RSAC 2026 opened Monday in San Francisco. The biggest theme on the floor isn't a new threat actor or a zero-day. It's the AI agents enterprises deployed last year, now running across production systems with broad access, growing autonomy, and in many cases zero security oversight. If your organization runs AI agents in any capacity, you need to inventory them, audit their permissions, and start treating them as a distinct identity class this week.
Here's the situation as of March 24, day two of the conference.
What happened
RSAC 2026, running March 23-26 at Moscone Center, has drawn roughly 40,000 cybersecurity professionals. The conference theme is "The Power of Community," but the dominant conversation on the show floor is about nonhuman workers: the AI agents now embedded in enterprise SOCs, coding pipelines, productivity suites, and customer-facing platforms.
Three major announcements in the first 24 hours made the scope of the problem concrete:
Microsoft detailed its agentic AI security strategy on March 22, announcing Agent 365, a control plane for managing AI agents across the enterprise. It ships generally available May 1, bundled in the new Microsoft 365 E7 suite at $99 per user per month. The package includes new Defender, Entra, and Purview capabilities specifically designed for agent governance, identity protection, and data security. Microsoft also launched Entra Internet Access Shadow AI Detection (GA March 31) to identify unknown AI applications at the network layer, and a Security Dashboard for AI giving CISOs a unified view of AI-related risk.
Straiker launched two products on March 23: Discover AI, which inventories AI agents, MCP servers, and tool connections across an organization, and an expanded Defend AI that provides runtime protection for coding agents (Cursor, Claude Code, GitHub Copilot) and agent builder platforms (AWS Bedrock AgentCore, Azure Foundry, Microsoft Copilot Studio). Straiker claims detection of agentic threats with sub-300ms latency and over 98% accuracy, trained on millions of real-world agent traces. Notably, Discover AI includes a database of over 12,000 MCP vulnerabilities.
SOCRadar announced its AI Agent Marketplace on March 23, a hub where organizations can deploy specialized autonomous AI agents for cybersecurity tasks within the SOCRadar XTI Platform, alongside new Identity Intelligence capabilities for combating identity-driven attacks.
The blast radius
According to Enterprise Technology Research survey data , at least 90% of organizations say they're using AI somewhere in their security stack. But 75% are applying AI to less than 10% of their security portfolio. That gap tells the story: AI agents are present but not governed. They exist in pockets, often deployed by individual teams, without centralized visibility.
