By RSAC 2026 closed today in San Francisco. Four days at Moscone Center, one dominant theme: agentic AI for security operations. Every major vendor showed up with some version of autonomous AI agents for the SOC. Some of it is real. A lot of it is a roadmap wearing a press release.
Here is what shipped, what is still vapor, and what security teams should evaluate now.
Timeline
- March 23 (Day 1): Arctic Wolf launches Aurora Agentic SOC and Aurora Superintelligence Platform. Palo Alto Networks ships Prisma AIRS 3.0. Cisco announces Zero Trust Access for AI agents, DefenseClaw open-source framework, and AI Defense Explorer Edition. Wiz — now officially part of Google Cloud — launches AI Application Protection Platform. Google publishes M-Trends 2026 via Mandiant.
- March 24 (Day 2): CrowdStrike unveils Agentic MDR and Falcon Next-Gen SIEM support for Microsoft Defender for Endpoint telemetry. Stellar Cyber introduces agentic AI for SOC operations. Black Duck announces Black Duck Signal for securing AI-generated code.
- March 25–26 (Days 3–4): Splunk (Cisco) details Exposure Analytics, Detection Studio, and agentic SOC expansions. Microsoft highlights Edge for Business AI protections. Astrix Security expands its AI agent security platform to cover shadow agent deployments.
The big product announcements
Arctic Wolf made the loudest claim of the week: its Aurora Agentic SOC is the "world's largest commercial agentic SOC." The architecture runs on a new Aurora Superintelligence Platform with three tiers — Oversight Agents that coordinate and validate, Authoritative Agents handling triage and threat hunting, and Process Agents automating SOAR grunt work. Arctic Wolf says hundreds of process agents are already deployed. Their differentiation pitch is turnkey: customers don't build their own agentic workflows. Arctic Wolf also announced a Wiz integration.
Cisco went broad. Jeetu Patel, Cisco's president and CPO, framed the problem in three parts: protect agents from the world, protect the world from agents, respond to threats at machine speed. The concrete products: Duo Agentic Identity extending identity intelligence to AI agents, Zero Trust Access for AI agents, and DefenseClaw — an open-source security framework covering skill scanning, AI bill of materials, and MCP server scanning. Cisco also released AI Defense Explorer Edition as a free tier. DJ Sampath, Cisco's SVP for AI software, confirmed the explorer tier upgrades to enterprise AI Defense for production guardrails and Secure Access integration.
CrowdStrike shipped Agentic MDR through Falcon Complete. The pitch: elite human analysts build and deploy intelligent agents to automate high-friction workflows. Internal benchmarking with NVIDIA Nemotron models showed up to 5x faster investigations and 3x higher triage accuracy. Separately, Falcon Next-Gen SIEM now ingests Microsoft Defender for Endpoint telemetry without requiring additional sensor deployment — a direct play for shops running both platforms. CrowdStrike also launched SOC Transformation Services for teams migrating to Falcon Next-Gen SIEM.
