RSAC 2026 Day 1: What the Industry Is Saying (And What It Means)
Published by TENEX.ai | March 24, 2026
We just wrapped Day 1 at Moscone Center, and if there’s one thing that’s clear, it’s this: the security industry has moved past the question of whether AI belongs in the SOC. The conversation is now about how badly most implementations are failing and what it actually takes to get it right.
Here are the five themes that dominated the floor, and what we think they mean.
1. AI in the SOC Is Real, But So Are the Failure Modes
The session that drew the most honest conversation was “We Put AI in Our SOC: Here’s What Broke (and What Didn’t)” from practitioners at Tyson Foods and Exeter Finance. The title says it all. Organizations are deploying AI into security operations, but without rigorous failure analysis and guardrails, the results are inconsistent at best and dangerous at worst.
The industry is learning the hard way that bolting AI onto legacy workflows doesn’t transform security operations. It just accelerates the same broken processes. The promise of AI in security isn’t automatic. It has to be designed from the ground up.
The TENEX.ai take: This is exactly why being AI-native, not AI-adjacent, matters. When AI handles 100% of alert triage at machine speed, your analysts aren’t managing an AI tool. They’re focused entirely on the threats that require human judgment. That’s a fundamentally different architecture than layering automation on top of a manual workflow.
2. Insider Threat Has Gone Synthetic
Multiple sessions tackled a troubling evolution in the insider threat landscape. The “Disgruntled Employees to Deepfaked Identities” session from Forrester and the research on DV chatbot exploitation made the same underlying point: insider threat is no longer just a behavioral or HR problem. It’s now an identity and access management challenge amplified by synthetic personas, deepfakes, and shadow AI tools that bypass traditional controls.
The hands-on Deepfake Crisis Executive Lab underscored the urgency. This isn’t theoretical. Enterprises are encountering these scenarios now.
The TENEX.ai take: When threats can originate from synthetic identities operating inside your environment, 10–20% alert coverage isn’t a tradeoff. It’s a liability. Full visibility isn’t a premium feature. It’s the baseline requirement for catching what legacy coverage misses entirely.
3. AI Governance Is Catching Up Fast and It’s About to Accelerate
The OWASP AIVSS session, featuring Anthropic’s Deputy CISO, a NIST representative and venture leaders, signaled that the standards community is converging on measurement frameworks for agentic AI risk. This wasn’t a research preview. It was a policy acceleration signal.
The “Faster Decisions, Less Frustration” GRC session from the Center for Internet Security reinforced the same theme: security leaders are being asked to make AI-related decisions without adequate frameworks. That window of ambiguity is closing.
The TENEX.ai take: “Provable outcomes” isn’t a marketing language. It’s the direction the entire regulatory environment is heading. Organizations that can demonstrate measurable security results, including detection speed, alert coverage and false positive rates, will be far better positioned when AI governance requirements become mandatory reporting obligations.
4. Nation-State Attacks Are Now a Board-Level Business Problem
China’s Typhoon campaigns commanded multiple sessions and the framing has shifted dramatically. This is not just a government concern or an advanced persistent threat that only Fortune 100 security teams need to worry about. Network security roadmapping out to 2030 was on the agenda, which signals that long-horizon enterprise planning around nation-state exposure is now expected, not optional.
The “Hack Back Is a Distraction” panel pushed back on offensive posturing and made the case for scalable active defense. The subtext: most organizations aren’t defended well enough to be thinking about offense.
The TENEX.ai take: When threat actors operate at machine speed and they do, the response has to meet them there. Mean time to triage measured in seconds, not minutes or hours, is what creates the margin between containment and compromise. That gap is where nation-state actors find their advantage.
5. The Talent Crisis Is Structural and AI Is Both Cause and Cure
SANS Institute dedicated a keynote to the tension between AI-driven automation and workforce displacement, with sessions on sustainable leadership and preventing burnout running alongside it. The industry is grappling with a genuine structural talent problem: the number of unfilled cybersecurity roles continues to grow while AI simultaneously changes what those roles look like.
The TENEX.ai take: Security teams need to scale through AI rather than headcount. It’s not about replacing analysts. It’s about elevating them to the high-risk, high-value work that deserves their attention. When noise is filtered at machine speed, the threats that actually need experienced eyes get them. Analysts shift from chasing volume to doing the work that matters: complex threat hunting, strategic decision-making and the human judgment no model can replicate. That’s not a threat to the workforce. It’s what a sustainable one looks like.
The Through-Line
Every major theme at RSAC Day 1 pointed to the same underlying reality: the exponential growth of threats, alerts and attack surfaces has outpaced linearly scaled human resources. The organizations winning this fight aren’t the ones with more analysts. They’re the ones that have figured out how to operate at machine speed without sacrificing human accountability.
The Fun – Happy Hour
Our standing-room-only happy hour was a testament to the fact that even in an industry moving at machine speed, the most meaningful insights still happen through face-to-face connection. Beyond the food and company, it was an invaluable opportunity for practitioners to connect and share perspectives outside the Moscone halls. If you’re looking to continue the dialogue, you can book a 1v1 with our leadership team or join the fray at our Capture the Flag event.: https://tenex.ai/rsac-2026/
Want to see what AI-native, Human-led MDR actually looks like in practice? Request a demo at TENEX.ai