What to Watch at RSA 2026

The RSA 2026 Snapshot

Conference dates: March 23–26, 2026

Location: Moscone Center, San Francisco

Agenda highlights include:

• AI Security Summit
• OWASP AI Security Summit
• Main Stage Keynotes
• Innovation Sandbox
• Early Stage Expo
• AI Village

Scale: Over 600 exhibitors expected at RSA 2026

What Makes RSA 2026 Different This Time

RSA Conference 2026 feels different, and you’ll notice it right away. This year, AI isn’t just a side topic or a buzzword on slides. It’s the main focus. All around Moscone Center from March 23 to 26, the emphasis is on how we secure AI and how AI is changing security itself. This theme is present in everything from the major keynotes to hands-on sessions in the AI Security Summit and the AI Village. What makes RSA 2026 interesting is the genuine tension in the room.

Vendors like Google, AWS, and Accenture are showcasing AI-driven SOC tools that promise quicker detection and smarter responses. Meanwhile, security teams and researchers are quietly asking, “Does this actually work in the real world?” Adding to this are early-stage startups presenting new and sometimes risky ideas about AI and supply-chain security. This year’s conference feels less like a sales pitch and more like a reality check on the future of security.

Top 10 Sessions and Programs to Watch at RSA 2026

1. AI Security Summit

Why it matters: RSA is making AI security a main focus. You can look forward to practical talks about protecting AI models, managing AI risks, and stopping attacks that use AI.

Status: AI security is now officially a key part of the RSA 2026 program and will be a top theme throughout the conference.

2. Main Stage Keynotes

Why it’s important: Keynotes set the tone for the entire conference. These talks usually feature top government and tech leaders and give early signals on regulation, policy, and where security is heading next.

Status: Core RSA program; keynote structure confirmed, with speaker announcements typically made closer to the event.

3. AI Village

Why it’s important: One of the most hands-on areas at RSA. You’ll see live demos, real attack techniques, and practical defenses for AI systems less theory, more reality.

Status: Confirmed experiential space, continuing RSA’s push toward interactive and community-led learning.

4. Innovation Sandbox Finals

Why it’s important: This is RSA’s biggest startup moment. Many past finalists have gone on to become major security vendors. Expect strong AI, cloud, and supply-chain security themes.

Status: Flagship startup competition confirmed; finalist lineup and presentation schedule released closer to the event.

5. Early Stage Expo

Why it’s important: If you want to spot what’s coming next in security, this is the place. Early ideas around AI security, identity, and cloud defense usually show up here first.

Status: Confirmed expo segment, traditionally hosting dozens of early-stage security startups.

6. Cloud & SaaS Security Sessions

Why it’s important: Cloud and SaaS attacks dominate real-world incidents today. These sessions usually focus on identity abuse, token theft, logging gaps, and detection lessons from the field.

Status: Long-standing RSA track, expected to return given continued cloud attack trends.

7. Supply Chain & Software Integrity Sessions

Why it’s important: Supply-chain security isn’t going away. Expect talks on SBOMs, dependency risk, build pipelines, and third-party trust.

Status: Recurring focus at RSA since SolarWinds, with strong relevance to modern software environments.

8. AI-Driven SOC & Detection Demos

Why it’s important: Vendors will be heavily demoing LLM-powered SOC tools and automated response systems. This is where you can separate real capability from marketing noise.

Status: Highly expected across the expo floor, based on current vendor roadmaps and RSA demo trends.

9. OWASP-Led AI Security Content

Why it’s important: OWASP sessions tend to be practical and community-driven, focusing on adversarial AI, secure deployment, and open research instead of sales pitches.

Status: Likely presence, aligned with OWASP’s expanding work in AI security and past RSA participation.

10. Security Scholar & Research Programs

Why it’s important: Academic research sessions often reveal early ideas that become mainstream threats or defenses a year or two later. Great for forward-looking readers.

Status: Established RSA program supporting student and academic research, with sessions typically running throughout the conference.

Top 8 Speakers & Panels to Watch and why

1. Jen Easterly: CEO, RSA Conference

Recently stepping into the CEO role, she’ll be setting the tone for RSA 2026.

Why it’s worth your time: Her framing will signal what RSA wants the industry to focus on, especially around AI, risk, and priorities for the year.

2. Google Security, AWS Security, Accenture Security & Mandiant Leaders

Senior leaders from these organizations are expected across keynotes, sessions, and demos.

