specifically: the conference was shaped by one substantive argument — agentic AI breaks the human-centric assumptions of existing security — and the rest of the week was people responding to that argument with varying degrees of rigor. If you’re rebuilding your 2026–2027 roadmap around that shift, watch the Patel, Joyce, and Sandbox sessions on demand, then read the Forrester and Cisco Talos year-in-review reports that came out of the conference. That’s the minimum viable briefing.
RSAC 2027 is already booked for April 5–8 at the same venue. The community will be back. The question is what the community looks like by then.
