Security Teams Must Move Beyond Passive Defense as AI Reshapes Attacks
More than 43,000 attendees gathered at RSAC 2026 this week as the conference marked its 35th year. The dominant message: security operations must shift from reactive to proactive as artificial intelligence becomes embedded in both attacks and defenses.
Hugh Thompson, RSAC Executive Chairman, warned that security teams can no longer remain passive. Adversaries are already experimenting with agentic AI systems that operate with unprecedented speed and scale, said Vasu Jakkal, corporate vice president of Microsoft's security business.
Static Rules No Longer Work
Traditional security approaches built on static policies and predefined rules are insufficient, Jakkal said. The shift requires moving toward proactive, continuously operating security models where systems anticipate, adapt and respond in real time.
Jakkal described a future in which security architectures function as "always-on, self-defending" environments powered by AI. These systems learn from activity and adjust defenses dynamically.
AI Agents Require New Identity Management
AI agents present both a new attack surface and a new control layer. IDC projects there could be as many as 1.3 billion AI agents in operation by 2028, each requiring governance and protection similar to human users and traditional endpoints.
This forces organizations to rethink identity as a broader concept. It must now include not only people and devices, but also autonomous systems acting on their behalf.
Observability around identity becomes foundational, Jakkal said. Organizations must understand how both human and machine identities behave across systems, with AI agents treated as active participants whose actions can be monitored, analyzed and governed.
Jeetu Patel, president and chief product officer at Cisco, echoed this requirement, emphasizing the need to manage and control agent-based environments at scale.
Zero Trust Must Evolve
Agentic security reflects a transition toward systems operating with high autonomy, creating a continuous feedback loop between detection and response. Zero trust remains essential, but must account for machine identities and AI-driven interactions at scale.
For operations teams, this means rethinking how you monitor, govern and respond to activity across both human and machine actors. Learn more about AI for Operations and how these principles apply to your environment.
Geopolitical Dimension Emerges
The UAE government is pursuing an ambitious national strategy centered on creating 1 billion AI agents within a country-scale defense architecture. H.E. Dr. Mohamed Al Kuwaiti, head of cybersecurity for the UAE, outlined this approach at the conference.
The UAE's "Crystal Ball" initiative, first introduced in 2023, is designed to detect and counter cyber threats through large-scale collaboration and shared intelligence. The long-term goal is to enable AI agents to exchange threat data across organizations and potentially across national boundaries, creating a more coordinated global defense posture.
For security operations professionals looking to understand how AI reshapes threat detection and response, consider the AI Learning Path for Cybersecurity Analysts.
Your membership also unlocks:
