By The headline from San Francisco this week writes itself: cybersecurity embraces AI. Forty-four thousand practitioners packed Moscone Center for RSAC 2026, and nearly every vendor on the floor had the word "agentic" somewhere in their booth. CrowdStrike, Google, Palo Alto Networks, Booz Allen Hamilton, Arctic Wolf, Databricks. The consensus take is that the security industry is harnessing AI to fight back against AI-powered threats.
That framing misses what actually happened.
The real story is an arms race nobody controls
RSAC 2026 was the week the cybersecurity industry admitted, product by product, that autonomous AI agents are already operating on both sides of the line. Not as experiments. As shipped products. The same week Hadrian launched Nova, an AI agent that chains vulnerabilities and escalates access across live networks to simulate real attackers, CrowdStrike debuted an Incident Prediction feature that attempts to forecast an attacker's next four to five moves. One vendor builds a machine that thinks like a hacker. Another builds a machine that tries to read the hacker-machine's mind. That is not "AI in security." That is machines fighting machines, with humans increasingly in an oversight role they haven't figured out yet.
This pattern has a name. It's called an offense-defense spiral, and it's the oldest dynamic in military strategy. What makes 2026 different from the last time security vendors bolted "AI" onto their marketing is that the agents shipping now actually make autonomous decisions. They don't wait for a human to approve the next step.
What shipped this week
The product announcements were relentless. Here are the ones that matter structurally.
Hadrian's Nova is an agentic pentesting tool that replicates what elite offensive security professionals do, autonomously. It chains vulnerabilities, escalates access across real assets, and runs continuously without human-driven scheduling. According to Hadrian CEO Rogier Fischer, "AI-driven automation now allows attackers to weaponize vulnerabilities at machine speed and attackers don't wait." Nova is priced per-test, available immediately, and represents a direct challenge to the traditional penetration testing consulting model.
Booz Allen Hamilton's Vellox is a suite of five AI-native cybersecurity tools covering malware analysis, detection engineering, adversary emulation, compliance monitoring, and autonomous remediation. Booz Allen described it as built on 30 years of adversarial tradecraft, targeting both federal defense customers and Fortune 500 companies. This is a defense contractor shipping offensive AI know-how as commercial product. That alone tells you where we are.
CrowdStrike's CBX platform uses AI to correlate signals across attack surfaces into high-confidence incidents. Its Incident Prediction capability attempts to forecast an attacker's next four to five moves. Separately, CrowdStrike launched the Charlotte AI AgentWorks collaboration with partners including Anthropic, OpenAI, AWS, Nvidia, Accenture, and Deloitte, according to CRN. The goal: a no-code platform for building, testing, and orchestrating security agents on top of CrowdStrike's Falcon platform.
Google used the conference to announce agentic capabilities in Google Security Operations, including a Triage and Investigation agent that autonomously investigates alerts, gathers evidence, and delivers verdicts. Google also confirmed it completed the Wiz acquisition, and released M-Trends 2026 via Mandiant, which found that adversaries have collapsed the window for defenders to intervene to just 22 seconds in some hand-off scenarios.
Arctic Wolf launched what it called the Aurora Agentic SOC, billing it as the "world's largest agentic SOC," according to CRN. Databricks entered cybersecurity with Lakewatch, an agentic SIEM product. Palo Alto Networks shipped Prisma AIRS 3.0 for securing agentic AI. Saviynt debuted identity security specifically for AI agents.
The volume matters. This is not two or three vendors experimenting. It is the entire top tier of the security industry simultaneously building autonomous agents into their core platforms.
Who benefits and who loses
The winners are large platform vendors who can embed AI agents into existing customer relationships. CrowdStrike, Palo Alto Networks, and Google already have the telemetry, the customer base, and the compute. Adding agentic capabilities to an installed platform is cheaper and stickier than selling a standalone AI security tool.
The losers, over time, are traditional penetration testing firms and managed security service providers whose value proposition rests on human analysts doing repetitive work. Hadrian's Nova is priced per-test with no retainer. That is a direct shot at the consulting model that charges by the engagement and takes weeks to schedule. When an AI agent can run the same assessment continuously and on-demand, the human-led pentest becomes a premium verification service, not the default.
Mid-tier security vendors without AI infrastructure face a squeeze. Building credible agentic capabilities requires massive training data, compute, and research talent. The companies announcing products this week, CrowdStrike, Google, Palo Alto Networks, Booz Allen, have those resources. A 50-person security startup does not.
There is also a subtler risk that got less attention on the show floor. Microsoft's Vasu Jakkal noted at RSAC that IDC projects 1.3 billion AI agents in operation by 2028, each requiring the same governance organizations currently apply to human users. GitGuardian's 2026 State of Secrets Sprawl report, presented at the conference, found that 64 percent of secrets that leaked in 2022 are still valid and exploitable today. The industry has a detection problem it hasn't solved for human-generated credentials. Now multiply that problem by a billion agents.
The structural force underneath
This week's announcements connect to a force that started building more than five years ago: the collapse of the perimeter model. When networks had walls, security was about guarding the gate. Cloud computing dissolved the walls. Remote work scattered the endpoints. And now agentic AI adds a new category of actor that moves laterally, makes decisions, and holds credentials, but is not a person.
The last time the industry faced a comparable identity crisis was the shift to zero trust, which took roughly a decade to move from concept to mainstream product. The agentic transition will move faster because the vendors are already built. They just need to retool their detection, response, and identity layers around non-human actors. That retooling is what RSAC 2026 put on display.
CrowdStrike's Global Threat Report, released during the conference, reported that AI-enabled adversary operations increased 89 percent year over year, according to coverage from WindowsForum. Omdia research cited by Google found that 89 percent of CISOs are pushing to accelerate agentic security adoption. The same percentage on both sides. Offense and defense racing at the same speed.
What this looks like in five years
By 2031, the security operations center as we know it will not exist. The SOC analyst triaging alerts manually is already being replaced by AI agents that investigate, correlate, and recommend action autonomously, as Google, Arctic Wolf, Databricks, and Stellar Cyber all demonstrated this week. The human role shifts to oversight, exception handling, and strategic decision-making. Think air traffic controller, not pilot.
Penetration testing becomes continuous and automated. The annual pentest engagement, already a compliance checkbox more than a genuine security exercise, gives way to always-on adversarial validation. Hadrian's pricing model tells you the future: per-test, on-demand, no retainer.
The companies that win this transition will be the ones that control identity for non-human actors. Every new AI agent needs credentials, permissions, and governance. Saviynt, Astrix, Cisco, and DigiCert all launched products this week aimed at exactly that problem. Identity is the new perimeter, and the perimeter just got a billion new occupants.
I'll say it plainly: RSAC 2026 was the week the cybersecurity industry stopped pretending AI was a feature and started treating it as the operating environment. The vendors who shipped this week are placing bets that cannot be unwound. The ones who didn't are already behind.
Jules Okonkwo covers technology for The Daily Vibe.