Why it’s worth your time: This is where the agentic AI security narrative gets pushed hardest and where bold claims meet real-world scrutiny.

3. Hillai Ben-Sasson & Dan Segev: Wiz Research

Known for hands-on research into cloud and AI infrastructure security.

Why it’s worth your time: Expect grounded, technical insights based on how AI systems actually fail in production.

4. SANS Institute & Microsoft Cloud Detection Experts (e.g., Maxim Deweerdt)

Practitioners deeply involved in real-world cloud incident response.

Why it’s worth your time: Practical detection techniques for identity abuse and token-based attacks that SOC teams deal with daily.

5. Innovation Sandbox Finalists & Winners

RSA’s top startup founders presenting live to judges and investors.

Why it’s worth your time: A strong signal of where security innovation and investment is heading next.

6. OWASP AI Security Summit Speakers

Community researchers and practitioners focused on AI threats and defenses.

Why it’s worth your time: Less marketing, more honest discussion about what’s still broken in AI security.

7. Cyber Leaders Forum: CISO Panel

Invite-only discussions among senior enterprise CISOs.

Why it’s worth your time: Real insight into how large organizations are thinking about AI risk, budgets, and strategy.

8. AI Village Leads & Community Researchers

The people behind live demos and hands-on AI security sessions.

Why it’s worth your time: Villages often surface proof-of-concepts and attack techniques before vendors respond publicly.

Key Exhibitors and Vendors at RSA 2026

1. BreachLock

What to expect: Continuous security testing, real-world attack validation, and practical risk exposure demos.

Why it stands out: BreachLock tends to stay grounded in what actually breaks in real environments, not just theoretical security.

2. Google Cloud & Mandiant

What to expect: Agentic SOC workflows, unified security platforms, and Mandiant threat intel tightly integrated with Google’s cloud stack.

Why it stands out: Google is pushing hard on AI-driven defense narratives RSA is where those claims get tested live.

3. Amazon Web Services (AWS)

What to expect: Partner demos, ISV showcases, and cloud-native security tooling tied into the AWS ecosystem.

Why it stands out: AWS sets the baseline for how cloud security is operationalized at scale.

4. Microsoft Security

What to expect: Identity protection, token-misuse detection, and enterprise cloud security workflows.

Why it stands out: Identity remains one of the most abused attack paths and Microsoft sits at the center of it.

5. Accenture Security

What to expect: AI-driven cyber defense, managed detection, and large-enterprise security operating models.

Why it stands out: Accenture influences how security actually gets deployed inside Fortune-scale organizations.

6. CrowdStrike

What to expect: AI-powered detection, endpoint automation, and SOC workflow enhancements.

Why it stands out: One of the loudest voices around AI-driven detection worth watching closely.

7. Palo Alto Networks

What to expect: Platform-centric security, AI-assisted threat detection, and SOC consolidation stories.

Why it stands out: Strong push toward “one platform” security RSA is where that vision gets showcased.

8. SentinelOne

What to expect: Autonomous response, AI-assisted detection, and endpoint-to-SOC workflows.

Why it stands out: Known for automation claims live demos matter here.

9. Splunk

What to expect: Detection engineering, SIEM modernization, and AI-assisted analytics.

Why it stands out: Still central to how many SOCs actually operate day-to-day.

10. Fortinet

What to expect: Network, edge, and AI-assisted security across hybrid environments.

Why it stands out: Strong presence across enterprise networks and OT environments.

11. Innovation Sandbox Finalists

What to expect: Early-stage tools around AI security, supply chain risk, identity, and cloud defense.

Why it stands out: This is where tomorrow’s vendors usually appear first.

12. Early-Stage Security Startups (General Watch)

What to expect: Model hardening, SBOM verification, secrets detection, and AI-specific security tooling.

Why it stands out: Smaller booths often have the most honest conversations.

13. Thales & Crypto / HSM Vendors

What to expect: Post-quantum readiness, HSMs, key management, and cryptographic lifecycle tooling.

Why it stands out: Crypto agility and quantum prep are moving from theory to planning.

14. Yubico

What to expect: Hardware-backed identity, phishing-resistant MFA, and enterprise identity security.

Why it stands out: Identity remains the weakest link and hardware still matters.

15. AI-Focused Security Tooling Vendors (Category Watch)

What to expect: AI model security, abuse detection, governance, and runtime protection.

Why it stands out: This category is growing fast but still very uneven in maturity.