With the RSA Conference around the corner, Mitiga CEO and cybersecurity industry veteran Charlie Thomas writes on the RSAC 2026 cybersecurity trends that will shape the coming year, including the autonomous SOC, supply chain integrity, and cloud and SaaS security – and what to look for at the annual conference.

‍

The cybersecurity industry is navigating a watershed moment, characterized by the transition from reactive defenses to autonomous, agentic systems operating at machine speed. As the industry heads to the RSA Conference (RSAC 2026) in a few weeks – our team at Mitiga is excited to see you there – the overarching theme, "Power of Community," is especially important in this time of geopolitical tensions, Offensive AI, and the systemic vulnerabilities inherent in hyper-connected cloud and SaaS environments.

‍

The strategic focus for CISOs and their security teams has shifted from the prevention of breaches to reducing breach impact and improving cyber resilience. Modern resilience focuses on eliminating the impact of inevitable intrusions.

‍

Cyberwarfare is industrialized. State-sponsored attacks have increased by 150% in recent years, often targeting critical infrastructure and supply chains. Simultaneously, the democratization of AI has shortened ransomware breakout times to an alarming 51 seconds, while nearly 80% of successful attacks are now malware-free, relying instead on stolen credentials and manipulation of trusted identities.

‍

The community sharing and collaboration at RSAC couldn’t be more timely.

‍

‍

10 RSAC 2026 Cybersecurity Trends CISOs Should Watch

‍

RSAC 2026 cybersecurity trends reflect a major shift in security strategy, as CISOs focus on AI-driven attacks, cloud and identity risk, and eliminating the potential impact of breaches.

Here are the key themes we will see at March’s biggest cybersecurity event.

‍

1. Agentic AI and the Rise of the Autonomous SOC

‍

The most significant technological shift in 2026 is the emergence of Agentic AI — systems that take autonomous actions across enterprise environments via API chains and identity propagation. Approximately 60% of organizations have transitioned to AI-augmented automation, a massive leap from less than 20% in 2023. For the SOC, this means a shift from manual alert triage to the management of Autonomous SOC workflows where AI agents autonomously form investigative hypotheses and execute contextual queries.

‍

This creates significant new risks from the emergence of Shadow Agents — where unapproved AI agents or “assistants" operate outside of security visibility, creating massive exfiltration paths. CISOs now focus on limiting blast radius, asking how far an autonomous agent can go sideways before it is detected by traditional controls. This topic will dominate RSAC 2026 cybersecurity discussions, especially among CISOs and teams responsible for cloud and identity security. It represents the new arms race between offensive AI-led threat actors and defensive AI-native security platforms.

‍

2. The Non-Human Identity (NHI) Governance Crisis

‍

In the hyper-connected ecosystems of 2026, non-human identities—including service accounts, bots, and AI agents—outnumber human identities by a significant margin. These identities are decentralized, often lacking clear human ownership. As such, they frequently possess excessive permissions that are rarely audited, making them a major attack surface.

‍

The strategic priority for 2026 is the implementation of "Trusted Identity Propagation" and advanced governance frameworks for machine identities. CISOs are moving toward an identity control plane that assumes automation and speed, recognizing that a single compromised agent identity can cascade through a multi-cloud environment in milliseconds.

‍

3. Software Supply Chain Attacks and the Collapse of Trust

‍

The software supply chain remains under siege, with malware in open-source platforms increasing by 73% in the last year. In the 2026 threat landscape, attackers now target developer tooling and AI development pipelines directly.

‍

CISOs are grappling with a broken trust model, necessitating a shift from implicit trust in updates to continuous validation of all software provenance. This topic is top-of-mind as organizations struggle to manage vendor risks beyond the contract, focusing instead on real-time monitoring and access governance for third-party integrations.

‍

4. Cloud and SaaS Security is Now a Primary Attack Surface

‍

The volume and frequency of SaaS compromises surged in 2025, exposing the risk inherent in each SaaS application. Multiply that across 200 – 300 SaaS apps deployed per average enterprise, and the risk level is excessive. We saw numerous third-party integrations with core SaaS applications like Salesforce, where sensitive data was stolen through backdoor compromises of Salesforce and other SaaS applications. From a security perspective, these attacks did not raise alarms until it was too late. Securing SaaS applications across the cloud in real-time is now essential. Posture-focused prevention tools often miss the initial compromise and rapid lateral movement that commonly follows.

‍

A critical insight for SOC teams in 2026 is the SaaS Log Gap. When a team investigates a BEC or cloud breach, response speed often depends on how quickly the cloud provider releases logs. Many security teams now face a new problem: log blindness – where cloud providers throttle data downloads or only keep logs for a few days. To stay investigation-ready, teams are now prioritizing long-term forensic data retention.

‍

5. Securing AI Systems (AI for Security + Security for AI)

‍

The CSA Summit frames it as the "duality of AI" — securing AI systems and using AI for defense - alongside sessions on AI regulation and responsible adoption.

‍

6. Deepfake-Enabled Social Engineering, AI-Driven Phishing, and Cognitive Resilience

‍

The industrialization of deepfakes has led to a 442% increase in vishing (voice phishing) and impersonation attacks. In 2026, trust itself is the target, as attackers combine AI-generated voice clones of executives with role-specific emails that match internal corporate tones.

‍

Security leaders are pivoting toward Cognitive Resilience—a framework that embeds security-in-depth thinking into the human layer to counter psychological manipulation. This includes "attention hygiene" and the use of User Behavior Analytics (UBA) as a primary authentication mechanism, as traditional MFA is increasingly bypassed by AI-driven session hijacking and token theft.

‍

7. The Rise of Industrial CISO and OT/IT Resilience

‍

IT and Operational Technology (OT) are rapidly converging, with 52% of industrial organizations now placing OT security directly under the CISO. The "Industrial CISO" of 2026 is measured not just by technical security but by Mean Time to Repair (MTTR) and the avoidance of unplanned downtime in production environments.

‍

The most pressing challenge here is the translation of cyber risk into financial and operational language for the board. When cyber risk is explained in terms of lost production units or safety implications, security leaders earn the genuine authority required to influence plant-level risk acceptance.

‍

8. Regulatory Complexity and Continuous Controls Monitoring (CCM)

‍

The global regulatory landscape, including the EU AI Act and NIS2 implementation, has moved from drafting to enforcement. By 2026, 85% of organizations are rethinking their GRC (Governance, Risk, and Compliance) approaches due to severe resource constraints.

‍

The industry gravitates toward GRC automation and Continuous Controls Monitoring (CCM) to provide real-time visibility into risk. This is a business imperative because compliance-driven efforts are often focused on historical threats, whereas CCM allows organizations to adapt to emerging behavioral-based threats in the wild.

‍

9. Zero Trust Maturity and the Identity Control Plane

‍

Zero Trust has moved beyond the "Hype Cycle" and is now the baseline for modern security architecture. Gartner estimates that organizations implementing Zero Trust Network Access (ZTNA) have reduced their risk of breaches by 50%.

‍

In 2026, the focus is on the Identity Control Plane—ensuring that identity governance assumes automation and scale across humans, machines, and AI agents. This is particularly critical in multi-cloud environments where lateral movement is the primary goal of the "malware-free" attacker.

‍

10.  Panoramic Awareness: The End of Siloed Detection

‍

Traditional SIEM and XDR tools often miss lateral SaaS paths where an attacker moves between platforms (e.g., from an AWS instance to a Salesforce environment via an OAuth link). Panoramic Awareness connects these dots, providing investigation-ready logs that are normalized across 100+ platforms. Research from 2025 and 2026 shows that single-vendor detection falls short missing attacks that move across cloud, SaaS, identity, and AI boundaries.

‍

What CISOs Should Prepare for at RSAC 2026: Analyzing Call for Submissions

‍

The 2026 RSA Conference submissions reveal a maturing conversation around several key technical protocols.

‍

Model Context Protocol (MCP) and AI Interoperability

‍

The industry is closely watching the implementation of the Model Context Protocol (MCP), which governs how AI systems interact with data and applications. Submissions explore the "promises and perils" of AI agents becoming more context-aware, which increases efficiency but also expands the potential attack surface if not secured at the identity layer.

‍

"Vibe Coding" and the Developer Security Gap

‍

"Vibe Coding"—a term describing the reality where developers collaborate with AI assistants to generate code without a deep understanding of the security implications—is an emerging trend that has even captured the mainstream’s attention. RSAC sessions are focusing on how to uncover critical vulnerabilities introduced by AI-generated code, highlighting a new category of AppSec risk.

‍

Token Abuse and Identity Theft in the Cloud

‍

Among the most popular deep-dive submissions: attacks targeting cloud tokens in Azure and passkey vulnerabilities in Google Cloud. These malware-free methods allow for persistent access that can bypass traditional session timeouts, making Token Defense a top operational priority for the SOC in 2026.

‍

Financial and Boardroom Governance of Cyber Risk

‍

The CISO’s role has been codified as a fiduciary responsibility. Board members are now asking "hard questions," such as whether the organization can detect an attack in progress and if critical patches are applied within 72 hours.

‍

Quantifying the Balance Sheet Exposure

‍

Leadership from firms like Google Cloud and KPMG suggests that CISOs must work with CFOs to quantify financial exposure from a breach, including operational disruption and regulatory fines. This financial alignment is the only way to shift cybersecurity investment from discretionary spend to an essential component of enterprise risk management.

The Road to RSAC 2026 and the Future of Cyber Resilience

‍

The cybersecurity landscape of 2026 demands a radical departure from legacy thinking.

‍

Agentic AI and the Autonomous SOC give defenders the speed to counter weaponized AI. But they also demand a new framework of identity-centric governance and forensic depth.

‍

The most successful CISOs in 2026 are those who have broken down silos between IT and OT, and prioritized Zero-Impact outcomes over the empty promise of zero breach.